Report - feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

Report Overview

Submitted URL
feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-09 16:00:15
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
static-02.veve.com	48805	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	131 kB	151.139.128.11
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.7 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.74.230
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
h3z5f9m3.ssl.hwcdn.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	87 kB	69.16.175.10
k5a6w6w2.ssl.hwcdn.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	935 B	69.16.175.42
api.sendmepixel.com	654938	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	3.5 kB	13.69.68.17
imptrk.siteplug.com	45047	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.5 kB	1.4 kB	34.96.99.173
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
search.safefinder.com	697021	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.0 kB	43 kB	13.107.213.53
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	31 kB	69.16.175.10
feed.helperbar.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.4 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	search.safefinder.com/js/classList.js?v=9	Malware
2022-12-09	medium	search.safefinder.com/csp.aspx?barcode=defaultsf\|portal_sf_admarket_tiles_sf	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	api.sendmepixel.com/suggest/tiles?c=10&sub=SF&callback=jQuery331010887490808671763_1670601605952&_=1670601605953	12 kB	2023-03-09	2023-03-09
Pretty URL api.sendmepixel.com/suggest/tiles?c=10&sub=SF&callback=jQuery331010887490808671763_1670601605952&_=1670601605953 IP 13.69.68.17 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:25 Last Seen2023-03-09 00:06:25 Times Seen1 Hash 38338b7a458227fdcce32660f35d6d50 0988be1eeffcf044372e9a36406d94bf5d0b2acf cebbbf25dc8f424eb6249aeaa0a61d2fc70e66fe2a37bce8adf6d3e5c02322d1 Loading...

	search.safefinder.com/js/preloadjs-0.6.2.min.js?v=9	64 kB	2023-03-07	2024-01-08
Pretty URL search.safefinder.com/js/preloadjs-0.6.2.min.js?v=9 IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-01-08 20:59:49 Times Seen6 Hash 946e96bb5cbcfde086796087805bbd52 21f90bd20cbe2dfb6ddd9e9d17b474702513dace c82d5d1517e8cfdd70e7fbd0440eabd0b039067d4c74cd6258a8d8d512dd85ab Loading...

	search.safefinder.com/js/main.js?v=9	30 kB	2023-03-07	2024-01-08
Pretty URL search.safefinder.com/js/main.js?v=9 IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-01-08 20:59:50 Times Seen6 Hash 4d0c87c945fcd2d4fbc9d6f5fe0cd394 3206e0107020e2d560f3714d708542853be442e7 5771562df9614624a24f4ebc1215d9a2fcbd2667914c060d2ae79f8463cb4658 Loading...

	search.safefinder.com/js/auto-complete.js?v=9	13 kB	2023-03-07	2024-01-08
Pretty URL search.safefinder.com/js/auto-complete.js?v=9 IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-01-08 20:59:50 Times Seen10 Hash b37b644d67e54ed95199f6b5be4431cf cbc907c062f1a915f9a1d8626dcbd9d8b0b17b95 c77281e40a106647c06d8735870fe40beef7638d56c3a224c47af194a7af5b26 Loading...

	search.safefinder.com/?st=ds&q=	7.7 kB	2023-03-07	2023-03-26
Pretty URL search.safefinder.com/?st=ds&q= IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2023-03-26 00:16:26 Times Seen2 Hash c08cf44c7396321ba8333b9bea716694 cfe2c77174ead9ce697d9b9a70fe16e06933b34a 4c59f52497402d5dfcd09fa8a870337b63b753f264aa87fda1353ee4aec3f8f3 Loading...

	search.safefinder.com/?st=ds&q=	448 B	2023-03-09	2023-03-09
Pretty URL search.safefinder.com/?st=ds&q= IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:25 Last Seen2023-03-09 00:06:25 Times Seen1 Hash bb459285daf2f3151257f9aac73ca758 f8885ce2939bfba6b49a357ee3656176257e6eac 07b221fd475b58a7a97e4aee7f9eda3a4e5639b6ddeba489ea71c963dd39a733 Loading...

	code.jquery.com/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-04-19
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-19 07:14:23 Times Seen105227 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	search.safefinder.com/js/classList.js?v=9	3.6 kB	2023-03-07	2024-01-08
Pretty URL search.safefinder.com/js/classList.js?v=9 IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-01-08 20:59:50 Times Seen10 Hash 49987652ca4642170183499cd9cfbc91 9568dc28181162f85fd77f0680cf564fc7392132 28a54b40c736492299cf5f6fdf70c6e8223760fdcb4ef4113fffa04b824df74f Loading...

	search.safefinder.com/?st=ds&q=	36 B	2023-03-07	2024-01-08
Pretty URL search.safefinder.com/?st=ds&q= IP 13.107.213.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-01-08 20:59:49 Times Seen7 Hash 4ee9b22ed770b57c4c874ccce47bb100 e308983c4d9d93ae305bb0e80f60c89fa146e8f6 e9c0bd0f0fbe2d9deeb17fd65ffdb03b134873c5f512312418217e3e8bace291 Loading...

