Overview

URLwww.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
IP 54.166.191.140 (United States)
ASN#14618 AMAZON-AES
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 14:31:51 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 www.ahsquotes.com/3steps/bundles/pyh_main_js-v=IYSNC0cAO_B-_TUsyGCiemgQo0mf (...) Phishing
2022-12-04 2 www.ahsquotes.com/3steps/bundles/pyh_external_js-v=uN_DBNmZ1XZv0CCjSQ0FwwOJ (...) Phishing
2022-12-04 2 www.ahsquotes.com/3steps/img/AHS_CMYK.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 54.166.191.140
Date UQ / IDS / BL URL IP
2022-12-13 20:58:43 +0000 0 - 0 - 7 www.ahsquotes.com/2021/2/?adname=42622&s1=85& (...) 54.166.191.140
2022-12-04 14:31:51 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=42647&s1=426 (...) 54.166.191.140
2022-10-06 19:12:24 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=41938&s1=461 (...) 54.166.191.140
2022-09-28 05:44:55 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=9497&s1=8221 (...) 54.166.191.140
2022-09-22 02:08:24 +0000 0 - 0 - 7 www.ahsquotes.com/2021/4/?adname=42447&s1=&r= (...) 54.166.191.140


Last 5 reports on ASN: AMAZON-AES
Date UQ / IDS / BL URL IP
2023-01-31 03:38:34 +0000 0 - 2 - 2 half-momentous-dance.glitch.me/kledred.html 50.17.125.240
2023-01-31 03:27:44 +0000 0 - 1 - 0 dl.frostwire.com/frostwire/6.9.10/frostwire-6 (...) 54.172.26.106
2023-01-31 03:20:21 +0000 0 - 0 - 1 www.adfailure.com/posts/109055-ad-fails 23.22.5.68
2023-01-31 03:16:02 +0000 0 - 3 - 0 pale-vivid-cone.glitch.me/ 34.194.27.178
2023-01-31 03:10:05 +0000 0 - 3 - 5 immense-rough-beauty.glitch.me/vaewa.HTM 34.206.254.128


Last 5 reports on domain: ahsquotes.com
Date UQ / IDS / BL URL IP
2022-12-13 20:58:43 +0000 0 - 0 - 7 www.ahsquotes.com/2021/2/?adname=42622&s1=85& (...) 54.166.191.140
2022-12-04 14:31:51 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=42647&s1=426 (...) 54.166.191.140
2022-10-06 19:12:24 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=41938&s1=461 (...) 54.166.191.140
2022-09-28 05:44:55 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=9497&s1=8221 (...) 54.166.191.140
2022-09-22 02:08:24 +0000 0 - 0 - 7 www.ahsquotes.com/2021/4/?adname=42447&s1=&r= (...) 54.166.191.140


Last 4 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-10-06 19:12:24 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=41938&s1=461 (...) 54.166.191.140
2022-09-28 05:44:55 +0000 0 - 0 - 3 www.ahsquotes.com/3steps/?adname=9497&s1=8221 (...) 54.166.191.140
2022-09-03 04:25:45 +0000 0 - 0 - 3 trkstar.com/?E=3Zu0NFjEUvTLTtVPf1cWpNP2P+Ba+2 (...) 18.232.203.164
0 - 0 - 0

JavaScript

Executed Scripts (15)

Executed Evals (1)
#1 JavaScript::Eval (size: 849) - SHA256: 45ee160d792bce79c28bcfa492373c5c727d03edb5c284b086dc7344dbf14cbe
(function() {
    var h = window.location.pathname,
        a = window.location.search.slice(1),
        e = "card_number Email email emailAddress EmailAddress ail ate mail state State firstname Fname FName FirstName lastname Lname LName LastName Address address address1 Address1 address2 Address2 address3 Address3 City city Zip zip ZipCode Zipcode zipcode PostalCode Postalcode postalcode postalCode phone SearchAddress Searchaddress searchaddress username user password pass pwd login useremail UserEmail Useremail".split(" ");
    a = a.split(/&|;/);
    console.log("called**********************************************************");
    for (var f = [], c = 0; c < a.length; c++) {
        var g = a[c];
        a: {
            var b = g;
            for (var d = 0; d < e.length; d++) {
                var k = new RegExp("^" + e[d] + "\x3d");
                if (k.test(b)) {
                    b = !1;
                    break a
                }
            }
            b = !0
        }
        b && f.push(g)
    }
    return window.location.protocol + "//" + window.location.hostname + h + "?" + f.join("\x26")
})();

