hemailaccesshere.com/
54.225.74.218302 Found 146 B IP 54.225.74.218:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b4451d5003b4a3ed5ad9f76978f91657
42dd71395ece53a13a6283ccbfde64a4677ffcc9
de3572b8e6313a0af7f9db6aa839a77c670624db92adcb82b804736328d98519
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Jan 2023 15:37:33 GMT
Location: https://hemailaccesshere.com/
X-Content-Type-Options: nosniff
Content-Length: 146
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3532
Expires: Sun, 29 Jan 2023 16:36:28 GMT
Date: Sun, 29 Jan 2023 15:37:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2795
Expires: Sun, 29 Jan 2023 16:24:11 GMT
Date: Sun, 29 Jan 2023 15:37:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19390
Expires: Sun, 29 Jan 2023 21:00:46 GMT
Date: Sun, 29 Jan 2023 15:37:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 15:35:38 GMT
content-type: application/json
age: 118
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JbrREEAYBxMZu0zN0yApErkecdQt8jqBZcjFGPp4WH9X5LhC9DOxuKtA+cH1PaGucrXc8zY8ypk=
x-amz-request-id: 6DWCWYW0FBSCRH1T
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 14:50:21 GMT
age: 2835
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 15:37:36 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 4fc0273296621266a9f5f66bdb944ed3
93c7c0c6eb76b2a9ba81ce3eb51107eec52e728e
2ae1f4315b6e2e53a3051c1fae1d8c25e5754f9b1e84eaabd7cd2571e2f9cd4f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 15:37:36 GMT
Server: ECS (dcb/7F13)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8q_8daQX63KlP4wEAZNxt6mq8awxD_2VtORj5OYpwXWIRXaFq5z2LQ==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 14:41:41 GMT
age: 3355
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
hemailaccesshere.com/
44.198.96.212200 OK 12 kB IP 44.198.96.212:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (807), with CRLF line terminators
Hash 3e71d6e77da0a24aa795f2f8bf541f84
c174b75062c77dc4e2bfce12122d6a40a576611b
9ead471f61589098dda059f0a184e4cb0b1b24efba8b32e724c75541a0d864db
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Jan 2023 15:37:37 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 12514
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16237
Expires: Sun, 29 Jan 2023 20:08:14 GMT
Date: Sun, 29 Jan 2023 15:37:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4f43bce4d132991fedec454aa5579541
ac50300f638e67e9c22c85bd62cad2fb2848f18a
dd4868fbd0fadba88cf8bae1aa864ff31ffd149d5da5b55522975b5d9498cffb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4779
Cache-Control: max-age=164934
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Etag: "63d6615c-1d7"
Expires: Tue, 31 Jan 2023 13:26:31 GMT
Last-Modified: Sun, 29 Jan 2023 12:06:52 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hemailaccesshere.com/get/js/impression?uc=17700101&ap=&source=&uid=de6f5475-0903-485f-b533-6ef236cf104d&i_id=&cid=app@EmailAccessHere
44.198.96.212200 OK 641 B URL HTTP/1.1 hemailaccesshere.com/get/js/impression?uc=17700101&ap=&source=&uid=de6f5475-0903-485f-b533-6ef236cf104d&i_id=&cid=app@EmailAccessHere
IP 44.198.96.212:0
File type ASCII text, with CRLF line terminators
Hash afb5b9d8165c53f9d9533d748d3e92ee
96d5649049cd0c4ad7be10f8925691407a3382dc
47d769fba23e114006c92542cf56a6c7e4e4f142c37e8d514c64cc1c379384d9
GET /get/js/impression?uc=17700101&ap=&source=&uid=de6f5475-0903-485f-b533-6ef236cf104d&i_id=&cid=app@EmailAccessHere HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
Date: Sun, 29 Jan 2023 15:37:34 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 641
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=UA-178002442-1
172.217.21.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-178002442-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1759)
Hash 48e8e5afd98c96a804bdae8e03618792
a5e0c8fc705affc38db8fa1bf30865e13313cb48
3bd6a26b8c7a10c8b203ba091d70ddcd9499ef14aba16b210193a61bdd4fbece
GET /gtag/js?id=UA-178002442-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 29 Jan 2023 15:37:37 GMT
expires: Sun, 29 Jan 2023 15:37:37 GMT
cache-control: private, max-age=900
last-modified: Sun, 29 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44096
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hemailaccesshere.com/Content/Home/Email/CSS/Email_v2.css
44.198.96.212200 OK 1.6 kB URL HTTP/1.1 hemailaccesshere.com/Content/Home/Email/CSS/Email_v2.css
IP 44.198.96.212:0
File type ASCII text, with very long lines (662), with CRLF line terminators
Hash f95da5b4ebb2704f4da6e9b166fee57c
0731a2c8471375757596d129b1e4f04180ce88ce
db03ff08f0c80557ecdfd6c0798a326afa6d7f9cabb18641b3473ffe2d3b4904
GET /Content/Home/Email/CSS/Email_v2.css HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/css
Date: Sun, 29 Jan 2023 15:37:37 GMT
ETag: "805b7862c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 1550
Connection: keep-alive
push.services.mozilla.com/
52.39.218.209101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.218.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3rgvh8oiLGWeb0s9iXlOPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vtko5NMYUJ8O/7LoC6Qi0Ib9cnc=
hemailaccesshere.com/Content/CSS/Base_v2.css
44.198.96.212200 OK 2.8 kB URL HTTP/1.1 hemailaccesshere.com/Content/CSS/Base_v2.css
IP 44.198.96.212:0
File type ASCII text, with CRLF line terminators
Hash c9946249c90f0badfdf55a4559c476a5
f58f7668a3cd3453c31dd64d651a52099eaf8210
492fa88aec13f70306f900b005ce781c35d00df8e3e20072f55ddb3110ddf743
GET /Content/CSS/Base_v2.css HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/css
Date: Sun, 29 Jan 2023 15:37:37 GMT
ETag: "0c5df61c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:22 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 2846
Connection: keep-alive
hemailaccesshere.com/styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1
44.198.96.212200 OK 2.4 kB URL HTTP/1.1 hemailaccesshere.com/styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1
IP 44.198.96.212:0
File type ASCII text, with very long lines (12948), with no line terminators
Hash b265f2647d729ce2ed972bfce64cdc51
e3901bd30437e65ef4f0bc4ab0cf22730131f0f7
fc96374178471800e80a82f7c99dfb3d8ac3d4f823f2eb09e7ec4a0582d4e77c
Analyzer Verdict Alert fortinet Malware
GET /styles/home/monetizedquicklinks?v=Pf1P8ZTmx0EpcmDfisgZsKM0LGXZ0OckHk-F2hmrmqQ1 HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public
Content-Encoding: gzip
Content-Type: text/css; charset=utf-8
Date: Sun, 29 Jan 2023 15:37:35 GMT
Expires: Mon, 29 Jan 2024 15:37:35 GMT
Last-Modified: Sun, 29 Jan 2023 15:37:35 GMT
Vary: User-Agent,Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 2397
Connection: keep-alive
hemailaccesshere.com/Scripts/Home/Shared/Base_v2.js
44.198.96.212200 OK 1.0 kB URL HTTP/1.1 hemailaccesshere.com/Scripts/Home/Shared/Base_v2.js
IP 44.198.96.212:0
File type ASCII text, with CRLF line terminators
Hash 920fd729704c26bd93785b4fd1b6c643
ee2832de76e73a498a229a6d56c28b33fa524cd6
39a30cd129a89443137bc57dc906a53057d365a51d1f0b3ce195de5699c002a5
Analyzer Verdict Alert fortinet Malware
GET /Scripts/Home/Shared/Base_v2.js HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 15:37:37 GMT
ETag: "80b5da64c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:27 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 1043
Connection: keep-alive
hemailaccesshere.com/Scripts/WeatherHelper_v1.js
44.198.96.212200 OK 1.5 kB URL HTTP/1.1 hemailaccesshere.com/Scripts/WeatherHelper_v1.js
IP 44.198.96.212:0
File type ASCII text, with CRLF line terminators
Hash 1d8237575ed7434f668873989b3f769a
12430714bc540f62ab8c3cc356d1b009b1589a4b
198e57bb51fb3c84d5f47f50a51488e916c5dda12a414b5245d17aba693ea68d
Analyzer Verdict Alert fortinet Malware
GET /Scripts/WeatherHelper_v1.js HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 15:37:35 GMT
ETag: "80b5da64c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:27 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 1517
Connection: keep-alive
hemailaccesshere.com/Content/Images/quicklinkIcons/hq/weather.png
44.198.96.212200 OK 9.1 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/quicklinkIcons/hq/weather.png
IP 44.198.96.212:0
File type PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Hash c73cae6072224041a7e28492e966537a
7a52c159cfa027646d40ff974eaef4805ec9a969
fa25bf2809d53a6218b7eb54f168fb0bc9d6427c12cac5a6689205816bee0672
GET /Content/Images/quicklinkIcons/hq/weather.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:35 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 9105
Connection: keep-alive
hemailaccesshere.com/Content/Images/quicklinkIcons/hq/myemailsimplified.png
44.198.96.212200 OK 7.7 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/quicklinkIcons/hq/myemailsimplified.png
IP 44.198.96.212:0
File type PNG image data, 500 x 500, 8-bit colormap, non-interlaced\012- data
Hash cde49619d2e9336942237b4965e1df3e
8a754330cce76b36725ec12689ba349d7af78f7e
c60e91abccb6a9d706f9613c22abb713554dd75fbd4ea1bd8494d28b423ce936
GET /Content/Images/quicklinkIcons/hq/myemailsimplified.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:35 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 7740
Connection: keep-alive
hemailaccesshere.com/Content/Images/Toolbar/outlook.png
44.198.96.212200 OK 8.4 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/Toolbar/outlook.png
IP 44.198.96.212:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash aa6f70a6681c4c8321f28c610545b0a4
3bb0380120a96c3fc906ca551d22ad9fa1ed6ce7
6b1192ebfb3fd93bfdb7b886124862494c86d0045fd6c94a47398a089f5e030b
GET /Content/Images/Toolbar/outlook.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:38 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 8401
Connection: keep-alive
hemailaccesshere.com/Content/Images/Toolbar/yahoo.png
44.198.96.212200 OK 4.9 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/Toolbar/yahoo.png
IP 44.198.96.212:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d0147c64fa4aeb01695c95f351be917
cee44aeace3e20e6d7e607c723235a110bf02e7f
bcdd8290dcee1d8bc7c5cb8798bd27078a9a30dda19e432e8ad43d9520ba921b
GET /Content/Images/Toolbar/yahoo.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:38 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 4863
Connection: keep-alive
hemailaccesshere.com/Content/Images/Toolbar/gmail.png
44.198.96.212200 OK 4.4 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/Toolbar/gmail.png
IP 44.198.96.212:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash ea55cde31ffc6f17e1f6252c9ff64c63
e947805941b0c360442d8a05ae22368ce39d82a1
7549b37a194c861d3e0444cae07773212707ad4b2ec7f4182c006be6c8aaff69
GET /Content/Images/Toolbar/gmail.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:35 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 4402
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 10:05:58 GMT
expires: Fri, 26 Jan 2024 10:05:58 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 279099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
via.placeholder.com/300x300?Text=.
54.230.111.20200 OK 2.6 kB URL HTTP/2 via.placeholder.com/300x300?Text=.
IP 54.230.111.20:0
File type PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash dac2d2b98916fca030ef945d74d006df
d217065788875ce3b9a75d34f3f6193c88a43ad6
48f4519be70071334ebfc4fca36129277cf93759e5d31df22fc6002bbe772957
GET /300x300?Text=. HTTP/1.1
Host: via.placeholder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 2555
date: Sun, 29 Jan 2023 01:41:48 GMT
server: Werkzeug/2.2.2 Python/3.9.16
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8d_n4ito6EQpstk0nEY06vH1MTLJuock_C1b4U2Am-SNggGN2ETG3w==
age: 50149
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3
104.18.23.52200 OK 4.2 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3
IP 104.18.23.52:0
File type ASCII text, with very long lines (26366)
Hash 7fd743485fa194e25e2a207bff6c258a
97c999d752b95ee1ed6271a29aa58109dc17281e
dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b9b2ba83c3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:37 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 79130cd98cf1b4f7-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b9b2ba83c3
104.18.23.52200 OK 2.6 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b9b2ba83c3
IP 104.18.23.52:0
File type ASCII text, with very long lines (27832)
Hash eaaabd3f60063923cd5333eb1d7a20a1
0da69706105e28896a1f6eeaa91d5bec1b82f7f1
f863309ec0ac675409167610ff9776fa9c7620d6ee3592cc0c19d0b883ff2f70
GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b9b2ba83c3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:37 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 79130cd98cf2b4f7-OSL
X-Firefox-Spdy: h2
hemailaccesshere.com/Scripts/NewScripts/AutoComplete_V4.js
44.198.96.212200 OK 75 kB URL HTTP/1.1 hemailaccesshere.com/Scripts/NewScripts/AutoComplete_V4.js
IP 44.198.96.212:0
File type Unicode text, UTF-8 text, with very long lines (1602), with CRLF line terminators
Hash 8bbb0bc9c1fb1e218deceec495fbfb7a
e41b435847fd6fd56cae9ee06abb7bff6da3cadb
624a7d78be7b43606b0a3aed037652f1e91af071ea6ed0f8ac2f165dbc6f34f0
Analyzer Verdict Alert fortinet Malware
GET /Scripts/NewScripts/AutoComplete_V4.js HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: application/javascript
Date: Sun, 29 Jan 2023 15:37:37 GMT
ETag: "80b5da64c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:27 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 74940
Connection: keep-alive
hemailaccesshere.com/Content/Images/Toolbar/emailv2.png
44.198.96.212200 OK 5.0 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/Toolbar/emailv2.png
IP 44.198.96.212:0
File type PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Hash dd10e459a0ac71df7bcffa634a077856
cc774bf351b47a74c422c5db5dc17c051536be00
0d7a3679994f6afdc431b78b25fe7ba40963cfe94f807ca7409e9687429bca10
GET /Content/Images/Toolbar/emailv2.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:35 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 4960
Connection: keep-alive
hemailaccesshere.com/Content/Images/Toolbar/newsv2.png
44.198.96.212200 OK 12 kB URL HTTP/1.1 hemailaccesshere.com/Content/Images/Toolbar/newsv2.png
IP 44.198.96.212:0
File type PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced\012- data
Hash 54d6fb01d95327cccb0a713c0123190d
7a3c40c0a40fba3b51f76266cb9505f8f1a42ef5
71dc8eff83a0ad83594a67273ae6434612a079e25fb2e06180f046ae02f87a68
GET /Content/Images/Toolbar/newsv2.png HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Content-Type: image/png
Date: Sun, 29 Jan 2023 15:37:38 GMT
Last-Modified: Mon, 21 Nov 2022 15:53:23 GMT
X-Content-Type-Options: nosniff
Content-Length: 12254
Connection: keep-alive
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3
104.18.23.52200 OK 54 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3
IP 104.18.23.52:0
File type ASCII text, with very long lines (65397)
Hash dc9270247a97f75913a5d8934c24de03
ed9b0fa01b552571f99d529ed355b2ba91cfc48d
847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
GET /releases/v5.15.4/css/pro.min.css?token=b9b2ba83c3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:38 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 79130cd98cf0b4f7-OSL
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 3ab3c46a9abbf0cd4ea5af62dbcff308
0ff79b85853d805308b640fd81f636632c111452
cf804e421c581c6b5a146ef88908b8497397c1769b04c3df4b8d007c0ffa2313
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 15:37:38 GMT
Etag: "63d5d8f0-1d7"
Last-Modified: Sun, 29 Jan 2023 15:30:54 GMT
Server: ECS (dcb/7FA3)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5yVrHSYgzsTken7IpqEM2H7f5vnCtMiDULHg8Gjx_GuU8niXaeggXA==
Age: 404
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 3ab3c46a9abbf0cd4ea5af62dbcff308
0ff79b85853d805308b640fd81f636632c111452
cf804e421c581c6b5a146ef88908b8497397c1769b04c3df4b8d007c0ffa2313
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 15:37:38 GMT
Etag: "63d5d8f0-1d7"
Last-Modified: Sun, 29 Jan 2023 14:32:34 GMT
Server: ECS (dcb/7F37)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Jv77cZXQ4kK6zLT7HpcGmT_9wdqEBebT2rDagLUfI7wT_BYvaC2xUA==
Age: 3904
imp.onesearch.org/impression.do?event=ex_banner_show&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessHere
34.192.181.86200 OK 109 B URL HTTP/2 imp.onesearch.org/impression.do?event=ex_banner_show&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessHere
IP 34.192.181.86:0
File type PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Hash 3260e2cd06cba4871584bc863bc0dd10
5d780204aecb7cd5d0ffa2ca5bf540d7afdf4afc
87e6caca9e3e1c0b4ea254f67bf855c8496a1b80f4034bd5ae596be264ea5be8
GET /impression.do?event=ex_banner_show&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=adm&referrer=&offer_id=~app@EmailAccessHere HTTP/1.1
Host: imp.onesearch.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:38 GMT
content-type: image/png
content-length: 109
cache-control: no-cache
pragma: no-cache
expires: -1
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
internal_banner.tiles.ampfeed.com/tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1675006665827&callback=amp_fn
104.110.26.15200 OK 20 B URL HTTP/2 internal_banner.tiles.ampfeed.com/tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1675006665827&callback=amp_fn
IP 104.110.26.15:0
File type ASCII text, with no line terminators
Hash 7f3ddf32c69b12d8da247ab32bcf7c0a
e0d8baa7114b5126d38cf731ad44527af3467280
f1a514c273a93178f053ad889969bb58d6d5c44e913cbf3abbbbb667b4acda48
GET /tiles?partner=internal_banner&v=1.3&sub1=10055&sub2=email&results=10&BOC=1675006665827&callback=amp_fn HTTP/1.1
Host: internal_banner.tiles.ampfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
server: akka-http/10.0.0
content-type: application/json
content-length: 20
x-country-check: NO, NO
x-ip-check: 91.90.42.154, 127.0.0.1, 91.90.42.154
date: Sun, 29 Jan 2023 15:37:38 GMT
x-ident: p1ion
X-Firefox-Spdy: h2
internal_tiles.tiles.ampfeed.com/tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1675006665826&callback=admtilecallback
104.110.26.15200 OK 46 B URL HTTP/2 internal_tiles.tiles.ampfeed.com/tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1675006665826&callback=admtilecallback
IP 104.110.26.15:0
File type ASCII text, with no line terminators
Hash fe5db27d2eae551ca45d872688cc2bcb
5a99184fde35329d754349c64a45bb5ba64b4252
1f7af0b538726086e9bb5ce0c8fd64ca0a7baab3e6ae4d725979abf1014f48d9
GET /tiles?partner=internal_tiles&v=1.3&sub1=10058&sub2=email&results=10&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F71.0.3578.80%20Safari%2F537.36&BOC=1675006665826&callback=admtilecallback HTTP/1.1
Host: internal_tiles.tiles.ampfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
server: akka-http/10.0.0
content-type: application/json
content-encoding: gzip
content-length: 46
x-country-check: NO, NO
x-ip-check: 91.90.42.154, 127.0.0.1, 91.90.42.154
date: Sun, 29 Jan 2023 15:37:38 GMT
vary: Accept-Encoding
x-ident: p1ion
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash ef3a3abcd9ad7a7eda859665aa1cb20f
c10b864fa33c15d11375680cc8513a0057c795eb
7c37f387bbe281fde102a687b498ba721c325d08b8ac5880f780caf4dc656f72
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89603
Date: Sun, 29 Jan 2023 15:37:38 GMT
Etag: "63d5427d-1d7"
Expires: Mon, 30 Jan 2023 16:31:01 GMT
Last-Modified: Sat, 28 Jan 2023 15:42:53 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: llmovw1WC_fa-Wg88MFXBJnTdD7tWezG_O2XRG6PAKWMeI-GCQluTg==
Age: 2888
imp.onesearch.org/impression.do?event=ex_ql_impression&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::adgone&referrer=&offer_id=~app@EmailAccessHere
34.192.181.86200 OK 109 B URL HTTP/2 imp.onesearch.org/impression.do?event=ex_ql_impression&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::adgone&referrer=&offer_id=~app@EmailAccessHere
IP 34.192.181.86:0
File type PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Hash 3260e2cd06cba4871584bc863bc0dd10
5d780204aecb7cd5d0ffa2ca5bf540d7afdf4afc
87e6caca9e3e1c0b4ea254f67bf855c8496a1b80f4034bd5ae596be264ea5be8
GET /impression.do?event=ex_ql_impression&user_id=de6f5475-0903-485f-b533-6ef236cf104d&source=&traffic_source=&subid=17700101&implementation_id=email_&page=mailbird::thenewscorner_email::thenewscorner::myemailsimplified::nationalweatheragency::adgone&referrer=&offer_id=~app@EmailAccessHere HTTP/1.1
Host: imp.onesearch.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:38 GMT
content-type: image/png
content-length: 109
cache-control: no-cache
pragma: no-cache
expires: -1
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
dailyfeature.net/dailyfeature/df?url=hemailaccesshere.com&uc=17700101&cid=app@EmailAccessHere&purpose=hp&type=internal
54.226.240.196200 OK 762 B URL HTTP/1.1 dailyfeature.net/dailyfeature/df?url=hemailaccesshere.com&uc=17700101&cid=app@EmailAccessHere&purpose=hp&type=internal
IP 54.226.240.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 84f6fc8c656684300439274d7a57a9ef
92d6dc8b97ad705cb6ef9c7eab04b4c4df80b400
964ea7dedb1da18d116819274855d17bc670b08f1c9fcd1771af0d871bf5cb99
GET /dailyfeature/df?url=hemailaccesshere.com&uc=17700101&cid=app@EmailAccessHere&purpose=hp&type=internal HTTP/1.1
Host: dailyfeature.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Jan 2023 15:37:35 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: 762
Connection: keep-alive
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
104.18.23.52200 OK 20 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2
IP 104.18.23.52:0
File type Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196\012- data
Hash c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
GET /releases/v5.15.4/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:38 GMT
content-type: font/woff2
content-length: 19784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35f-4d48"
last-modified: Wed, 04 Aug 2021 18:58:39 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 79130cde1b05b4f7-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2
104.18.23.52200 OK 23 kB URL HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2
IP 104.18.23.52:0
File type Web Open Font Format (Version 2), TrueType, length 23316, version 331.-31196\012- data
Hash e0e8f01313f5061924cb318b031d706e
8ddfde7f46123a327ec627acf520741b1f016eb9
78f2234a60cbe6920db07df9663c0b035d9a602d8f7b82e174fc9e0f5bf89ad0
GET /releases/v5.15.4/webfonts/pro-fa-regular-400-5.0.0.woff2 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:38 GMT
content-type: font/woff2
content-length: 23316
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "610ae35c-5b14"
last-modified: Wed, 04 Aug 2021 18:58:36 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 79130cde3b2db4f7-OSL
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/quicklinkicons/adgone.png
54.230.245.47200 OK 19 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/adgone.png
IP 54.230.245.47:0
File type PNG image data, 361 x 361, 8-bit/color RGBA, non-interlaced\012- data
Hash 57075bfdc6d5a3321fe74ff0b0c90b52
1aa3f3481fcc05178f009437a675c57a116d8876
431f7f73092beeda71b662e9ab8a57f7f3121eb31167306008875e2650efac92
GET /quicklinkicons/adgone.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 18551
last-modified: Mon, 05 Dec 2022 19:31:53 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 06:41:52 GMT
etag: "57075bfdc6d5a3321fe74ff0b0c90b52"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l_pWW4WHwPcBvfs-Arr8WLRajfRixlbzTqVKBmN-l_ElWCWu31y_CQ==
age: 32147
X-Firefox-Spdy: h2
d3ff8olul1r3ot.cloudfront.net/email.png
54.230.245.94200 OK 22 kB URL HTTP/2 d3ff8olul1r3ot.cloudfront.net/email.png
IP 54.230.245.94:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash bc1358a45bd24711cb0f3829f3a82de9
64983a7920541e68a439ac7c9f32f7921f052e89
91b363d9176e930a04aece4274f06f03722c8aa4513df97132cf1340f76402cf
GET /email.png HTTP/1.1
Host: d3ff8olul1r3ot.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 22346
last-modified: Thu, 05 Apr 2018 19:17:35 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 05:55:21 GMT
etag: "bc1358a45bd24711cb0f3829f3a82de9"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KJ-AH1J0wpf5pc1qX9w-PLgqsW7FgEwheesQh6xsruhSZ1BMliO3gg==
age: 34938
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner.png
54.230.245.47200 OK 3.1 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner.png
IP 54.230.245.47:0
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 416b547a3c3b19e4134a37ae8a342de0
5705cd329e66ecbb653db6d2d5d25bcc140b3500
f42b91449be9d0d6938f501cc4e108f5d57e69849a178ce8a8c15d1beb99d476
GET /quicklinkicons/thenewscorner.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 3058
last-modified: Tue, 11 Aug 2020 13:35:43 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 06:43:08 GMT
etag: "416b547a3c3b19e4134a37ae8a342de0"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tGknZCmzhgitgpfxbTbHMCY90pJMBDYY4p6kkCheJwXD-gjNtMKVNA==
age: 32071
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7078b1d21bbac26012d93fc9501fbbb0
412189ffa7980709edc28b87a820aa1ae64fa3a7
6db1d0d3f3924d7e75e1fd087553cf4ec5fa938ecc52adf3f149570551eaf7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Last-Modified: Sun, 29 Jan 2023 14:44:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
dap2y8k6nefku.cloudfront.net/js/term_mappings.json
54.230.245.47200 OK 163 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/js/term_mappings.json
IP 54.230.245.47:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 163 kB (163302 bytes)
Hash ad5616114dc91d3881715e52566797b3
312f6d64483c845bafcf351900fc693edede7844
ac1495485cd9445d294d444b352b4c109f5f0e341e92e6451b0853a6759e5948
GET /js/term_mappings.json HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 163302
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Fri, 30 Apr 2021 12:58:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 06:28:37 GMT
etag: "ad5616114dc91d3881715e52566797b3"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2B8CGozCogeVH0pMrIm8pnj5mCBHpAZY2Cv442M5aMNY1LKhCBLHBQ==
age: 32942
X-Firefox-Spdy: h2
dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner_email.png
54.230.245.47200 OK 2.4 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/thenewscorner_email.png
IP 54.230.245.47:0
File type PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash d45e5aed6673a9f169e1cdc7549b3885
106615391a16233cedd4139113908956b96e9a0e
22f1e2680c093309a7e954fe94e702dd12e36d4f89ee5d62e9e9a838cf5ec318
GET /quicklinkicons/thenewscorner_email.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 2439
last-modified: Thu, 30 Jul 2020 15:10:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 03:14:31 GMT
etag: "d45e5aed6673a9f169e1cdc7549b3885"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6mn-CWrm9h3cxwN8l7NPUqOCzxk7bp-k72UKXpf3BPMjxR6-v-aVQA==
age: 44588
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 29 Jan 2023 13:46:59 GMT
expires: Sun, 29 Jan 2023 15:46:59 GMT
cache-control: public, max-age=7200
age: 6639
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dap2y8k6nefku.cloudfront.net/quicklinkicons/mailbird.png
54.230.245.47200 OK 4.4 kB URL HTTP/2 dap2y8k6nefku.cloudfront.net/quicklinkicons/mailbird.png
IP 54.230.245.47:0
Hash c7961f317b30d1b1eac31d3872510558
76ecfeda4307af89068da2280c97bdc0ae2a6eb6
1e2e42997924efabe14530ae99d4e2eff1528ddb24e308389543e6dd5017a390
GET /quicklinkicons/mailbird.png HTTP/1.1
Host: dap2y8k6nefku.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
content-length: 4311
last-modified: Fri, 21 Aug 2020 14:24:20 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 29 Jan 2023 03:14:31 GMT
etag: "97f8c087f80e2216d6ba0de1f84f4f70"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ff8pneVSQtNSQ1rdJLovMEGVFGz1V6z0Gs9wTTnIfosWJmtYGyxqCw==
age: 44588
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.205.11200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.205.11:0
File type ASCII text, with very long lines (64348)
Hash 541db4f3f0ba067bfb58cdac34cb86f4
20e6883f068568888ce37c6b9ef8f5d12be257c0
83898f3b2da2a11996d2eb3a5115ef301255030fdf231b8bf7971916769bc7be
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: w86i/AT4dB08KOqeorAH3zp+9RV977n4gfZ2zZkwU2seswq4fpvPH9c7G61DNKJb/7wEceMMNFtmVjveN6XvgQ==
content-length: 27815
x-fb-trip-id: 1679558926
date: Sun, 29 Jan 2023 15:37:38 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 15:37:38 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1675006665851&cv=11&fst=1675006665851&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&rfmt=3&fmt=4
142.250.74.130200 OK 906 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1675006665851&cv=11&fst=1675006665851&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1975), with no line terminators
Hash 611dbc8f712c60b183da239ebabb7ab3
e3c6e6409b837b91a7486a9b420515a67128f78c
df1dabb3ee5a393d2e9c760dad071d3eafe82aaa7474cf421910af238e635751
GET /pagead/viewthroughconversion/713545727/?random=1675006665851&cv=11&fst=1675006665851&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 906
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Jan-2023 15:52:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 15:37:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 15:37:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97118e74a8f60620950e42a11c11d71b
d144bbb82392a6103810ac9baa5346ddbefb5c16
2ce0c9696cf9842243186e86bae28c22896a9f51837f4961b6c7e3cfdfb24bd0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b70d7a9-8bf2-490f-9646-c64694e42e42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3774
x-amzn-requestid: deae2f1e-baec-408c-92a7-4859d4afed47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EgFAgoAMFXRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b6-32a2ff1a369e7b5f41ecbabd;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8p5qCwCbamsgIuEvlRNhIiB-19GNiLuHqDeGIaHhWFo1Wiex8W02JQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:10 GMT
age: 63688
etag: "d144bbb82392a6103810ac9baa5346ddbefb5c16"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 41783
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1675006665844&cv=11&fst=1675006665844&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 876 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/713545727/?random=1675006665844&cv=11&fst=1675006665844&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1851), with no line terminators
Hash 009b48363e7b4ecc186fbd58555abf0e
3436939355630d5d8459fddaca1907d4d9340f1e
56f35b463af64a74cebc1c92fc1a289f4d091f75c6796685976457c4e7c0526f
GET /pagead/viewthroughconversion/713545727/?random=1675006665844&cv=11&fst=1675006665844&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&auid=1876818671.1675006666&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 876
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Jan-2023 15:52:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6143
Expires: Sun, 29 Jan 2023 17:20:01 GMT
Date: Sun, 29 Jan 2023 15:37:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 21c734f0-cd73-4691-812e-7cd3908f8f89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRbH4HtPIAMFUGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d07232-291e20fb41c53db7664d04b2;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:05:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j2zDtHz3pZLHJKG3-PaITyUzHOQBEELzuDIt7sbB8X_B10OxG394tg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 06:49:29 GMT
age: 31689
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7078b1d21bbac26012d93fc9501fbbb0
412189ffa7980709edc28b87a820aa1ae64fa3a7
6db1d0d3f3924d7e75e1fd087553cf4ec5fa938ecc52adf3f149570551eaf7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Last-Modified: Sun, 29 Jan 2023 14:44:41 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 67882
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hemailaccesshere.com/favicon.ico
44.198.96.212200 OK 112 kB URL HTTP/1.1 hemailaccesshere.com/favicon.ico
IP 44.198.96.212:0
File type MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Size 112 kB (112173 bytes)
Hash 504432c83a7a355782213f5aa620b13f
faba34469d9f116310c066caf098ecf9441147f1
df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
GET /favicon.ico HTTP/1.1
Host: hemailaccesshere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Cookie: _gcl_au=1.1.1876818671.1675006666
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Content-Type: image/x-icon
Date: Sun, 29 Jan 2023 15:37:36 GMT
ETag: "e4ca3665c1fdd81:0"
Last-Modified: Mon, 21 Nov 2022 15:53:27 GMT
X-Content-Type-Options: nosniff
Content-Length: 112173
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 63652
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: a13a8181-5783-42c1-9fda-1fcf8db4f0f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVpetFv-oAMF_Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d222c4-68165b34525ca2a054f0b505;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 06:50:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rJbdYq3bZDatEVvC83VR5WiWOFwNwVZEB16ez21KdnQJJrgJ-yKPCg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 14:55:48 GMT
age: 2510
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 86352d15c37831cf9bf1e41325029224
ac8b28bcc1e6dd026e1f62d1ef8b9f80a42eee21
154f5f5e116df41f5d3bd414c671138b2afc198071529a0f3573109277566cd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a369a4445d1fccf2ce045c3c4c3f3d67
d6f618e6150a4f9ac6eb5df4a503141a635605a2
d62c7913686c10d4c4b8d691d533256534da77cecc9fcf3f8aa885380dcc148b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b67335a8e235eacf68e4b7f98cc5dc40
887a9b34cf2ba9371bbe8c93e362c174668cf812
1ad2f6328af6d819acd85f4e4646afcafd945e17e555d5eeb54244db83cd48fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/713545727/?random=1675006665851&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3DHomepageView%3Bevent_category%3Demail_%3Bevent_label%3DFirefox%20105.0.0.0&fmt=3&is_vtc=1&random=655969206&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/713545727/?random=1675006665844&cv=11&fst=1675004400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fhemailaccesshere.com%2F&tiba=Email%20Access%20Here&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3000534411&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-219278292-1&cid=518359869.1675006667&jid=493593576&gjid=285609630&_gid=1235183661.1675006667&_u=YEDAAUABAAAAACAAI~&z=1591802598
173.194.221.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-219278292-1&cid=518359869.1675006667&jid=493593576&gjid=285609630&_gid=1235183661.1675006667&_u=YEDAAUABAAAAACAAI~&z=1591802598
IP 173.194.221.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-219278292-1&cid=518359869.1675006667&jid=493593576&gjid=285609630&_gid=1235183661.1675006667&_u=YEDAAUABAAAAACAAI~&z=1591802598 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://hemailaccesshere.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 29 Jan 2023 15:37:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-178002442-1&cid=518359869.1675006667&jid=568682874&gjid=762444597&_gid=1235183661.1675006667&_u=YEBAAUAAAAAAACAAI~&z=1168924122
173.194.221.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-178002442-1&cid=518359869.1675006667&jid=568682874&gjid=762444597&_gid=1235183661.1675006667&_u=YEBAAUAAAAAAACAAI~&z=1168924122
IP 173.194.221.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-178002442-1&cid=518359869.1675006667&jid=568682874&gjid=762444597&_gid=1235183661.1675006667&_u=YEBAAUAAAAAAACAAI~&z=1168924122 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://hemailaccesshere.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 29 Jan 2023 15:37:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 15:37:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fhemailaccesshere.com%2F&rl=&if=false&ts=1675006666955&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675006666954.1728291636&it=1675006666672&coo=false&rqm=GET
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fhemailaccesshere.com%2F&rl=&if=false&ts=1675006666955&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675006666954.1728291636&it=1675006666672&coo=false&rqm=GET
IP 157.240.205.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=332720671379986&ev=PageView&dl=https%3A%2F%2Fhemailaccesshere.com%2F&rl=&if=false&ts=1675006666955&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675006666954.1728291636&it=1675006666672&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 29 Jan 2023 15:37:39 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 16d0ef7115b4b29c93727d318da406bd
8b2a7dfde53aa9a53053c03cdcd8b6175edb70e5
4db797be256f4057232328d6ee49328a1ce40775fa68d1275b33066c8693946e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 15:37:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 04:42:21 GMT
Expires: Sat, 04 Feb 2023 04:42:20 GMT
Etag: "8b2a7dfde53aa9a53053c03cdcd8b6175edb70e5"
Cache-Control: max-age=478478,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79130cf41eb41c12-OSL
api.openweathermap.org/data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
188.166.16.132200 OK 479 B URL HTTP/1.1 api.openweathermap.org/data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 188.166.16.132:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (479), with no line terminators
Hash cfb341108487ccf1ab5edc6bcfb9e09f
33c6c0938225a389bdca26faf9ac1314f06d54aa
d57353e6762dd5e1903b9f8f8d0afe89dc16605c6783b1235655ac902e4797df
GET /data/2.5/weather?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 29 Jan 2023 15:37:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 479
Connection: keep-alive
X-Cache-Key: /data/2.5/weather?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
api.openweathermap.org/data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
188.166.16.132200 OK 16 kB URL HTTP/1.1 api.openweathermap.org/data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 188.166.16.132:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (15987), with no line terminators
Hash b499fc76fb6b481f323e5a1e66c410c3
a6868c48dee07deacf8593f65a3b8c648fa608db
d77975a5aa6913d865429decb0266c7c8bd0bc7c449856a7aea0a4e03ed6ab78
GET /data/2.5/forecast?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 15987
Connection: keep-alive
X-Cache-Key: /data/2.5/forecast?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
api.openweathermap.org/data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
188.166.16.132200 OK 2.8 kB URL HTTP/1.1 api.openweathermap.org/data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial
IP 188.166.16.132:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (2818), with no line terminators
Hash 0c9f1d05966d8ca8dcf5c8da7e3f41a3
c77e3cab738bf3d77c8561834430af79e29b0748
51eb86ddb1479d8a6288f1760708bef8b2d594d7337f654072cc8a10f957ce19
GET /data/2.5/forecast/daily?appid=beac7c40c6ebee3f7f54a7a3544c9986&zip=10001&type=accurate&units=imperial HTTP/1.1
Host: api.openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hemailaccesshere.com/
Origin: https://hemailaccesshere.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2818
Connection: keep-alive
X-Cache-Key: /data/2.5/forecast/daily?type=accurate&units=imperial&zip=10001
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST
openweathermap.org/img/wn/01d@2x.png
138.201.197.100200 OK 948 B URL HTTP/1.1 openweathermap.org/img/wn/01d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 05e38c599f10a0306d7014d43ada886d
7591e549db3bc54f959c0d431fb3374135dd1a30
4d97d68ba45f75d6f63fea2575659c8d48ae087894f58adce61cab400845dba2
GET /img/wn/01d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 948
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-3b4"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/10n@2x.png
138.201.197.100200 OK 2.6 kB URL HTTP/1.1 openweathermap.org/img/wn/10n@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 4aa318f910cc38a777ef322ae51a4e05
a8d437a4a9e51723a01df94546a47b6259b121e3
45f3c1e87773087c6dfe8a2bcd84f140d16155faba03c5e38b2be11a010426c7
GET /img/wn/10n@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 2584
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-a18"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/04d@2x.png
138.201.197.100200 OK 1.9 kB URL HTTP/1.1 openweathermap.org/img/wn/04d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f2aafb2dc3b9d387d58567acfe3ffa5
76bfa452fe904c4acdd0f6563614d5051ee5f142
5b93d1d05564bfdedf759cd96adff916da7b9af18fb30064f5a99a5270d599f0
GET /img/wn/04d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 1869
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-74d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/04n@2x.png
138.201.197.100200 OK 1.9 kB URL HTTP/1.1 openweathermap.org/img/wn/04n@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f2aafb2dc3b9d387d58567acfe3ffa5
76bfa452fe904c4acdd0f6563614d5051ee5f142
5b93d1d05564bfdedf759cd96adff916da7b9af18fb30064f5a99a5270d599f0
GET /img/wn/04n@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 1869
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-74d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/10d@2x.png
138.201.197.100200 OK 2.6 kB URL HTTP/1.1 openweathermap.org/img/wn/10d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 7efb7efb9dfabda61d89d29187508b6f
45578ae531f6dba58efc6037696727b687425079
649bddef1d5b18d1ad2a9bcc9394f9a21c06617a5a1530f6c258ed75d2de5ede
GET /img/wn/10d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 2584
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-a18"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
openweathermap.org/img/wn/03d@2x.png
138.201.197.100200 OK 837 B URL HTTP/1.1 openweathermap.org/img/wn/03d@2x.png
IP 138.201.197.100:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash d3c430e1aa80cf67b11cf4d8d451eefb
3253f5b16fd282e1b36645b9c89644f05fb8ac91
d67ed35d7dbf10d139bf85b2632fffaaa2e338177d56f0240bce6d3a401ba9f0
GET /img/wn/03d@2x.png HTTP/1.1
Host: openweathermap.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.9.7.1
Date: Sun, 29 Jan 2023 15:37:44 GMT
Content-Type: image/png
Content-Length: 837
Last-Modified: Mon, 24 Jun 2019 13:32:32 GMT
Connection: keep-alive
ETag: "5d10d0f0-345"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: origin, content-type, accept
Expires: Sun, 05 Feb 2023 15:37:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
kit.fontawesome.com/b9b2ba83c3.js
104.18.23.52200 OK 0 B URL HTTP/2 kit.fontawesome.com/b9b2ba83c3.js
IP 104.18.23.52:0
GET /b9b2ba83c3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hemailaccesshere.com
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:37 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: Fz7Rri_pmxwSU1m78Lch
cf-cache-status: MISS
server: cloudflare
cf-ray: 79130cd80ad1b4f7-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.226.52200 OK 0 B URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.226.52:0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 15:37:37 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 684
expires: Wed, 01 Feb 2023 15:37:37 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 79130cd81b5e0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700,800&display=swap
IP 142.250.74.106:0
GET /css?family=Open+Sans:400,600,700,800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hemailaccesshere.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 15:37:37 GMT
date: Sun, 29 Jan 2023 15:37:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2