HTTP Transactions (54)

URL IP Response Size

feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}

188.114.97.1

301 Moved Permanently

0 B

URL HTTP/1.1
feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} HTTP/1.1
Host: feed.helperbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 16:00:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 17:00:04 GMT
Location: https://feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GY5FdAoTup2dtMdFfYMzzCIHakG1iWCGFU%2FEOyajB9A6zgU%2F8EfloBhT1mj2Nhqkr9%2BkJHyUUz694uilbyH8w4dcbGqJHH5HVkteqD%2FNvxeKoSNaOMs0aD4VSgAN1U531lK3Y8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776ef39cecd1b4ed-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8373
Expires: Fri, 09 Dec 2022 18:19:37 GMT
Date: Fri, 09 Dec 2022 16:00:04 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4139
Expires: Fri, 09 Dec 2022 17:09:03 GMT
Date: Fri, 09 Dec 2022 16:00:04 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 15:33:14 GMT
content-type: application/json
age: 1610
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10814
Expires: Fri, 09 Dec 2022 19:00:18 GMT
Date: Fri, 09 Dec 2022 16:00:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4QNmLRlEzaUqn2MPnqhlXYV+kl3clGXHkLGccquE/vZWMQnJ/gKGWIn27949PLOo8zwJ+BtiMWc=
x-amz-request-id: 25DPZ0R1EH5VQJTC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 15:48:23 GMT
age: 701
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:00:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
2c0314aec256eabc5468735a85c1734d
304271bc5c6a2d2ffd69c2d75ee39ab8622a2f51
768277f89dffd30bc42415d401acf484c68c5a7cb4e68e135a881f5cfcdda9a5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=139015
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:00:05 GMT
Etag: "6392d78c-116"
Expires: Sun, 11 Dec 2022 06:37:00 GMT
Last-Modified: Fri, 09 Dec 2022 06:37:00 GMT
Server: nginx
Content-Length: 278

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 15:07:55 GMT
age: 3130
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
2c0314aec256eabc5468735a85c1734d
304271bc5c6a2d2ffd69c2d75ee39ab8622a2f51
768277f89dffd30bc42415d401acf484c68c5a7cb4e68e135a881f5cfcdda9a5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=139015
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:00:05 GMT
Etag: "6392d78c-116"
Expires: Sun, 11 Dec 2022 06:37:00 GMT
Last-Modified: Fri, 09 Dec 2022 06:37:00 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1056
Cache-Control: max-age=149066
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:00:05 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:24:31 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.42.74.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.74.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: O4A2ophGujHBt3ePjMRqKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oFMOsGC9NXLdDgkb9D++pAo2mC8=

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5bbef671fe0cb85f7294bd5ed73db763
ce67b0467d7cd01115cd43625a54c261d4c3b999
6dfac269a5eccc66e65729a93fe1e3dbc59258d8a8c2a7ab446b8ba1a7735c01

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=149478
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:00:06 GMT
Etag: "6393006c-1d7"
Expires: Sun, 11 Dec 2022 09:31:24 GMT
Last-Modified: Fri, 09 Dec 2022 09:31:24 GMT
Server: nginx
Content-Length: 471

search.safefinder.com/?publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_$00658_000000$&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d

13.107.213.53

302 Found

131 B

URL HTTP/2
search.safefinder.com/?publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_$00658_000000$&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
131 B (131 bytes)
Hash
5cf5357eeecabf8949c17057d275a5c8
eb0c7ddc09130a201a116a4514d616df039e7ee1
367d11b7fb6c9602f882c2f35ac1c8e02cf383c5fd8e19c5b6dcd23adca2bec1

HTTP Headers

GET /?publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_$00658_000000$&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
content-length: 131
content-type: text/html; charset=utf-8
location: /?st=ds&q=
set-cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
publisher=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
dpid=portal_sf_admarket_tiles_sf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
co=NO; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
userid=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
type=YHS_SF_100_$00658_000000$; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
barcodeid=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
um=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
feedid=infospace; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
odistributer=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
opublisher=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
publisherid=658; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
installdate={installDate}; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
issubmit=true; path=/
param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
publisher=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
dpid=portal_sf_admarket_tiles_sf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
co=NO; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
userid=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
type=YHS_SF_100_$00658_000000$; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
barcodeid=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
um=; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
feedid=infospace; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
odistributer=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
opublisher=defaultsf; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
publisherid=658; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
installdate={installDate}; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
issubmit=true; path=/
ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAACFW7NM0hsrRbLdJLrftDNKU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

search.safefinder.com/?st=ds&q=

13.107.213.53

200 OK

5.6 kB

URL HTTP/2
search.safefinder.com/?st=ds&q=
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1597), with CRLF line terminators
Size
5.6 kB (5575 bytes)
Hash
eb4da7f7eca74fdc59d6b14d4b92dc4e
6da3f7d985548bd37095919db391833630054be4
eb788cc4bbbffeeced7e0484ead49b9636fc407a50ca903cf92e2df5180b8d61

HTTP Headers

GET /?st=ds&q= HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; publisher=defaultsf; dpid=portal_sf_admarket_tiles_sf; co=NO; userid=; type=YHS_SF_100_$00658_000000$; barcodeid=; um=; feedid=infospace; odistributer=defaultsf; opublisher=defaultsf; publisherid=658; installdate={installDate}; issubmit=true
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-length: 5575
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
set-cookie: paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; path=/; HttpOnly; SameSite=Lax
paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; expires=Mon, 09-Dec-2024 16:00:06 GMT; path=/
ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; path=/; HttpOnly; SameSite=Lax
sp_ref=; path=/
ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
content-security-policy-report-only: default-src 'self' k5a6w6w2.ssl.hwcdn.net; img-src *; connect-src 'self'; script-src 'self' k5a6w6w2.ssl.hwcdn.net code.jquery.com static.eu.criteo.net static.criteo.net *.criteo.com display.online-adnetwork.com suggestqueries.google.com us.search.yahoo.com *.siteplug.com s.yimg.com partnerads.ysm.yahoo.com csr.inspsearchapi.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com 'unsafe-inline' k5a6w6w2.ssl.hwcdn.net h3z5f9m3.ssl.hwcdn.net; font-src *; frame-src 'self' display.online-adnetwork.com partnerads.ysm.yahoo.com; report-uri /csp.aspx?barcode=defaultsf|portal_sf_admarket_tiles_sf
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAADmmBR2klaVSZVQdFCh4tloU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

search.safefinder.com/js/preloadjs-0.6.2.min.js?v=9

13.107.213.53

200 OK

15 kB

URL HTTP/2
search.safefinder.com/js/preloadjs-0.6.2.min.js?v=9
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (36805), with CRLF line terminators
Size
15 kB (14955 bytes)
Hash
890b6d3cc0a03871f240c96fad097eb2
5ff2876e3dee0ffbf8c997345cfbfc54a68a6b86
cf6d3335d09f4cfaa9f85d186bf7e96b2c599f40931071d48441ba0390658f29