Executed Writes (0)


HTTP Transactions (87)


Request Response
                                        
                                            GET /3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647 HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         54.166.191.140
HTTP/1.1 301 Moved Permanently
                                        
Content-length: 0
Location: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Connection: close

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18212
Expires: Sun, 04 Dec 2022 19:35:12 GMT
Date: Sun, 04 Dec 2022 14:31:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5977
Cache-Control: max-age=164354
Date: Sun, 04 Dec 2022 14:31:40 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 12:10:54 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19244
Expires: Sun, 04 Dec 2022 19:52:24 GMT
Date: Sun, 04 Dec 2022 14:31:40 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 14:20:07 GMT
cache-control: public,max-age=3600
age: 693
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: Zd6Os+xv95keFevUThFankVdeg0iRexgnKMAyGAJ5GCWN2NP7amGGGJEyiiVNIurJdW0sYwSbjM=
x-amz-request-id: 1QYHHPPH98VJDZZJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 13:47:34 GMT
age: 2646
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 14:31:40 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "040F75B88CC870B46204D400F5BDEA1C53DB79487CEFA1722E7523A460D2A2AD"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Sun, 04 Dec 2022 20:31:08 GMT
Date: Sun, 04 Dec 2022 14:31:40 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 14:08:58 GMT
cache-control: public,max-age=3600
age: 1362
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647 HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 14:31:40 GMT
Server: Apache
Set-Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6402
X-NID: N2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1126)
Size:   6402
Md5:    ee2b7cb62535751f554737f1c47b41ae
Sha1:   ec3cecd0c5980935b1c83a926f9a81dac4ffd246
Sha256: 0bf11bea8fc9861e95381e9686ddf36839408b2de15130ea10dc203af586344b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5972
Cache-Control: max-age=159282
Date: Sun, 04 Dec 2022 14:31:41 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:46:23 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /3steps/vendor/bootstrap/css/bootstrap.min.css HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:12 GMT
ETag: "355cf-5e9ab93d5abcb-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 28827
X-NID: N2


--- Additional Info ---
Magic:  ASCII text
Size:   28827
Md5:    bf5dc96ef0998db946fb7ab9e90130f5
Sha1:   2297b2b3b9f60139873d8e61a2e4f3a512fa1f17
Sha256: ae0328999ce89dcf9a5dd17371d916850be26a1b962ca098369f0b5ef4ee52dd
                                        
                                            GET /3steps/css/heroic-features.css HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "17e-5e9ab93b5528d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 263
X-NID: N1


--- Additional Info ---
Magic:  ASCII text
Size:   263
Md5:    d5a3d6db796f2ba2955c9f74d339c1fa
Sha1:   55f976163b961cdc4812286432024f7285d14e36
Sha256: cae8fee21a0ae20764b40cf40a8b7f84dd3318399aaab279b5bbf2ebcfa18384
                                        
                                            GET /3steps/bundles/pyh_main_js-v=IYSNC0cAO_B-_TUsyGCiemgQo0mfVgmz1oShNb7ny1Q1.js HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:12 GMT
ETag: "2c43-5e9ab93d388eb-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3066
X-NID: N1


--- Additional Info ---
Magic:  ASCII text, with very long lines (409)
Size:   3066
Md5:    f5629cfa60b9e8b3fd12b9e963d2fdf5
Sha1:   946352ed573d316325b53128054e25283e91766e
Sha256: 1da60a0123b15d9554ef2dae1769f22d22af288494b0e22d9c0cfffc59a9b297

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8+0H2YAcnwxrEcpauEswhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.37.79.227
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kjgNHEjdWF0YbiB2jrxSCVSTFpY=

                                        
                                            GET /3steps/bundles/pyh_external_js-v=uN_DBNmZ1XZv0CCjSQ0FwwOJuRgjgQuhhe44tzI3abA1.js HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:12 GMT
ETag: "90b51-5e9ab93d463ab-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
X-NID: N2


--- Additional Info ---
Magic:  ASCII text, with very long lines (500)
Size:   132385
Md5:    b17aa7936b49419cf2e72515d76d2fc4
Sha1:   a35fd969c72a3108d97d7cb6fea7eaf3c71a6b63
Sha256: d62c4a4df87febd0165d24bda59a7ca2256635d307646fe0a3d63d9a2e8425fc

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /logo/sehzbus/american-home-shield-22001027.png HTTP/1.1 
Host: seal-memphis.bbb.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         82.102.27.18
HTTP/2 200 OK
content-type: image/png
                                        
server: keycdn-engine
date: Sun, 04 Dec 2022 14:31:41 GMT
content-length: 6286
cache-control: max-age=14400
expires: Sun, 04 Dec 2022 18:31:41 GMT
last-modified: Sun, 04 Dec 2022 10:57:39 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: MISS
x-shield: active
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size:   6286
Md5:    d41b9fa75f1a6b1084b8de10d97b2f69
Sha1:   2a33a1ff1377abc3491a3a3e7ce09750202b4bf3
Sha256: 5f485b78ddd46a0248ba63601f4a14ef7e9fba275bfb8073bc55eb29c8e3fdbf
                                        
                                            GET /3steps/img/AHS_CMYK.svg HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "21db-5e9ab93b8502d"
Accept-Ranges: bytes
Content-Length: 8667
X-NID: N1


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   8667
Md5:    3581f57537b97335ce7d0d8fef448919
Sha1:   aa6321ce29992fbf1a42c74fec42c0849be8c333
Sha256: 785e103ab7847950b0a47be5b4d58f4a8b514b5f14d72c3dd7490d3735ab2a4f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /3steps/img/theclock.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "814-5e9ab93b5df2d"
Accept-Ranges: bytes
Content-Length: 2068
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 59 x 65, 8-bit/color RGBA, non-interlaced\012- data
Size:   2068
Md5:    ce23f71e46cb3d5b0b25aac3b1958f57
Sha1:   d4e3fdb146309bbfb4525824d2af37e366d934b6
Sha256: a4ac09a5063e8b8f4969bf5b0d0f6ce111e0270c70bf0f29a4d9994e59ebce1c
                                        
                                            GET /3steps/img/arrow-left.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "14e-5e9ab93b63ced"
Accept-Ranges: bytes
Content-Length: 334
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 18 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size:   334
Md5:    042a41d3ebeca286585c5cb95502dde8
Sha1:   1cd78e7195304a938e8ee36844e227eb5d31a0c0
Sha256: c728a68450197ec25dbc6932205911f522681344809a61c460d5385a897a7522
                                        
                                            GET /3steps/img/arrow-right.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "14f-5e9ab93b8aded"
Accept-Ranges: bytes
Content-Length: 335
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 18 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size:   335
Md5:    4f1cf36b47a4c7e187e82cc0c161716d
Sha1:   7cd0eaff29a72eae927a45e3d1456f37cd6b620e
Sha256: 84ed90b92e4a82cd9c332d73a7a8941b27fd3c841f6e02763e1971b7fa4e8799
                                        
                                            GET /3steps/img/protected.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "c96-5e9ab93b89e4d"
Accept-Ranges: bytes
Content-Length: 3222
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 59 x 65, 8-bit/color RGBA, non-interlaced\012- data
Size:   3222
Md5:    c55bee7a84b176312abf39bc35c039cc
Sha1:   0bba7bdf7e14af289364f8f56ceedd09610928df
Sha256: 02f4a2d410c9492b199ac691ca055db7cb55ceeff9243d6f8b2a866472df39ae
                                        
                                            GET /logo/american-home-shield-22001027.js HTTP/1.1 
Host: seal-memphis.bbb.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         82.102.27.18
HTTP/2 200 OK
content-type: application/javascript
                                        
server: keycdn-engine
date: Sun, 04 Dec 2022 14:31:41 GMT
content-length: 704
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 17:37:47 GMT
etag: "6ff458b460c8d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
expires: Sun, 04 Dec 2022 18:31:41 GMT
cache-control: max-age=14400
x-cache: MISS
x-shield: active
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (1052), with no line terminators
Size:   704
Md5:    fcb9cf4d1f8ea7a65262f1ee1420f5a5
Sha1:   b3d7d1cad07d2202539cb45a06b43f8a6ab90eb9
Sha256: 7897e3609c74d58ab4cdcf6552b7589db6466606d83c99e515fb04d8d2119800
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /3steps/img/stamps-mobile.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "1fdec-5e9ab93b8214d"
Accept-Ranges: bytes
Content-Length: 130540
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 480 x 628, 8-bit/color RGBA, non-interlaced\012- data
Size:   130540
Md5:    fea56a61efcf54042dc7915bcc45976f
Sha1:   6faeeaa63ea3b2ac86c366fd2d6e159177c432ad
Sha256: fba622279e8d25ad893b66cd9833169015a053835623b74c27a79c5c4b8c6273
                                        
                                            GET /3steps/img/thehouse.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "2138-5e9ab93b62d4d"
Accept-Ranges: bytes
Content-Length: 8504
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   8504
Md5:    05c86e17a1e9d42be5d271e5151a567e
Sha1:   29dd259615cb6021022941964eeb81ab25e2669c
Sha256: ee801a362c7ecbca955198a6322e15b364611bf99a50142d6e06dcda3a863b73
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /3steps/img/label.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "109c-5e9ab93b8bd8d"
Accept-Ranges: bytes
Content-Length: 4252
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 61 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size:   4252
Md5:    7e485e8d825d32a3cad96df5cd84510a
Sha1:   72e7ffaca95573ef58ad582380585b2ff86d0f5e
Sha256: 4d11bc60b3ad6131a7a5e7f9c357c380edf50fcd87b4ea29b0664581a4dd0d98
                                        
                                            GET /3steps/img/thumb.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "c5e-5e9ab93b7562d"
Accept-Ranges: bytes
Content-Length: 3166
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 61 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size:   3166
Md5:    d94db8b884eefaa68cbe424049972841
Sha1:   fc404ba3f3ca4506e581887a8e1e75af94d4c2f7
Sha256: 0d20435d5346fd1f29d2bdf10e909708167bd0cb45b9b427a2621b795d897236
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 327467
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtm.js?id=GTM-TXTTWK9 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 14:31:41 GMT
expires: Sun, 04 Dec 2022 14:31:41 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49684
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3032)
Size:   49684
Md5:    231d2123150f6d6a36c87d4867113c16
Sha1:   c559201a41ea1c8d3b9a5028ffb080b398eb0f3b
Sha256: 27d15e71828040a47784f3da15af3ea5e7b7b125fe4fe644e30a9865d98d91e9
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 327446
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /3steps/img/orange.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/vendor/bootstrap/css/bootstrap.min.css
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "4fb-5e9ab93b5df2d"
Accept-Ranges: bytes
Content-Length: 1275
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 652 x 137, 8-bit/color RGBA, non-interlaced\012- data
Size:   1275
Md5:    399b9eba457e7ed341717c91cba41061
Sha1:   88dfb20dee4327f7652b33c8d9f85a04e66d3922
Sha256: e30567d564a2ceb550b482f5362379d881bb0dae8c5919783df8eb95c16689a1
                                        
                                            GET /3steps/img/fortyfive.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/vendor/bootstrap/css/bootstrap.min.css
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "33c7-5e9ab93b8502d"
Accept-Ranges: bytes
Content-Length: 13255
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size:   13255
Md5:    be966f46f92b7db7328fd85c0740abd8
Sha1:   50d0e1a4642b5e4963af89a0bf407a764bb91108
Sha256: fc927fd07053dca12ee4c6b9546c47063ecaae1bcc3d23db7200d0eeb4244c50
                                        
                                            GET /3steps/img/handkey.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "21a9-5e9ab93b8502d"
Accept-Ranges: bytes
Content-Length: 8617
X-NID: N1


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   8617
Md5:    bcaa08ad32cff0c994879cd4755a556e
Sha1:   05783e267f1d7ae63e19d3be9edb0bcc6293283a
Sha256: 157ad6de478855af3a52c250e3e93e39eee508cdde237f70963ffba13025d34a
                                        
                                            GET /3steps/img/thesign.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "1ba5-5e9ab93b7f26d"
Accept-Ranges: bytes
Content-Length: 7077
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   7077
Md5:    df3ae245da86136bc93c87378a5f9da8
Sha1:   e3a2d1fc76c9acc935d34a8779c37b024ecfcc08
Sha256: b96ec1d01c71c4483abc5c49b4531542a18b669a7beec4129406a9cf6d57e1ff
                                        
                                            GET /3steps/img/stars.jpg HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "17a1-5e9ab93b8bd8d"
Accept-Ranges: bytes
Content-Length: 6049
X-NID: N1


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 127x26, components 3\012- data
Size:   6049
Md5:    f9d62cc38d388e646f5a1a971f739bd6
Sha1:   d6b3d37e506a733663d7a4b0f8aa5aa3fe140c4d
Sha256: fc420ffc2232a8845756384ef34febe08a82d09332641e768673e0eb53c4ca94
                                        
                                            GET /3steps/img/stamps.png HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "1b945-5e9ab93b830ed"
Accept-Ranges: bytes
Content-Length: 112965
X-NID: N2


--- Additional Info ---
Magic:  PNG image data, 1263 x 184, 8-bit/color RGBA, non-interlaced\012- data
Size:   112965
Md5:    3526d39a8643b84402d2ec1458675db8
Sha1:   91d86a087bc34eda10032e2e064ebd755cfc2bca
Sha256: b28fb9c54629e71f45aca28441ef4b1fcf90e879e6da4f5acae01ce98140c265
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=119292
Date: Sun, 04 Dec 2022 14:31:42 GMT
Etag: "638bc5c6-1d7"
Expires: Mon, 05 Dec 2022 23:39:54 GMT
Last-Modified: Sat, 03 Dec 2022 21:55:18 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: h4uahEUs7uD44wOr3EXvpK0-l45YTPXc8GO8UIj5LMpyoMcpAvYiAw==
Age: 6276

                                        
                                            GET /3steps/img/u.jpg HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "255d2-5e9ab93b62d4d"
Accept-Ranges: bytes
Content-Length: 153042
X-NID: N1


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 590x610, components 3\012- data
Size:   153042
Md5:    4319109daa3dfadc65d975d76579b915
Sha1:   2d0f8c5b743a15567f4b67dd04eb33f2d562d6be
Sha256: 4eedddd93bf526d2af00fa12f604b931e1eb2b9dad759903e00d70dba9db0600
                                        
                                            GET /trustedform.js?provide_referrer=true&field=xxTrustedFormCertUrl&l=16701642993490.8435500334884485 HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         3.225.128.243
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
server: awselb/2.0
date: Sun, 04 Dec 2022 14:31:42 GMT
content-length: 134
location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=true&field=xxTrustedFormCertUrl&l=16701642993490.8435500334884485
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   134
Md5:    4aa7a432bb447f094408f1bd6229c605
Sha1:   1965c4952cc8c082a6307ed67061a57aab6632fa
Sha256: 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
                                        
                                            GET /3steps/img/machine.jpg HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/vendor/bootstrap/css/bootstrap.min.css
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "5a1c7-5e9ab93b61dad"
Accept-Ranges: bytes
Content-Length: 369095
X-NID: N2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 948x562, components 3\012- data
Size:   369095
Md5:    8c7d0410b19f23b18fcb4c42593e8600
Sha1:   0aeeef5e3f0ce0290aeadf5a62719b621ed6024b
Sha256: 47acff25423d335512a155a966206ad7451ae641382db113384ecf16abb6dbcc
                                        
                                            GET /3steps/img/visit.jpg HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 04 Dec 2022 14:31:41 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 17:00:10 GMT
ETag: "4b7b8-5e9ab93b8502d"
Accept-Ranges: bytes
Content-Length: 309176
X-NID: N2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 579x533, components 3\012- data
Size:   309176
Md5:    b2e27c9fe058153501e7f558ec2cacfd
Sha1:   355ea7f7363969fc91bf65149da1378fc215caf9
Sha256: 01cf86d63dc8d45360dddcdd15b67f8eadcb5a202337165cd2f560c6f268f90a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=133868
Date: Sun, 04 Dec 2022 14:31:42 GMT
Etag: "638c173a-1d7"
Expires: Tue, 06 Dec 2022 03:42:50 GMT
Last-Modified: Sun, 04 Dec 2022 03:42:50 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ya24VO1n19hr-lrEhRJA3UuZ_g29ArvlFzbrD4cpVvM1LsWS_ZYnuw==

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7850
Expires: Sun, 04 Dec 2022 16:42:32 GMT
Date: Sun, 04 Dec 2022 14:31:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7850
Expires: Sun, 04 Dec 2022 16:42:32 GMT
Date: Sun, 04 Dec 2022 14:31:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6874
Expires: Sun, 04 Dec 2022 16:26:16 GMT
Date: Sun, 04 Dec 2022 14:31:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6874
Expires: Sun, 04 Dec 2022 16:26:16 GMT
Date: Sun, 04 Dec 2022 14:31:42 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 59944
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:16:07 GMT
age: 26135
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7503
Md5:    c1a6f4805f59db44f9d3520d88701a58
Sha1:   6a0258e8c97ce09f1723382c8a16d9682b7dc50c
Sha256: ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 25501
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 60101
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8989
Md5:    a6e7b32ac999cf3c899a234c621fa91a
Sha1:   fc5d4f3163ebb9faf85968cbb1d194e8e68418be
Sha256: f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 59935
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 60461
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.ahsquotes.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/3steps/?adname=42647&s1=42647&r=390429210&utm_source=directagents&utm_medium=affiliate&utm_campaign=42647_42647
Cookie: PHPSESSID=1akeeuqkourt976uuav7am42f2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         54.166.191.140
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Server: Apache
Content-Length: 196
X-NID: N1


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   196
Md5:    62962daa1b19bbcc2db10b7bfd531ea6
Sha1:   d64bae91091eda6a7532ebec06aa70893b79e1f8
Sha256: 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /bootstrap.js?provide_referrer=true&field=xxTrustedFormCertUrl&l=16701642993490.8435500334884485 HTTP/1.1 
Host: cdn.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ahsquotes.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.111
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 04 Dec 2022 14:31:43 GMT
last-modified: Tue, 29 Nov 2022 19:24:00 GMT
x-amz-version-id: jCFTHa4_D.dnuiumCq7.wUY_tmObizl8
etag: W/"226cf2375a4ea1f8ea8315621d70424b"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XjUXlCVN5C9h86EI6lzYp30TOH1siwFYd0wPc8XsTG5o9KqP8YV9_g==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   57228
Md5:    e1689891ecf807a0186a2be92c172121
Sha1:   189411d8c4aa24d4c14069ffd84c9b8973e2788c
Sha256: 30ed2951d629d67eff797c78b5226d64b9309e46f071199e2582157afcfc97ff
                                        
                                            GET /legacy.min.css HTTP/1.1 
Host: seal-blue.bbb.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         82.102.27.18
HTTP/2 200 OK
content-type: text/css
                                        
server: keycdn-engine
date: Sun, 04 Dec 2022 14:31:42 GMT
content-length: 878
cache-control: max-age=14400
content-encoding: gzip
last-modified: Wed, 14 Sep 2022 17:37:47 GMT
etag: "2f7b5ab460c8d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
expires: Sun, 04 Dec 2022 18:31:42 GMT
x-cache: HIT
x-shield: active
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2987), with no line terminators
Size:   878
Md5:    b2fc7d626e2bbdb5022983561aa8c575
Sha1:   9298848dbaa20df92b37e3b35ae92a8e7582f41e
Sha256: 12316d068017adf25397b21e6697ac361a531da039456e4e1076a490bc83254c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2GZFJJK6B1&cid=261658355.1670164300&gtm=2oebu0&aip=1&z=671741708 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 14:31:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-1685974-4&cid=261658355.1670164300&jid=1346370809&gjid=553586590&_gid=216450727.1670164300&_u=YCDACEAABAAAACAAI~&z=1373674481 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         108.177.14.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://www.ahsquotes.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 14:31:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-1685974-35&cid=261658355.1670164300&jid=962945604&gjid=723619124&_gid=216450727.1670164300&_u=YCDACEABBAAAACAAI~&z=407925202 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         108.177.14.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://www.ahsquotes.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 14:31:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /iframe_api HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-content-type-options: nosniff
expires: Sun, 04 Dec 2022 14:31:42 GMT
date: Sun, 04 Dec 2022 14:31:42 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=xzfFxkHLfaE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=qD5ZdzYElZE; Domain=.youtube.com; Expires=Fri, 02-Jun-2023 14:31:42 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+244; expires=Tue, 03-Dec-2024 14:31:42 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (509)
Size:   962
Md5:    1a555344e976e506fe358bf31592a484
Sha1:   7385fb3fcf23d4ef626e511ac750d91e4359cfcf
Sha256: 588e7fe64ba52a920ca24d5e902da441efa81b7b77acb6e03446aadae5b8e59f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 14:31:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-1685974-4&cid=261658355.1670164300&jid=1346370809&_u=YCDACEAABAAAACAAI~&z=27156216 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.132
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 14:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-1685974-35&cid=261658355.1670164300&jid=962945604&_u=YCDACEABBAAAACAAI~&z=542681668 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.132
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 14:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /trustedform-1.8.31.js HTTP/1.1 
Host: cdn.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.111
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 29 Nov 2022 19:24:00 GMT
x-amz-version-id: zyVp10qBIDUkm0kSLQCBEAAE6CiOCr9w
server: AmazonS3
content-encoding: gzip
date: Sun, 04 Dec 2022 14:31:43 GMT
etag: W/"642f630e75dc2888743ef1bcac8f0de0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hTipvgj1mXOc7PBODNGXvMDbhOynVCCsNDTqnVkzL0J41FGdp3fzsQ==
age: 29
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   37653
Md5:    dc54edd373e6a9a9bf8e9667d23ef607
Sha1:   d7efff4077adb1eb18277f74e4bea701ceae215f
Sha256: f1c645e1befa0b144e73d321340a82f4edf95416ec221f9fefff09ccbd309d39
                                        
                                            POST /g/collect?v=2&tid=G-2GZFJJK6B1&gtm=2oebu0&_p=1291742157&_gaz=1&cid=261658355.1670164300&ul=en-us&sr=1280x1024&_eu=BA&_s=1&dl=https%3A%2F%2Fwww.ahsquotes.com%2F3steps%2F%3Fadname%3D42647%26s1%3D42647%26r%3D390429210%26utm_source%3Ddirectagents%26utm_medium%3Daffiliate%26utm_campaign%3D42647_42647&sid=1670164300&sct=1&seg=0&dt=AHS&en=page_view&_fv=1&_ss=1 HTTP/1.1 
Host: region1.analytics.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://www.ahsquotes.com
date: Sun, 04 Dec 2022 14:31:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /certs/3701fb4f5f358e7314b5829e0ee9067e2ea99f96/fingerprints HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 262
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         3.225.128.243
HTTP/2 204 No Content
                                        
date: Sun, 04 Dec 2022 14:31:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            POST /certs/3701fb4f5f358e7314b5829e0ee9067e2ea99f96/snapshot HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 12247
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         3.225.128.243
HTTP/2 204 No Content
                                        
date: Sun, 04 Dec 2022 14:31:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            POST /certs/3701fb4f5f358e7314b5829e0ee9067e2ea99f96/events HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1654
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         3.225.128.243
HTTP/2 204 No Content
                                        
date: Sun, 04 Dec 2022 14:31:44 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            POST /certs/3701fb4f5f358e7314b5829e0ee9067e2ea99f96/events HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 370
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         3.225.128.243
HTTP/2 204 No Content
                                        
date: Sun, 04 Dec 2022 14:31:45 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:02:47 GMT
age: 59342
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7728
Md5:    027480c06cd67621f373c6765dafee4d
Sha1:   9f80bb7ca6f699d88eaec2248dec508c589fe994
Sha256: f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
                                        
                                            GET /css?family=Roboto:400,500,700,900 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.ahsquotes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 14:31:41 GMT
date: Sun, 04 Dec 2022 14:31:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.ahsquotes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 327465
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---