Overview

URL anonym.es/?ropnv.abtrcker.com/c/348161fa8b258330
IP172.67.220.42
ASNCLOUDFLARENET
Location United States
Report completed2022-09-24 06:55:12 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns
Scan Date Severity Indicator Comment
2022-09-24 2 abtrcker.com Sinkholed
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (30)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS jsonip.com (2) 24718 2012-10-18 20:09:54 UTC 2022-09-23 18:13:21 UTC 45.79.77.20
mnemonic passive DNS cdn.trustedform.com (2) 24659 2022-06-03 13:50:59 UTC 2022-09-24 03:00:43 UTC 18.165.122.117
mnemonic passive DNS d2m2wsoho8qq12.cloudfront.net (1) 0 2021-08-23 13:56:21 UTC 2022-09-24 03:00:43 UTC 18.165.196.212 Unknown ranking
mnemonic passive DNS ropnv.track4ref.com (2) 0 2022-06-30 00:02:10 UTC 2022-09-23 05:16:56 UTC 52.19.101.114 Domain (track4ref.com) ranked at: 158923
mnemonic passive DNS www.jrmtrk.com (1) 0 2021-11-30 22:40:15 UTC 2022-09-23 05:16:57 UTC 52.44.99.186 Unknown ranking
mnemonic passive DNS googleads.g.doubleclick.net (1) 42 2021-02-20 15:43:32 UTC 2022-09-24 06:19:11 UTC 142.250.74.66
mnemonic passive DNS anonym.es (2) 313360 2014-02-21 16:52:44 UTC 2022-09-23 05:17:44 UTC 172.67.220.42
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-09-23 04:34:39 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-24 04:22:23 UTC 34.117.237.239
mnemonic passive DNS bam.nr-data.net (1) 630 2015-02-10 00:06:27 UTC 2022-09-23 04:34:56 UTC 162.247.241.14
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-23 05:06:17 UTC 104.17.24.14
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-24 04:16:00 UTC 93.184.220.29
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-23 12:37:00 UTC 34.120.237.76
mnemonic passive DNS www.usm45.com (1) 0 2019-05-16 15:46:51 UTC 2022-09-11 17:02:00 UTC 104.21.26.194 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (8) 175 2017-06-14 07:23:31 UTC 2022-09-23 04:33:33 UTC 142.250.74.3
mnemonic passive DNS counter.yadro.ru (1) 7275 2014-09-09 18:41:17 UTC 2022-09-24 04:19:38 UTC 88.212.201.198
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-23 22:41:40 UTC 172.64.155.188
mnemonic passive DNS ropnv.abtrcker.com (1) 0 2022-06-24 08:00:37 UTC 2022-09-23 05:17:00 UTC 52.19.101.114 Domain (abtrcker.com) ranked at: 239588
mnemonic passive DNS s3.amazonaws.com (1) 0 2020-06-24 18:26:37 UTC 2022-09-24 03:02:25 UTC 54.231.88.2 Unknown ranking
mnemonic passive DNS visiqua-flipforms-production.s3.amazonaws.com (1) 0 2022-09-12 12:17:25 UTC 2022-09-21 12:17:47 UTC 52.216.170.139 Unknown ranking
mnemonic passive DNS create.leadid.com (4) 14598 2020-05-29 11:27:16 UTC 2022-09-24 03:00:43 UTC 52.20.13.104
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-24 04:06:14 UTC 34.160.144.191
mnemonic passive DNS auto2.militarybenefitguide.com (5) 0 2021-07-30 15:03:00 UTC 2022-09-23 12:33:50 UTC 34.120.230.5 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (6) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 108.138.212.162
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-24 05:30:17 UTC 18.164.68.21
mnemonic passive DNS create.lidstatic.com (1) 24133 2015-09-23 19:42:02 UTC 2022-09-24 03:00:43 UTC 172.67.41.229
mnemonic passive DNS anonym.es (2) 313360 2014-02-21 16:52:44 UTC 2022-09-23 05:17:44 UTC 104.21.94.58
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-23 05:02:25 UTC 52.27.12.161
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-23 04:33:31 UTC 142.250.74.72
mnemonic passive DNS api.trustedform.com (3) 23021 2021-09-02 08:27:18 UTC 2022-09-24 03:00:43 UTC 34.225.160.212


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.220.42

Date UQ / IDS / BL URL IP
2022-09-26 12:05:38 +0000
0 - 0 - 2 acresfana.top/ 172.67.220.42
2022-09-24 06:55:12 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/348161fa8b258330 172.67.220.42
2022-09-23 05:17:06 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/5cb31ca5a7dd3a90 172.67.220.42
2022-09-13 06:37:20 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/0198628e5fd26055 172.67.220.42
2022-09-12 02:59:53 +0000
0 - 0 - 15 anonym.es/ 172.67.220.42

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-03 18:19:22 +0000
0 - 0 - 1 multiup.org/download/4b9549230ae06fafd360507e (...) 104.21.235.13
2022-12-03 18:18:57 +0000
0 - 0 - 4 accessfirsttechfed.info/verify/ 104.21.89.197
2022-12-03 18:16:37 +0000
0 - 0 - 9 modsbase.com/t9ezu9bdrw0v/1121692237_Gigastru (...) 104.26.7.79
2022-12-03 18:16:39 +0000
1 - 0 - 2 storageapi.fleek.co/dea911f7-cf63-480b-a4b6-2 (...) 104.18.6.145
2022-12-03 18:16:26 +0000
0 - 0 - 5 benefits.americanhoperesources.com/l/21/?s1=1 (...) 188.114.96.1

Last 5 reports on domain: anonym.es

Date UQ / IDS / BL URL IP
2022-12-02 18:21:47 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/f93f25d7b99af2b6 104.21.94.58
2022-09-24 06:55:12 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/348161fa8b258330 172.67.220.42
2022-09-23 05:17:06 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/5cb31ca5a7dd3a90 172.67.220.42
2022-09-13 06:37:20 +0000
0 - 0 - 1 anonym.es/?ropnv.abtrcker.com/c/0198628e5fd26055 172.67.220.42
2022-09-12 02:59:53 +0000
0 - 0 - 15 anonym.es/ 172.67.220.42

No other reports with similar screenshot



JavaScript

Executed Scripts (32)


Executed Evals (1)

#1 JavaScript::Eval (size: 14, repeated: 1) - SHA256: 0510de046e8325540849bad09f31eaaa3e9256fafd330c5d57327dc948812a33

                                        /*@cc_on!@*/ !1
                                    

Executed Writes (0)



HTTP Transactions (71)


Request Response
                                        
                                            GET /?https://ropnv.abtrcker.com/c/348161fa8b258330 HTTP/1.1 
Host: anonym.es
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.220.42
HTTP/1.1 301 Moved Permanently
                                        
Date: Sat, 24 Sep 2022 06:55:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 24 Sep 2022 07:55:01 GMT
Location: https://anonym.es/?https://ropnv.abtrcker.com/c/348161fa8b258330
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EboUXtFhy8QQByHkKdz8Eeal2YL%2F7W%2FtcmG7OySO1xxgK2CMHbzM1j4EzEClmqAdSya8KmfnL1pPCPQr7A454haTMf1RcK6qisAh9sk960YPzntbyI6c4tNPqVA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f99cb1e9f8b515-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 06:05:35 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: vZGhSAjgqSfC_9UZfRziM2qRlGJ8EdQx6nBoHH_8bj_AFlQBOse7iA==
Age: 2966


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3597
Expires: Sat, 24 Sep 2022 07:54:58 GMT
Date: Sat, 24 Sep 2022 06:55:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8964
Expires: Sat, 24 Sep 2022 09:24:25 GMT
Date: Sat, 24 Sep 2022 06:55:01 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 9dO2oH5MlQgqDOQ1vn7w9CdkuWRPZFEzr8mh/2wAiTawbomWKQpX8gyd80P+78GhaLkRI/6T+yU=
x-amz-request-id: C8F6HS6TY1PD5GCM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Sep 2022 06:45:01 GMT
age: 600
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 24 Sep 2022 06:55:01 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /hit?r;s1280*1024*24;uhttps%3A//anonym.es/%3Fhttps%3A//ropnv.abtrcker.com/c/348161fa8b258330;hAnonym.es%20-%20free%20dereferer%20service;0.6173988670626566 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://anonym.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         88.212.201.198
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Sat, 24 Sep 2022 06:55:02 GMT
Content-Length: 43
Connection: keep-alive
Expires: Thu, 23 Sep 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    fc94fb0c3ed8a8f909dbc7630a0987ff
Sha1:   56d45f8a17f5078a20af9962c992ca4678450765
Sha256: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 06:20:50 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 06:37:51 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 cfd57c1039d68b4426a9a3580c0aa4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: Rifap56b9Pd4gJkWGj-tkW23WIEhof50eIDcvRUqVJjpBQSxOKpTog==
Age: 2056


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5221
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:02 GMT
Last-Modified: Sat, 24 Sep 2022 05:28:01 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5YhZ7ao0nC/hugD8xUYpUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.27.12.161
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v9hQjilWT95rO9mUO0TeQihi3K4=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:03 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 02:49:45 GMT
Expires: Thu, 29 Sep 2022 02:49:44 GMT
Etag: "5d8064d6f16d3130011f897be38bdffded9fbfe8"
Cache-Control: max-age=416680,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f99cbccbc8b521-OSL

                                        
                                            GET /c/348161fa8b258330 HTTP/1.1 
Host: ropnv.abtrcker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.19.101.114
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 06:55:03 GMT
content-length: 251
location: https://ropnv.track4ref.com/redirect/index?type=meta&to=aHR0cHM6Ly9yb3Budi50cmFjazRyZWYuY29t&data=aHR0cHM6Ly93d3cuanJtdHJrLmNvbS9yZC9yLnBocD9zaWQ9MzEmcHViPTMwMDA1MCZjMj1ueGNreDYzMmVhOWM3MDAwZTZiNjk=&action=action_tmp
set-cookie: unique_id=632ea9c7000c729a; Path=/; Expires=Wed, 23 Nov 2022 06:55:03 GMT; Secure; SameSite=None unique_id2=632ea9c7000c7c9a; Path=/; Expires=Fri, 23 Dec 2022 06:55:03 GMT; Secure; SameSite=None impression=; Path=/; Expires=Sat, 24 Sep 2022 06:55:03 GMT; Secure; SameSite=None tid=nxckx632ea9c7000e6b69; Path=/; Expires=Sun, 29 Aug 2027 06:55:03 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   251
Md5:    b391de8630a39a217e2def875239f88e
Sha1:   010f0866f05bc0e66016703b4ee61c63f29b2a90
Sha256: c56ae58edc36ac0ec175d1ca110c42b28f07f7c0428c63e9d3da3f2c90f393bb

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:03 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 18:43:28 GMT
Expires: Wed, 28 Sep 2022 18:43:27 GMT
Etag: "f146cbce00297b56d065693fbb601b248e41c7b5"
Cache-Control: max-age=387503,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f99cbded59b521-OSL

                                        
                                            GET /redirect/index?type=meta&to=aHR0cHM6Ly9yb3Budi50cmFjazRyZWYuY29t&data=aHR0cHM6Ly93d3cuanJtdHJrLmNvbS9yZC9yLnBocD9zaWQ9MzEmcHViPTMwMDA1MCZjMj1ueGNreDYzMmVhOWM3MDAwZTZiNjk=&action=action_tmp HTTP/1.1 
Host: ropnv.track4ref.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 06:55:03 GMT
content-length: 609
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (609), with no line terminators
Size:   609
Md5:    dc6813a9143b59008d4d7b33b1baecfe
Sha1:   a7a150bfc4f904a88326906f3665d3a6dbe28fc2
Sha256: ac8bf8d2b843df42550aa060b3b4d8c8399e65911325456d809dd062d71599b8
                                        
                                            GET /redirect/index?type=meta&to=aHR0cHM6Ly9yb3Budi50cmFjazRyZWYuY29t&data=aHR0cHM6Ly93d3cuanJtdHJrLmNvbS9yZC9yLnBocD9zaWQ9MzEmcHViPTMwMDA1MCZjMj1ueGNreDYzMmVhOWM3MDAwZTZiNjk=&action=action_final HTTP/1.1 
Host: ropnv.track4ref.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ropnv.track4ref.com/redirect/index?type=meta&to=aHR0cHM6Ly9yb3Budi50cmFjazRyZWYuY29t&data=aHR0cHM6Ly93d3cuanJtdHJrLmNvbS9yZC9yLnBocD9zaWQ9MzEmcHViPTMwMDA1MCZjMj1ueGNreDYzMmVhOWM3MDAwZTZiNjk=&action=action_tmp
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         52.19.101.114
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Sat, 24 Sep 2022 06:55:03 GMT
content-length: 375
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (375), with no line terminators
Size:   375
Md5:    91604ac47969c3bb6ccbbdbe2fcf42cf
Sha1:   3456b682970fa2612a4deb7c937a8be0a2a3d514
Sha256: f8445112af95b13f970692b64e41edf05fb9a79f05ba7107aea4ee2d2872d592
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18431
Expires: Sat, 24 Sep 2022 12:02:15 GMT
Date: Sat, 24 Sep 2022 06:55:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18431
Expires: Sat, 24 Sep 2022 12:02:15 GMT
Date: Sat, 24 Sep 2022 06:55:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18431
Expires: Sat, 24 Sep 2022 12:02:15 GMT
Date: Sat, 24 Sep 2022 06:55:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18431
Expires: Sat, 24 Sep 2022 12:02:15 GMT
Date: Sat, 24 Sep 2022 06:55:04 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F993a9251-cb79-4060-b043-aacb127c6565.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8907
x-amzn-requestid: 974b20af-4775-45bd-9e3f-55e5aa363c2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQRGPtIAMFZCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2734-18aebf577efb8aaa0182aeed;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ANAYROIRBWe_Y5TxqYp9IDnqnuOHQGjvyj1K8Z85m7C9DGCXXuQ-Cw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:47:49 GMT
age: 32835
etag: "24d4dcad1590e79e89a1ffe343bd7fe616528c5a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8907
Md5:    f727cc665bfa383779422949037a83a7
Sha1:   24d4dcad1590e79e89a1ffe343bd7fe616528c5a
Sha256: 72dc66286d9ea7b71b6c9a116ff69380a97253c73f1ba2a5b3da34790e321e05
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 32548
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6386
Md5:    d8d9af95acfc8b9b431eb1e020157f6d
Sha1:   f6f926be6e265a597aaede424f05fcd7c76fcc20
Sha256: 0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 32156
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8029
Md5:    02a682b4703bb9d6381c762726c05531
Sha1:   1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
Sha256: fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 32288
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10032
Md5:    aa150280eb113504d61a25935c0f0127
Sha1:   ed04f74fbb4c77b21e2babc51a82857f5e23d169
Sha256: 07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 9746
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10279
Md5:    8ea5f06ad31f0cedd2cb5c6df82f35f4
Sha1:   60a83a1618ffae06e49ca3002bac1db9980dcfe8
Sha256: 5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 32474
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9935
Md5:    55d224ac83a417772c98bc5080fb6689
Sha1:   a30f9044330824e70dde0dcc785890d981e6fdf5
Sha256: b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D85DF67D9618F3E86FDAC4271AF95E3D300685EFFCE856703654C3ACA179D5C0"
Last-Modified: Wed, 21 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Sat, 24 Sep 2022 12:54:15 GMT
Date: Sat, 24 Sep 2022 06:55:04 GMT
Connection: keep-alive

                                        
                                            GET /rd/r.php?sid=31&pub=300050&c2=nxckx632ea9c7000e6b69 HTTP/1.1 
Host: www.jrmtrk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ropnv.track4ref.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         52.44.99.186
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Sat, 24 Sep 2022 06:55:04 GMT
content-length: 0
location: http://www.usm45.com/?c=782&s1=&s2=690337044
server: Apache
set-cookie: uid31=690337044-20220923235504-9567947133a3a292668860ad7c153fb5-; domain=jrmtrk.com; expires=Mon, 24-Oct-2022 06:55:04 GMT; path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

                                        
                                            GET /?c=782&s1=&s2=690337044 HTTP/1.1 
Host: www.usm45.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.26.194
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 24 Sep 2022 06:55:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
Set-Cookie: PHPSESSID=k67scfeoh633ae5khateag1es7; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Location: https://auto2.militarybenefitguide.com/?req_id=632ea9c898be1&s5=88
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDqoMhWlkzPlhqJbbPKXsbXQxOJcySZeycfP%2F5iLm%2FkxGWX8CuJjMZKHaNmwuWAR6RhqGuC9d4xuI5okFoYgWHlj6%2F%2BndZRFFhLPSAXjUaPkBfegHSQXN3TMEMsIBdQq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74f99cc3f8de0b49-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /ajax/libs/moment.js/2.24.0/moment.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 06:55:05 GMT
content-length: 15508
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f26-d04c"
last-modified: Mon, 04 May 2020 16:13:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 813279
expires: Thu, 14 Sep 2023 06:55:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQbe72PUnraTkwAC%2F7vTkVb8LC84Jp7Gsyt%2Fj%2Fb5pwf%2BLi%2FU5Vjpx0hinrKM3U07HIX%2FnfYAchZtmzmxT1dyeHO9QL7IfO7vis79HkSdXyL%2FaDWtmBQ6hnHe%2BUR%2Fqh379k%2B8ZYTX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74f99ccb0cb7b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (53324), with no line terminators
Size:   15508
Md5:    fa41c3e185077fbc8b9ad0cb1739196e
Sha1:   4e426a2fccff6f1637d4ec0e71356e42edf32d24
Sha256: 63a7116476543b4e5d48d3fa6411905c1ebaee241a7336faee216e76e748b610
                                        
                                            GET /?req_id=632ea9c898be1&s5=88 HTTP/1.1 
Host: auto2.militarybenefitguide.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         34.120.230.5
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
cache-control: max-age=0, private, must-revalidate
date: Sat, 24 Sep 2022 06:55:04 GMT
etag: W/"d567e4814e0e9bc5b7936373083a5705"
referrer-policy: strict-origin-when-cross-origin
server: Caddy, Qloaked
set-cookie: _project_session=WP4Es30MHxRK2F%2FW5jP1rYDvisTeJDRKPTOebETG0qyGi5LpLn8yiZOSVpWvhz%2B%2BLQ5NdFbutlGFlhUyz%2FsRDGOt65zZAm6aQmfmEcM1yLEYaghwxwEY84rPcVvMbh8zgVgTtrHBtc9AHBEF7%2FEaYeHJ6sViVKFmlBzzbV%2BXFI8gZv%2BNbYYGG2O5ENhXKyqeYqrzYv9Uef7FWFl8MqVU57p4GMlpvA6HY20LeMuzzLWSXOSYIol181e43v5hfMUln5FeyceTQ45xCD4K1QtUNdsZD5288migrE5m1MxItKvUrWfmYoakzq1JjQgaKZWK7VH8CA%3D%3D--r51F4HsRnJVcdTFr--Avuc2H43zlGgybPFDLJ5zg%3D%3D; path=/; secure; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-qloaked-clientip: 91.90.42.154
x-request-id: cb6fee77-f625-4bf2-9d6b-961ef34b3e9c
x-runtime: 0.052913
x-xss-protection: 1; mode=block
content-length: 50365
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10200)
Size:   50365
Md5:    edc32d233bf846c78346ef6e1c8b5e68
Sha1:   62a46b84ca9a7ccb1bb8db8c6d4b01c278c836e7
Sha256: d567e4814e0e9bc5b7936373083a57055f7995e3862a879fce4268ff37aedc33
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=AW-786936299 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Sep 2022 06:55:05 GMT
expires: Sat, 24 Sep 2022 06:55:05 GMT
cache-control: private, max-age=900
last-modified: Sat, 24 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61067
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1825)
Size:   61067
Md5:    0a4b2016d9a7203357f9e2ecae23a6a7
Sha1:   f1937b108f69051b4c4d720987d013d820f8b55c
Sha256: 383e7d86a02d82e1efc3a6876dcb1982a8e24e3b48e0f01afa3af14255a54ad2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/frontend/application-c8e3caff800260c7271b53dbff9406c022f36c561407e42f3eaef37d11602d2a.css HTTP/1.1 
Host: auto2.militarybenefitguide.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/?req_id=632ea9c898be1&s5=88
Connection: keep-alive
Cookie: _project_session=WP4Es30MHxRK2F%2FW5jP1rYDvisTeJDRKPTOebETG0qyGi5LpLn8yiZOSVpWvhz%2B%2BLQ5NdFbutlGFlhUyz%2FsRDGOt65zZAm6aQmfmEcM1yLEYaghwxwEY84rPcVvMbh8zgVgTtrHBtc9AHBEF7%2FEaYeHJ6sViVKFmlBzzbV%2BXFI8gZv%2BNbYYGG2O5ENhXKyqeYqrzYv9Uef7FWFl8MqVU57p4GMlpvA6HY20LeMuzzLWSXOSYIol181e43v5hfMUln5FeyceTQ45xCD4K1QtUNdsZD5288migrE5m1MxItKvUrWfmYoakzq1JjQgaKZWK7VH8CA%3D%3D--r51F4HsRnJVcdTFr--Avuc2H43zlGgybPFDLJ5zg%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.120.230.5
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: gzip
date: Sat, 24 Sep 2022 06:55:05 GMT
last-modified: Wed, 16 Feb 2022 19:41:13 GMT
server: Caddy, Qloaked
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-qloaked-clientip: 91.90.42.154
content-length: 28200
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65326)
Size:   28200
Md5:    e0640a4941751b5752b54b508e35407a
Sha1:   17d985089b748faf50666802d1d1d5703d0836b1
Sha256: 953225397049e3bd558eb0dea5caf0e72cbe1fa674fa88c9786f3321874c1fd8
                                        
                                            GET /assets/frontend/application-ba4a9af22c0d9b4924384805889271a09d9d9fa354b3b9c3419d19f28a26bdd0.js HTTP/1.1 
Host: auto2.militarybenefitguide.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/?req_id=632ea9c898be1&s5=88
Connection: keep-alive
Cookie: _project_session=WP4Es30MHxRK2F%2FW5jP1rYDvisTeJDRKPTOebETG0qyGi5LpLn8yiZOSVpWvhz%2B%2BLQ5NdFbutlGFlhUyz%2FsRDGOt65zZAm6aQmfmEcM1yLEYaghwxwEY84rPcVvMbh8zgVgTtrHBtc9AHBEF7%2FEaYeHJ6sViVKFmlBzzbV%2BXFI8gZv%2BNbYYGG2O5ENhXKyqeYqrzYv9Uef7FWFl8MqVU57p4GMlpvA6HY20LeMuzzLWSXOSYIol181e43v5hfMUln5FeyceTQ45xCD4K1QtUNdsZD5288migrE5m1MxItKvUrWfmYoakzq1JjQgaKZWK7VH8CA%3D%3D--r51F4HsRnJVcdTFr--Avuc2H43zlGgybPFDLJ5zg%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.120.230.5
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
date: Sat, 24 Sep 2022 06:55:05 GMT
last-modified: Mon, 14 Feb 2022 16:03:57 GMT
server: Caddy, Qloaked
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-qloaked-clientip: 91.90.42.154
content-length: 77244
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30291)
Size:   77244
Md5:    d40fb4ede067693ea1833ccbdfe5c131
Sha1:   746013cdc3eba1c1fcc4a45fcc6454f49c52c472
Sha256: 8271d6fe99a6ed8179de816f011f8794e7d20f69fb1e3ebe41b159a6e102536a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:05 GMT
Last-Modified: Sat, 24 Sep 2022 06:25:12 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 bc2bc513f253fcceea8b8dbe365043dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: -Driwdr4_aJmWEMNy0QJtLTHhr-w6K6QH-czl7T7XGTCYPtARHsRmw==
Age: 1793

                                        
                                            GET /rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBcDRLIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--656fc481bba9bb2b64bfbc23527169e708b13b49/MilitaryBenefitGuide.com%20Logo%20-%20Website.png HTTP/1.1 
Host: auto2.militarybenefitguide.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/?req_id=632ea9c898be1&s5=88
Connection: keep-alive
Cookie: _project_session=WP4Es30MHxRK2F%2FW5jP1rYDvisTeJDRKPTOebETG0qyGi5LpLn8yiZOSVpWvhz%2B%2BLQ5NdFbutlGFlhUyz%2FsRDGOt65zZAm6aQmfmEcM1yLEYaghwxwEY84rPcVvMbh8zgVgTtrHBtc9AHBEF7%2FEaYeHJ6sViVKFmlBzzbV%2BXFI8gZv%2BNbYYGG2O5ENhXKyqeYqrzYv9Uef7FWFl8MqVU57p4GMlpvA6HY20LeMuzzLWSXOSYIol181e43v5hfMUln5FeyceTQ45xCD4K1QtUNdsZD5288migrE5m1MxItKvUrWfmYoakzq1JjQgaKZWK7VH8CA%3D%3D--r51F4HsRnJVcdTFr--Avuc2H43zlGgybPFDLJ5zg%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.120.230.5
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
cache-control: max-age=300, private
date: Sat, 24 Sep 2022 06:55:05 GMT
location: https://visiqua-flipforms-production.s3.amazonaws.com/hASERVrNjiEiSvRiNgDP64eH?response-content-disposition=inline%3B%20filename%3D%22MilitaryBenefitGuide.com%20Logo%20-%20Website.png%22%3B%20filename%2A%3DUTF-8%27%27MilitaryBenefitGuide.com%2520Logo%2520-%2520Website.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA24XLLHYZGUYEECWN%2F20220924%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220924T065505Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=65f7038cb01648cedf14a9dc73e52e8c81207dd97eb63184199ace10f156d9de
referrer-policy: strict-origin-when-cross-origin
server: Caddy, Qloaked
set-cookie: _project_session=KYZCL1xFzc8q57TSG99jaExHhnjEtY5HZk%2BHcrLy1SUcIukUf%2B83o1IvOQ3QHs%2F326OW6W%2BJhSKzcQ9CkQtiRlnUOCsS2SXDRgYD6LyQpvrDaj1p%2FQi%2BjnPmLHNjm25wbWxfP0NWGhs2NnFHGJVnR1UXMBYE7Lz50oa5eaS2c%2BMXIdYcaRNussEoOA3HWLIImMYvbmlozXSAGoKHhq7PuQRotmaB3chrT6RkEb9RpxutX1v%2FJR2pdPEIoHtCECtjfzYOMT0xQ8motGje8W%2BSOoGfd2ep0IS6N9KNyxfZSwYjFEyskkiJVuWV6esQPfjR4s2nrQ%3D%3D--hDHr1sX3qu8YTu16--POyeextSeGztTN9x%2FDrAsA%3D%3D; path=/; secure; HttpOnly; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-qloaked-clientip: 91.90.42.154
x-request-id: d2a01d57-15d9-40e4-91f8-5e2f5faaa411
x-runtime: 0.054705
x-xss-protection: 1; mode=block
content-length: 666
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (666), with no line terminators
Size:   666
Md5:    f32e1511e1610a38697363ed54b5e0e6
Sha1:   d85e1d67da80666d6dacc85a0f5fb0b79ae6c8cd
Sha256: 83d0682a6550834f582d8c16211894f162feb35af15efd91600a1f757285cfd2
                                        
                                            GET /quick-form/assets/images/phone.png HTTP/1.1 
Host: s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.231.88.2
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: +PO7m5lMU5xgkDHrRnlqhQvjej926watm31DHrs9N2KBz/2lZOm9ptmDbzJZHcCZIQoXJhBp/dg=
x-amz-request-id: CQXA95SRFHZWJK3F
Date: Sat, 24 Sep 2022 06:55:06 GMT
Last-Modified: Thu, 26 Jul 2018 12:03:38 GMT
ETag: "fd1351cda16f23cf20df7acfb9ec2633"
Accept-Ranges: bytes
Content-Length: 1014
Server: AmazonS3


--- Additional Info ---
Magic:  PNG image data, 22 x 23, 8-bit colormap, non-interlaced\012- data
Size:   1014
Md5:    fd1351cda16f23cf20df7acfb9ec2633
Sha1:   e2ad5e92a54c858c5d2dac6d3622bf9b48310377
Sha256: 2dbbf1b178564bd53286999b501a6ffb6a69b5baa4f8db2a5f98c6852fc674fc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1851
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:05 GMT
Last-Modified: Sat, 24 Sep 2022 06:24:14 GMT
Server: ECS (amb/6B86)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:06 GMT
Last-Modified: Sat, 24 Sep 2022 06:17:52 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 bc2bc513f253fcceea8b8dbe365043dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: cJy3XF8_MpUDny4lwaG6LpGuqosW5K0fVN_8-nAL85c-A_hMnmFkUg==
Age: 2234

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:06 GMT
Last-Modified: Sat, 24 Sep 2022 05:22:46 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 849d578ca949358328a9c41e066f78ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: vS_KKA2wDHYSIpEE9j2OfG7cD6axmkJL_9W0reXLUGlhIcQrMSNySQ==
Age: 5540

                                        
                                            GET /trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16640025048080.27880171600815973&invert_field_sensitivity=false HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.225.160.212
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
server: awselb/2.0
date: Sat, 24 Sep 2022 06:55:06 GMT
content-length: 134
location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16640025048080.27880171600815973&invert_field_sensitivity=false
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   134
Md5:    4aa7a432bb447f094408f1bd6229c605
Sha1:   1965c4952cc8c082a6307ed67061a57aab6632fa
Sha256: 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "14DE86D3D2E33BCE9CA7B233197029ADB9BAB8CDE4EACC04C0D4D852D734A44B"
Last-Modified: Fri, 23 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6424
Expires: Sat, 24 Sep 2022 08:42:10 GMT
Date: Sat, 24 Sep 2022 06:55:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "14DE86D3D2E33BCE9CA7B233197029ADB9BAB8CDE4EACC04C0D4D852D734A44B"
Last-Modified: Fri, 23 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6399
Expires: Sat, 24 Sep 2022 08:41:45 GMT
Date: Sat, 24 Sep 2022 06:55:06 GMT
Connection: keep-alive

                                        
                                            GET /hASERVrNjiEiSvRiNgDP64eH?response-content-disposition=inline%3B%20filename%3D%22MilitaryBenefitGuide.com%20Logo%20-%20Website.png%22%3B%20filename%2A%3DUTF-8%27%27MilitaryBenefitGuide.com%2520Logo%2520-%2520Website.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA24XLLHYZGUYEECWN%2F20220924%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220924T065505Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=65f7038cb01648cedf14a9dc73e52e8c81207dd97eb63184199ace10f156d9de HTTP/1.1 
Host: visiqua-flipforms-production.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.216.170.139
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: CV53pnO7XajXsCnjXpERZFoQoA7rYHIi1Vx32qqPx2Xu9lzCnlwH+2mVsNV0WuJRukaTLNQk2MQ=
x-amz-request-id: EB26M6C51ZN5EG23
Date: Sat, 24 Sep 2022 06:55:07 GMT
Last-Modified: Mon, 14 Feb 2022 15:47:12 GMT
ETag: "9bcf43d548f629aaafbffee26aa285b5"
Content-Disposition: inline; filename="MilitaryBenefitGuide.com Logo - Website.png"; filename*=UTF-8''MilitaryBenefitGuide.com%20Logo%20-%20Website.png
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 52920


--- Additional Info ---
Magic:  PNG image data, 400 x 130, 8-bit/color RGBA, non-interlaced\012- data
Size:   52920
Md5:    9bcf43d548f629aaafbffee26aa285b5
Sha1:   73411d28c19794f46e6a49ef5c68382d145cd2bd
Sha256: 5e5f96d95867a3f525f6a324a4f868891931f16a7577abb473d2cf295655ba76
                                        
                                            GET / HTTP/1.1 
Host: jsonip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.79.77.20
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.20.2
Date: Sat, 24 Sep 2022 06:55:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Strict-Transport-Security: max-age=31536000;


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   101
Md5:    670ad0ad545aa27225d852f78cee6987
Sha1:   b0607618126c586c140ae0db1c7fe68011560995
Sha256: ea568e92f62fb8f62cfe8aa62ca899647b3b919eb44e916cf9f5c6168ddb607a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:06 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 bc2bc513f253fcceea8b8dbe365043dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: Uttzo8I14IjG-iArBQgkV2tG30Nyd8teTed9sxE3SM0NYuRhCU6yIQ==

                                        
                                            GET / HTTP/1.1 
Host: jsonip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.79.77.20
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.20.2
Date: Sat, 24 Sep 2022 06:55:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Strict-Transport-Security: max-age=31536000;


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   101
Md5:    670ad0ad545aa27225d852f78cee6987
Sha1:   b0607618126c586c140ae0db1c7fe68011560995
Sha256: ea568e92f62fb8f62cfe8aa62ca899647b3b919eb44e916cf9f5c6168ddb607a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16640025048080.27880171600815973&invert_field_sensitivity=false HTTP/1.1 
Host: cdn.trustedform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.122.117
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 24 Sep 2022 06:55:07 GMT
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 9tpprjSXF1V1i663qaS1L8y.yb5CQ2dA
etag: W/"97d91c9803cec4e7981c0f415c2c1923"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 55dabc4e08599983026bc6c8234017e8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P2
x-amz-cf-id: EHuH424l8-NdMKz1Q9bAtxJ1SwdHa9iFKevd9GL0EZDgoWzUJWEJZQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (8097)
Size:   18941
Md5:    950d7a68b3cd78cc7e1e6ffbbea19907
Sha1:   48bb77ec5037782d75ede2978969cbdf3960862c
Sha256: 077ded80164ddd61ff49b2cbf7685735a9b2a5f0810662208396ec64943970b9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:07 GMT
Last-Modified: Sat, 24 Sep 2022 06:49:06 GMT
Server: ECS (dcb/7EC6)
X-Cache: Miss from cloudfront
Via: 1.1 849d578ca949358328a9c41e066f78ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: 4ipAcpIbes5uNkfFNRlVZmR_qWPVlW1Ou2cjut6Re0IStNQUoYBe4A==
Age: 361

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: auto2.militarybenefitguide.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/?req_id=632ea9c898be1&s5=88
Connection: keep-alive
Cookie: _project_session=KYZCL1xFzc8q57TSG99jaExHhnjEtY5HZk%2BHcrLy1SUcIukUf%2B83o1IvOQ3QHs%2F326OW6W%2BJhSKzcQ9CkQtiRlnUOCsS2SXDRgYD6LyQpvrDaj1p%2FQi%2BjnPmLHNjm25wbWxfP0NWGhs2NnFHGJVnR1UXMBYE7Lz50oa5eaS2c%2BMXIdYcaRNussEoOA3HWLIImMYvbmlozXSAGoKHhq7PuQRotmaB3chrT6RkEb9RpxutX1v%2FJR2pdPEIoHtCECtjfzYOMT0xQ8motGje8W%2BSOoGfd2ep0IS6N9KNyxfZSwYjFEyskkiJVuWV6esQPfjR4s2nrQ%3D%3D--hDHr1sX3qu8YTu16--POyeextSeGztTN9x%2FDrAsA%3D%3D; _gcl_au=1.1.990989470.1664002505
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.120.230.5
HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
                                        
date: Sat, 24 Sep 2022 06:55:06 GMT
last-modified: Thu, 02 Jun 2022 06:10:05 GMT
server: Caddy, Qloaked
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 vegur
x-qloaked-clientip: 91.90.42.154
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/786936299/?random=1664002506087&cv=9&fst=1664002506087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9l0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauto2.militarybenefitguide.com%2F%3Freq_id%3D632ea9c898be1%26s5%3D88&tiba=Auto%20Insurance%20Quotes%20-%20MilitaryBenefitGuide.com&auid=990989470.1664002505&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.66
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 24 Sep 2022 06:55:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1088
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 24-Sep-2022 07:10:07 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2408), with no line terminators
Size:   1088
Md5:    f7c96a27d135bac726a9df1422b0dab7
Sha1:   b19b1b31f38fe6fa87f37621ad531192c2a4e453
Sha256: dd83a30142cbf713f11f749b055ad756a757d5e33e238e54ed0588e340d2c322
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /iframe.html?token=7F2CCF67-DECF-A19B-9197-25FCF96C42E4&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=EE9E1545-A46E-9025-2E7E-BCB8AAB0199E&lac=8888A8B8-DE61-D6A7-D2F9-D9D52CA81CD7 HTTP/1.1 
Host: d2m2wsoho8qq12.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         18.165.196.212
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Wed, 21 Sep 2022 20:13:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Fri, 23 Sep 2022 22:05:31 GMT
ETag: W/"632b707f-dbb"
X-Cache: Hit from cloudfront
Via: 1.1 02dcbe051a75d060274d188948821dcc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: yxUIrjGIsqc5OBWNLTvoblQu0R20sp144Jbt40AXjVn4cjyafTjzcw==
Age: 31779


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1449
Md5:    ef825b8a88a51cd76a51d08dfc1d4f99
Sha1:   5bf247bd91a4be0c3b76a70ec8e5e462de0e9f3b
Sha256: 2ac453ec379c3e7b0fa69b810ecf2d6771de3e7611a2599a20f8e8ce9a240af1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /campaign/ee9e1545-a46e-9025-2e7e-bcb8aab0199e.js?snippet_version=2 HTTP/1.1 
Host: create.lidstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.41.229
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 24 Sep 2022 06:55:06 GMT
x-amz-id-2: raNh+7++TwrbJV144q/uYrDfiQ4K1Iq3rc3PSHs95p/iWVkPm8Q6foW38q/Gkp1z2aaJdSRkPNc=
x-amz-request-id: EB2E50W04B3Z0S26
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Nov 2021 01:26:23 GMT
etag: W/"4bbb9c544aff7753d4d1dd4141f865a8"
cache-control: max-age=1800
x-amz-version-id: 6kFvCPNJXvQS6Uh.1eurhfIbSHi4YdZi
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f99ccdc96a1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   39785
Md5:    44ecbd81f549d9981ec55d32d9dcaa48
Sha1:   5901b4c4a0d14d059c5e0a82a0891eead8c90c3c
Sha256: 8eb1ac9f8babe665a1c19ebad72e34f74318a9583ed06d15879dfa39f166549d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 06:55:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         108.138.212.162
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:07 GMT
Last-Modified: Sat, 24 Sep 2022 05:24:49 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 bc2bc513f253fcceea8b8dbe365043dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: zSqiohbHWlj9O8pBbKoa7cPZqlVQEKNNqpkuOuFMHQL_jaUctBe2Vw==
Age: 5418

                                        
                                            POST /2.11.9/GenerateToken?msn=1&pid=a741b960-e314-4004-9407-cfc80e69c03e&_=359873414 HTTP/1.1 
Host: create.leadid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Content-type: application/x-www-form-urlencoded
Content-Length: 213
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.20.13.104
HTTP/2 200 OK
content-type: text/plain;charset=UTF-8
                                        
date: Sat, 24 Sep 2022 06:55:07 GMT
server: nginx
set-cookie: rgisanonymous=false; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguserid=c70e0dfc-3333-4703-9841-a3a62f6cfc8d; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguuid=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rgisanonymous=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32029)
Size:   16203
Md5:    14b393a13e9779f6d0c3e42e48112716
Sha1:   ce5815fba6d3f89ea20a9c4a26a004488e74a274
Sha256: d0b552ec8b4dd8410d7971294c20cf0237b6e6f831478466af689b3a73664cd3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1742
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 06:55:08 GMT
Last-Modified: Sat, 24 Sep 2022 06:26:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /2.11.9/SaveDeviceId.js?lac=8888A8B8-DE61-D6A7-D2F9-D9D52CA81CD7&lck=EE9E1545-A46E-9025-2E7E-BCB8AAB0199E&methods=48&token=7F2CCF67-DECF-A19B-9197-25FCF96C42E4&uuid=30f904ee46e641e59ad40c1b7726b081 HTTP/1.1 
Host: create.leadid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://deviceid.trueleadid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         52.20.13.104
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Sat, 24 Sep 2022 06:55:07 GMT
server: nginx
set-cookie: rgisanonymous=false; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguserid=ca6ad509-036f-47bc-901a-08201a1b4a16; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguuid=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rgisanonymous=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            GET /1/NRJS-fd0df3b9067b5adad43?a=491095843&v=1216.487a282&to=dF1ZREFeWQ1TSk0JWVpXGENGQ0METw%3D%3D&rst=4350&ck=1&ref=https://auto2.militarybenefitguide.com/&ap=51&be=1725&fe=4255&dc=2177&perf=%7B%22timing%22:%7B%22of%22:1664002502674,%22n%22:0,%22f%22:1070,%22dn%22:1072,%22dne%22:1095,%22c%22:1096,%22s%22:1108,%22ce%22:1288,%22rq%22:1289,%22rp%22:1643,%22rpe%22:1643,%22dl%22:1650,%22di%22:2141,%22ds%22:2177,%22de%22:2181,%22dc%22:4254,%22l%22:4254,%22le%22:4256%7D,%22navigation%22:%7B%22ty%22:255%7D%7D&fcp=2189&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 24 Sep 2022 06:55:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74f99cdc1c431c12-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=1609c0238942e8b4; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   73
Md5:    516a128bb6000ca8154792678f4333fb
Sha1:   41d0257bea96afd36c6f3e40fcfdc9ca247f8e01
Sha256: 9fa62b52f24b87a40410fe842cb9be494abed114a2eac2eb406c8b4a4d372d10
                                        
                                            POST /certs/467bffa19a235c1d15de9f1c88fa699a1f8c75e8/snapshot HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Content-Type: text/plain
Content-Length: 14407
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.225.160.212
HTTP/2 204 No Content
                                        
date: Sat, 24 Sep 2022 06:55:08 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            POST /certs/467bffa19a235c1d15de9f1c88fa699a1f8c75e8/fingerprints HTTP/1.1 
Host: api.trustedform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Content-Type: text/plain
Content-Length: 434
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.225.160.212
HTTP/2 204 No Content
                                        
date: Sat, 24 Sep 2022 06:55:08 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2

                                        
                                            POST /2.11.9/InitFormData?msn=4&pid=a741b960-e314-4004-9407-cfc80e69c03e&token=7F2CCF67-DECF-A19B-9197-25FCF96C42E4&_=359873417 HTTP/1.1 
Host: create.leadid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Content-type: application/x-www-form-urlencoded
Content-Length: 1487
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         52.20.13.104
HTTP/2 200 OK
content-type: text/plain;charset=UTF-8
                                        
date: Sat, 24 Sep 2022 06:55:08 GMT
server: nginx
set-cookie: rgisanonymous=false; expires=Mon, 24-Oct-2022 06:55:08 GMT; Max-Age=2592000; path=/ rguserid=37c0a2c2-37b9-446b-8aed-6f5dd79fc1fb; expires=Mon, 24-Oct-2022 06:55:08 GMT; Max-Age=2592000; path=/ rguuid=true; expires=Mon, 24-Oct-2022 06:55:08 GMT; Max-Age=2592000; path=/ rgisanonymous=true; expires=Mon, 24-Oct-2022 06:55:08 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

                                        
                                            GET /?https://ropnv.abtrcker.com/c/348161fa8b258330 HTTP/1.1 
Host: anonym.es
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.21.94.58
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
date: Sat, 24 Sep 2022 06:55:01 GMT
x-powered-by: PHP/7.3.11
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yHd1E8GXad%2F8Ou6cfMNXgoxGh%2FL5j%2FzctazxoDhwW6sgPQzxMP0m%2BBDAh7bG49eYBzc313QXhWIR%2FJlozo3hpAcYJnFlHDw%2BRT%2BfQE7cmKu6aIH%2FKO%2FY%2BmJGpbk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f99cb3fdafb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /trustedform-1.8.27.js HTTP/1.1 
Host: cdn.trustedform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         18.165.122.117
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 6olc5v40B1RpRJGb5GYISB93fSUp4tqK
server: AmazonS3
content-encoding: gzip
date: Sat, 24 Sep 2022 06:55:08 GMT
etag: W/"2f557edcc84fd346c897a4d565e57ac0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 55dabc4e08599983026bc6c8234017e8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P2
x-amz-cf-id: SYpZhtbZl9VRjA0uB6xEH-lwB2VKBdohRY8Hn3lkSqV2bwQGFo0A0Q==
age: 28
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /2.11.9/InitFormData?msn=3&pid=a741b960-e314-4004-9407-cfc80e69c03e&token=7F2CCF67-DECF-A19B-9197-25FCF96C42E4&_=359873416 HTTP/1.1 
Host: create.leadid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auto2.militarybenefitguide.com/
Content-type: application/x-www-form-urlencoded
Content-Length: 15345
Origin: https://auto2.militarybenefitguide.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         52.20.13.104
HTTP/2 200 OK
content-type: text/plain;charset=UTF-8
                                        
date: Sat, 24 Sep 2022 06:55:07 GMT
server: nginx
set-cookie: rgisanonymous=false; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguserid=f8d4d8d6-5364-4511-8284-ae45b0f175f5; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rguuid=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/ rgisanonymous=true; expires=Mon, 24-Oct-2022 06:55:07 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---