pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
5.7 kB URL User Request GET pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
IP
ASN #61969 Team Internet AG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1519)
Hash 6b8aec0a3811fc438fa9e0a1a12c0e3c
581c95adcde69a73ce473758e25ba01a6ea9a47d
c3ed6e7d44f74eedf34fbb231b6a10dbb549e4f0668fb6a761f9086c437b326e
NIDS Severity Alert suricata high ET HUNTING SUSPICIOUS pony.exe in URI
suricata high ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata medium ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
GET /wp-admin/secure/panelnew/Pony.exe HTTP/1.1
Host: pinecastlehospital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 02:56:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Buckets: bucket003
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_FQirQ79GVuwQD4JHA9pwtE4TanXvJoBQe1OiQ80TQdCIOu/r9NDta2XxvCFk9S1aaapwdGktkjJhxARuUA3Vzw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: pinecastlehospital.com
X-Subdomain:
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js?abp=1
200 OK 54 kB URL GET HTTP/1.1 www.google.com/adsense/domains/caf.js?abp=1
IP
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
File type ASCII text, with very long lines (2125)
Hash 388c5d0b05a2e7c5c283de7144f5b110
c9b9b393748e23b6df4ad7cfd2b76025f1ed281f
f2dac9f0d5b9404c3eb113219968983eb25d72fa460cecfc2208c7dbdc6700f3
GET /adsense/domains/caf.js?abp=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 10 Jun 2023 02:56:20 GMT
Expires: Sat, 10 Jun 2023 02:56:20 GMT
Cache-Control: private, max-age=3600
ETag: "8554633489924949960"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
pinecastlehospital.com/track.php?domain=pinecastlehospital.com&toggle=browserjs&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D
200 OK 20 B URL GET HTTP/1.1 pinecastlehospital.com/track.php?domain=pinecastlehospital.com&toggle=browserjs&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D
IP
ASN #61969 Team Internet AG
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
File type gzip compressed data, max speed, from Unix\012- data
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=pinecastlehospital.com&toggle=browserjs&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D HTTP/1.1
Host: pinecastlehospital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 02:56:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
pinecastlehospital.com/ls.php?t=6483e654&token=d3f6ef23a0c02af1e73f1744294d87ad6c257e57
201 Created 16 B URL GET HTTP/1.1 pinecastlehospital.com/ls.php?t=6483e654&token=d3f6ef23a0c02af1e73f1744294d87ad6c257e57
IP
ASN #61969 Team Internet AG
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /ls.php?t=6483e654&token=d3f6ef23a0c02af1e73f1744294d87ad6c257e57 HTTP/1.1
Host: pinecastlehospital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Server: nginx
Date: Sat, 10 Jun 2023 02:56:20 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 6483e6540df143799e4f9976
Charset: utf-8
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ElYM7I21h+6oGO9Rfib5piuQzqjoO+PXPFJ+FZJg+PQ/xJZ3V5z1DSsPiCxjIFpUw5Be0FgyrQ40VsvHIrKYJg==
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
200 OK 11 kB URL GET HTTP/1.1 d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sat, 10 Jun 2023 01:25:10 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vfV8u4ES_PWRutYOHVhl351xmFVhx75yHOWdeZ6yjT6jLpFRxlgJUg==
Age: 5470
pinecastlehospital.com/favicon.ico
200 OK 0 B URL GET HTTP/1.1 pinecastlehospital.com/favicon.ico
IP
ASN #61969 Team Internet AG
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: pinecastlehospital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 02:56:20 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
471 B IP
Hash 648d86782bde8cdad1f84871db069b8b
0bbf16e28ab151906a446efd842b6e74ea80754d
39fee46d2df5b8a7024f2a8a5ab7eee986e6fd12589006df57c75b08bf812c4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 02:56:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530
200 OK 2.6 kB URL GET HTTP/2 www.google.com/afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530
IP
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintA8:95:C3:CB:D6:3F:BC:0A:7D:FF:36:72:5E:2F:56:26:9F:EB:77:0E
ValidityFri, 19 May 2023 12:58:13 GMT - Fri, 11 Aug 2023 12:58:12 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6808)
Hash b4e0cce55d6a75e516fc962b5f2d45a7
1ea838f7bba7b8f631a59e6231ab18b2c685e8a6
c16786b60ffa3d2cf75cf790a3c9c7256cdfdf2128b79d455f871c1bcd25da50
GET /afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 10 Jun 2023 02:56:20 GMT
expires: Sat, 10 Jun 2023 02:56:20 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-HKIUQAA82wFdqLFxB7_L1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2640
x-xss-protection: 0
set-cookie: CONSENT=PENDING+743; expires=Mon, 09-Jun-2025 02:56:20 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash 6c61fb42405abc811f67aabeace702b2
0d41286eb5a6f7f82734de50e0fdbc7e752e3d8e
bd7a264bf9a25dd4e67665c894ea85fd985546fb75f9e69da4bbfb5ba2fabab5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 02:56:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pinecastlehospital.com/track.php?domain=pinecastlehospital.com&caf=1&toggle=answercheck&answer=yes&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D
200 OK 20 B URL GET HTTP/1.1 pinecastlehospital.com/track.php?domain=pinecastlehospital.com&caf=1&toggle=answercheck&answer=yes&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D
IP
ASN #61969 Team Internet AG
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
File type gzip compressed data, max speed, from Unix\012- data
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=pinecastlehospital.com&caf=1&toggle=answercheck&answer=yes&uid=MTY4NjM2NTc4MC4yNTE4OmM0NTgwNDM1YThjZDczNDY0MWUxNmE3YWIzNTU3MDVkNzQ4NDRkMGI0YzczYzYzODg0ZGM3NzVhZGI4YTU4YWY6NjQ4M2U2NTQzZDdhOA%3D%3D HTTP/1.1
Host: pinecastlehospital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 02:56:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
471 B IP
Hash f37f1f8bd72d6fe504e90ff25208fd4e
8d3abb874761bf5c63b0573357ac4f81e4e82080
5e310194ea51e17d531cc6650b9bf41f1c20850de2e2e498fe45081846baddd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 02:56:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
200 OK 270 B URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
Requested by https://www.google.com/afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintAC:83:32:AA:E9:4D:2F:A2:F2:C9:F0:F3:7B:98:49:1B:5B:DE:7E:44
ValidityFri, 19 May 2023 12:57:31 GMT - Fri, 11 Aug 2023 12:57:30 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash 8959ddcd9712196961d93f58064ed655
62ab1e38e7e9fbf58a04381b76c2d96a9c829f24
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 09 Jun 2023 13:12:59 GMT
expires: Sat, 10 Jun 2023 12:12:59 GMT
cache-control: public, max-age=82800
age: 49402
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL GET HTTP/3 www.google.com/adsense/domains/caf.js
IP
Requested by https://www.google.com/afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type gzip compressed data, max compression\012- data
Hash 31dd7da87fd085c9e16960e920dfe3b9
0a7f705bec32305e93997c5d8232f5ad9d454dfa
b5e68caa9ce41d76ed7d27eac282e302c79b46e507a97c7ff7525ae5d5744279
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 10 Jun 2023 02:56:20 GMT
expires: Sat, 10 Jun 2023 02:56:20 GMT
cache-control: private, max-age=3600
etag: "1734129515357605405"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
200 OK 174 B URL GET HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
Requested by https://www.google.com/afs/ads?adtest=off&psid=8676772880&pcsa=false&channel=000001%2C000003%2C000082%2Cbucket003&client=dp-teaminternet12_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fpinecastlehospital.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NDgzZTY1NDNkNzhhfHx8MTY4NjM2NTc4MC4yNjM2fGE3ZjNmZmUxZWVhYjM2MmY2ZTczZGEyYjc0NDIxMDdlYjYxMmVhN2J8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGQzZjZlZjIzYTBjMDJhZjFlNzNmMTc0NDI5NGQ4N2FkNmMyNTdlNTd8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHww&terms=medical%20billing%20services%2Celectronic%20medical%20records%2Cpatient%20scheduling%20system%2Chealth%20insurance%2Celectronic%20health%20records%2Chealthcare&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2556349329685648&oe=UTF-8&ie=UTF-8&fexp=21404&format=r3%7Cs&nocache=6231686365779925&num=0&output=afd_ads&domain_name=pinecastlehospital.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1686365779926&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&cl=537871741&uio=--&cont=tc&jsid=caf&jsv=537871741&rurl=http%3A%2F%2Fpinecastlehospital.com%2Fwp-admin%2Fsecure%2Fpanelnew%2FPony.exe&adbw=master-1%3A530
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
FingerprintAC:83:32:AA:E9:4D:2F:A2:F2:C9:F0:F3:7B:98:49:1B:5B:DE:7E:44
ValidityFri, 19 May 2023 12:57:31 GMT - Fri, 11 Aug 2023 12:57:30 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 11b3089d616633ca6b73b57aa877eeb4
07632f63e06b30d9b63c97177d3a8122629bda9b
809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Fri, 09 Jun 2023 13:41:57 GMT
expires: Sat, 10 Jun 2023 12:41:57 GMT
cache-control: public, max-age=82800
age: 47664
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
471 B IP
Hash f37f1f8bd72d6fe504e90ff25208fd4e
8d3abb874761bf5c63b0573357ac4f81e4e82080
5e310194ea51e17d531cc6650b9bf41f1c20850de2e2e498fe45081846baddd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 02:56:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=pys40pyi7iji&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bs&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1
204 No Content 0 B URL GET HTTP/3 www.google.com/afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=pys40pyi7iji&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bs&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1
IP
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=pys40pyi7iji&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bs&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-TFbtEjVA-gO6JTpK2w52vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 10 Jun 2023 02:56:22 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=no8NFlae0yFd29dBYTB88KPlYQnMNenH5LFVP4_hd_buzOnx9DUyeEOo3fLtd68UmGINllDkhhumjOj5W4aU4M2thyZtvaN8LkWuKb76eKxNx-KPfVx81Zerby6iRB-btW_oLwbUiR_Biacl9qiE7mrRqiyo4pRsgqsqPipCyMs; expires=Sun, 10-Dec-2023 02:56:22 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+192; expires=Mon, 09-Jun-2025 02:56:22 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=5i0hxb4w9g71&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bv&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1
204 No Content 0 B URL GET HTTP/3 www.google.com/afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=5i0hxb4w9g71&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bv&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1
IP
Requested by http://pinecastlehospital.com/wp-admin/secure/panelnew/Pony.exe
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /afs/gen_204?client=dp-teaminternet12_3ph&output=uds_ads_only&zx=5i0hxb4w9g71&aqid=VOaDZPXnJsPCywW4_qw4&psid=8676772880&pbt=bv&adbx=375&adby=94&adbh=500&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet12_3ph&errv=537871741&csala=19%7C0%7C298%7C148%7C233&lle=0&ifv=1&usr=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://pinecastlehospital.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-TTqGnjRg1jC1MAwytn3XVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Sat, 10 Jun 2023 02:56:23 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: NID=511=mX2bI-0a3CMEHfdurs3w3EON4cHf3TOij7Lpub3XX1H0eYuUBDob-4wx7Tx5cjiF2EhqMr76aIX7h06oIy3hwpLNMN_Ub5uWQ5h2XYGCkO6UvQCrarX8qkrlhj_g1EJrVnYFs_mnUAsZlyEgsJ7DybhBEss7-z_oUYg-hfgUrPY; expires=Sun, 10-Dec-2023 02:56:23 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+083; expires=Mon, 09-Jun-2025 02:56:23 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
185.53.179.172
54.230.245.138