r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2444
Expires: Thu, 17 Nov 2022 18:45:01 GMT
Date: Thu, 17 Nov 2022 18:04:17 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4626
Cache-Control: max-age=150252
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:17 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 11:48:29 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2814
Expires: Thu, 17 Nov 2022 18:51:11 GMT
Date: Thu, 17 Nov 2022 18:04:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 17:44:44 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1173
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yTmnTXfZKGCCUPuFNP5EyhK27aVbMwa9w9DyoAuTjxFrbE9oNoicixMBXpwd8+J/yDf7xXRsTSw=
x-amz-request-id: Z7C0T9G80VX4QQ1G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 17:52:34 GMT
age: 703
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
smartdiy.com/http:/smartdiy.com/mtm/direct/.ejxnkmlygzaqrp-fc2yq7bkbn6fkbyzqxmhyrcr_hly55navqrsp77taekq-qkei1nfzcyqj5sqirz35wgiqqfvv2v1ar-igfmz00avd4tgtdahm80s26smbt0szgjs7lu6htee7yz1hmjzlik6tfs0ivlfio4xlgbbn2kkcd-rzbcql2bpu_nzscgsegz1jxungiaxbryjxc6xzkfh5eyxmujmtnq-cjqniiqu5o5tlbwzcw7r3idevlbtrtqsmzz2lcyii1zvey7snyztgdvqeyccx-qo4mnykobmqrvdhh4wx0xc4vyf-t_nzckesfwo_v-cbepy:1or4do:j3uuw4rgafgn6gfimmpvtz-bnf0
200 OK 5.6 kB URL HTTP/1.1 smartdiy.com/http:/smartdiy.com/mtm/direct/.ejxnkmlygzaqrp-fc2yq7bkbn6fkbyzqxmhyrcr_hly55navqrsp77taekq-qkei1nfzcyqj5sqirz35wgiqqfvv2v1ar-igfmz00avd4tgtdahm80s26smbt0szgjs7lu6htee7yz1hmjzlik6tfs0ivlfio4xlgbbn2kkcd-rzbcql2bpu_nzscgsegz1jxungiaxbryjxc6xzkfh5eyxmujmtnq-cjqniiqu5o5tlbwzcw7r3idevlbtrtqsmzz2lcyii1zvey7snyztgdvqeyccx-qo4mnykobmqrvdhh4wx0xc4vyf-t_nzckesfwo_v-cbepy:1or4do:j3uuw4rgafgn6gfimmpvtz-bnf0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (529)
Hash 5ab74002d67685dd29b20ddba2a689af
e563109fe75065924efacb58cf36dadd3fc7e289
44022f714325d608d0e6bdf8db45c9c95e6b356cf95493eb4436ea222d792606
Analyzer Verdict Alert fortinet Malware
GET /http:/smartdiy.com/mtm/direct/.ejxnkmlygzaqrp-fc2yq7bkbn6fkbyzqxmhyrcr_hly55navqrsp77taekq-qkei1nfzcyqj5sqirz35wgiqqfvv2v1ar-igfmz00avd4tgtdahm80s26smbt0szgjs7lu6htee7yz1hmjzlik6tfs0ivlfio4xlgbbn2kkcd-rzbcql2bpu_nzscgsegz1jxungiaxbryjxc6xzkfh5eyxmujmtnq-cjqniiqu5o5tlbwzcw7r3idevlbtrtqsmzz2lcyii1zvey7snyztgdvqeyccx-qo4mnykobmqrvdhh4wx0xc4vyf-t_nzckesfwo_v-cbepy:1or4do:j3uuw4rgafgn6gfimmpvtz-bnf0 HTTP/1.1
Host: smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Thu, 17 Nov 2022 18:04:17 GMT
content-type: text/html; charset=utf-8
content-length: 5568
vary: Accept-Language
content-language: en
connection: close
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 17 Nov 2022 18:04:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
smartdiy.com/mtm/async/.eJxdkElygzAURO_C0gEzxIDjVM7ikoQkhAY0fLCkVO4eMixS2XW_rt6892LzorgV9Qxgb3XQyMMk0pmsutag60l4SqA-0yUaqVXiGTlvK0a65EYssRmYxCm7qOfkib_PKvW9QbvzwY4jICpd5SQVrWGZJLf0wQmfn_sHF86xfe_2FvlKcKZz06B9ugCHCc362oRuCBpDEzJfwqi2YQZKx5TbWS9ZCTkAC43YFRPrJSqOsemkJFPlMyZOddhud5MD4YHy3C5xM1ygiH1aIhlilmzuaYp6WzQYVxVlgTwPh4gjecqop_6nzGuAu0GaHvWvna8HIdTCwYFGOARqVSJrlSAIxGrq-EWe4n-q1at7a84vpdCI0xrtgv3GB8W2PNWn7_1afHwCYzSW9Q:1ovjFJ:6wLZDgF_7RbSoSYHCAodEDQVzto/1/
200 OK 419 B URL HTTP/1.1 smartdiy.com/mtm/async/.eJxdkElygzAURO_C0gEzxIDjVM7ikoQkhAY0fLCkVO4eMixS2XW_rt6892LzorgV9Qxgb3XQyMMk0pmsutag60l4SqA-0yUaqVXiGTlvK0a65EYssRmYxCm7qOfkib_PKvW9QbvzwY4jICpd5SQVrWGZJLf0wQmfn_sHF86xfe_2FvlKcKZz06B9ugCHCc362oRuCBpDEzJfwqi2YQZKx5TbWS9ZCTkAC43YFRPrJSqOsemkJFPlMyZOddhud5MD4YHy3C5xM1ygiH1aIhlilmzuaYp6WzQYVxVlgTwPh4gjecqop_6nzGuAu0GaHvWvna8HIdTCwYFGOARqVSJrlSAIxGrq-EWe4n-q1at7a84vpdCI0xrtgv3GB8W2PNWn7_1afHwCYzSW9Q:1ovjFJ:6wLZDgF_7RbSoSYHCAodEDQVzto/1/
IP
File type ASCII text, with very long lines (419), with no line terminators
Hash c0fcfb0d99a1448f5f83971a29d18c01
dacd33aeb808b8f98ae5b80476c2c1d71be158fb
faca62c697d259b6edcb8653d866610d4fe1555f93a3e0e7a5cd6081a7a697a9
Analyzer Verdict Alert fortinet Malware
GET /mtm/async/.eJxdkElygzAURO_C0gEzxIDjVM7ikoQkhAY0fLCkVO4eMixS2XW_rt6892LzorgV9Qxgb3XQyMMk0pmsutag60l4SqA-0yUaqVXiGTlvK0a65EYssRmYxCm7qOfkib_PKvW9QbvzwY4jICpd5SQVrWGZJLf0wQmfn_sHF86xfe_2FvlKcKZz06B9ugCHCc362oRuCBpDEzJfwqi2YQZKx5TbWS9ZCTkAC43YFRPrJSqOsemkJFPlMyZOddhud5MD4YHy3C5xM1ygiH1aIhlilmzuaYp6WzQYVxVlgTwPh4gjecqop_6nzGuAu0GaHvWvna8HIdTCwYFGOARqVSJrlSAIxGrq-EWe4n-q1at7a84vpdCI0xrtgv3GB8W2PNWn7_1afHwCYzSW9Q:1ovjFJ:6wLZDgF_7RbSoSYHCAodEDQVzto/1/ HTTP/1.1
Host: smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://smartdiy.com/http:/smartdiy.com/mtm/direct/.ejxnkmlygzaqrp-fc2yq7bkbn6fkbyzqxmhyrcr_hly55navqrsp77taekq-qkei1nfzcyqj5sqirz35wgiqqfvv2v1ar-igfmz00avd4tgtdahm80s26smbt0szgjs7lu6htee7yz1hmjzlik6tfs0ivlfio4xlgbbn2kkcd-rzbcql2bpu_nzscgsegz1jxungiaxbryjxc6xzkfh5eyxmujmtnq-cjqniiqu5o5tlbwzcw7r3idevlbtrtqsmzz2lcyii1zvey7snyztgdvqeyccx-qo4mnykobmqrvdhh4wx0xc4vyf-t_nzckesfwo_v-cbepy:1or4do:j3uuw4rgafgn6gfimmpvtz-bnf0
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Thu, 17 Nov 2022 18:04:18 GMT
content-type: text/html; charset=utf-8
content-length: 419
x-mtm-path: 7
x-mtm-prov: 300:0.00;308:0.00
x-mtm-rd: 0.00
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJzbWFydGRpeS5jb20iLCJodHRwOi8vd3d3MS5zbWFydGRpeS5jb20vP3RtPTEmc3ViaWQ0PTE2Njg3MDgyNTguMDQ4MjAwMDAwMCZLVzE9T25saW5lJTIwQ2FyZWVyJTIwQ291bnNlbGluZyUyMFByb2dyYW1zJktXMj1NYWtlJTIwTW9uZXklMjBGcm9tJTIwSG9tZSZLVzM9TWFrZSUyME1vbmV5JTIwRnJvbSUyMEhvbWUmS1c0PUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1c1PU1ha2UlMjBNb25leSUyMEZyb20lMjBIb21lJktXNj1CMkIlMjBUcmF2ZWwlMjBCb29raW5nJTIwU3lzdGVtJktXNz1CZXN0JTIwTW9ydGdhZ2UlMjBSZWZpbmFuY2luZyUyMFJhdGVzJktXOD1NYWtlJTIwTW9uZXklMjBGcm9tJTIwSG9tZSZLVzk9U29jaWFsJTIwTWVkaWElMjBBdXRvbWF0aW9uJTIwTWFya2V0aW5nJTIwU29mdHdhcmUmc2VhcmNoYm94PTAmYmFja2ZpbGw9MCIsMSwiMjAyMi0xMS0xNyAxODowNDoxOCIsMSwiMTY2ODcwODI1OC4wNDgyMDAwMDAwIiwzMDgsbnVsbCxudWxsXQ:1ovjFK:mob-2OuxQO6SiX9p2GQdWHcoPU4; expires=Thu, 17-Nov-2022 19:04:18 GMT; Max-Age=3600; Path=/
connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 17:25:01 GMT
cache-control: public,max-age=3600
age: 2357
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
200 OK 5.7 kB URL HTTP/1.1 www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3094)
Hash 419447b134ff7ccecf17c96efafdd7de
dd50f3067cde368522e1214fa1f39e04a96e68b1
06c235ab9151a93bc19efa3132fe000721ac46e52127345ac66d250757049691
GET /?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0 HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://smartdiy.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_W5Bpf14HgLRSS+RGvZFAvmcVXuUVFOY+FgJgtokC9YjBaZRnB/WcBxwprIWjHKD/25ks2GT1ZgMTKcrVQunmgw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2661
Cache-Control: max-age=143218
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:18 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 09:51:16 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
d38psrni17bvxu.cloudfront.net/themes/assets/style.css
200 OK 343 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/assets/style.css
IP
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 00:33:14 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YN5BLTmMa9YFKyhUw7t-zxFJJwoibgVabGyVfsViNUPmyLcGnhV71Q==
Age: 63064
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
200 OK 648 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
IP
Hash 706f944f821bc64dff4240a04251ff36
efcf7c46310be1b252baae8e2f4b5e9edfee9fe3
dc365466c780c2d5e58a10925db88facb0cae18cb5a077790c54561e8590b63b
GET /themes/cleanPeppermintBlack_657d9013/style.css HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 03:12:38 GMT
Last-Modified: Fri, 21 Oct 2022 11:27:37 GMT
Content-Encoding: gzip
ETag: W/"63528229-63e"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: msNVF6homNadua9ETxjlW2kf6RVp-x2JBCAsSh6ymgpdxRVO9dwGIg==
Age: 53500
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
200 OK 7.0 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
File type ASCII text, with very long lines (316)
Hash 3c7567521347bf95b105ffa7fdc7da86
08739adacbf1300c74d8ae1cf100d00d9fbd0e5f
0e32bca6b67dfdeed3f9b988ddcec1adf0502549a130a78c4ace64c318a7ea29
Analyzer Verdict Alert fortinet Malware
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7006
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 15:10:44 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
Accept-Ranges: bytes
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WkHwWz5wddO6rgK6JlucWKpNEfnnuKHm_2qbyCZZabIofW_0HI4yaw==
Age: 10414
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash 93d2ef645eece2614f4afada1fc7f9bf
d1051e7dc2cd1831fcd731b15c652098aa3c8d3f
6f6e2e25b415e9f9f21e681284c772d8b0f6a096956a24dbb23e26a43ec82278
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Thu, 17 Nov 2022 18:04:18 GMT
Expires: Thu, 17 Nov 2022 18:04:18 GMT
Cache-Control: private, max-age=3600
ETag: "17187032645827392492"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Nov 2022 18:04:18 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sDUkIbHbfyBJe8GwUT6KZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X6xoT/XwwqyaaWq4/t2eFwFm4SM=
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
200 OK 11 kB URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 02:14:12 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 974rU1XsfAT-TwVS7YScdLBp3fc9MBAhKjlcigdJ4uM_D01RL_RzVg==
Age: 57007
www1.smartdiy.com/favicon.ico
200 OK 0 B URL HTTP/1.1 www1.smartdiy.com/favicon.ico
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:19 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.smartdiy.com/track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI1OC41NTc0OmI3ZTI3Y2NiZjA1ZjU4NDYwNjc0OGJiMmEwNjNhZDBmNWNkOGY5NzdiM2ZiMDFjOTI1OGNlNmIxZmE1MWFkYTU6NjM3Njc3YTI4ODE4MA%3D%3D
200 OK 20 B URL HTTP/1.1 www1.smartdiy.com/track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI1OC41NTc0OmI3ZTI3Y2NiZjA1ZjU4NDYwNjc0OGJiMmEwNjNhZDBmNWNkOGY5NzdiM2ZiMDFjOTI1OGNlNmIxZmE1MWFkYTU6NjM3Njc3YTI4ODE4MA%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI1OC41NTc0OmI3ZTI3Y2NiZjA1ZjU4NDYwNjc0OGJiMmEwNjNhZDBmNWNkOGY5NzdiM2ZiMDFjOTI1OGNlNmIxZmE1MWFkYTU6NjM3Njc3YTI4ODE4MA%3D%3D HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e7341c02564cba5a407e28eccd8283de
e3332d7dcc8c27310a67c4ddf97ff200331b6077
979c4749a492b1cba7a1f42ce17b2bbbb6eac96ceb1f6574be955a71248b1674
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f597aa17a4d26018bf1ad1591cda3a8c
6da511661cc1b274d9003c70b1f3a02d4c892a9e
fec0b5daf3e144d99f60100ce28b3e607a8908742002eeab5af289d512d5e3f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000750%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Online%20Career%20Counseling%20Programs%2CMake%20Money%20From%20Home%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CBest%20Mortgage%20Refinancing%20Rates%2CMake%20Money%20From%20Home%2CSocial%20Media%20Automation%20Marketing%20Software&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301100&format=r9%7Cs&nocache=4311668708258282&num=0&output=afd_ads&domain_name=www1.smartdiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668708258283&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fwww1.smartdiy.com%2F%3Ftm%3D1%26subid4%3D1668708258.0482000000%26KW1%3DOnline%2520Career%2520Counseling%2520Programs%26KW2%3DMake%2520Money%2520From%2520Home%26KW3%3DMake%2520Money%2520From%2520Home%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DMake%2520Money%2520From%2520Home%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW8%3DMake%2520Money%2520From%2520Home%26KW9%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsmartdiy.com%2F&adbw=master-1%3A530
200 OK 2.4 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000750%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Online%20Career%20Counseling%20Programs%2CMake%20Money%20From%20Home%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CBest%20Mortgage%20Refinancing%20Rates%2CMake%20Money%20From%20Home%2CSocial%20Media%20Automation%20Marketing%20Software&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301100&format=r9%7Cs&nocache=4311668708258282&num=0&output=afd_ads&domain_name=www1.smartdiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668708258283&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fwww1.smartdiy.com%2F%3Ftm%3D1%26subid4%3D1668708258.0482000000%26KW1%3DOnline%2520Career%2520Counseling%2520Programs%26KW2%3DMake%2520Money%2520From%2520Home%26KW3%3DMake%2520Money%2520From%2520Home%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DMake%2520Money%2520From%2520Home%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW8%3DMake%2520Money%2520From%2520Home%26KW9%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsmartdiy.com%2F&adbw=master-1%3A530
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7927)
Hash 0c6b6fb7e4980cbfcebf9ff75ffd05f1
04636b491d77a034af183198e1ef12ac1c8551cd
ff2faca0c2e1a36905efa3494bd805e9cd351aecd3cbc6df17f8d88e34561ec5
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C000750%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Online%20Career%20Counseling%20Programs%2CMake%20Money%20From%20Home%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CB2B%20Travel%20Booking%20System%2CBest%20Mortgage%20Refinancing%20Rates%2CMake%20Money%20From%20Home%2CSocial%20Media%20Automation%20Marketing%20Software&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301100&format=r9%7Cs&nocache=4311668708258282&num=0&output=afd_ads&domain_name=www1.smartdiy.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1668708258283&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&cl=488417025&uio=--&cont=tc&jsid=caf&jsv=488417025&rurl=http%3A%2F%2Fwww1.smartdiy.com%2F%3Ftm%3D1%26subid4%3D1668708258.0482000000%26KW1%3DOnline%2520Career%2520Counseling%2520Programs%26KW2%3DMake%2520Money%2520From%2520Home%26KW3%3DMake%2520Money%2520From%2520Home%26KW4%3DB2B%2520Travel%2520Booking%2520System%26KW5%3DMake%2520Money%2520From%2520Home%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DBest%2520Mortgage%2520Refinancing%2520Rates%26KW8%3DMake%2520Money%2520From%2520Home%26KW9%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fsmartdiy.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.smartdiy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Thu, 17 Nov 2022 18:04:19 GMT
expires: Thu, 17 Nov 2022 18:04:19 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2422
x-xss-protection: 0
set-cookie: CONSENT=PENDING+099; expires=Sat, 16-Nov-2024 18:04:19 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=www1.smartdiy.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
200 OK 181 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.smartdiy.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP
File type ASCII text, with no line terminators
Hash 8b81b6b6610d2029e1f55b5013c70592
1c698da6303020c215d962539678ce9f4c19ab2e
ef2a9a8ff663a1fc661bd8759201a2122dcafc8e976a29b67f33bb54042c46ab
GET /gampad/cookie.js?domain=www1.smartdiy.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.smartdiy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 17 Nov 2022 18:04:19 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f597aa17a4d26018bf1ad1591cda3a8c
6da511661cc1b274d9003c70b1f3a02d4c892a9e
fec0b5daf3e144d99f60100ce28b3e607a8908742002eeab5af289d512d5e3f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash eeab7cac05db82df44ba5530370a7b0c
ba9f2b0bbfd4f12b923106c29369a94d9fc617f1
097d22b35eebb9dff6ca54f1f8550c5ee5e6b99c726d6ac388acf7c5a1356d31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
200 OK 270 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 02:18:25 GMT
expires: Fri, 18 Nov 2022 01:18:25 GMT
cache-control: public, max-age=82800
age: 56754
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 00:02:48 GMT
expires: Thu, 17 Nov 2022 23:02:48 GMT
cache-control: public, max-age=82800
age: 64891
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash e3ef4fa6e63334c1a8d02c8f042fd66c
44b43e90a0f6876bc26f86b17f0b11fe45762951
d94585dfe48324d5e394a1e88f450048d1eac21acdbb72948ef0528e46e8b899
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 18:04:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 18:04:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 18:04:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 18:04:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 18:04:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2723
Expires: Thu, 17 Nov 2022 18:49:43 GMT
Date: Thu, 17 Nov 2022 18:04:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e2a2d21ac149d7cf783628b5e815702
ae4692dccf90fa1a30119c95a1539ed8163e574f
5e1ebb536daa764e1c906c60a7a36c0f67aa476e12bf9fe1fda07bf87bc1f299
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9362
x-amzn-requestid: 859ecb2a-831d-48df-a769-4bd9e21941fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brWuSF8hoAMFtVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63746b28-737fcd2d0c4d85eb71bfc452;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 04:46:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Vo_6vm8fGw7IFpQIB-rScZ4XQQah_5NtDelbOQFpXqLT2yevul9MnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:10:45 GMT
age: 53615
etag: "ae4692dccf90fa1a30119c95a1539ed8163e574f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 785c079072174860502c277b03f7743d
e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uCpQ4_KnzebJIjDy2pgU-dAxiQwklQcai8HPgqdguUsOPJx1KaTUmA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:12:56 GMT
age: 53484
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96b4478c098865b0d19738098db61d64
0e18a8c51596c8a4d84a142a57ffe376294833cc
9c9e433cf8f2167e4cfc3cff247eee85ebb9977e338e6e144acaea830db17c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5749
x-amzn-requestid: c67c9352-e777-417e-afe1-003d7a072e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bkItcGfcoAMFzkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637187ef-670b63160b7d0cdf4a5b609e;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 00:12:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFDS3_SNf5hbW8NAtNERJbS1jj29nWO0_GSIypgwlv7kymKieO8qNA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 08:44:38 GMT
age: 33582
etag: "0e18a8c51596c8a4d84a142a57ffe376294833cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5zDWKjYmvVLCemXw5Swm2qkhw1mQtD5c07Fl7Krydo_XR5FFyHDu4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:15:37 GMT
age: 38923
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2bd274d60bc239b0328fe30a442ef2d9
fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12337
x-amzn-requestid: e5851f2c-9353-4db3-be88-71858f396096
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bq3aYFwNoAMFiZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6374390f-2b174db41b890a7b37d44ace;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 01:12:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: TKWEtKtzjYSs-JejM2B-dc1x4nMKr0nnpsZ5c9ySCfnp5ul786zjZQ==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 12:00:45 GMT
age: 21815
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uCIDqd8Nb4t4d3VN-UZ8OufrweFvW-RQFc7ZZkkYy9KIZJOh7eQIDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:33:58 GMT
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
age: 73822
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
200 OK 5.7 kB URL HTTP/1.1 www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3070)
Hash 7cd245c1adc997129f36d5cb47f56db8
7e4d5b27cac8443fc7ef5ef92b81364815c552e9
b1f8639c0e419a7d4f3e1788e77ca2ca1ea6ba2c0048442837ee5a3b3adab58f
GET /?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0 HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=53c45603255aba05:T=1668708259:S=ALNI_Mb6SAMsIUkNgYHWSdDEMImYTQTc-g
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_W5Bpf14HgLRSS+RGvZFAvmcVXuUVFOY+FgJgtokC9YjBaZRnB/WcBxwprIWjHKD/25ks2GT1ZgMTKcrVQunmgw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
304 Not Modified 0 B URL HTTP/1.1 d38psrni17bvxu.cloudfront.net/scripts/maincaf.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /scripts/maincaf.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
If-Modified-Since: Tue, 15 Nov 2022 15:10:24 GMT
If-None-Match: "6373abe0-1b5e"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Thu, 17 Nov 2022 15:10:44 GMT
Last-Modified: Tue, 15 Nov 2022 15:10:24 GMT
ETag: "6373abe0-1b5e"
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s1-TmjzK2t0bATEIr_B4XAsASweRKLeeNf63bu6qqaFBXXuAYbAH3g==
Age: 10416
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP
File type ASCII text, with very long lines (1885)
Hash cab5a8333ee166d9f6d0b2bd295db5e5
6693b5f32a350be64a33d9f3cf42aae1a67270a8
148e93b6b9d9cc517b75154be03b93614353dfebd96b73137d1f08c9c82c02de
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/
If-None-Match: "17187032645827392492"
Cache-Control: max-age=0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Thu, 17 Nov 2022 18:04:20 GMT
Expires: Thu, 17 Nov 2022 18:04:20 GMT
Cache-Control: private, max-age=3600
ETag: "8456826843805353673"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
www1.smartdiy.com/track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D
200 OK 20 B URL HTTP/1.1 www1.smartdiy.com/track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=smartdiy.com&toggle=browserjs&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
Cookie: __gsas=ID=53c45603255aba05:T=1668708259:S=ALNI_Mb6SAMsIUkNgYHWSdDEMImYTQTc-g
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.smartdiy.com/ls.php
201 Created 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 3022
Origin: http://www1.smartdiy.com
Connection: keep-alive
Referer: http://www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
Cookie: __gsas=ID=53c45603255aba05:T=1668708259:S=ALNI_Mb6SAMsIUkNgYHWSdDEMImYTQTc-g
Cache-Control: max-age=0
HTTP/1.1 201 Created
Date: Thu, 17 Nov 2022 18:04:21 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 637677a5db44ff0c6d03b94d
Charset: utf-8
Access-Control-Allow-Origin: http://www1.smartdiy.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_nrTCNFIBFQ2ZDna+WVm6A5b4b2mH1OA5qXJHgW6XXNYK3xScvchcb2SGuvem8iVtaisELLh3W4mku6/ygynWnQ==
www1.smartdiy.com/track.php?domain=smartdiy.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D
200 OK 20 B URL HTTP/1.1 www1.smartdiy.com/track.php?domain=smartdiy.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D
IP
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=smartdiy.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2ODcwODI2MC4xMjk2OmEwYmJmOWRhYTYxZDk3NDI5MmE3ZTgwNDA1OTI3ODc1YmRmOGQ0ZmIzOWY4NmVmMjJhOWRjMmZjOGE3OGRhMDI6NjM3Njc3YTQxZmExYw%3D%3D HTTP/1.1
Host: www1.smartdiy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.smartdiy.com/?tm=1&subid4=1668708258.0482000000&KW1=Online%20Career%20Counseling%20Programs&KW2=Make%20Money%20From%20Home&KW3=Make%20Money%20From%20Home&KW4=B2B%20Travel%20Booking%20System&KW5=Make%20Money%20From%20Home&KW6=B2B%20Travel%20Booking%20System&KW7=Best%20Mortgage%20Refinancing%20Rates&KW8=Make%20Money%20From%20Home&KW9=Social%20Media%20Automation%20Marketing%20Software&searchbox=0&backfill=0
Cookie: __gsas=ID=53c45603255aba05:T=1668708259:S=ALNI_Mb6SAMsIUkNgYHWSdDEMImYTQTc-g
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 18:04:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 17 Nov 2022 18:04:19 GMT
expires: Thu, 17 Nov 2022 18:04:19 GMT
cache-control: private, max-age=3600
etag: "14850336586422826086"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
72.14.185.43
23.36.77.32
93.184.220.29
185.53.178.30
0.0.0.0