HTTP Headers

GET /js/preloadjs-0.6.2.min.js?v=9 HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.safefinder.com/?st=ds&q=
Connection: keep-alive
Cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; publisher=defaultsf; dpid=portal_sf_admarket_tiles_sf; co=NO; userid=; type=YHS_SF_100_$00658_000000$; barcodeid=; um=; feedid=infospace; odistributer=defaultsf; opublisher=defaultsf; publisherid=658; installdate={installDate}; issubmit=true; paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; sp_ref=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: max-age=259200
content-length: 14955
content-type: application/x-javascript
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 10:02:22 GMT
accept-ranges: bytes
etag: "04bf56fd7b6d81:0"
vary: Accept-Encoding
set-cookie: ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAADfJSBxGBcvR7lEdzjwTeMnU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

search.safefinder.com/js/classList.js?v=9

13.107.213.53

200 OK

1.3 kB

URL HTTP/2
search.safefinder.com/js/classList.js?v=9
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (982), with CRLF line terminators
Size
1.3 kB (1314 bytes)
Hash
12d6c70a1a1a0f61f8ef764d4e7cca5a
b74a1a38a03c02bbb41841277ba4d75ca23ba498
de9c92df46e455bb89455dcc0f66d76db9b7494e44afbb724f49b904b5aeda9c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/classList.js?v=9 HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.safefinder.com/?st=ds&q=
Connection: keep-alive
Cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; publisher=defaultsf; dpid=portal_sf_admarket_tiles_sf; co=NO; userid=; type=YHS_SF_100_$00658_000000$; barcodeid=; um=; feedid=infospace; odistributer=defaultsf; opublisher=defaultsf; publisherid=658; installdate={installDate}; issubmit=true; paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; sp_ref=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: max-age=259200
content-length: 1314
content-type: application/x-javascript
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 10:03:38 GMT
accept-ranges: bytes
etag: "0f9419dd7b6d81:0"
vary: Accept-Encoding
set-cookie: ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAACKIdu18fgjS7cafyx0JVUGU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

search.safefinder.com/js/main.js?v=9

13.107.213.53

200 OK

8.3 kB

URL HTTP/2
search.safefinder.com/js/main.js?v=9
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (1011), with CRLF line terminators
Size
8.3 kB (8304 bytes)
Hash
51067bc536149162fb57b8d44d2016e1
68d4388f18e75c4200b76eac8928c996b0491297
4609ba7193387b62f69706a1c5499f480fec673ebe755430946c9985e197ad68

HTTP Headers

GET /js/main.js?v=9 HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.safefinder.com/?st=ds&q=
Connection: keep-alive
Cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; publisher=defaultsf; dpid=portal_sf_admarket_tiles_sf; co=NO; userid=; type=YHS_SF_100_$00658_000000$; barcodeid=; um=; feedid=infospace; odistributer=defaultsf; opublisher=defaultsf; publisherid=658; installdate={installDate}; issubmit=true; paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; sp_ref=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: max-age=259200
content-length: 8304
content-type: application/x-javascript
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 10:03:38 GMT
accept-ranges: bytes
etag: "0f9419dd7b6d81:0"
vary: Accept-Encoding
set-cookie: ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAABxqLytGNdfQafyaC47+6yMU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.min.js

69.16.175.10

200 OK

30 kB

URL HTTP/2
code.jquery.com/jquery-3.3.1.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65451)
Size
30 kB (30288 bytes)
Hash
d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:00:06 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670601606.dop009.sk1.t,1670601606.cds021.sk1.hn,1670601606.cds217.sk1.c
X-Firefox-Spdy: h2

search.safefinder.com/js/auto-complete.js?v=9

13.107.213.53

200 OK

3.6 kB

URL HTTP/2
search.safefinder.com/js/auto-complete.js?v=9
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (1832), with CRLF line terminators
Size
3.6 kB (3580 bytes)
Hash
f0dcb0d9923e82bce163f65d6362a684
7dce53a82ba5477239061fa01c3963bcae4a3985
7bf4a310b955118d2dafd5732fbda77915e2204b4e8a30dafbf629e230574935

HTTP Headers

GET /js/auto-complete.js?v=9 HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://search.safefinder.com/?st=ds&q=
Connection: keep-alive
Cookie: param_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkSK4MIk6a2txwtx2B3MduODsPDw5mHXnqtJLMCEHFLrCqaP6Tuuco9hxnUFXBZCaf5JHPTBr4hp9z6HO056lNu7dQGRZRl9-yp4uJKnYyDU6rbD9Ae4siLe8q99e5AUr6jTl_ERWG8UTG_9oDDSGl6ekhlMmh087oiz2K-j_Ci6uOdEwGLKV2FeCHjYM8a2HCreRGqib0eDEymksEHACEsDEYB922VFSjx3nZ5epwVkvNs8iyAmQ1u_xYwJ3zaM-VkRHn1XbOyfjeLaHWeb7JPb-_5-1wrMxh_fOvGCjViOQQ,,; frhs_qs=publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_%2400658_000000%24&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d; publisher=defaultsf; dpid=portal_sf_admarket_tiles_sf; co=NO; userid=; type=YHS_SF_100_$00658_000000$; barcodeid=; um=; feedid=infospace; odistributer=defaultsf; opublisher=defaultsf; publisherid=658; installdate={installDate}; issubmit=true; paramless_url=gKW_GvfIiHxeoNMMNH12lsYUKaBKJpuRF7d6zczsVkeMOaGSGaaw; ASP.NET_SessionId=j3krwnlv2t413ipd14z4vrct; sp_ref=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: max-age=259200
content-length: 3580
content-type: application/x-javascript
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 10:03:38 GMT
accept-ranges: bytes
etag: "0f9419dd7b6d81:0"
vary: Accept-Encoding
set-cookie: ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hluTYwAAAADeR4OIhFpeSIlDXR7G07TTU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:06 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3349
Expires: Fri, 09 Dec 2022 16:55:56 GMT
Date: Fri, 09 Dec 2022 16:00:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3349
Expires: Fri, 09 Dec 2022 16:55:56 GMT
Date: Fri, 09 Dec 2022 16:00:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3349
Expires: Fri, 09 Dec 2022 16:55:56 GMT
Date: Fri, 09 Dec 2022 16:00:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 42780
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 29738
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 82743
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 44301
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 44740
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xi-bshsYa4LlKbJgAt0h-lPnB_5uQbqln5JGBRE8io2Fp1y41cS9xg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:08:48 GMT
age: 42679
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

h3z5f9m3.ssl.hwcdn.net/newstyles/browse_search_new.css?v=9

69.16.175.10

200 OK

7.5 kB

URL HTTP/1.1
h3z5f9m3.ssl.hwcdn.net/newstyles/browse_search_new.css?v=9
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with CRLF line terminators
Size
7.5 kB (7502 bytes)
Hash
b2e3d103cbbf39f9096c10b73ce94e5d
48a2b3a3fbdf22cbf2f121aba7118eec928f2623
fbf4892908a01bb3196069fce5fb06cb98cb4ecc8ef79c6acdc13971d46cbee3

HTTP Headers

GET /newstyles/browse_search_new.css?v=9 HTTP/1.1
Host: h3z5f9m3.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:07 GMT
Connection: Keep-Alive
Content-Length: 7502
Content-Type: text/css
Last-Modified: Mon, 10 May 2021 18:35:32 GMT
Content-MD5: suPRA8u/OfkJbBC3POlOXQ==
ETag: 0x8D913E264AD99C9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 326735ab-c01e-003b-21e7-0b5cd0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop225.sk1.t,1670601606.cds208.sk1.shn,1670601606.dop225.sk1.t,1670601606.cds264.sk1.sc,1670601607.cds264.sk1.p

h3z5f9m3.ssl.hwcdn.net/newstyles/main.css?v=9

69.16.175.10

200 OK

25 kB

URL HTTP/1.1
h3z5f9m3.ssl.hwcdn.net/newstyles/main.css?v=9
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
25 kB (24715 bytes)
Hash
0861d9c7d9bb427535214654d4e4a735
ab96676417d67c52068b4f86f575354dc52884a7
4e7d4323d6d7d6ada407581ccbbedc32909565f42b570fe79e39c0216dca3546

HTTP Headers

GET /newstyles/main.css?v=9 HTTP/1.1
Host: h3z5f9m3.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:07 GMT
Connection: Keep-Alive
Content-Length: 24715
Content-Type: text/css
Last-Modified: Tue, 27 Feb 2018 10:00:11 GMT
Content-MD5: CGHZx9m7QnU1IUZU1OSnNQ==
ETag: 0x8D57DC8E3B7A0AB
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e5624742-201e-007e-27e7-0b8141000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop206.sk1.t,1670601606.cds068.sk1.shn,1670601606.dop206.sk1.t,1670601606.cds208.sk1.sc,1670601607.cds208.sk1.p

search.safefinder.com/csp.aspx?barcode=defaultsf|portal_sf_admarket_tiles_sf

13.107.213.53

204 No Content

0 B

URL HTTP/2
search.safefinder.com/csp.aspx?barcode=defaultsf|portal_sf_admarket_tiles_sf
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /csp.aspx?barcode=defaultsf|portal_sf_admarket_tiles_sf HTTP/1.1
Host: search.safefinder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 1149
Origin: https://search.safefinder.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
cache-control: private
content-type: image/gif
set-cookie: ASP.NET_SessionId=31scthjphvj0dgircas035y1; path=/; HttpOnly; SameSite=Lax
ARRAffinity=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;Secure;Domain=searchportal-prod-eu.azurewebsites.net
ARRAffinitySameSite=6f2507e6e30da6b9f779c3ab52c055129c255917327e7d52850f4c8c759a0a7b;Path=/;HttpOnly;SameSite=None;Secure;Domain=searchportal-prod-eu.azurewebsites.net
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0h1uTYwAAAACs1ciyjcaCSIC//++1ah+OU1ZHMjBFREdFMDYxOQAyMWFlYjc1NC0wOTI4LTRkYWMtOTZmNy1lYmE4ODBiNmJjMjk=
date: Fri, 09 Dec 2022 16:00:07 GMT
X-Firefox-Spdy: h2

h3z5f9m3.ssl.hwcdn.net/ab-testing/SafeFinder_results_new.png

69.16.175.10

200 OK

2.5 kB

URL HTTP/1.1
h3z5f9m3.ssl.hwcdn.net/ab-testing/SafeFinder_results_new.png
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 146 x 37, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2529 bytes)
Hash
5bdb339a9329b8b97bc79c3a1b1fb653
395f8df33db82dfdf8bae5338c6233a4837731dc
04dd1ca1bc452d848879ca2575912c2f4404b71bb394d5707df3de249cf11dd2

HTTP Headers

GET /ab-testing/SafeFinder_results_new.png HTTP/1.1
Host: h3z5f9m3.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Connection: Keep-Alive
Content-Length: 2529
Content-Type: image/png
Last-Modified: Thu, 06 Feb 2014 14:59:39 GMT
Content-MD5: W9szmpMpuLl7x5w6Gx+2Uw==
ETag: 0x8D0F163319B5505
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4b175c23-301e-0043-44e7-0b3467000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop225.sk1.t,1670601606.cds208.sk1.shn,1670601607.dop225.sk1.t,1670601607.cds219.sk1.sc,1670601608.cds219.sk1.p

k5a6w6w2.ssl.hwcdn.net/images/mic_icon.png

69.16.175.42

200 OK

350 B

URL HTTP/1.1
k5a6w6w2.ssl.hwcdn.net/images/mic_icon.png
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 17 x 23, 8-bit/color RGBA, non-interlaced\012- data
Size
350 B (350 bytes)
Hash
658e8cf2b0a94ccc02d2a55907484c23
020b79edc8561b84986b6f89701fbcb6ca20baa6
24ad897113aff38e65a3ebd7759c33e19b8bdbe57813f225d4bf44f4e1de1d5d

HTTP Headers

GET /images/mic_icon.png HTTP/1.1
Host: k5a6w6w2.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Connection: Keep-Alive
Cache-Control: max-age=86400
Content-Length: 350
Content-Type: image/png
Last-Modified: Sun, 21 Feb 2016 07:07:18 GMT
Content-MD5: ZY6M8rCpTMwC0qVZB0hMIw==
ETag: 0x8D33A8DA2922DDE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 274d0a1a-a01e-0081-19e7-0bbcd9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop067.sk1.t,1670601607.cds256.sk1.shn,1670601607.dop067.sk1.t,1670601607.cds240.sk1.sc,1670601608.cds240.sk1.p

h3z5f9m3.ssl.hwcdn.net/doodls/summer2.png

69.16.175.10

200 OK

48 kB

URL HTTP/1.1
h3z5f9m3.ssl.hwcdn.net/doodls/summer2.png
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
48 kB (48547 bytes)
Hash
9298e3f1aeb39c47ad894f106d06e5fc
a5a4fb98792c22e881d15ef164126849671cf297
54ed122e31fe9bf64962b4cb96a4e02a96c4fce6da183113f86c64b2214f363f

HTTP Headers

GET /doodls/summer2.png HTTP/1.1
Host: h3z5f9m3.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Connection: Keep-Alive
Content-Length: 48547
Content-Type: image/png
Last-Modified: Mon, 22 Jun 2015 12:22:56 GMT
Content-MD5: kpjj8a6znEetiU8QbQbl/A==
ETag: 0x8D27AFD4E2E85E6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2c879168-901e-004e-18e7-0bdb6b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop205.sk1.t,1670601607.cds235.sk1.shn,1670601607.dop205.sk1.t,1670601607.cds211.sk1.sc,1670601608.cds211.sk1.p

api.sendmepixel.com/suggest/tiles?c=10&sub=SF&callback=jQuery331010887490808671763_1670601605952&_=1670601605953

13.69.68.17

200 OK

2.9 kB

URL HTTP/1.1
api.sendmepixel.com/suggest/tiles?c=10&sub=SF&callback=jQuery331010887490808671763_1670601605952&_=1670601605953
IP
13.69.68.17:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (12353), with no line terminators
Size
2.9 kB (2865 bytes)
Hash
39299f9dc91ef14d321fbb4f5f3a22b0
9522b3264d7de6a57f26aa1c5940dfe79f673d92
1b23c25767f53f15ccedffd1e9a4119e7d47cf734e52db43f4323626be2e2f11

HTTP Headers

GET /suggest/tiles?c=10&sub=SF&callback=jQuery331010887490808671763_1670601605952&_=1670601605953 HTTP/1.1
Host: api.sendmepixel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Date: Fri, 09 Dec 2022 16:00:08 GMT
Server: Microsoft-IIS/10.0
Access-Control-Allow-Methods: GET, POST, OPTIONS
Cache-Control: no-cache
Content-Encoding: gzip
Expires: -1
Pragma: no-cache
Set-Cookie: ARRAffinity=81e1f111fb40730d6455cff9726eca51022363fe71a34a36f52d37876019d205;Path=/;HttpOnly;Secure;Domain=api.sendmepixel.com
ARRAffinitySameSite=81e1f111fb40730d6455cff9726eca51022363fe71a34a36f52d37876019d205;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.sendmepixel.com
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

static-02.veve.com/192x192/0afa071beb87dff8.png

151.139.128.11

200 OK

10 kB

URL HTTP/1.1
static-02.veve.com/192x192/0afa071beb87dff8.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (9986 bytes)
Hash
9d499e7da3f53c6db1b1089dcde59b77
c7f5a826742022db3480216d81401fa20c463a6e
509fb62a2a5135e3bf85a987adca44fd7ea86312aec82af5c508d8c46386af1b

HTTP Headers

GET /192x192/0afa071beb87dff8.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Mon, 14 Sep 2020 06:58:27 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5f5f1493-28f3"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds249.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 9986

static-02.veve.com/192x192/19e3d06d73904a7e.png

151.139.128.11

200 OK

10 kB

URL HTTP/1.1
static-02.veve.com/192x192/19e3d06d73904a7e.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit grayscale, non-interlaced\012- data
Size
10 kB (10083 bytes)
Hash
8a5a1dd2bd1e1253ee5911e360f6f928
7199c534c7177f77aa4544069754230a25644d41
ddae26da7cfaf20455f9bf3fe2d04e2993891c520c1d5c49b6bac2ee120d62db

HTTP Headers

GET /192x192/19e3d06d73904a7e.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Mon, 08 Nov 2021 06:19:54 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"6188c18a-284e"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds244.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 10083

static-02.veve.com/192x192/52c4891cd0d31637.png

151.139.128.11

200 OK

16 kB

URL HTTP/1.1
static-02.veve.com/192x192/52c4891cd0d31637.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15870 bytes)
Hash
61680b473541ad35cce5b40d0b3a9811
5b0abf955826e11f0ee87cb2d2e46e5d5a7f032c
d8afefa1acc2764e7015c81b1956faa89ed1a4d4f3545b957d05bd30fe334fb5

HTTP Headers

GET /192x192/52c4891cd0d31637.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Thu, 19 Aug 2021 09:26:18 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"611e23ba-3dec"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds229.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 15870

static-02.veve.com/192x192/7bd92458ecf3cd1f.png

151.139.128.11

200 OK

14 kB

URL HTTP/1.1
static-02.veve.com/192x192/7bd92458ecf3cd1f.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13522 bytes)
Hash
ac1b04f1291a736bb7cdc8a7ad31f6d4
0fb92f077eb7b6cbb380db21248f6337cad09936
dbf861f943c8c81391883c488e89e0d2cb115eee8600c9ca20f5ed57eadab694

HTTP Headers

GET /192x192/7bd92458ecf3cd1f.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Mon, 13 Jan 2020 09:47:18 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5e1c3ca6-35ee"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds251.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 13522

static-02.veve.com/192x192/45ede762fcefe3dd.png

151.139.128.11

200 OK

16 kB

URL HTTP/1.1
static-02.veve.com/192x192/45ede762fcefe3dd.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16176 bytes)
Hash
600c74e16535993acf94140fe2e2b9fd
1485e763862583e56c5eccc073922291ff9345ac
c0f90e031d6c0a8bb45d2f9452eeb76c4e6438473096008f08239ab100028c8c

HTTP Headers

GET /192x192/45ede762fcefe3dd.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Mon, 13 Jan 2020 09:47:12 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5e1c3ca0-408c"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds201.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 16176

static-02.veve.com/192x192/6c7e3e176ab7ccc7.png

151.139.128.11

200 OK

3.3 kB

URL HTTP/1.1
static-02.veve.com/192x192/6c7e3e176ab7ccc7.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit grayscale, non-interlaced\012- data
Size
3.3 kB (3326 bytes)
Hash
f5a84537b5af57aa70163465b682353a
ff50acb5eb61bac99968f7aee32e950d54e9e312
d5ecbee0ce4fa4677458aaf39dbc6d9bfbab89c0d4bb92c46e7899fc92e0cc5c

HTTP Headers

GET /192x192/6c7e3e176ab7ccc7.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Fri, 18 Sep 2020 05:57:53 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5f644c61-d99"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds003.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 3326

static-02.veve.com/192x192/11f1e34ab8c86fbf.png

151.139.128.11

200 OK

52 kB

URL HTTP/1.1
static-02.veve.com/192x192/11f1e34ab8c86fbf.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
52 kB (52135 bytes)
Hash
68c7655203523fc1dead2ad04cda2a45
76978ac8524b97179a88698ccd2db0a1b9b59357
7a5a7372aee5a8279e49db87a5a6b73fb79e17efcc3703b912168dc370a338b2

HTTP Headers

GET /192x192/11f1e34ab8c86fbf.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Mon, 13 Jan 2020 09:46:58 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5e1c3c92-cbb1"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds001.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 52135

static-02.veve.com/192x192/d9881fd9d87534e8.png

151.139.128.11

200 OK

6.7 kB

URL HTTP/1.1
static-02.veve.com/192x192/d9881fd9d87534e8.png
IP
151.139.128.11:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
6.7 kB (6699 bytes)
Hash
633884107c19a2ca0079570757123688
4e1b0a726ff31615a2a9d0f6c11cfd4b1d6f46d2
9e4a1ff37f5353a92eeffdc4277e61edd8d404f273cedaa2ae767825e5de1861

HTTP Headers

GET /192x192/d9881fd9d87534e8.png HTTP/1.1
Host: static-02.veve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Encoding: gzip
Content-Type: image/png
Last-Modified: Thu, 17 Sep 2020 07:26:02 GMT
Accept-Ranges: bytes
Server: nginx/1.14.2
ETag: W/"5f630f8a-1bf7"
Cache-Control: max-age=5184000
Via: 1.1 google
X-HW: 1670601608.cds012.sk1.hn,1670601608.cds238.sk1.c
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 6699

h3z5f9m3.ssl.hwcdn.net/static/favicon.ico

69.16.175.10

200 OK

1.2 kB

URL HTTP/1.1
h3z5f9m3.ssl.hwcdn.net/static/favicon.ico
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
33e5e223c6816495105a3842c45d5878
ee61eee4ae2e6e30053f2fb74813e1500ceab175
d234aba5cdccd76d93deac8d08d2a9d91aa4cd714803d39bee24fa5616478b19

HTTP Headers

GET /static/favicon.ico HTTP/1.1
Host: h3z5f9m3.ssl.hwcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://search.safefinder.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:00:08 GMT
Connection: Keep-Alive
Content-Length: 1150
Content-Type: image/x-icon
Last-Modified: Sun, 27 Jul 2014 13:47:24 GMT
Content-MD5: M+XiI8aBZJUQWjhCxF1YeA==
ETag: 0x8D177B86E308A74
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2be1c6fe-f01e-0038-07e7-0b5fd7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-HW: 1670601606.dop205.sk1.t,1670601607.cds235.sk1.shn,1670601608.dop205.sk1.t,1670601608.cds225.sk1.sc,1670601608.cds225.sk1.p

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8c11a4539c265514945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d0d1a69987afa7cbe&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f9a19c5304b62595780db7bf4d586f008ba3e8d447e3c5946ed5c1aa022acf544dca3463bee64c3feab9b3f7d32f97131f7d00445b9652562dd177a6e3494b03d8163c9c66e856a4179c3544b822eb3ba35926dc7339f69c5f7683c09690ed48e0cfbadf86907c1ddb5b04f1434f5eb369072ac74c4b6e90baa440b8e7c42de2304cdaf4dcf4f0b6d177ace365a9731879fb1ddd89d99ffde2b63fb6dae9f3062dc17f471044b8a4efb431c9e790782dc843f8735a5c6a9f3&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8c11a4539c265514945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d0d1a69987afa7cbe&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f9a19c5304b62595780db7bf4d586f008ba3e8d447e3c5946ed5c1aa022acf544dca3463bee64c3feab9b3f7d32f97131f7d00445b9652562dd177a6e3494b03d8163c9c66e856a4179c3544b822eb3ba35926dc7339f69c5f7683c09690ed48e0cfbadf86907c1ddb5b04f1434f5eb369072ac74c4b6e90baa440b8e7c42de2304cdaf4dcf4f0b6d177ace365a9731879fb1ddd89d99ffde2b63fb6dae9f3062dc17f471044b8a4efb431c9e790782dc843f8735a5c6a9f3&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8c11a4539c265514945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d0d1a69987afa7cbe&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f9a19c5304b62595780db7bf4d586f008ba3e8d447e3c5946ed5c1aa022acf544dca3463bee64c3feab9b3f7d32f97131f7d00445b9652562dd177a6e3494b03d8163c9c66e856a4179c3544b822eb3ba35926dc7339f69c5f7683c09690ed48e0cfbadf86907c1ddb5b04f1434f5eb369072ac74c4b6e90baa440b8e7c42de2304cdaf4dcf4f0b6d177ace365a9731879fb1ddd89d99ffde2b63fb6dae9f3062dc17f471044b8a4efb431c9e790782dc843f8735a5c6a9f3&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8d4957f757577a62345c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3dda200d6da4b08d83&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99aad93f67d698bc2d855541f0353887f6db995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846918fb44493f980a2027088a3194cd18869fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e9986afed8c1ba313cd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8d4957f757577a62345c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3dda200d6da4b08d83&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99aad93f67d698bc2d855541f0353887f6db995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846918fb44493f980a2027088a3194cd18869fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e9986afed8c1ba313cd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8d4957f757577a62345c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3dda200d6da4b08d83&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99aad93f67d698bc2d855541f0353887f6db995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846918fb44493f980a2027088a3194cd18869fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e9986afed8c1ba313cd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e85ca71983e786eab145c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df0976404a965cc17&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f8c533da835c60c6e8311056b1df739f11f3d18282caf7c59b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846922cdb8257800d736018a2caf97e9c9389fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e85ca71983e786eab145c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df0976404a965cc17&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f8c533da835c60c6e8311056b1df739f11f3d18282caf7c59b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846922cdb8257800d736018a2caf97e9c9389fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e85ca71983e786eab145c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df0976404a965cc17&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f8c533da835c60c6e8311056b1df739f11f3d18282caf7c59b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d0846922cdb8257800d736018a2caf97e9c9389fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e814a4fbe71a3cbaf945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d4c13c1e79bc2d95b&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fc27bb95ba7e6b3f8919e674a8f6c928abbd89529c4f206c010e501def39d2c331d0b778ceebf51e6dac4ff54b81c408cfd3d69d747afa9ab16610c6a476fe24685803dc43f486c10f7f71b39784a42e3cc9e6802d973ca37198c2b50d04fcf50c67f8a7e9e369612bdc38ec0ee47a46cbbf7c7c901a49e3f7da89ce17cebaef057afda2aa22b863abbb874bec00eed42bbd06955a0228b966c907eb85aa69c7d6d79a304aaf9516051db5e73318e0374&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e814a4fbe71a3cbaf945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d4c13c1e79bc2d95b&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fc27bb95ba7e6b3f8919e674a8f6c928abbd89529c4f206c010e501def39d2c331d0b778ceebf51e6dac4ff54b81c408cfd3d69d747afa9ab16610c6a476fe24685803dc43f486c10f7f71b39784a42e3cc9e6802d973ca37198c2b50d04fcf50c67f8a7e9e369612bdc38ec0ee47a46cbbf7c7c901a49e3f7da89ce17cebaef057afda2aa22b863abbb874bec00eed42bbd06955a0228b966c907eb85aa69c7d6d79a304aaf9516051db5e73318e0374&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e814a4fbe71a3cbaf945c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d4c13c1e79bc2d95b&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fc27bb95ba7e6b3f8919e674a8f6c928abbd89529c4f206c010e501def39d2c331d0b778ceebf51e6dac4ff54b81c408cfd3d69d747afa9ab16610c6a476fe24685803dc43f486c10f7f71b39784a42e3cc9e6802d973ca37198c2b50d04fcf50c67f8a7e9e369612bdc38ec0ee47a46cbbf7c7c901a49e3f7da89ce17cebaef057afda2aa22b863abbb874bec00eed42bbd06955a0228b966c907eb85aa69c7d6d79a304aaf9516051db5e73318e0374&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e820ff9a5f0ee327fd45c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ded8f5604706d21e1&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99a4c56408cdb4281a76deeddada3ccd914b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d084696b79d6d87ae663116272d453910d1d839fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e90b66049aa34506edd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e820ff9a5f0ee327fd45c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ded8f5604706d21e1&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99a4c56408cdb4281a76deeddada3ccd914b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d084696b79d6d87ae663116272d453910d1d839fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e90b66049aa34506edd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e820ff9a5f0ee327fd45c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ded8f5604706d21e1&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272f4edda1a4d55ef99a4c56408cdb4281a76deeddada3ccd914b995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d084696b79d6d87ae663116272d453910d1d839fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e90b66049aa34506edd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8ad8073df4406660445c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ddd7bcc29738f5ec7&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272ff7d8b5993f0d94ba4498725eff964e5aa64c10c3adb3dd005d397c607318477bc697f24e9819661cf88f663225a6b122a77abd1f710c97f52825d722a37db387f6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd23a80ff76343e693c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8ad8073df4406660445c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ddd7bcc29738f5ec7&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272ff7d8b5993f0d94ba4498725eff964e5aa64c10c3adb3dd005d397c607318477bc697f24e9819661cf88f663225a6b122a77abd1f710c97f52825d722a37db387f6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd23a80ff76343e693c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e8ad8073df4406660445c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3ddd7bcc29738f5ec7&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272ff7d8b5993f0d94ba4498725eff964e5aa64c10c3adb3dd005d397c607318477bc697f24e9819661cf88f663225a6b122a77abd1f710c97f52825d722a37db387f6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd23a80ff76343e693c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:08 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e823660f841b44a3b545c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df20b64c3166333da&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fb5f699f8cc05710526c6b2aa6589fbc5ddb5c04428fd9a8bb995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d08469e4551521247f3e1b7a583ddd50fd55149fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e823660f841b44a3b545c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df20b64c3166333da&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fb5f699f8cc05710526c6b2aa6589fbc5ddb5c04428fd9a8bb995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d08469e4551521247f3e1b7a583ddd50fd55149fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e823660f841b44a3b545c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3df20b64c3166333da&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fb5f699f8cc05710526c6b2aa6589fbc5ddb5c04428fd9a8bb995df821bd163db96efb82715cff0190352919f4a6494156cef7d4054d08469e4551521247f3e1b7a583ddd50fd55149fb3fcc7613e57ac66895e2ba9bc7326d0f9263f3b10c24b241b84fdbeace886a4ddcde0e8365026b6e50a36f31aeee41e58f6803a5aad75a10fd3dee49b3e7cab713ffa49fe35e97c3c77071bee9f3dd3c0f0103845ca2c92acbc610c5251c8ad176ac2288527f4cb38cd1124a4b8c7&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:09 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e865b7fc5fe05b8f0245c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d6df7fad5d482f7cd&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fcd4a19f75075c816c5fff0237245272860876cac2970d3f05d397c607318477bc697f24e9819661cf88f663225a6b1225749aaa77b315bf05f89ea68ec94b07cf6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd2988cb57fbb93ad2c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy

34.96.99.173

200 OK

0 B

URL HTTP/1.1
imptrk.siteplug.com/impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e865b7fc5fe05b8f0245c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d6df7fad5d482f7cd&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fcd4a19f75075c816c5fff0237245272860876cac2970d3f05d397c607318477bc697f24e9819661cf88f663225a6b1225749aaa77b315bf05f89ea68ec94b07cf6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd2988cb57fbb93ad2c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy
IP
34.96.99.173:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /impTrk.php?enk1=28e2303c87457c513d0da301bf7133c05a01d0f8758d1a45f0442b088171a7ba1c39959d7ebe22e865b7fc5fe05b8f0245c886fb5f7184fc6845bb452e760f1e39b7c976d5c5b13cd996f34ca7d3c4a40ce3e92c0ff59c3d6df7fad5d482f7cd&enk2=d646714913aba435ffd0f01f410b174c22bd07ffdfa5272fcd4a19f75075c816c5fff0237245272860876cac2970d3f05d397c607318477bc697f24e9819661cf88f663225a6b1225749aaa77b315bf05f89ea68ec94b07cf6f6f9d6130278939e7620c5f43544f3b8e20a668efb063d1d3b7fe72f4eaebae20904234b1d49636f0309fb6b37f4df70c161d4e3aceede3966db7c3210530f0cd870c81e723b0e10430843d1eb4dd2988cb57fbb93ad2c36566f4bb53547512dd15154a6e914877de05a932d1bb9d19cc5b9cb68379767&ccd=no&stc=03&cin=oslo&mcd=0&cic=11093&kw=qldummy HTTP/1.1
Host: imptrk.siteplug.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 09 Dec 2022 16:00:09 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Via: 1.1 google

188.114.96.1

302 Found

0 B

URL HTTP/2
feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} HTTP/1.1
Host: feed.helperbar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Fri, 09 Dec 2022 16:00:05 GMT
content-type: text/html; charset=utf-8
location: https://search.safefinder.com/?publisher=defaultsf&dpid=portal_sf_admarket_tiles_sf&co=NO&userid=&type=YHS_SF_100_$00658_000000$&barcodeid=&um=&feedid=infospace&odistributer=defaultsf&opublisher=defaultsf&publisherid=658&st=ds&installdate=%7binstallDate%7d
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
set-cookie: ASP.NET_SessionId=ybro5jruaqmcjj3rg3hpra3m; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=ybro5jruaqmcjj3rg3hpra3m; path=/; HttpOnly; SameSite=Lax
_routed=true; expires=Thu, 09-Dec-2032 16:00:05 GMT; path=/
ARRAffinity=d221daf5fd179162f522a6718817c385d4f59df23a26aadc9244bdc487ddc055;Path=/;HttpOnly;Domain=app-beta-feed-router-scus-prd-02.azurewebsites.net
referrer-policy: no-referrer-when-downgrade
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0hVuTYwAAAABnrlZYtKkMT4dHMlRsyRHASEVMMDFFREdFMjAwOQBiYTUxMDBlMS1lZmQxLTQzMTUtOGNhNS1kNjdhM2VkYjI3ZGI=
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SSOLzpSeR0JTNjeJnZvrhEYaQSnQlGrdF99GKQDn3nAdUOk%2F52q8cngsIGjfDvZdOe7EFLUmY%2FLTATnDq2c3NgAZ3oRVaSOPZ%2Ft018Q79Er4mk13pnE5HLN0Se%2BgGzmeFgE8NO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776ef3a0adfa1c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations