Report - w1.mssxhb.com/prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31

Report Overview

Submitted URL
w1.mssxhb.com/prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31
IP
3.223.208.36
ASN
#14618 AMAZON-AES
Submitted
2022-10-16 07:22:15
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	35.164.56.167
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-09T05:09:40Z	708 B	563 B	216.239.32.36
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
leads.go-afs.com	unknown	2021-12-06T19:49:06Z	2022-12-05T19:12:47Z	3.4 kB	20 kB	104.17.210.37
www.google.com	7	2015-05-10T13:11:19Z	2023-03-09T13:38:50Z	505 B	694 B	142.250.74.164
kartrausers.s3.amazonaws.com	273798	2017-03-27T14:36:42Z	2023-03-07T01:16:53Z	418 B	3.8 kB	52.217.45.196
b.clarity.ms	3462	2021-07-27T14:49:08Z	2023-03-09T11:28:47Z	438 B	271 B	20.75.32.255
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-09T13:40:16Z	370 B	52 kB	142.250.74.168
static.cloudflareinsights.com	1294	2019-09-24T16:34:56Z	2023-03-09T10:55:53Z	445 B	393 B	172.64.156.26
w1.mssxhb.com	unknown	2022-06-04T11:42:13Z	2022-11-07T16:12:01Z	411 B	663 B	23.22.137.191
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.27
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.0 kB	5.3 kB	23.36.76.226
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	3.6 kB	7.7 kB	142.250.74.3
d1aettbyeyfilo.cloudfront.net	unknown	2020-12-08T09:00:03Z	2023-03-07T01:16:53Z	858 B	44 kB	54.230.245.37
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	676 B	2.0 kB	143.204.42.158
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	658 B	1.4 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	50 kB	34.120.237.76
app.kartra.com	108193	2016-07-11T08:37:49Z	2023-03-06T13:12:40Z	2.1 kB	23 kB	104.17.209.37
c.bing.com	247	2012-05-22T12:26:32Z	2023-03-09T05:11:02Z	460 B	795 B	204.79.197.200
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
integrations.api.mailshake.com	unknown	2018-03-30T17:53:44Z	2023-03-09T13:29:47Z	549 B	510 B	34.197.172.216
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-09T10:01:47Z	1.9 kB	103 kB	216.58.207.195
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-09T12:17:45Z	658 B	746 B	142.250.74.10
d2uolguxr56s4e.cloudfront.net	unknown	2020-12-08T09:00:02Z	2023-03-07T01:16:53Z	408 B	511 B	143.204.42.220
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-09T07:43:12Z	597 B	711 B	173.194.73.156
www.clarity.ms	1404	2018-08-22T09:41:57Z	2023-03-09T05:11:00Z	739 B	24 kB	13.107.246.53
c.clarity.ms	803	2021-02-04T00:22:47Z	2023-03-09T05:11:02Z	821 B	1.2 kB	20.234.93.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-16	medium	w1.mssxhb.com/prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1	452 B	2023-03-07	2023-03-10
Pretty URL leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1 IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-10 10:20:51 Times Seen1 Hash 8f80d4fd0f26c57d709ee47b144d4ac6 e187574cefe7db86ce0e192279eed5ec3294b9e0 368b22534d3a7cebcf9ae8ebc1c4cb4b48c9c4269e779a2569a340fe165890f1 Loading...

	leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1	281 B	2023-03-07	2023-03-10
Pretty URL leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1 IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-10 10:20:51 Times Seen1 Hash 2734adbb42dd407606732c98d9db8e3a 0a3c0241e95bcfd3b6563bf26847d958cbf3ef05 000e50cc5fb2c2148758ea7dbf0d415dd2449a1c997411809b86ed457cd1e77a Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	app.kartra.com/resources/js/page_check?page_id=Ynfdryoewia4	127 B	2023-03-07	2024-04-21
Pretty URL app.kartra.com/resources/js/page_check?page_id=Ynfdryoewia4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2024-04-21 18:57:13 Times Seen36 Hash 95814efb19d95eac81fca3eef6cf9245 50573e37fb8aea4a307f02c9254d938cd65edc75 04ba9191a34da1249205be89a6290068726ffc1d18bd809ddabb2d3ef2fe2405 Loading...

	leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1	1.5 kB	2023-03-07	2023-03-10
Pretty URL leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1 IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-10 10:20:51 Times Seen1 Hash d541c04a1befe7838e7f48dea200e452 501a79fa21bb5f56bfbd7744dcd71e194dfd366e 5f147964f679fb5662ad170e19745eea5c22b8fb0eb7a362e962d52b50bac324 Loading...

	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-26
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 172.64.156.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 05:43:44 Times Seen1638 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	leads.go-afs.com/js/build/front/pages/skeleton-immediate.js	7.3 kB	2023-03-07	2024-04-21
Pretty URL leads.go-afs.com/js/build/front/pages/skeleton-immediate.js IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2024-04-21 18:57:13 Times Seen38 Hash d5f6fea94cc32389ffc664bf86de8283 08666ce2de9cc32ca5e424b27318d2bd63118268 8fda0820478381b07d4294f2cb508287a705bfbdb0f9a7d425d4258913221da7 Loading...

	www.clarity.ms/tag/9jl1qyl5kp?ref=gtm2	1.7 kB	2023-03-10	2023-03-10
Pretty URL www.clarity.ms/tag/9jl1qyl5kp?ref=gtm2 IP 13.107.246.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:20:51 Last Seen2023-03-10 10:20:51 Times Seen1 Hash 00ff037ec96efad377e9ef4ba58d2e31 161b17d0aa7647f2e547b82a88eca9dad6df754b 348fc298fff2c61cc9035e0421afa078ac3f97c209acb163ff69f42d85f962e5 Loading...

	www.clarity.ms/eus2/s/0.6.42/clarity.js	54 kB	2023-03-08	2023-03-10
Pretty URL www.clarity.ms/eus2/s/0.6.42/clarity.js IP 13.107.246.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:56:06 Last Seen2023-03-10 11:41:10 Times Seen1 Hash 4b1d1bdee2fb3a8356e441d82d8657bc ca9ce11793c167a765b754c5f7ecd49634c621ab d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PX5QPGH	134 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PX5QPGH IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:20:51 Last Seen2023-03-10 10:20:51 Times Seen1 Hash fa7f027ff938a3a6a7015b4d59ee0301 5e05c377af4faf0c082d75ccdc753a321607e4d6 b1c13be3bec6e6286cc19fde2fad7a3d5c367a5424d819a31736f3ef3609db9a Loading...

	app.kartra.com/resources/js/kartra_embed_wild_card?type=kartra_page&owner=Agq61PWk	6.7 kB	2023-03-07	2023-03-11
Pretty URL app.kartra.com/resources/js/kartra_embed_wild_card?type=kartra_page&owner=Agq61PWk IP 104.17.209.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-11 20:55:14 Times Seen1 Hash 318f433229be4d9720175cdbca991e4a dd2761f78f5f5ebe5bb2d6f73ceb3f47a8943e89 23c23cb8bd5c026b3fdc092710a2b8bf6bcfdcf0ecb2fc251c5cd4648208f3fb Loading...

	leads.go-afs.com/js/build/front/pages/skeleton-below.js	13 kB	2023-03-07	2023-03-11
Pretty URL leads.go-afs.com/js/build/front/pages/skeleton-below.js IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-11 20:55:14 Times Seen1 Hash baff4bf924d4b578ec20022326419ec9 9bc6ed17db321e068354580c9e6ce03d373c88a7 b5db34f5ec4e18a5411eedc2837a8d9deb88812dc05d48b36a6691a9713bab78 Loading...

	app.kartra.com/resources/js/analytics/Agq61PWk	6.0 kB	2023-03-07	2023-09-28
Pretty URL app.kartra.com/resources/js/analytics/Agq61PWk IP 104.17.209.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:54 Last Seen2023-09-28 01:02:01 Times Seen22 Hash 6d9395ac063ad635aec28a343ec318d6 cb06f6556b90647207a6d45587f8b48603faf05f 592a8b27e9a69bbaf008ada9590dfde98d161a1d5e489a8a9d51f66c5cc242f1 Loading...

	www.googletagmanager.com/gtag/js?id=G-9QVVWF40FE&l=dataLayer&cx=c	213 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-9QVVWF40FE&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:20:51 Last Seen2023-03-10 10:20:51 Times Seen1 Hash cead016c38d9332b7cbcdf317798e66f af9722289bf93e5bde862eb5a06a409239135f13 0fdecef110e1e09f6b0141df4dcd035635e223d5dcefbb79e21217a080fb6bf1 Loading...

	leads.go-afs.com/js/build/front/pages/skeleton-above.js	186 kB	2023-03-07	2023-03-11
Pretty URL leads.go-afs.com/js/build/front/pages/skeleton-above.js IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-11 20:55:14 Times Seen1 Hash 579f366c835e333664547312f2530f06 46598b7be517f720a76edc496deab9b48d39e80f 60835710f6f52432c23178074199763c29ed8fbc7a6fb909999b26acc0b93638 Loading...

	leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1	1.5 kB	2023-03-07	2023-03-10
Pretty URL leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1 IP 104.17.210.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:28 Last Seen2023-03-10 10:20:51 Times Seen1 Hash 6420628e6162295a28772c0b1e12cc8f 448ab6b0612e9112316038d3019f229dfd8e4d4f 0b6fcd16e58001ee040e3ef5e53d55ab1b47d2fdc87b1bb832e38be795ecb76e Loading...

HTTP Transactions (65)

URL IP Response Size

w1.mssxhb.com/prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31

23.22.137.191

302 Found

332 B

URL HTTP/1.1
w1.mssxhb.com/prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31
IP
23.22.137.191:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (332), with no line terminators
Size
332 B (332 bytes)
Hash
1f9e20327c044a9ddc9b0a4772480b9b
84ad20e625cb804db1d660f06edbfba06bc475b0
9509b20104bdda7568adb0573171ef2d903baa02da7e570a69cfbb73042fe744

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /prod/aa1571de-6a92-43c2-a8d9-f9168c962b5f/5e784cf0-83f1-40bc-a1d9-044ebee4ac31 HTTP/1.1
Host: w1.mssxhb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sun, 16 Oct 2022 07:22:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 332
Connection: keep-alive
X-Powered-By: Express
Location: https://integrations.api.mailshake.com/beacon/click?emailID=aa1571de-6a92-43c2-a8d9-f9168c962b5f&linkID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31
Vary: Accept

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 16 Oct 2022 06:50:25 GMT
Expires: Sun, 16 Oct 2022 07:50:25 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WLN0aJvHLdT3uGAHuiUZl3qb50EDF-UiPXkdhAz-wTtuDxRxg_XanA==
Age: 1899

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
07b3389fc24c0f8eb82a9d05b546d17e
02716741b8952e548b9a223adbb3f16204eef2b2
25e13458988115ae1f8176cb2328dbfebd612eabebf256b4af64594d5e23d6ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25E13458988115AE1F8176CB2328DBFEBD612EABEBF256B4AF64594D5E23D6CA"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3491
Expires: Sun, 16 Oct 2022 08:20:15 GMT
Date: Sun, 16 Oct 2022 07:22:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15221
Expires: Sun, 16 Oct 2022 11:35:45 GMT
Date: Sun, 16 Oct 2022 07:22:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: dZexc9LGw+dhawESW++lUlUu7DIX7TW6GIX0enudxFui5cBtutsZLRLpScbjtXLqXDY1r9fdsZc=
x-amz-request-id: Z9RAH4E00666NSWK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 16 Oct 2022 06:34:57 GMT
age: 2827
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 07:22:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 16 Oct 2022 07:07:43 GMT
Expires: Sun, 16 Oct 2022 07:25:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xis53RsWWhzj5b8yf-Q9UfXPf9r63iVEgh2Y2i8wkY9gJgiRwyl4DA==
Age: 861

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3221ca95adb687c4f9e7d9c9a6152839
c02d1b2cc4998085cf3669ee89c988544208b069
4395c2b0f21837402c6917586b235e871db9cb8f9585e6689d33f3d105cc9d39

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=156423
Date: Sun, 16 Oct 2022 07:22:04 GMT
Etag: "634b7123-1d7"
Expires: Tue, 18 Oct 2022 02:49:07 GMT
Last-Modified: Sun, 16 Oct 2022 02:49:07 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ytbL7q66pWCxmtlzJYbnOOfxh71Ae-2yLvwK0fga6RlbfvZlf7BHLw==

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4400
Cache-Control: max-age=93490
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:05 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 09:20:15 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

integrations.api.mailshake.com/beacon/click?emailID=aa1571de-6a92-43c2-a8d9-f9168c962b5f&linkID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31

34.197.172.216

302 Found

188 B

URL HTTP/2
integrations.api.mailshake.com/beacon/click?emailID=aa1571de-6a92-43c2-a8d9-f9168c962b5f&linkID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31
IP
34.197.172.216:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with no line terminators
Size
188 B (188 bytes)
Hash
de7c7589c15e06601bfe5a3b7f92f367
f89262a18afaf96b490e858f448a3c3d4c4cf307
221fd5359938a965d5b7389ae9fb933e68a668041ef61761c49fff10eeb9fd50

HTTP Headers

GET /beacon/click?emailID=aa1571de-6a92-43c2-a8d9-f9168c962b5f&linkID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31 HTTP/1.1
Host: integrations.api.mailshake.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Sun, 16 Oct 2022 07:22:05 GMT
content-type: text/html; charset=utf-8
content-length: 188
location: https://leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31
x-powered-by: Express
vary: Origin, Accept, Accept-Encoding
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
f0bb734cd0a74dbd705cfa2b6d646d82
6dde725c89635253672b8464ca0a3ed78ee4d899
e83c59e27921aa5ebfef31336b21aa10c8d6b1fdb76aed0eafb8e7cee7caadfd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=126524
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:05 GMT
Etag: "634afc59-116"
Expires: Mon, 17 Oct 2022 18:30:49 GMT
Last-Modified: Sat, 15 Oct 2022 18:30:49 GMT
Server: nginx
Content-Length: 278

push.services.mozilla.com/

35.164.56.167

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.56.167:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 603FXg5NTSNLmK8h8L7wwQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SyAzrDHXj9ZF7VxTYXGxqQgUCGc=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3747
Expires: Sun, 16 Oct 2022 08:24:33 GMT
Date: Sun, 16 Oct 2022 07:22:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3747
Expires: Sun, 16 Oct 2022 08:24:33 GMT
Date: Sun, 16 Oct 2022 07:22:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3747
Expires: Sun, 16 Oct 2022 08:24:33 GMT
Date: Sun, 16 Oct 2022 07:22:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3747
Expires: Sun, 16 Oct 2022 08:24:33 GMT
Date: Sun, 16 Oct 2022 07:22:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6367 bytes)
Hash
df5f38c3dc43ccc382d0274bffb6b350
9a305072cce8bb61ca3753bb98b999695fb4706e
20ff21892e65787fecbadca0f59c05e54dee3a1359271839dab0ee5c9e796ab0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F89b2ee08-a53a-4763-aca2-fe23fd25f3d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6367
x-amzn-requestid: 485c3cf9-d305-4540-8eef-8304d1103ccc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5EHbOoAMFWsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a0-2ac206d826bf23193740e74c;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j4GFPRLOwyEGJVrC4uk01vi858DLWzDtUNZkfmbJ1ybrMV4xEdOIVg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:50:24 GMT
age: 34302
etag: "9a305072cce8bb61ca3753bb98b999695fb4706e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eb39673-9b77-4a82-8d34-c0e1405dca47.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8757 bytes)
Hash
c0cabcd5467191890163abd8c081c0cb
37c76a9fe6833ee0fc50d92b2f8e32fc44d43e54
b3b17175a7899e8876d93a83271f9319b0cd76af7e091837b87aaba2ac2d3920

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eb39673-9b77-4a82-8d34-c0e1405dca47.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8757
x-amzn-requestid: c384db56-c2e0-4a61-ab03-0688422929c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL3_ESBIAMFUIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2699-1a0f51aa005d4a5e4f4ec4df;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:05 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 99u5SW_yKsRfnCMwl1syMlGCm5OZ7kd6ewz8vIYxFrRvwLZEmjNs1g==
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:26:41 GMT
age: 32125
etag: "37c76a9fe6833ee0fc50d92b2f8e32fc44d43e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7337 bytes)
Hash
6432c2bf0bab32f918d931dd98a6e1e4
bba4f37b146e5aea2b6490f8f7da63fa61ffc849
bde0d98cb1dcd70f22cd2aee5860eb0cd824d1bb12ab18245ab8eed06a79cf1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7337
x-amzn-requestid: 43a16c4d-c5b9-4d01-8ba4-e811b09e96b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WYqEwVoAMFe5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d104-121eda8b7a73518849342e7a;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HUtvwwtoxo38w1ZiKkBZJL0dL3G7aCdUNzvcUhJ7CZ_Taj_tMyfjAQ==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:03:21 GMT
age: 8325
etag: "bba4f37b146e5aea2b6490f8f7da63fa61ffc849"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc19a4730-8fc7-4190-b6fa-ca3915d4be27.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3895 bytes)
Hash
e7a177e668bb2845a434181c96aef438
8f7465dd7a14cb4200b2eece61c18be8179e1d9f
13bb37f17f8e8ae4433b8503b3eb2f35d6c55b4fca70ed2619441ec000113808

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc19a4730-8fc7-4190-b6fa-ca3915d4be27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3895
x-amzn-requestid: 539a4058-ac16-49bf-83e7-5ebcf992f60e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL4uHqloAMFuuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b269e-4e6edb1e1d7049572155425c;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:10 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pLqDy8NvmMW0l257nHhjz6iDa42UD3gZsFTw5Ga4wXU9HPGzR1FoMQ==
via: 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:24:21 GMT
age: 32265
etag: "8f7465dd7a14cb4200b2eece61c18be8179e1d9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe21fcac8-5030-4cbc-ac8e-8a2364186db7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7246 bytes)
Hash
9a2e0525ec1d258ba9dd1fa70812179f
bb8af55cd6030afd31d47c1aa16780a45e751a4d
85000c8bb46a9d050d451498b7271aed62e7ea5e30ad0e600ef65f06c1ef3669

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe21fcac8-5030-4cbc-ac8e-8a2364186db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7246
x-amzn-requestid: 6ed66f46-4118-4d26-a235-d58a321661ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z4a0rGEBIAMFz-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634671b7-357b86f868174cef5629c66d;Sampled=0
x-amzn-remapped-date: Wed, 12 Oct 2022 07:50:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5COcRwQxg1nqjTaq1Vut5JFJRexn6IXMrHKYL12CyhP6wYufq72SzQ==
via: 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:03 GMT
age: 33843
etag: "bb8af55cd6030afd31d47c1aa16780a45e751a4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F223c148f-e76c-4625-8d19-0d3ef6b3ab03.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9904 bytes)
Hash
94dbefe5b048c0bebab2485de87367a1
a0df1068e09270f0b5ab7529dc31cc533a244cdd
e6e10ade9f819cccc5a36790016d41bc5ccb02512075f750afc136486d0fbc2c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F223c148f-e76c-4625-8d19-0d3ef6b3ab03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: b1678079-b51b-4b98-a44c-4024ad28451d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5XFbAIAMF08A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a2-1178963d495ce7232844459d;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oI7wIwMgMGO_PayAvPQqY9FWOxZa90tzWtQR9WEroTA6DpKn7lQO1Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 35110
etag: "a0df1068e09270f0b5ab7529dc31cc533a244cdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0efa623bed47d42f69be9e523e7725f4
b301c00ee9ab5778b326edea3bc274f8ae46da15
c7d4afc16dd19b5216a9c34cf3048b4e6dff056608666d6d40c9f5eeeae309a5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5f309b801fdcff49c832652cf9f67fed
f0b6a27d0995fd7fd40f23ee385f8fe1fd752c13
53663428a1b73aeee2fc68815b072ad9ced52bfd3726416aaab332c29eb3aab6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0efa623bed47d42f69be9e523e7725f4
b301c00ee9ab5778b326edea3bc274f8ae46da15
c7d4afc16dd19b5216a9c34cf3048b4e6dff056608666d6d40c9f5eeeae309a5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-PX5QPGH

142.250.74.168

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PX5QPGH
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3649)
Size
51 kB (50740 bytes)
Hash
ffe71a8347d2ba4857aaf51c594eef76
70bc6bcda7d38c2c87933e957a887efb6b442daf
9f3a48eaa44c8ee5463c998bb5ac8ab386d774ce98e9da8183fbe0a27ba9ea0b

HTTP Headers

GET /gtm.js?id=GTM-PX5QPGH HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 16 Oct 2022 07:22:07 GMT
expires: Sun, 16 Oct 2022 07:22:07 GMT
cache-control: private, max-age=900
last-modified: Sun, 16 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50740
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5f309b801fdcff49c832652cf9f67fed
f0b6a27d0995fd7fd40f23ee385f8fe1fd752c13
53663428a1b73aeee2fc68815b072ad9ced52bfd3726416aaab332c29eb3aab6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31

104.17.210.37

307 Temporary Redirect

12 kB

URL HTTP/2
leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix\012- data
Size
12 kB (12496 bytes)
Hash
5b6b8582f0c20be974fac0389de0d4f3
fa58e9104fe335e723ab9b9668315fa91782576a
83dc2ac0d6d94f606aa7cf755664bb7d1a607f1f791e5b7a18acd8436fc5db0f

HTTP Headers

GET /sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31 HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 307 Temporary Redirect
date: Sun, 16 Oct 2022 07:22:05 GMT
content-type: text/html; charset=UTF-8
location: https://leads.go-afs.com/front/domain_validation?step=1&domain=leads.go-afs.com&url=https%3A%2F%2Fleads.go-afs.com%2FsGy79%3FmsID%3D5e784cf0-83f1-40bc-a1d9-044ebee4ac31
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0a97df0eb523-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 12 Oct 2022 19:34:08 GMT
expires: Thu, 12 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 301679
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

leads.go-afs.com/js/build/front/pages/skeleton-below.js

104.17.210.37

200 OK

4.7 kB

URL HTTP/2
leads.go-afs.com/js/build/front/pages/skeleton-below.js
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
4.7 kB (4711 bytes)
Hash
5a4cc89f8235066998029456c4e35757
01e1a983b18ed6468331d343edf5ddd63eac4ef5
e9ef3111224db7ce85e9dbfd0690cd1801b2ef9aacd38d1c7467a8e6918bf54e

HTTP Headers

GET /js/build/front/pages/skeleton-below.js HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1
Cookie: kartra_visited=42734b9cd53c85e56c54a7410dc1efc60797b7cb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 01 Aug 2022 12:21:08 GMT
etag: W/"62e7c534-31ec"
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
expires: Sun, 16 Oct 2022 07:27:07 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
server: cloudflare
cf-ray: 75af0aa21da7b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2

216.58.207.195

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 14964, version 1.0\012- data
Size
15 kB (14964 bytes)
Hash
44b4e1e6aecc684d11fe7501dd36df19
59e2710168a0d6889a24eaaa5134114f7e258461
6b0b111ca14c2147a0f0cb51f1317290eb5ec19b4a9bea595a5ad7ffb7d9661a

HTTP Headers

GET /s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14964
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 11 Oct 2022 22:47:43 GMT
expires: Wed, 11 Oct 2023 22:47:43 GMT
cache-control: public, max-age=31536000
age: 376464
last-modified: Tue, 19 Apr 2022 18:08:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Oct 2022 05:42:51 GMT
expires: Fri, 13 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 265157
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-9QVVWF40FE&gtm=2oeaa0&_p=2037506702&cid=1520921768.1665904930&ul=en-us&sr=1280x1024&_s=1&sid=1665904930&sct=1&seg=0&dl=https%3A%2F%2Fleads.go-afs.com%2FsGy79%3FmsID%3D5e784cf0-83f1-40bc-a1d9-044ebee4ac31%26r_done%3D1&dt=Thank%20you%20Agents%20-%20PPC&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-9QVVWF40FE&gtm=2oeaa0&_p=2037506702&cid=1520921768.1665904930&ul=en-us&sr=1280x1024&_s=1&sid=1665904930&sct=1&seg=0&dl=https%3A%2F%2Fleads.go-afs.com%2FsGy79%3FmsID%3D5e784cf0-83f1-40bc-a1d9-044ebee4ac31%26r_done%3D1&dt=Thank%20you%20Agents%20-%20PPC&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-9QVVWF40FE&gtm=2oeaa0&_p=2037506702&cid=1520921768.1665904930&ul=en-us&sr=1280x1024&_s=1&sid=1665904930&sct=1&seg=0&dl=https%3A%2F%2Fleads.go-afs.com%2FsGy79%3FmsID%3D5e784cf0-83f1-40bc-a1d9-044ebee4ac31%26r_done%3D1&dt=Thank%20you%20Agents%20-%20PPC&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://leads.go-afs.com
date: Sun, 16 Oct 2022 07:22:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

d1aettbyeyfilo.cloudfront.net/Kartra/3701724_15529854860113613118_1552298895139Backgrounds-2.webp

54.230.245.37

200 OK

21 kB

URL HTTP/2
d1aettbyeyfilo.cloudfront.net/Kartra/3701724_15529854860113613118_1552298895139Backgrounds-2.webp
IP
54.230.245.37:0
ASN
#16509 AMAZON-02

File type
RIFF (little-endian) data, Web/P image\012- data
Size
21 kB (20584 bytes)
Hash
bebb6fecddb6a372e92201f5a8fe9dfa
843915090be3992a169b6b6a0540d36fb4f892fb
d054bbdff6d57e7d8a21276c067e890ce0c738d69fc22ba3febea224204f2706

HTTP Headers

GET /Kartra/3701724_15529854860113613118_1552298895139Backgrounds-2.webp HTTP/1.1
Host: d1aettbyeyfilo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/webp
content-length: 20584
date: Wed, 09 Feb 2022 01:22:04 GMT
last-modified: Wed, 19 Feb 2020 10:24:38 GMT
etag: "bebb6fecddb6a372e92201f5a8fe9dfa"
cache-control: public, max-age=31536000
x-amz-version-id: _9N.rH6eP90uCGIygAj69aT9sld1BI51
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vVQZfxOdxWNOU2gDX0GhCIHwidiNbv9rRmdyMgpluB9kBvVEahkeWA==
age: 21535205
X-Firefox-Spdy: h2

app.kartra.com/analytics/visitorTime/Ynfdryoewia4

104.17.209.37

200 OK

20 kB

URL HTTP/2
app.kartra.com/analytics/visitorTime/Ynfdryoewia4
IP
104.17.209.37:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1325)
Size
20 kB (20059 bytes)
Hash
bd79aee5e714690177eaf1571a35e4f6
2872d3951402a3999ae27e346baa0093706e62a1
41fda8947ceb528dc95c7b699f40eba08e6af34b815e4e562d309a5c154babf8

HTTP Headers

POST /analytics/visitorTime/Ynfdryoewia4 HTTP/1.1
Host: app.kartra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 178
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:08 GMT
content-type: text/html; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-origin: https://leads.go-afs.com
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0aa76a720b4d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d1aettbyeyfilo.cloudfront.net/goafs/24536567_1638813972DmQAFS_Logo.webp

54.230.245.37

200 OK

22 kB

URL HTTP/2
d1aettbyeyfilo.cloudfront.net/goafs/24536567_1638813972DmQAFS_Logo.webp
IP
54.230.245.37:0
ASN
#16509 AMAZON-02

File type
RIFF (little-endian) data, Web/P image\012- data
Size
22 kB (22326 bytes)
Hash
e08974c55f2b4a9ca755de824797dc29
3fb5feb96f776dbb886d6a91bc400975388f85c0
9ba57b3ad94d3a3213c04cbe092bd2d7d86f7cc513e6b170bb680ab290c9d28e

HTTP Headers

GET /goafs/24536567_1638813972DmQAFS_Logo.webp HTTP/1.1
Host: d1aettbyeyfilo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/webp
content-length: 22326
date: Sat, 15 Oct 2022 07:09:20 GMT
last-modified: Mon, 06 Dec 2021 18:06:16 GMT
etag: "e08974c55f2b4a9ca755de824797dc29"
cache-control: public, max-age=31536000
x-amz-version-id: tC0H6qI8GJs.sXgRbDDs.wmC7fAFxq9t
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LUCSHJ218YmeOYT5ZNCY_RjaUdx4C6djohT8jX28ybtYI48PjoFZmw==
age: 87169
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4f05f7d85c5d7c2aa09651804f80a019
cd118fbc41657bfdf0fcfb9e3a4a2813f3b08e5b
76a6c1ae0a435403ac10b6478f029bb8b871dbdcc2a2c7e3e97b56982a9767e7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&gjid=717772589&_gid=1264037728.1665904931&_u=YADAAEAAAAAAACAAI~&z=1146978453

173.194.73.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&gjid=717772589&_gid=1264037728.1665904931&_u=YADAAEAAAAAAACAAI~&z=1146978453
IP
173.194.73.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&gjid=717772589&_gid=1264037728.1665904931&_u=YADAAEAAAAAAACAAI~&z=1146978453 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://leads.go-afs.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 16 Oct 2022 07:22:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4f05f7d85c5d7c2aa09651804f80a019
cd118fbc41657bfdf0fcfb9e3a4a2813f3b08e5b
76a6c1ae0a435403ac10b6478f029bb8b871dbdcc2a2c7e3e97b56982a9767e7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
35cdbcf4cd59b1134e4b1f5644c79c99
b5ea178a609364567e775a101329c3ec357ab71a
7ca1672f50aa704a20b3aed6b159def13e2f46f4d781bfee2c3e0fa5b722ad1d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=141723
Date: Sun, 16 Oct 2022 07:22:08 GMT
Etag: "634b1e35-1d7"
Expires: Mon, 17 Oct 2022 22:44:11 GMT
Last-Modified: Sat, 15 Oct 2022 20:55:17 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: J3lLljmzqwDk1cvGxAynm9VUTaHBBy_O1ZepxwRz5KjDX3ddnz06Dg==
Age: 6534

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
695cea3df950db7392b70395df1d8b05
b7fe7c9dd9f38fd23ad37dd92b9085f35a6fe823
4bad472e725699f54c9983fe6cb3ce0783b831ea2877b1a22f80197b953cfaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
231a5834edd086a67640c2c0cc18c55c
3427d0baffebad62c95754da193be354ca2b270c
2533d2d520b731b0073fcd224375cdd6dc2fde77908f93dcb0c659ec6dc7501b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.clarity.ms/eus2/s/0.6.42/clarity.js

13.107.246.53

200 OK

23 kB

URL HTTP/2
www.clarity.ms/eus2/s/0.6.42/clarity.js
IP
13.107.246.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (54141)
Size
23 kB (23424 bytes)
Hash
664e2ed8299397c0996255f6e14b3aa4
537fcec373b5123ac8f4bbcba38a3c93e0f7d3a6
e4421f29faebfb7939e60170d91a826302a320a0bb68f5d7eac36a5141cf11b9

HTTP Headers

GET /eus2/s/0.6.42/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8de484d1af7d4"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0ILFLYwAAAAAWYZX8Hp1lQYwr99HNm+3aU1ZHMjBFREdFMDYxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 16 Oct 2022 07:22:07 GMT
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&_u=YADAAEAAAAAAACAAI~&z=58440284

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&_u=YADAAEAAAAAAACAAI~&z=58440284
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-128791235-2&cid=1520921768.1665904930&jid=1444134113&_u=YADAAEAAAAAAACAAI~&z=58440284 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 16 Oct 2022 07:22:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
695cea3df950db7392b70395df1d8b05
b7fe7c9dd9f38fd23ad37dd92b9085f35a6fe823
4bad472e725699f54c9983fe6cb3ce0783b831ea2877b1a22f80197b953cfaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 07:22:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

leads.go-afs.com/cdn-cgi/rum?

104.17.210.37

200 OK

491 B

URL HTTP/2
leads.go-afs.com/cdn-cgi/rum?
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
491 B (491 bytes)
Hash
31cb7127c929ff0331ec278ee0096984
07e55f40fd67936116b81f57b6b1021f7832e222
7441754f11c93f8b68ab99f3eebd93f1cefb4101b332855c30a23a063b0a6854

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 8808
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1
Cookie: kartra_visited=42734b9cd53c85e56c54a7410dc1efc60797b7cb; _gcl_au=1.1.1762216975.1665904930; _ga_9QVVWF40FE=GS1.1.1665904930.1.0.1665904930.0.0.0; _ga=GA1.2.1520921768.1665904930; _gid=GA1.2.1264037728.1665904931; _gat_UA-128791235-2=1; _clck=1eeqq41|1|f5r|0; kartrapage_popwindow%2FsGy79=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:08 GMT
content-type: text/plain
access-control-allow-origin: https://leads.go-afs.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 75af0aab7ac5b523-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

kartrausers.s3.amazonaws.com/goafs/24537376_61ae59b50df84_AFS_Graphic.png

52.217.45.196

200 OK

3.3 kB

URL HTTP/1.1
kartrausers.s3.amazonaws.com/goafs/24537376_61ae59b50df84_AFS_Graphic.png
IP
52.217.45.196:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3306 bytes)
Hash
e94f01ab3429d0064271dad9b7ec1f1c
97525af680c1aefbc7cae2126978237af040b5a8
b56863dc2c1b0cec6aa525cea307cb56813fa04d8362b73075048ead10bd7552

HTTP Headers

GET /goafs/24537376_61ae59b50df84_AFS_Graphic.png HTTP/1.1
Host: kartrausers.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: XjHoiocCcjsexKk0Bn+KPmmaKb5gRD5UZJ1nb5ZMnVzJrK2f/q4Qjyfg6XS9/mKWa6yjNyxR2po=
x-amz-request-id: CYW1Y8Y0Q7Z9RMCP
Date: Sun, 16 Oct 2022 07:22:09 GMT
Last-Modified: Mon, 06 Dec 2021 18:43:02 GMT
ETag: "e94f01ab3429d0064271dad9b7ec1f1c"
Cache-Control: public, max-age=31536000
x-amz-version-id: BzvY2kcUvcrB3uVlymOhQJP5Mu3HLnAD
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 3306

c.clarity.ms/c.gif

20.234.93.27

302 Found

0 B

URL HTTP/2
c.clarity.ms/c.gif
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&RedC=c.clarity.ms&MXFR=19DAD4063340652C1848C63937406BEB
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=19DAD4063340652C1848C63937406BEB; domain=.clarity.ms; expires=Fri, 10-Nov-2023 07:22:08 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 16 Oct 2022 07:22:07 GMT
content-length: 0
X-Firefox-Spdy: h2

c.bing.com/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&RedC=c.clarity.ms&MXFR=19DAD4063340652C1848C63937406BEB

204.79.197.200

302 Found

0 B

URL HTTP/2
c.bing.com/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&RedC=c.clarity.ms&MXFR=19DAD4063340652C1848C63937406BEB
IP
204.79.197.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&RedC=c.clarity.ms&MXFR=19DAD4063340652C1848C63937406BEB HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leads.go-afs.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&MUID=19C0EE1DC140658119DBFC22C0176411
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=19C0EE1DC140658119DBFC22C0176411; domain=c.bing.com; expires=Fri, 10-Nov-2023 07:22:08 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3A22ABE80A5C4342A5FE107322B1F6D6 Ref B: OSL30EDGE0412 Ref C: 2022-10-16T07:22:08Z
date: Sun, 16 Oct 2022 07:22:08 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&MUID=19C0EE1DC140658119DBFC22C0176411

20.234.93.27

200 OK

42 B

URL HTTP/2
c.clarity.ms/c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&MUID=19C0EE1DC140658119DBFC22C0176411
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?CtsSyncId=AF936F3F0F6A4E0990F078EF895A31EF&MUID=19C0EE1DC140658119DBFC22C0176411 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://leads.go-afs.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sun, 16-Oct-2022 07:32:08 GMT; path=/; SameSite=None; Secure;
date: Sun, 16 Oct 2022 07:22:08 GMT
content-length: 42
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.195

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 11 Oct 2022 17:10:21 GMT
expires: Wed, 11 Oct 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 396707
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12819
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://leads.go-afs.com
access-control-allow-credentials: true
date: Sun, 16 Oct 2022 07:22:08 GMT
X-Firefox-Spdy: h2

app.kartra.com/analytics/track/Agq61PWk?kartra_page_tracking[]=Ynfdryoewia4&device=desktop

104.17.209.37

200 OK

116 B

URL HTTP/2
app.kartra.com/analytics/track/Agq61PWk?kartra_page_tracking[]=Ynfdryoewia4&device=desktop
IP
104.17.209.37:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
116 B (116 bytes)
Hash
ec6aae2bb7d8781226ea61adca8f0586
d82b3bad240f263c1b887c7c0cc4c2ff0e86dfe3
b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599

HTTP Headers

GET /analytics/track/Agq61PWk?kartra_page_tracking[]=Ynfdryoewia4&device=desktop HTTP/1.1
Host: app.kartra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:09 GMT
content-type: image/png
set-cookie: tracking_210877=%7B%22lead_id%22%3A0%2C%22device%22%3A%22desktop%22%2C%22type%22%3A%22kp%22%2C%22link_id%22%3A%22%22%2C%22sources%22%3A%7B%22pages%22%3A79%7D%2C%22goals_triggered%22%3A%5B%5D%2C%22tracking_links%22%3A%5B%5D%2C%22tracking_link_unique_ids%22%3A%5B%5D%2C%22video_tags%22%3A%5B%5D%2C%22tracking_tags%22%3A%5B%5D%2C%22videos_played%22%3A%5B%5D%2C%22videos_completed%22%3A%5B%5D%2C%22videos_cta%22%3A%5B%5D%2C%22video_visit%22%3A%5B%5D%2C%22videopage%22%3A%5B%5D%2C%22checkouts%22%3A%5B%5D%2C%22optins%22%3A%5B%5D%2C%22calendars%22%3A%5B%5D%2C%22surveys%22%3A%5B%5D%2C%22last_page_visited%22%3A%7B%22type%22%3A%22kartra_page%22%2C%22page_id%22%3A79%7D%2C%22pages_visited%22%3A%7B%22kartra_pages%22%3A%7B%2279%22%3A%7B%22id%22%3A17712%2C%22time%22%3A1665904929%7D%7D%2C%22external_pages%22%3A%5B%5D%7D%7D; expires=Wed, 19-Oct-2022 07:22:09 GMT; Max-Age=259200; path=/; domain=.kartra.com; secure; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0ab1ae8e0b4d-OSL
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

172.64.156.26

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
172.64.156.26:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://leads.go-afs.com
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 75af0aa2791d0afa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,900,900i|Open+Sans+Condensed:300,300i,400,400i,600,600i,700,700i,900,900i|Roboto:300,300i,400,400i,600,600i,700,700i,900,900i|Lato:300,300i,400,400i,600,600i,700,700i,900,900i|Spectral:300,300i,400,400i,600,600i,700,700i,900,900i&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,900,900i|Open+Sans+Condensed:300,300i,400,400i,600,600i,700,700i,900,900i|Roboto:300,300i,400,400i,600,600i,700,700i,900,900i|Lato:300,300i,400,400i,600,600i,700,700i,900,900i|Spectral:300,300i,400,400i,600,600i,700,700i,900,900i&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,900,900i|Open+Sans+Condensed:300,300i,400,400i,600,600i,700,700i,900,900i|Roboto:300,300i,400,400i,600,600i,700,700i,900,900i|Lato:300,300i,400,400i,600,600i,700,700i,900,900i|Spectral:300,300i,400,400i,600,600i,700,700i,900,900i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 16 Oct 2022 07:22:07 GMT
date: Sun, 16 Oct 2022 07:22:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

app.kartra.com/resources/js/analytics/Agq61PWk

104.17.209.37

200 OK

0 B

URL HTTP/2
app.kartra.com/resources/js/analytics/Agq61PWk
IP
104.17.209.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /resources/js/analytics/Agq61PWk HTTP/1.1
Host: app.kartra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: application/javascript; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0aa26c780b4d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.clarity.ms/tag/9jl1qyl5kp?ref=gtm2

13.107.246.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/tag/9jl1qyl5kp?ref=gtm2
IP
13.107.246.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag/9jl1qyl5kp?ref=gtm2 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=43028d43c70c40f9805d3295d450840c.20221016.20231016; expires=Mon, 16 Oct 2023 07:22:08 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0ILFLYwAAAAB0TzQRrbD6QaUWhIMeVc3kU1ZHMjBFREdFMDYxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sun, 16 Oct 2022 07:22:07 GMT
X-Firefox-Spdy: h2

leads.go-afs.com/js/build/front/pages/skeleton-immediate.js

104.17.210.37

200 OK

0 B

URL HTTP/2
leads.go-afs.com/js/build/front/pages/skeleton-immediate.js
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/build/front/pages/skeleton-immediate.js HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1
Cookie: kartra_visited=42734b9cd53c85e56c54a7410dc1efc60797b7cb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 16 Feb 2022 09:43:17 GMT
etag: W/"620cc735-1c52"
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
expires: Sun, 16 Oct 2022 07:27:07 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
server: cloudflare
cf-ray: 75af0aa21da2b523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

app.kartra.com/resources/js/kartra_embed_wild_card?type=kartra_page&owner=Agq61PWk

104.17.209.37

200 OK

0 B

URL HTTP/2
app.kartra.com/resources/js/kartra_embed_wild_card?type=kartra_page&owner=Agq61PWk
IP
104.17.209.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /resources/js/kartra_embed_wild_card?type=kartra_page&owner=Agq61PWk HTTP/1.1
Host: app.kartra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: application/javascript; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0aa26c710b4d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

app.kartra.com/css/new/css/pages/font-awesome.css

104.17.209.37

200 OK

0 B

URL HTTP/2
app.kartra.com/css/new/css/pages/font-awesome.css
IP
104.17.209.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/new/css/pages/font-awesome.css HTTP/1.1
Host: app.kartra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=29915
etag: W/"620e0412-74db"
last-modified: Thu, 17 Feb 2022 08:15:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 3478
expires: Sun, 16 Oct 2022 07:27:07 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
server: cloudflare
cf-ray: 75af0aa24c3e0b4d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1

104.17.210.37

200 OK

0 B

URL HTTP/2
leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1 HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: kartra_visited=42734b9cd53c85e56c54a7410dc1efc60797b7cb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:06 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75af0a9fba4fb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d2uolguxr56s4e.cloudfront.net/internal/pages/css/kartra_components.css

143.204.42.220

200 OK

0 B

URL HTTP/2
d2uolguxr56s4e.cloudfront.net/internal/pages/css/kartra_components.css
IP
143.204.42.220:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /internal/pages/css/kartra_components.css HTTP/1.1
Host: d2uolguxr56s4e.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 11 Oct 2022 14:00:27 GMT
x-amz-version-id: g8oH1mnZrphv595Pjz8_uxhaSwWbh3m6
server: AmazonS3
content-encoding: gzip
date: Sat, 15 Oct 2022 12:07:14 GMT
etag: W/"e448ed7e4cd7822627f1bad6a957c5e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GbNb6fHLXD5_i4-paQavJO3LVjXZGlnO_nhDcxliwy-a0_SaHz13JA==
age: 69398
X-Firefox-Spdy: h2

leads.go-afs.com/js/build/front/pages/skeleton-above.js

104.17.210.37

200 OK

0 B

URL HTTP/2
leads.go-afs.com/js/build/front/pages/skeleton-above.js
IP
104.17.210.37:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/build/front/pages/skeleton-above.js HTTP/1.1
Host: leads.go-afs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://leads.go-afs.com/sGy79?msID=5e784cf0-83f1-40bc-a1d9-044ebee4ac31&r_done=1
Cookie: kartra_visited=42734b9cd53c85e56c54a7410dc1efc60797b7cb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 16 Oct 2022 07:22:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 01 Aug 2022 12:21:08 GMT
etag: W/"62e7c534-2d68c"
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: MISS
expires: Sun, 16 Oct 2022 07:27:07 GMT
cache-control: public, max-age=300
vary: Accept-Encoding
server: cloudflare
cf-ray: 75af0aa21d9fb523-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations