Report - benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG

Report Overview

Submitted URL
benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-03 18:16:26
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.213.140.56
beacon.americanhoperesources.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.1 kB	45.55.126.207
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	451 B	746 B	142.250.74.74
benefits.americanhoperesources.com	310011	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.5 kB	104.21.57.148
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.33.119.27
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	21 kB	142.250.74.110
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	643 B	729 B	173.194.222.154
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	535 B	3.8 kB	142.250.74.132
trk-architecto.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	442 B	25 kB	172.64.139.19
event.trk-architecto.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	5.1 kB	172.64.138.19
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	534 B	694 B	142.250.74.163
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	64 kB	142.250.74.35
thanos-assets.nyc3.cdn.digitaloceanspaces.com	489515	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	569 kB	205.185.216.42
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.0 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	113 kB	142.250.74.131
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	118 kB	142.250.74.168
ka-f.fontawesome.com	3598	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.5 kB	172.64.168.22
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	43 kB	34.120.237.76
kit.fontawesome.com	1868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	650 B	104.18.23.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-03	medium	trk-architecto.com/scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com	Malware
2022-12-03	medium	event.trk-architecto.com/register/event_log/zngxn0veox	Malware
2022-12-03	medium	event.trk-architecto.com/register/event_log/zngxn0veox	Malware
2022-12-03	medium	event.trk-architecto.com/register/event_log/zngxn0veox	Malware
2022-12-03	medium	event.trk-architecto.com/register/event_log/zngxn0veox	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	benefits.americanhoperesources.com/l/21/js/9.2a3488cc.chunk.js	322 kB	2023-03-08	2023-03-13
Pretty URL benefits.americanhoperesources.com/l/21/js/9.2a3488cc.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-13 05:45:45 Times Seen1 Hash be762af752e965be9df15fd220580afe 3f0eeb675e83ecb45334e72c2c3ae4fda2954351 04d63818c39c0daad1d14fd9ecfd520f1f9dc27548ce3cc0358afd478a63be2f Loading...

	trk-architecto.com/scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com	6.9 kB	2023-03-08	2023-03-11
Pretty URL trk-architecto.com/scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com IP 172.64.139.19 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-11 11:15:29 Times Seen1 Hash 40974e95f0961b21b1df68daed12a994 29738acea582401cf140d79f980dcd696734d574 8b01f9a7e87f491ec40d2083e21749ac47d5827b6e10843a2ef677fb7ec22adf Loading...

	benefits.americanhoperesources.com/l/21/js/0.0db99e48.chunk.js	13 kB	2023-03-08	2023-03-13
Pretty URL benefits.americanhoperesources.com/l/21/js/0.0db99e48.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-13 05:45:45 Times Seen1 Hash f89665ef8113d3e9eb8fb08542a564b0 0f13a9dc2d8a65ebfc8ada3a72250614d60c5f32 d4922cfd352efa32abcc0d39d29ed3710f69fad164a480d7ac819637ac89a15e Loading...

	benefits.americanhoperesources.com/l/21/js/1.a9d5253a.chunk.js	39 kB	2023-03-08	2023-03-13
Pretty URL benefits.americanhoperesources.com/l/21/js/1.a9d5253a.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-13 05:45:45 Times Seen1 Hash a9aa3e2bf5877e441ca3a4564d13a3cc 2a75ad10b8d5205f8c0bfb077329de67c4c35d8f b9bf533a0f3c871d8646050d1ccc530d3ce841f53c5273c958a786fe204e73ca Loading...

	www.googletagmanager.com/gtag/js?id=UA-39024001-1	112 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-39024001-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-08 15:27:30 Times Seen1 Hash 94242de8d8ec11e3626e5d81a19ae226 e5c750b877cc02438e3cf1c81a9156354568035e 4ad7edc929e600d811d33bbb7679402cc598e53a79cdbf060a17277fe908824c Loading...

	kit.fontawesome.com/268a7048dd.js	11 kB	2023-03-07	2023-03-29
Pretty URL kit.fontawesome.com/268a7048dd.js IP 104.18.23.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:32 Last Seen2023-03-29 22:54:55 Times Seen52 Hash 0bb2f8da880f6c0890c3c9a5bed76217 db339f6540e304a5382678efa0797fa557216ab6 2e17c79e1b4d86ddba5a9d2104902942db44f856a9fd63a137cf5deb35f56366 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KBR2QSP	192 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KBR2QSP IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-08 15:27:30 Times Seen1 Hash 9203bddf73fdb2027971f9f8a36fcafc 89c1110b4e6b13b7f653ef8c2cedb98b7a6b8c85 d8a4bfc311dafa42d67d28bcb7de77941ebd6bfa88cd0d998ce5703e6f1e2f87 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	benefits.americanhoperesources.com/l/21/js/11.e564ea47.chunk.js	26 kB	2023-03-08	2023-03-11
Pretty URL benefits.americanhoperesources.com/l/21/js/11.e564ea47.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-11 11:15:29 Times Seen1 Hash 0dafed0a82e1f3a6dd4ba5d9389a18e1 e1ca88806edc895444bcaea321f79d1b5d0402b3 7762da43bea9fe388b5bc8426509dc71fa58f5525f1d2446799cf0d4c0a7b51b Loading...

	benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG	432 B	2023-03-08	2023-03-25
Pretty URL benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG IP 104.21.57.148 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-25 23:33:37 Times Seen2 Hash 4c63d1414fd46910792e496ffc3e6da5 7bfaa42b943d66ef71aaeca9b2be5a1fa21e517e c1cf7402c335cd1d015510d26bc57a694ee3625fbde605b2ae1978c847bd00c8 Loading...

	benefits.americanhoperesources.com/l/21/js/2.ddb6dbf0.chunk.js	15 kB	2023-03-08	2023-03-13
Pretty URL benefits.americanhoperesources.com/l/21/js/2.ddb6dbf0.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-13 05:45:45 Times Seen1 Hash 7661513319db310ae698830910b90239 4d6ad6bf9aabb8e54b8ee1ef06077051df690007 400dbe52dbe521963b8cc4e6758be0bec3076b81ac0f2ea8d29d5c5d3597f0c4 Loading...

	benefits.americanhoperesources.com/l/21/js/3.8caafbdc.chunk.js	77 kB	2023-03-08	2023-03-13
Pretty URL benefits.americanhoperesources.com/l/21/js/3.8caafbdc.chunk.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-13 05:45:45 Times Seen1 Hash 1e4a12bc8a02b84e216e9bf5b6362739 a05760e7713e1bf14fc56eae22616f61380cf8b2 d1ffc945764db086089375a1bbf7672d68374e4483e85f40ec31d7950538912b Loading...

	benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG	161 B	2023-03-08	2023-03-11
Pretty URL benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG IP 104.21.57.148 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:27:30 Last Seen2023-03-11 11:15:29 Times Seen1 Hash 46cbf43324ea4e420a860756e982bb74 7dd41e76c2645f25379bfb8e9c665e3ab0690848 eb4276ff89182c35a8cddbe492f430fbdfe6bb8cce60e4376478b21c4dcba367 Loading...

HTTP Transactions (73)

URL IP Response Size

benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG

104.21.57.148

301 Moved Permanently

0 B

URL HTTP/1.1
benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG
IP
104.21.57.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG HTTP/1.1
Host: benefits.americanhoperesources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Dec 2022 18:16:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Dec 2022 19:16:15 GMT
Location: https://benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e91KFEdcj4llmndoHqDAXQlnDt8qLA%2FDBzQpMmAtAYfJ%2FxFeJK5nK4MH3%2BmMVkIWKuShcmtITmUWVR%2F%2FPx7KWn5GG4BPvz6%2BYEcC0t%2B61QI9yL1CtUflF0%2BXHzqzKdwemVTWcZ7XYIR9KBnaHAr8uhr6kU%2BC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773e4ad798220b3d-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13259
Expires: Sat, 03 Dec 2022 21:57:14 GMT
Date: Sat, 03 Dec 2022 18:16:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5651
Cache-Control: max-age=150548
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:15 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 12:05:23 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9930
Expires: Sat, 03 Dec 2022 21:01:45 GMT
Date: Sat, 03 Dec 2022 18:16:15 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 17:20:00 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3375
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: d2DFy1j1MsQbZkbQAvuZQWdQILEOXlG2ByRPhjUe+znjf6ycrQ8FcmbkoQrtfznpuI9EN70xlRY=
x-amz-request-id: YYXX0N0PVEKNS3CC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 17:46:39 GMT
age: 1776
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a18c62cbe040126e49a8e97f3fea0344
ffeb041e5c477f1f1aeb19eb9cb8497fa633b082
513b777e7b8cc49b0e96c54e690556ce8d45ab19f1ba5e959ccd1429e090d8ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=146301
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:15 GMT
Etag: "638b2aec-117"
Expires: Mon, 05 Dec 2022 10:54:36 GMT
Last-Modified: Sat, 03 Dec 2022 10:54:36 GMT
Server: nginx
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 18:16:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a18c62cbe040126e49a8e97f3fea0344
ffeb041e5c477f1f1aeb19eb9cb8497fa633b082
513b777e7b8cc49b0e96c54e690556ce8d45ab19f1ba5e959ccd1429e090d8ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=146301
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:15 GMT
Etag: "638b2aec-117"
Expires: Mon, 05 Dec 2022 10:54:36 GMT
Last-Modified: Sat, 03 Dec 2022 10:54:36 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
53e1c8e61a54ff0513756ab2affd2a1b
8c056a5eb93b355e9848402451fa0efebecd224e
52d7b496948fa4627f3dce5c6102e9233fb4b794d3d31e36bca7d18d4e53bda8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4874
Cache-Control: max-age=155511
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b3bdd-1d7"
Expires: Mon, 05 Dec 2022 13:28:07 GMT
Last-Modified: Sat, 03 Dec 2022 12:06:53 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-39024001-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-39024001-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43653 bytes)
Hash
597135a0bfafd371e06ac4d02ebff3e2
3656f674c000c38a3d66d28680e2690371ef9243
9c52f5c13d00aa06df95564652fceed26e5d72cadf32d485ef3fda67f5d8155e

HTTP Headers

GET /gtag/js?id=UA-39024001-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Dec 2022 18:16:16 GMT
expires: Sat, 03 Dec 2022 18:16:16 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43653
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e63a3fb1ef1a4ebbbd126969d6ee68ca
8bc9c26950b3899087e25ddea159c28f57b47200
f2ec30377e239f64286ae7dde8032e4e332b6c123f7decc07126fbbcff460a69

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

105 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
105 kB (105216 bytes)
Hash
cc179be49e3bb195bd5168b58e7eb29c
b9a63ce9b340f12cadf8cb72928eaf37da954c7c
5629a988d1a07cd746b76674faf3ad3a63087cf07e6c49ee642ccafdba25238b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-KBR2QSP

142.250.74.168

200 OK

73 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KBR2QSP
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
73 kB (72787 bytes)
Hash
41a2408aba943835b59e4abb2471948a
48173ba657c84fe1bcdbc5a0afd918dcb52fd17f
b7baba766db73984fdb596c5e2373fb2aab2ff0e8901b389e2d92eee872714f9

HTTP Headers

GET /gtm.js?id=GTM-KBR2QSP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Dec 2022 18:16:16 GMT
expires: Sat, 03 Dec 2022 18:16:16 GMT
cache-control: private, max-age=900
last-modified: Sat, 03 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69337
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 18:08:58 GMT
cache-control: public,max-age=3600
age: 438
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
aed9b8d092fd16869011f9812b8aec64
eef94a664f7b701079fcd2cefcf2ad492ed32a9a
36f618dce8c02990ad753788aab2c6aa30ec0b39e261501c6f13b7b5f0729e71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6180
Cache-Control: max-age=164033
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b580d-117"
Expires: Mon, 05 Dec 2022 15:50:09 GMT
Last-Modified: Sat, 03 Dec 2022 14:07:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
aed9b8d092fd16869011f9812b8aec64
eef94a664f7b701079fcd2cefcf2ad492ed32a9a
36f618dce8c02990ad753788aab2c6aa30ec0b39e261501c6f13b7b5f0729e71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6180
Cache-Control: max-age=164033
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b580d-117"
Expires: Mon, 05 Dec 2022 15:50:09 GMT
Last-Modified: Sat, 03 Dec 2022 14:07:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
aed9b8d092fd16869011f9812b8aec64
eef94a664f7b701079fcd2cefcf2ad492ed32a9a
36f618dce8c02990ad753788aab2c6aa30ec0b39e261501c6f13b7b5f0729e71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5188
Cache-Control: max-age=163041
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b580d-117"
Expires: Mon, 05 Dec 2022 15:33:37 GMT
Last-Modified: Sat, 03 Dec 2022 14:07:09 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5640
Cache-Control: max-age=145475
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:40:51 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
aed9b8d092fd16869011f9812b8aec64
eef94a664f7b701079fcd2cefcf2ad492ed32a9a
36f618dce8c02990ad753788aab2c6aa30ec0b39e261501c6f13b7b5f0729e71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6180
Cache-Control: max-age=164033
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Etag: "638b580d-117"
Expires: Mon, 05 Dec 2022 15:50:09 GMT
Last-Modified: Sat, 03 Dec 2022 14:07:09 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
3bd25162779f16a815c86a7683fb82ea
d122808c005baf249a7cca20372113e6bbc6de2f
4314795440b4feda2a981886831908c15e1ca9fc3b105e520a8b794897017c17

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4314795440B4FEDA2A981886831908C15E1CA9FC3B105E520A8B794897017C17"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Sun, 04 Dec 2022 00:15:42 GMT
Date: Sat, 03 Dec 2022 18:16:16 GMT
Connection: keep-alive

push.services.mozilla.com/

34.213.140.56

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.140.56:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: X15arp2Fjzb2e4Cb7W5Ghg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gJ6gtnyJy9DGE3M6aROwAQfBz8U=

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 03 Dec 2022 16:41:08 GMT
expires: Sat, 03 Dec 2022 18:41:08 GMT
cache-control: public, max-age=7200
age: 5708
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c73fd41515946121a359b6ee38213fb7
b23d3e8ced38d17f2c23043335dde4e9210a87ea
b3252ea785f17917715d0fc9bfeff9c098e346ac294fb85b5501939dcbe3a9b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3252EA785F17917715D0FC9BFEFF9C098E346AC294FB85B5501939DCBE3A9B0"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 04 Dec 2022 00:16:16 GMT
Date: Sat, 03 Dec 2022 18:16:16 GMT
Connection: keep-alive

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=268a7048dd

172.64.168.22

200 OK

1.3 kB

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=268a7048dd
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2774)
Size
1.3 kB (1303 bytes)
Hash
d518246519ce72f0089c1ab900808667
3b7d61ab28876be206cfe25a50a4e99c7bbe7030
6a8d270b7f1d230271132eff43a56c6ee5692bcdd1fdb2c9601d0a6237444597

HTTP Headers

GET /releases/v5.15.4/css/free-v4-font-face.min.css?token=268a7048dd HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://benefits.americanhoperesources.com/
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: DOjNlKnkyuNIxFsj46TC6nlSI4u9GM9vZiYk95txdcx2qKSMd-KXOA==
age: 10262
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BHixC%2FSvVs9XDHEINPp0GBypbxxRf3yqYnzf8lYK6BWJHod8emjpnRxHCOz%2FAdn8Gwmp%2BQ860zNSk4QCSpafJzkEqq7hW9Kqwdm8BBdgFNHkwVsVjuRwOaWbqRcWg%2BIdMHRZno0IA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4adeb87372d6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j98&a=1349431981&t=pageview&_s=1&dl=https%3A%2F%2Fbenefits.americanhoperesources.com%2Fl%2F21%2F%3Faffid%3D1OG%26s1%3D110666562%26s2%3Dahrbday%26s3%3Ds6e6f1bp493or41s85%26session_id%3D01ef05eb-e48e-4850-98c3-668f54bf88c6%26wid%3D0fe85d49-287c-4c50-b1de-e62ddef3c00e&ul=en-us&de=UTF-8&dt=AHR%20-%20American%20Hope%20Resources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1289934222&gjid=1136363466&cid=2085242871.1670091375&tid=UA-39024001-1&_gid=49030063.1670091375&_r=1&gtm=2oubu0&z=255357933

142.250.74.110

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1349431981&t=pageview&_s=1&dl=https%3A%2F%2Fbenefits.americanhoperesources.com%2Fl%2F21%2F%3Faffid%3D1OG%26s1%3D110666562%26s2%3Dahrbday%26s3%3Ds6e6f1bp493or41s85%26session_id%3D01ef05eb-e48e-4850-98c3-668f54bf88c6%26wid%3D0fe85d49-287c-4c50-b1de-e62ddef3c00e&ul=en-us&de=UTF-8&dt=AHR%20-%20American%20Hope%20Resources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1289934222&gjid=1136363466&cid=2085242871.1670091375&tid=UA-39024001-1&_gid=49030063.1670091375&_r=1&gtm=2oubu0&z=255357933
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j98&a=1349431981&t=pageview&_s=1&dl=https%3A%2F%2Fbenefits.americanhoperesources.com%2Fl%2F21%2F%3Faffid%3D1OG%26s1%3D110666562%26s2%3Dahrbday%26s3%3Ds6e6f1bp493or41s85%26session_id%3D01ef05eb-e48e-4850-98c3-668f54bf88c6%26wid%3D0fe85d49-287c-4c50-b1de-e62ddef3c00e&ul=en-us&de=UTF-8&dt=AHR%20-%20American%20Hope%20Resources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1289934222&gjid=1136363466&cid=2085242871.1670091375&tid=UA-39024001-1&_gid=49030063.1670091375&_r=1&gtm=2oubu0&z=255357933 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://benefits.americanhoperesources.com
date: Sat, 03 Dec 2022 18:16:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
08ca0238100c906a665f21b1caa97f47
3f605891faeafb51a36cecd25d331bcc450d34e9
35dac74d71c723f7a8e7585174fad51a0115e4a294a2c0d80b63026e25825618

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&gjid=1136363466&_gid=49030063.1670091375&_u=YEBAAUAAAAAAACAAI~&z=1033129001

173.194.222.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&gjid=1136363466&_gid=49030063.1670091375&_u=YEBAAUAAAAAAACAAI~&z=1033129001
IP
173.194.222.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&gjid=1136363466&_gid=49030063.1670091375&_u=YEBAAUAAAAAAACAAI~&z=1033129001 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://benefits.americanhoperesources.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Dec 2022 18:16:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
08ca0238100c906a665f21b1caa97f47
3f605891faeafb51a36cecd25d331bcc450d34e9
35dac74d71c723f7a8e7585174fad51a0115e4a294a2c0d80b63026e25825618

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
3bd25162779f16a815c86a7683fb82ea
d122808c005baf249a7cca20372113e6bbc6de2f
4314795440b4feda2a981886831908c15e1ca9fc3b105e520a8b794897017c17

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "4314795440B4FEDA2A981886831908C15E1CA9FC3B105E520A8B794897017C17"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21565
Expires: Sun, 04 Dec 2022 00:15:42 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1377c2956f6d4d989e6fafbe01600b49
7a550dd67e42a8f1ba1468646af02691d0580345
4e0206cd8e1112cdefa7f974876461a968bbcbbf016b1b1c2e3af77346507886

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d177680f261fa0b5bf3d5ae3ed69af85
96cdc11262db0a9531fe0cd00e908f3e824c89b3
08eac8282cf4566d382816edac93db8581b65dc2898fc7ea80d7424224ed29ff

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 18:16:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163

142.250.74.132

200 OK

3.1 kB

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
data
Size
3.1 kB (3124 bytes)
Hash
23136f4d0219b661466a694f55bc67bc
fb1e4da5d0d47daa6b974c878f26c5d1f72a4b6c
5f3b55aefba87aaaecb49f105301a15a7786528d44eebdd34d8950c95331f047

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-39024001-1&cid=2085242871.1670091375&jid=1289934222&_u=YEBAAUAAAAAAACAAI~&z=260587163 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 18:16:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

trk-architecto.com/scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com

172.64.139.19

200 OK

24 kB

URL HTTP/2
trk-architecto.com/scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com
IP
172.64.139.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6946)
Size
24 kB (23584 bytes)
Hash
4890efe062ea4a978946dc97d5493cae
09e9e0fdacddc6dc0d8987e1871e54caf172c147
f53e517c7f41f3e829afe29bc65ea6b07128f3c02a54815b009f057ac4bbfb85

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /scripts/push/script/l8emw37gkr?url=benefits.americanhoperesources.com HTTP/1.1
Host: trk-architecto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:17 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=04fqsSmdHoO1srqCiNNpo%2FpGWyFseDhX7RHczV1gMYErWlw3BmdpK37SbjouH9J3z9dLal1VMzNZ%2FAjBeq0%2BpFQnRaLH9CHZthxjgsq%2FngrWzPVR%2Fv9cMxMMM45xD6%2BBQVWM5Vg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4ae0bd51887a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d177680f261fa0b5bf3d5ae3ed69af85
96cdc11262db0a9531fe0cd00e908f3e824c89b3
08eac8282cf4566d382816edac93db8581b65dc2898fc7ea80d7424224ed29ff

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1f3a4f3edea56419c58836a0c80d5cea
1558a7ad0acc0c09cdf39ec92030f7ee5736e595
70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 18:16:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2

142.250.74.35

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20180, version 1.0\012- data
Size
20 kB (20180 bytes)
Hash
e2443405d69a90020741167b1b3cf8dd
78bfc059adb0400d0f8609655daedd065402785f
aa1895205efb0ef0fa4232b6289c46a12bf07b9493598c2d50d3afe6d9ce9d9d

HTTP Headers

GET /s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B47rxz3bWuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20180
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 22:48:58 GMT
expires: Wed, 29 Nov 2023 22:48:58 GMT
cache-control: public, max-age=31536000
age: 329239
last-modified: Tue, 19 Apr 2022 18:34:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2

142.250.74.35

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20200, version 1.0\012- data
Size
20 kB (20200 bytes)
Hash
c8e400bbebae36502af48dcd4a30ea7d
4ab1f2c2a30aef8c1905d94df3b199877103ddb7
af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff

HTTP Headers

GET /s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20200
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 05:18:02 GMT
expires: Fri, 01 Dec 2023 05:18:02 GMT
cache-control: public, max-age=31536000
age: 219495
last-modified: Tue, 19 Apr 2022 18:28:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2

142.250.74.35

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20432, version 1.0\012- data
Size
20 kB (20432 bytes)
Hash
41ee38ab778591b0491c84fbce8aecf3
4544df52042a0600d71ea12d7f95eaffa22e65cf
2d2c4912162eaa41299aaf5063ecb92a26d76071fe6d1f77742b32c833daab99

HTTP Headers

GET /s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 01:51:20 GMT
expires: Thu, 30 Nov 2023 01:51:20 GMT
cache-control: public, max-age=31536000
age: 318297
last-modified: Tue, 19 Apr 2022 18:38:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2175
Expires: Sat, 03 Dec 2022 18:52:32 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2175
Expires: Sat, 03 Dec 2022 18:52:32 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/ec761a780e2ddc7b0c0d3a0547e23901image_2022_07_25T14_13_58_930Z.png

205.185.216.42

200 OK

94 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/ec761a780e2ddc7b0c0d3a0547e23901image_2022_07_25T14_13_58_930Z.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
PNG image data, 300 x 225, 8-bit/color RGB, non-interlaced\012- data
Size
94 kB (94077 bytes)
Hash
e395bd79b40591af17c662040a860544
7601fcad71151aab632c7754fab8b982a495a25e
d6c1bbd8062df5a61ae9f4711f8b39135cdc77bfee0427628f60bc88110ae1e8

HTTP Headers

GET /tenants/3/ec761a780e2ddc7b0c0d3a0547e23901image_2022_07_25T14_13_58_930Z.png HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:17 GMT
cache-control: max-age=600
content-length: 94077
content-type: image/png
last-modified: Mon, 25 Jul 2022 14:14:15 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "e395bd79b40591af17c662040a860544"
x-amz-request-id: tx0000000000001dc2aa718-00638b9271-3f1a061f-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds212.sk1.pr
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2175
Expires: Sat, 03 Dec 2022 18:52:32 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2175
Expires: Sat, 03 Dec 2022 18:52:32 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7732 bytes)
Hash
379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: V4Z3TZtTDMjnyxZx7VdJrKtZ-PbZkWnsQ0-1eFDem4TVyRGvk0dc7A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:53:36 GMT
age: 73361
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9715 bytes)
Hash
45182367fd4f8b6dd234eef1022acdb1
d4b3052021ff3ad1dc4134fa25eb12a98e7c17da
a57fadaf74db2fb457cfe761314d56f021d22146f5bdb6a8bf11b6519e8a558d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73b53015-e415-4fff-9252-8a16bbe000f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9715
x-amzn-requestid: c8102cfa-78dc-4d81-ad6a-e16b9132e238
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZO2HQKIAMF8IA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f2b-350c586b568e6565763376bd;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0QkVKyYm9UwlF5FEeli9UsRAQwEi3-c3bMR-QSJxIKRQe7WWT76dGQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:54 GMT
age: 74303
etag: "d4b3052021ff3ad1dc4134fa25eb12a98e7c17da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2175
Expires: Sat, 03 Dec 2022 18:52:32 GMT
Date: Sat, 03 Dec 2022 18:16:17 GMT
Connection: keep-alive

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 70634
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5354 bytes)
Hash
1e74254b3fdce7d6b84a71a7aff43789
65c8b4abf957f9b54d99d0f78559e639adb29efb
f278c3cc6734da7188862a8c651c803e7ac1fda82234e191761453cb1359d3ee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F627a3f86-b7fa-44c4-a119-2e3d23eb8b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5354
x-amzn-requestid: 3d58ffea-3433-4c5c-a60b-17f6de3a33e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cSsnvG44oAMFfyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638427ca-63b375f04189b7ce7d84cd5d;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 03:15:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GBhAilKMKo9RvIzqzF9V4jTZbvpa2rPZeoy6Jy8fMc1-JO078OAYzQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:53:40 GMT
age: 44558
etag: "65c8b4abf957f9b54d99d0f78559e639adb29efb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 44128
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
fcb89ca25035b2bbb71ae5dd175fcd40
544428cdad754b1bb7be3cd46a79bf078fd5b450
36dcbbe6cd2710ee502776b4bcf32053e92b750a55e2bd4cdeadbc694c7c2699

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7dc00fa-a8d3-44bf-ba84-1998d8dd7c5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: c824c317-e6e3-4006-9f9d-ea54e8170a4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cf2_tGErIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63896b97-7fc523296afea4dd4b5d1de8;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 03:05:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tp50A9LYeT1RvSPImBUoQNKtarPryKb8Zacm_nxqDh-gegwdQov7Nw==
via: 1.1 40b967aa4aa18637c4b91214147f3cb4.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 03:50:52 GMT
age: 51926
etag: "544428cdad754b1bb7be3cd46a79bf078fd5b450"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/4cb7c32ace3ac00ec5a93a05380a751dfstamps.jpg

205.185.216.42

200 OK

72 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/4cb7c32ace3ac00ec5a93a05380a751dfstamps.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2022:07:22 08:24:07], progressive, precision 8, 300x225, components 3\012- data
Size
72 kB (71852 bytes)
Hash
3d15dc8f950f020fc72e7fed8dc5b52c
adf7dad528733dfb22604047ec570b41e9dee5f8
35e12a302a6bb217f1d325c8af5113177a54b792a17e6526c805f7def12fb806

HTTP Headers

GET /tenants/3/4cb7c32ace3ac00ec5a93a05380a751dfstamps.jpg HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 71852
content-type: image/jpeg
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds023.sk1.p
x-rgw-object-type: Normal
etag: "3d15dc8f950f020fc72e7fed8dc5b52c"
x-amz-request-id: tx0000000000001dc313a24-00638b9271-3f2ad568-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Fri, 22 Jul 2022 12:24:16 GMT
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/71769fba7cea91cca2a83a059010c54eHHI%20new.jpg

205.185.216.42

200 OK

59 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/71769fba7cea91cca2a83a059010c54eHHI%20new.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 580x323, components 3\012- data
Size
59 kB (59396 bytes)
Hash
114d4e0d0fc80886941fa1df8b366302
e5569ddd1c8a21d4eef5e83ef78c3ab59b722e0c
46fde54f614bc3980ce321a08f8fe42fa25568a2985e7b498165be19ab43f97c

HTTP Headers

GET /tenants/3/71769fba7cea91cca2a83a059010c54eHHI%20new.jpg HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 59396
content-type: image/jpeg
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds204.sk1.p
x-rgw-object-type: Normal
etag: "114d4e0d0fc80886941fa1df8b366302"
x-amz-request-id: tx0000000000001dc4356b5-00638b9271-3f19a6f7-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Mon, 08 Aug 2022 14:37:45 GMT
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/3c0ca0f363192086d8653a018fd0dcf6GrantsReach_300x225.jpg

205.185.216.42

200 OK

66 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/3c0ca0f363192086d8653a018fd0dcf6GrantsReach_300x225.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x225, components 3\012- data
Size
66 kB (66040 bytes)
Hash
3b3eb681244a635cb2d44a9c4b9bf092
11dfb5020d60616b13dd5b7d540cef5b006ef801
161001c682aa0e2b5f71fd0d9da236f46c2f45c2465d96e5882149b918861fe6

HTTP Headers

GET /tenants/3/3c0ca0f363192086d8653a018fd0dcf6GrantsReach_300x225.jpg HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 66040
content-type: image/jpeg
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds068.sk1.p
x-rgw-object-type: Normal
etag: "3b3eb681244a635cb2d44a9c4b9bf092"
x-amz-request-id: tx0000000000001dc313a2f-00638b9271-3f2ad568-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Fri, 21 Jan 2022 17:16:48 GMT
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/5e7b2a1653ed17b9a5503a0547d53683xcz5j69rp_1583945846034_charminbanner.jpg

205.185.216.42

200 OK

90 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/5e7b2a1653ed17b9a5503a0547d53683xcz5j69rp_1583945846034_charminbanner.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2020:03:12 00:20:16], progressive, precision 8, 300x225, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 21605-30836, spot sensor temperature 3715504275456.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 4741932040565743275916738428928.000000\012- data
Size
90 kB (89682 bytes)
Hash
3732a664d167a7e296a59d54891197f0
aa7ab8d85c1d1b701b062109cec673f3e9b1303c
f3e2588ed49634a56a2476e73f1acab7e0d86f2d02398e9e6615fc8e3d88c053

HTTP Headers

GET /tenants/3/5e7b2a1653ed17b9a5503a0547d53683xcz5j69rp_1583945846034_charminbanner.jpg HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 89682
content-type: image/jpeg
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds264.sk1.p
x-rgw-object-type: Normal
etag: "3732a664d167a7e296a59d54891197f0"
x-amz-request-id: tx0000000000001dc2aa713-00638b9271-3f1a061f-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Mon, 25 Jul 2022 14:00:02 GMT
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/87c82f112d7417237c5f3a018fd13a94Resources4Relief_300x225.jpg

205.185.216.42

200 OK

74 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/87c82f112d7417237c5f3a018fd13a94Resources4Relief_300x225.jpg
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x225, components 3\012- data
Size
74 kB (74323 bytes)
Hash
153bded1914fd4d8345fcad0bb85bd8d
3de754cb3c616079829e30d98a9c9ef3ca9da7b4
a9cdc052efaf128fbc9e4ab55175efeaabe6761507a6d815edaebb60f9175cc2

HTTP Headers

GET /tenants/3/87c82f112d7417237c5f3a018fd13a94Resources4Relief_300x225.jpg HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:17 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 74323
content-type: image/jpeg
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds243.sk1.p
x-rgw-object-type: Normal
etag: "153bded1914fd4d8345fcad0bb85bd8d"
x-amz-request-id: tx0000000000001dc4356bb-00638b9271-3f19a6f7-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Fri, 21 Jan 2022 17:17:12 GMT
X-Firefox-Spdy: h2

event.trk-architecto.com/register/event_log/zngxn0veox

172.64.138.19

200 OK

0 B

URL HTTP/2
event.trk-architecto.com/register/event_log/zngxn0veox
IP
172.64.138.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

OPTIONS /register/event_log/zngxn0veox HTTP/1.1
Host: event.trk-architecto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://benefits.americanhoperesources.com/
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://benefits.americanhoperesources.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Asxpbl1Bima1FMYpOlTQqWJDz%2FUtZvmNdU%2BxMgawiEruSP8bCWgkevZeFx4QrK6ZrdN%2BDJKfvR7J84EGJSJkUmlGkbh4Tu6RbfXlAdMcl40kBnrdJ4Rbm8lckuZulD8mwr%2BOmq7mexdzwzc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4ae7e91f06d1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/c80d24601cde6b5a5d013a0180ab341binsuremycar300x225.png

205.185.216.42

200 OK

110 kB

URL HTTP/2
thanos-assets.nyc3.cdn.digitaloceanspaces.com/tenants/3/c80d24601cde6b5a5d013a0180ab341binsuremycar300x225.png
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
data
Size
110 kB (110341 bytes)
Hash
5172984c01a4393e70f05377b3af0b8b
33806abf7a4290fdab44ccbad06c3a5dd4b1eac0
e775965ef3f0f7f536c9f53d18476b6aae8544f7c56fb9f4d9ae0fa3b1ec061d

HTTP Headers

GET /tenants/3/c80d24601cde6b5a5d013a0180ab341binsuremycar300x225.png HTTP/1.1
Host: thanos-assets.nyc3.cdn.digitaloceanspaces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
accept-ranges: bytes
cache-control: max-age=600
content-length: 106104
content-type: image/png
x-hw: 1670091377.dop022.sk1.t,1670091377.cds238.sk1.hn,1670091377.cds252.sk1.p
x-rgw-object-type: Normal
etag: "d2fa3299c2610b49d86062f69184003b"
x-amz-request-id: tx0000000000001dc37c54c-00638b9271-3f2aaee4-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
last-modified: Tue, 18 Jan 2022 18:41:21 GMT
X-Firefox-Spdy: h2

event.trk-architecto.com/register/event_log/zngxn0veox

172.64.138.19

200 OK

0 B

URL HTTP/2
event.trk-architecto.com/register/event_log/zngxn0veox
IP
172.64.138.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

OPTIONS /register/event_log/zngxn0veox HTTP/1.1
Host: event.trk-architecto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://benefits.americanhoperesources.com/
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://benefits.americanhoperesources.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNph%2BRMZxToVU0z%2Bntywfi30hEOjNhZo01WqbttvE3Ruk5aRNVRv79PnDahokd%2Bvo1UVL4UEOIeX8t85721wPTHxzi7hzkmccDDt4IySvUNNTHLGzMKns3uFGg1ImTDX0KOKnikufLiZn6Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4ae7f93706d1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

event.trk-architecto.com/register/event_log/zngxn0veox

172.64.138.19

200 OK

0 B

URL HTTP/2
event.trk-architecto.com/register/event_log/zngxn0veox
IP
172.64.138.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /register/event_log/zngxn0veox HTTP/1.1
Host: event.trk-architecto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://benefits.americanhoperesources.com/
Content-type: application/json
Origin: https://benefits.americanhoperesources.com
Content-Length: 226
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params: 
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://benefits.americanhoperesources.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gha%2FpN9B%2F3KdgBHwCEqbzFPs2k27rFL5%2FFo%2Fg6rHldt1WRghQQhBQFtspN3nEqS6cO7S21dv7tX92VnH1tBfbAaKDExB3eZW74e0wFzqIUmMloW0X1AlSpAo58lCa%2FNBa4DOK0NCFupMY10%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4aea0be606d1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

event.trk-architecto.com/register/event_log/zngxn0veox

172.64.138.19

200 OK

0 B

URL HTTP/2
event.trk-architecto.com/register/event_log/zngxn0veox
IP
172.64.138.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /register/event_log/zngxn0veox HTTP/1.1
Host: event.trk-architecto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://benefits.americanhoperesources.com/
Content-type: application/json
Origin: https://benefits.americanhoperesources.com
Content-Length: 265
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:18 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params: 
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://benefits.americanhoperesources.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1vjOQEyu0cp%2Bl2JnmFaYbYd0EGmKMoKDkXNtcthxshdTMXvcBEKsOlyhKHMsg5%2BTFuXBnt8BdFFm0p5Wg7QDgoUZAzhoKQ9ALFVTagjbeHKY%2FWcuX437B3Q7fYRigk08a5BYQ%2FhjrB5ny8w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4aea2c1206d1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG

104.21.57.148

200 OK

0 B

URL HTTP/2
benefits.americanhoperesources.com/l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG
IP
104.21.57.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /l/21/?s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e&affid=1OG HTTP/1.1
Host: benefits.americanhoperesources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:15 GMT
content-type: text/html
last-modified: Tue, 25 Oct 2022 06:09:52 GMT
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2BZqGzfOWmM4rPNr1oSanxkli5%2BJmn7QL1nU6eUcRyNfTkNFnbP6pw8QkmsnVCtHkWSd4v3AfRgakzbozWitE8T4Dg34iKdmL8BCP47wgWA9bMmULzZndQxeRzYNDC0g4YfFW7kgzQmxEGpZ1wLG%2FknxGy4E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4ada6dee0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;700&display=swap

142.250.74.74

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;700&display=swap
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Barlow+Condensed:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 18:16:16 GMT
date: Sat, 03 Dec 2022 18:16:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=268a7048dd

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=268a7048dd
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=268a7048dd HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://benefits.americanhoperesources.com/
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db92535f619848d07c0f5eb965b50adc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: C7UzsdYstg-11Ygpg4yFs8-8f9X8jVZTPCbx4bnSdBNEZjRe8fBK0A==
age: 50524
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mfoFPMkzqXP6rZ4XIvF2IKQ2ecxxKxlOPY5Sw4ibNWIHglrA4y8qN7QWTxjw9cmdJw9zMTeW%2F%2F7pNXd5cMI2aE458km1g0msyOI7gM%2BTLAtS%2FEDupYoLxHJzdb0Tns1LQrU8vQrLog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4adeb87672d6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

beacon.americanhoperesources.com/t/0fe85d49-287c-4c50-b1de-e62ddef3c00e?affid=1OG&s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&session_id=01ef05eb-e48e-4850-98c3-668f54bf88c6&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e

45.55.126.207

200 OK

0 B

URL HTTP/2
beacon.americanhoperesources.com/t/0fe85d49-287c-4c50-b1de-e62ddef3c00e?affid=1OG&s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&session_id=01ef05eb-e48e-4850-98c3-668f54bf88c6&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e
IP
45.55.126.207:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/0fe85d49-287c-4c50-b1de-e62ddef3c00e?affid=1OG&s1=110666562&s2=ahrbday&s3=s6e6f1bp493or41s85&session_id=01ef05eb-e48e-4850-98c3-668f54bf88c6&wid=0fe85d49-287c-4c50-b1de-e62ddef3c00e HTTP/1.1
Host: beacon.americanhoperesources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: text/plain; charset=utf-8
server: Kestrel
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=2592000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
X-Firefox-Spdy: h2

kit.fontawesome.com/268a7048dd.js

104.18.23.52

200 OK

0 B

URL HTTP/2
kit.fontawesome.com/268a7048dd.js
IP
104.18.23.52:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /268a7048dd.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FsjYSjZnx8LZufarVC_B
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 773e4adc5e49b4e8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=268a7048dd

172.64.168.22

200 OK

0 B

URL HTTP/2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=268a7048dd
IP
172.64.168.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/free.min.css?token=268a7048dd HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://benefits.americanhoperesources.com/
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 137830cc36c3678f4f33e4b28fff771a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: nM7zsFZ2cUK0w_TzebOfqGmcz67lArcNtJd4V9-v9l9VoJcH0ZzpLg==
age: 10262
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4Iq2kh4rYzvk9Ey8Aka1%2FioxtWYJ4%2FoFFBI1u%2FehmHvPXl2HlW2WlL5gDE9QSg5FwZU9ioMBnSK%2FH7Rla3GO1HfuUwVWQLFXojbheYTR36j5FcU17JQrqOH9GYviiC9qZrZFNZZbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773e4adea84272d6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

beacon.americanhoperesources.com/geo/summary

45.55.126.207

200 OK

0 B

URL HTTP/2
beacon.americanhoperesources.com/geo/summary
IP
45.55.126.207:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /geo/summary HTTP/1.1
Host: beacon.americanhoperesources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://benefits.americanhoperesources.com
Connection: keep-alive
Referer: https://benefits.americanhoperesources.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 03 Dec 2022 18:16:16 GMT
content-type: application/json; charset=utf-8
server: Kestrel
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=2592000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations