r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17283
Expires: Wed, 09 Nov 2022 04:58:34 GMT
Date: Wed, 09 Nov 2022 00:10:31 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6408
Cache-Control: max-age=130048
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:31 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 12:17:59 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6408
Cache-Control: max-age=130048
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:31 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 12:17:59 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a21dcd6794c5ba4178522096f695511
d731cf49db5e048d0d820d5cee03417cdd8c1c7b
c4981ce849fcfce045d1c9eeb2978767d87fcbf6087626f3d6541ec8b1938a37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4981CE849FCFCE045D1C9EEB2978767D87FCBF6087626F3D6541EC8B1938A37"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5505
Expires: Wed, 09 Nov 2022 01:42:17 GMT
Date: Wed, 09 Nov 2022 00:10:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: PF6+Tq09tTDpnYZF6Zv9Ho5j/22efkOwyfMvc++dZIi7i/9wyrIDmzHkRttXRsIsfMXLEeiq/IQ=
x-amz-request-id: SDRAZTFGQR89HXPV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 23:48:42 GMT
age: 1310
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 00:10:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
172.174.98.85200 OK 147 kB URL HTTP/1.1 secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3686)
Size 147 kB (146775 bytes)
Hash a5d37435ed7dfe018f25f91bf94f8e6d
8e7b44891ec066d77c96d2763fa7a5ddd5f95f75
263c1c214a87243791fd4d0e7167aadc79ef3a3063ee30ab37f44fd63d1f9afc
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:31 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
secure-reviewserver.ddns.net/assets/css/site-survey.min.css
172.174.98.85200 OK 4.4 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/css/site-survey.min.css
IP 172.174.98.85:0
File type ASCII text, with very long lines (4339)
Hash b7d2a4622e5ba8af4ae30cd30c8938c1
3626734028846b756f4f0e946b5b815311305b81
8aa0a535b8d47209c6a2dfc8f3168f5922e84d5aafb98e8a9db0300dddadacaf
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/css/site-survey.min.css HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 02:21:36 GMT
Accept-Ranges: bytes
Content-Length: 4388
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
secure-reviewserver.ddns.net/assets/js/121543311796381
172.174.98.85200 OK 21 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/121543311796381
IP 172.174.98.85:0
File type ASCII text, with very long lines (6957)
Hash e3bf3fa0a912c14bfe1c0b7282fbfa8a
96b0a4a037c23ce2e7bc90c146610c473549665a
1358a42f383b6e651d8412fbd5ab4c3e89b8c427d325815783e78d00d95e4138
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/121543311796381 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:44 GMT
Accept-Ranges: bytes
Content-Length: 21019
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-700.woff2
172.174.98.85200 OK 17 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-700.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 17128, version 1.0\012- data
Hash 8f65fa68cfb5d8cc4f4fa728a470332b
62b57f937d710caae3ee52435ba0c408e8653c43
34f3c7445d22c1509aeecc5d020b6d24c9e2f63b3c0514cebbc3813798965273
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/muli-v11-latin-700.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:56:30 GMT
Accept-Ranges: bytes
Content-Length: 17128
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Medium.woff2
172.174.98.85200 OK 20 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Medium.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 19976, version 1.131\012- data
Hash 3a077fd2bd5357dd3e08636baa59af5b
266784e6eb28365e3779a398e462193572b0278a
04de03ec90e95f24e347dc8ff91e6354eb0a73288e1431003e9e10de59e12d1d
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/HuntingtonApexWeb-Medium.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 23:07:44 GMT
Accept-Ranges: bytes
Content-Length: 19976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Bold.woff2
172.174.98.85200 OK 20 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Bold.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 19712, version 1.66\012- data
Hash ee5e65624970575e475f375b29b0b22b
6e622749b6f7092e825eb7ed90b74c3d70fa43b9
deb1a78860a2c7ab88ddaa4a522a47ad93e26f1cc1bdd1425d108f770ce93215
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/HuntingtonApexWeb-Bold.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:55:42 GMT
Accept-Ranges: bytes
Content-Length: 19712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2
172.174.98.85200 OK 19 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-MediumCaps.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 18636, version 1.131\012- data
Hash 6bcfcbed1f0aa26a245423d2e4bcde4f
d17df2ba457e3009ee38db903b88671885c3984e
9a5b0c5eba9dfa18bae071303b7cd96ef716a5bb6d8dcf39dd53a6e931dc6b22
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/HuntingtonApexWeb-MediumCaps.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:56:14 GMT
Accept-Ranges: bytes
Content-Length: 18636
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-300.woff2
172.174.98.85200 OK 17 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-300.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 16872, version 1.0\012- data
Hash 3d9d9afae68fc95977ec200c119c42a1
2b44b2f5ec04f2f06fd28c9041fb8fa582ab8fcc
f43ea36b900ae7aa4ec07956e9b1223ab00dac1f766d97580b1e2bfe721cdc24
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/muli-v11-latin-300.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:56:44 GMT
Accept-Ranges: bytes
Content-Length: 16872
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-600.woff2
172.174.98.85200 OK 17 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/muli-v11-latin-600.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 17080, version 1.0\012- data
Hash b6e5b86d74352699fff02e4bdc5185e5
f01de24cfaf2f20e715e4d49023fcb19b1a62d1d
d09bb7e3de3760ca1d9375090796e4f1cf180f43c6457a874ed22c3b0a0b07ea
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/muli-v11-latin-600.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:56:56 GMT
Accept-Ranges: bytes
Content-Length: 17080
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/js/
172.174.98.85403 Forbidden 318 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fa172c77abd7b03605d83cd1ae373657
9785fb3254695c25c621eb4cd81cf7a2a3c8258f
b0c7e6712ecbf97a1e3a14f19e3aed5dbd6553f21a2852565bfc5518925713db
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/ HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 403 Forbidden
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Content-Length: 318
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-reviewserver.ddns.net/assets/js/bat.js.download
172.174.98.85200 OK 28 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/bat.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (28050), with no line terminators
Hash f07693f6368c988acd20de4362479103
d04355e119fac2c9104c4fe98015e22f3f181d93
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/bat.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:48 GMT
Accept-Ranges: bytes
Content-Length: 28050
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/ytc.js.download
172.174.98.85200 OK 15 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/ytc.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (14972), with no line terminators
Hash 49db10c8315384e8dad2e92a6841ed81
f576976a579cd50da6b717db5d48e1ea7137f744
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/ytc.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:48 GMT
Accept-Ranges: bytes
Content-Length: 14972
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/js
172.174.98.85200 OK 97 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/js
IP 172.174.98.85:0
File type ASCII text, with very long lines (2639)
Hash 67e765e44e7d18ed41711d7e4935bc50
0289b9754b56ba057550a7e7d62e0b3587e43f2d
e5973becebda7e91d869447913826e69cd123d87e1a6f2ddf8897d72a63a3c6c
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/js HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:48 GMT
Accept-Ranges: bytes
Content-Length: 96892
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
secure-reviewserver.ddns.net/assets/js/fbevents.js.download
172.174.98.85200 OK 90 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/fbevents.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (64379)
Hash 61df3554472fe8057b5ae4537648d00d
125767dc32df57aa86a64801d9457923e378b397
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/fbevents.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:44 GMT
Accept-Ranges: bytes
Content-Length: 90273
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/jquery-3.5.1.min.js.download
172.174.98.85200 OK 90 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/jquery-3.5.1.min.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/jquery-3.5.1.min.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 89476
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2a47d129a3af5f02c654faf925c60273
9ad27ed9f4500c939260a677c12e702599b00fa9
0e031af077bf7009ffefada782407a247bbd31bddc96994c68de7bfe902bf992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5834
Cache-Control: max-age=124408
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:32 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 10:44:00 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
secure-reviewserver.ddns.net/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download
172.174.98.85200 OK 154 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (543)
Size 154 kB (154122 bytes)
Hash d33104f26092658d2becbbfa66e9d1fb
9c33f190903b2664af1f20b3a16ce2dca13d8a49
4249e4f7acbb2de46e66922b8ae70689820a9a6eb9a6f98a77d13190b7c2559e
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/95b0da5c7fc415e06807cc694ee0021c.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 154122
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
172.174.98.85200 OK 182 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (1626)
Size 182 kB (182288 bytes)
Hash 227400e4070ac91189e80b05077abe20
714374d4c852c2058b1df7f4a6ff9f7acc164867
d42a94bdd0158c8df1d1ea4ae03da23f0007e9b6d5b38c05eb4797ffe90e1cf8
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/ruxitagentjs_ICA27SVfjoqrux_10197200831173448.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 182288
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Book.woff2
172.174.98.85200 OK 21 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/fonts/HuntingtonApexWeb-Book.woff2
IP 172.174.98.85:0
File type Web Open Font Format (Version 2), TrueType, length 20592, version 1.66\012- data
Hash a075767d12a8cc86d52367ef3aacec11
9aef8898e7a319ee5cbe08c5b0cec63512561d7d
e744a36d486c70943378751b1d1623c2c8f25ee10abd89365ff20162d98dd555
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/fonts/HuntingtonApexWeb-Book.woff2 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:56:02 GMT
Accept-Ranges: bytes
Content-Length: 20592
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2
secure-reviewserver.ddns.net/assets/js/Bootstrap.js.download
172.174.98.85200 OK 226 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/Bootstrap.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (603)
Size 226 kB (225981 bytes)
Hash 8746e0eaa34beca77c5679a495ed1d3a
f8bc25c85508043935f3e63ff5cd1196c35762d6
83acf00ba4050132d8547daca62a4fca4670029aaa75b01c5e99179cbc6d4991
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/Bootstrap.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 225981
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/toolkit.min.js.download
172.174.98.85200 OK 462 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/toolkit.min.js.download
IP 172.174.98.85:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 462 kB (461456 bytes)
Hash 325f5dd8b44503ea1799409a40addb9e
3887ffbc86f01677d34cce7ac8839305e175e97a
dbe44f4b698a44798e63a0177f6283a2dff01335f142be72dccfedd66e91554e
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/toolkit.min.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 461456
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/7a8ba97f
172.174.98.85200 OK 33 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/7a8ba97f
IP 172.174.98.85:0
File type ASCII text, with very long lines (19024)
Hash af77eedae6083a5bd6f07cec713ab58d
2804fbe107e6af68bf7e2d39cfb176987e1fc9ad
06af35b557f7713851c46e61fd940a1dcf2381d6372582a63abc43dfdee46c33
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/7a8ba97f HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:48 GMT
Accept-Ranges: bytes
Content-Length: 32863
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
secure-reviewserver.ddns.net/assets/js/inqChatLaunch10006663.js.download
172.174.98.85200 OK 22 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/inqChatLaunch10006663.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (999)
Hash 1c9d96d3f228156fd7e9df9c531871d1
a118554b1208e30af4a0fef948c9566b8e7f4a94
648d971972fc0140127ab99989b3b55a28e8e3c2fcbf281390bbb7edf5000f26
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/inqChatLaunch10006663.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:50 GMT
Accept-Ranges: bytes
Content-Length: 22354
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/css/toolkit.min.css
172.174.98.85200 OK 354 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/css/toolkit.min.css
IP 172.174.98.85:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 354 kB (354237 bytes)
Hash c1a238b15d787d129d19c3b1e840ef82
f0a5a113d05a63617959d39aa735a47762c22a80
9aa364658609b56150bae76849da9138758ad120cb89fea2dd947017ce1c3f25
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/css/toolkit.min.css HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 354237
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
secure-reviewserver.ddns.net/assets/js/outdated.min.js.download
172.174.98.85200 OK 1.1 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/outdated.min.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (1083)
Hash bc854aab7af244173e4dc2ca2a8f471a
1f0444814fabf2d764af527d1718e376ca0c89c1
11a2b7d65804df37c5d5801da23212eddb8530ffb15a5b67d77a8ccdcb5b8199
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/outdated.min.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:48 GMT
Accept-Ranges: bytes
Content-Length: 1147
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/site-survey.min.js.download
172.174.98.85200 OK 7.5 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/site-survey.min.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (7496)
Hash 374ca92abaa98bc7b2f19fe64114a18b
4c0a1441026a9337d322d7ae5536df1427e5c140
7d24af619103660b68ae10e64670d3393f5a9e679ef9d69e72a7479071aeb806
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/site-survey.min.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:50 GMT
Accept-Ranges: bytes
Content-Length: 7541
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
secure-reviewserver.ddns.net/assets/js/06bebd2b36rn240c2a1532a26141a767
172.174.98.85200 OK 72 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/06bebd2b36rn240c2a1532a26141a767
IP 172.174.98.85:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 335f2776eaf4ca7eca9953d2240c3316
5f5702f072d8e721dd3557ccd2a0944b3cc58fa5
ca9ee108c9cd3072864c1fcfe42f8fa40f829a33267388e0adbf41fa8b2da9a5
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:48 GMT
Accept-Ranges: bytes
Content-Length: 72012
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
secure-reviewserver.ddns.net/assets/js/
172.174.98.85403 Forbidden 318 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fa172c77abd7b03605d83cd1ae373657
9785fb3254695c25c621eb4cd81cf7a2a3c8258f
b0c7e6712ecbf97a1e3a14f19e3aed5dbd6553f21a2852565bfc5518925713db
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/ HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 403 Forbidden
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Content-Length: 318
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
secure-reviewserver.ddns.net/assets/js/oo_engine.min.js.download
172.174.98.85200 OK 46 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/oo_engine.min.js.download
IP 172.174.98.85:0
File type ASCII text, with very long lines (45689), with no line terminators
Hash 3023bde795e4926691e3691ace0d9356
053c86b53ec7bca624cffc3f6321697d35a1c5d5
1bf7836282cf0a1f1cae452a2b7d03f4857827aa682e36562831fe3bc34f30a5
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/oo_engine.min.js.download HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:32 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 23:36:50 GMT
Accept-Ranges: bytes
Content-Length: 45689
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
52.39.126.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.126.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7oHcnc+VtcuhFn850+vQJg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vJ4JoecbK3BXOoCk1VWALI/6ViI=
secure-reviewserver.ddns.net/assets/img/oo_icon_retina_black.gif
172.174.98.85200 OK 552 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/img/oo_icon_retina_black.gif
IP 172.174.98.85:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash 0f74fe3f4f85d3c7f096f2416efa893a
bffedd9c6e9b04c0e6f7f77bd689013de5e8d01e
15f5836e52324d46e89eed325a5de5158f0d9bb29d59e1ffc381d961a1f6980d
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/img/oo_icon_retina_black.gif HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 02:59:26 GMT
Accept-Ranges: bytes
Content-Length: 552
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/gif
secure-reviewserver.ddns.net/assets/img/EHL_Black_HouseOnly.svg
172.174.98.85200 OK 707 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/img/EHL_Black_HouseOnly.svg
IP 172.174.98.85:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 422002ff598ec781dc753d0627bec1ee
d440d6acb305d644a4ba824a28c97f04511aac95
4808c0ca2576dc18bf8df509199edef7a4a2b809fde09ecc6688f998e855486e
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/img/EHL_Black_HouseOnly.svg HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 00:54:14 GMT
Accept-Ranges: bytes
Content-Length: 707
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
secure-reviewserver.ddns.net/assets/img/lockup.svg
172.174.98.85200 OK 3.9 kB URL HTTP/1.1 secure-reviewserver.ddns.net/assets/img/lockup.svg
IP 172.174.98.85:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (3937), with CRLF line terminators
Hash 760da63259e763df170dc8720b8d8a41
efd755d6b9efdb7ce688a77f4d68dee3498162eb
9ce0c7443f6975ac01655f26813947926a374c68f28289dd198fc6299203beed
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/img/lockup.svg HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2020 00:54:14 GMT
Accept-Ranges: bytes
Content-Length: 3942
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
secure-reviewserver.ddns.net/assets/img/logo-honeycomb.svg
172.174.98.85200 OK 844 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/img/logo-honeycomb.svg
IP 172.174.98.85:0
File type HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with no line terminators
Hash d7ce1f5e222e75801ed22741962ac64b
3cf38997840e2047e145a747cbb220cee28adaab
83e4d5829d43cb3723521baf4e6a8f7130f0bf91cb957ee14d9c7dde2d9ccb93
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/img/logo-honeycomb.svg HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 22:48:48 GMT
Accept-Ranges: bytes
Content-Length: 844
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
secure-reviewserver.ddns.net/assets/js/nuanceChat.html
172.174.98.85404 Not Found 315 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/js/nuanceChat.html
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/js/nuanceChat.html HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 425d8a348997187baa302caccbb776e4
6fb9306c1aed973b497aadd5b545b0cb1e674393
f128e5112bab5a8cbe65bfea9c8d05f54c808c48effe341a9df53ccb00c39efc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5023
Cache-Control: max-age=95552
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Etag: "6369ae9a-1d7"
Expires: Thu, 10 Nov 2022 02:43:05 GMT
Last-Modified: Tue, 08 Nov 2022 01:19:22 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=DC-8085313
142.250.74.168302 Found 251 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=DC-8085313
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 5330b68f600d5329a352e3b83a624e37
f098e2924dbe204685ef7b3a69d97f40bd3514d9
82667f1e0731a3710a54140b16300eacfe3e33b2e6cf84327dcf1a653ab6a683
GET /gtag/js?id=DC-8085313 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=DC-8085313
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 251
X-XSS-Protection: 0
www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
104.84.152.187403 Forbidden 332 B URL HTTP/2 www.huntington.com/Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1
IP 104.84.152.187:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 00a310cc9f0c724391fa4f6671b67463
db0bde10cee4cf759b4d76a1a2bf061ef69b5f56
e1f570889fd2defd828f48caf2b0c82ff0c9624e3cecfb121f841b18375e422f
GET /Presentation/Styles/site-survey.min.css?v=9wo2OrXUNeUe10c3vTcwXGC1EiWtIEx5MI-aYe1RKSk1 HTTP/1.1
Host: www.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: AkamaiGHost
mime-version: 1.0
content-type: text/html
content-length: 332
cache-control: max-age=0
expires: Wed, 09 Nov 2022 00:10:33 GMT
date: Wed, 09 Nov 2022 00:10:33 GMT
X-Firefox-Spdy: h2
secure-reviewserver.ddns.net/resources/06bebd2b36rn240c2a1532a26141a767
172.174.98.85404 Not Found 315 B URL HTTP/1.1 secure-reviewserver.ddns.net/resources/06bebd2b36rn240c2a1532a26141a767
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1335
Origin: http://secure-reviewserver.ddns.net
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-8085313
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-8085313
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 1808624971102b09609a70045057238d
766ef2ea0300cce32d0a61e8f9870d7a620ba734
1175b08a4cbff9d5e8b7614cba45496babd908ecbd0a6167b2d65768387217b1
GET /gtag/js?id=DC-8085313 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 09 Nov 2022 00:10:33 GMT
expires: Wed, 09 Nov 2022 00:10:33 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44010
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=409310629.2964287&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
34.242.179.188200 OK 243 B URL HTTP/1.1 ensighten.huntingtonbank.com/huntington/com/serverComponent.php?r=409310629.2964287&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 34.242.179.188:0
File type ASCII text, with very long lines (317)
Hash 42a6d32b63c391d5955fad52f83456ee
7d2ce5d7b336dbcc778f32d67586e8cea23a5f82
ff1e785a35601a3438fc5a01e2189978b83f7930283edb532cb22f5d765006e3
GET /huntington/com/serverComponent.php?r=409310629.2964287&namespace=Bootstrapper&staticJsPath=ensighten.huntingtonbank.com/huntington/com/code/&publishedOn=Thu%20Oct%2022%2001:05:05%20GMT%202020&ClientID=1035&PageID=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 09 Nov 2022 00:10:32 GMT
Cache-Control: no-cache, no-store
X-Cache: Miss from cloudfront
Via: 1.1 ff7cafeac35b91a7af23c56e3b9691e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: iDzYSLLw1MEHBWruHCipXNAwxBq_yveRIiY8UOJGy0FzNayS0Z7N2w==
Content-Encoding: gzip
www.googletagmanager.com/gtag/destination?id=AW-849064376&l=dataLayer&cx=c
142.250.74.168302 Found 287 B URL HTTP/1.1 www.googletagmanager.com/gtag/destination?id=AW-849064376&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 38911cae1d8fb0baaf10fbcc263920c9
5ebba50367e9da80eca247d0d7fd171a3d161fc5
1c535af9057c16bb8654d88ba03dfa76f47041316c6b78c332e56bd809a49f22
GET /gtag/destination?id=AW-849064376&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/destination?id=AW-849064376&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 287
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-849064376&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-849064376&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d2287b99358f20a1e966de644e530bbc
e786dd9ecd3fe89e0bd6946eb1ea3ca9e975abe9
53065f01a414b187d988bcca1a083a92779f008a21b28b3bb9fc55cc13b9dec1
GET /gtag/js?id=AW-849064376&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-849064376&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash df9ee05cc140f619a69b770c388c33df
c07e052104e98a1176dd6512fc01b6075b4865a5
2d628f50fb563fcb6c30ad985277f59e0bdf4f240ecedfb3b1e5aa70aeae17d4
GET /gtag/js?id=AW-849073348&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-849073348&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 9a5925fe9faff42cc8390efdc5e2eff8
39ca642317be780d118d5ff62197921098af3e08
7e8b8a5e18a9d993d5b47ac50b123a45aba9d25df045d0b833dc7e552eb7079f
GET /gtag/js?id=AW-786635084&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-786635084&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 211253e14e3774c27f057fd79c6f3297
117ffcb6132283d4854b262e6d7bf74dc93333a9
1f8edff0043067941ef114cc6d71502f1bfb8dd829a3a61723d6fffc484cd577
GET /gtag/js?id=AW-849063932&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-849063932&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
metrics.huntington.com/b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
13.36.218.177302 Found 0 B URL HTTP/1.1 metrics.huntington.com/b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP 13.36.218.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: metrics.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
access-control-allow-origin: *
vary: Origin
date: Wed, 09 Nov 2022 00:10:33 GMT
content-type: text/plain;charset=utf-8
expires: Tue, 08 Nov 2022 00:10:33 GMT
last-modified: Thu, 10 Nov 2022 00:10:33 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31B577FCDBCD684F-400008A30FD33316[CE]; Path=/; Domain=huntington.com; Max-Age=63072000; Expires=Fri, 08 Nov 2024 00:10:10 GMT;
location: http://metrics.huntington.com/b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&pccr=true&vidn=31B577FCDBCD684F-400008A30FD33316&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
content-length: 0
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
34.242.179.188200 OK 37 kB URL HTTP/1.1 ensighten.huntingtonbank.com/huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774
IP 34.242.179.188:0
File type ASCII text, with very long lines (557)
Hash a61cd463438c91420b7c117a7b21adef
2633563d14f3066b5722b4c8582e94a1cee4f825
d3e0f8835f833c2533bb8e56c972208624e33d183959f310008840f74b69491b
GET /huntington/com/code/e4e4515980f369e0500408adfa565653.js?conditionId0=422774 HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-replication-status: COMPLETED
Last-Modified: Tue, 25 Oct 2022 01:03:34 GMT
ETag: W/"5828bc2a2ceaa2961527eedaf4167b77"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=315360000
x-amz-version-id: _Eu9yh546j8gLFYRdH7PZW2b19GSVtw7
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e85f40b9e4a0224c05d79e84598c0254.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: nkzCPJeYAiGSdrKVmkgOFLGB0gX1AQ3O3pui4wP3vuMTSs_X1PbVKQ==
Age: 1288939
metrics.huntington.com/b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&pccr=true&vidn=31B577FCDBCD684F-400008A30FD33316&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
13.36.218.177200 OK 43 B URL HTTP/1.1 metrics.huntington.com/b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&pccr=true&vidn=31B577FCDBCD684F-400008A30FD33316&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/huntingtonhuntingtondev/1/JS-2.22.0/s05277008731826?AQB=1&pccr=true&vidn=31B577FCDBCD684F-400008A30FD33316&ndh=1&pf=1&t=9%2F10%2F2022%200%3A10%3A30%203%200&ce=UTF-8&ns=huntington&pageName=pub%3A%20mobile%20login&g=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&c.&excCodes=1&.c&ch=pub&server=huntington.com&c1=pub%3A%20mobile%20login&c2=pub%3A%20mobile%20login&c3=pub%3A%20mobile%20login&c4=pub%3A%20mobile%20login&v5=pub%3A%20mobile%20login&v6=pub&c7=secure-reviewserver.ddns.net%2Flogin.php&v19=12%3A13%20PM%7CMonday&c28=12%3A13%20PM%7CMonday&c32=pub%3A%20mobile%20login&c34=2.22.0&c44=0%7C0&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1280&bh=939&AQE=1 HTTP/1.1
Host: metrics.huntington.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
HTTP/1.1 200 OK
access-control-allow-origin: *
date: Wed, 09 Nov 2022 00:10:33 GMT
expires: Tue, 08 Nov 2022 00:10:33 GMT
last-modified: Thu, 10 Nov 2022 00:10:33 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_vi=[CS]v1|31B577FCDCACA6D7-40000F90CFCDF483[CE]; Path=/; Domain=huntington.com; Max-Age=63072000; Expires=Fri, 08 Nov 2024 00:10:10 GMT;
etag: 3581901006560854016-4619408510550930562
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3fd3a3910ff028a1b8a1f72bc93e91f5
9ac0351ab9a803e9647882880b4f56693fd769ed
d881fb422e3eaa5ec00a7f6aaed965ac8bd93b2e14970db59c37ee0ba66b0f80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
8085313.fls.doubleclick.net/activityi;src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2?
142.250.74.70200 OK 312 B URL HTTP/2 8085313.fls.doubleclick.net/activityi;src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (679), with no line terminators
Hash bc2908043afef3c7851e10021a8d9e1b
c811bde415c5e37bf41c6943e9f6b8bc6b48b160
b5b7f3335874ba1869a3f347f4b64d0a568cee869be50c0f9606062929d6764c
GET /activityi;src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2? HTTP/1.1
Host: 8085313.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 312
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 09-Nov-2022 00:25:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
8085313.fls.doubleclick.net/activityi;src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2?
142.250.74.70200 OK 318 B URL HTTP/2 8085313.fls.doubleclick.net/activityi;src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (686), with no line terminators
Hash 262721e1c959c84ec90eb5268b3c5034
121730bb6d711e2880ee36a2bed09e0f11399564
aa09f6937b2342c5db3c8693ddca2b3926c5c129df970c8671e959400c052ca1
GET /activityi;src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2? HTTP/1.1
Host: 8085313.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 318
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 09-Nov-2022 00:25:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
secure-reviewserver.ddns.net/resources/06bebd2b36rn240c2a1532a26141a767
172.174.98.85404 Not Found 315 B URL HTTP/1.1 secure-reviewserver.ddns.net/resources/06bebd2b36rn240c2a1532a26141a767
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /resources/06bebd2b36rn240c2a1532a26141a767 HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1553
Origin: http://secure-reviewserver.ddns.net
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 471 B URL HTTP/1.1 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (996)
Hash 9174847cacad267d6299da1d3f528316
51295f2f949693d69ce2cc97c4dc435f39c7e99e
7ffb6ba7862d85fea1b4e5dfde6771649bd4c3d350d92c4da89d6286a5428822
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 200 OK
Last-Modified: Tue, 08 Nov 2022 00:38:08 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript;charset=utf-8
X-EdgeConnect-MidMile-RTT: 17
X-EdgeConnect-Origin-MEX-Latency: 344
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=48784
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Length: 471
Connection: keep-alive
X-CDN: AKAM
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3fd3a3910ff028a1b8a1f72bc93e91f5
9ac0351ab9a803e9647882880b4f56693fd769ed
d881fb422e3eaa5ec00a7f6aaed965ac8bd93b2e14970db59c37ee0ba66b0f80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 69293b8c8a45196bb68c2fb4a573ee67
fbd418617bfbf280af580abf1d2698db8228d84b
bda77decf1a738ce7c86b23325d36faeff1878c643547c54dd62f182fc7ad5ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4272
Cache-Control: max-age=139743
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Etag: "636a5e28-1d7"
Expires: Thu, 10 Nov 2022 14:59:36 GMT
Last-Modified: Tue, 08 Nov 2022 13:48:24 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 200 OK
Cache-Control: private,max-age=1800
Content-Length: 11367
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 28 Jul 2022 17:32:37 GMT
Accept-Ranges: bytes
ETag: "80a8697a8a2d81:0"
Vary: Accept-Encoding
Set-Cookie: MUID=06A1F228F7506D61277EE07FF6076CF9; domain=.bing.com; expires=Mon, 04-Dec-2023 00:10:33 GMT; path=/; SameSite=None; Secure; Priority=High;
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Origin: *
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: F4A805E2339A480CBBF03261B17BDDF4 Ref B: OSL30EDGE0314 Ref C: 2022-11-09T00:10:33Z
Date: Wed, 09 Nov 2022 00:10:33 GMT
www.googletagmanager.com/gtag/js?id=DC-10701487
142.250.74.168302 Found 252 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=DC-10701487
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c911c6f4161cf68ee27d02ec0f268ff8
0bd040c44c96dd6b1b89613ffc4e48a0152eec95
c9fc67737c8a2913e73cf8ab458fbb11b1d39ea3302992eb0da094fe74954164
GET /gtag/js?id=DC-10701487 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=DC-10701487
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 252
X-XSS-Protection: 0
cdn.clinch.co/a_js/client_pixels/clq/script.min.js
23.36.79.32200 OK 4.6 kB URL HTTP/1.1 cdn.clinch.co/a_js/client_pixels/clq/script.min.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 (with BOM) text, with very long lines (14797), with no line terminators
Hash 87474300d7f17748e3ed24b42d4bee2b
9d2c3a1f2b9cffdcb309ea2a2b13bed7b693042c
0388ad3b8fc80cfb336b71fabe7c01a2a8d8ff699fb448f4105a7d9ff5f680ef
GET /a_js/client_pixels/clq/script.min.js HTTP/1.1
Host: cdn.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Cookie: clinch-sid=674b22fb-6e12-4d0e-8f99-06e6e917fcf9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: adMugfF433YL+FfK0yhYay96eSjZAVC2bECbR3FBNYsdGtoJyV+rBZXvGbuNsIAHS4UU//dITPM=
x-amz-request-id: R8YJQ3PZ0BKYEXCH
Last-Modified: Tue, 11 Jan 2022 12:52:46 GMT
ETag: "666e09028e21421106f9ecd0ceb1ddac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=18797037
Expires: Wed, 14 Jun 2023 13:34:30 GMT
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Length: 4567
Connection: keep-alive
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET,HEAD,OPTIONS
Access-Control-Allow-Origin: *
ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Fassets%2Fjs%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
34.242.179.188204 No Content 0 B URL HTTP/1.1 ensighten.huntingtonbank.com/error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Fassets%2Fjs%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException
IP 34.242.179.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=Dependency%20with%20id%20679729is%20missing&lnn=7&fn=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Fassets%2Fjs%2FBootstrap.js.download&cid=1035&client=huntington&publishPath=com&rid=-1&did=-1&errorName=DependencyNotAvailableException HTTP/1.1
Host: ensighten.huntingtonbank.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 00:10:33 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store
X-Cache: Hit from cloudfront
Via: 1.1 4702aeea8654864963fc655b3a07aae2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DUB56-P1
X-Amz-Cf-Id: Iy8NI-nXiVYnNDJGerCMbFYnzO9cT3tD-rHXtQCD_xenLw0ak11LRQ==
Age: 72017
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d044f3e2fc14a96cc5752446b440b143
d0d278c9eee46eb43a3f91e8fa55db206a78c93a
a0aa7ecc56cdd27079c14e17f3f790b3c01584379a519e8f7760eb81a781a02a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: uYw3ElH1fhItRo4ziV4HFduqEWriYKpxupOX0N3pFxHy1lgl2MYcsTdMKZw6GGIC4hQMRPJGJMhV86lE7qkW5Q==
content-length: 27337
x-fb-trip-id: 1904183273
date: Wed, 09 Nov 2022 00:10:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 69293b8c8a45196bb68c2fb4a573ee67
fbd418617bfbf280af580abf1d2698db8228d84b
bda77decf1a738ce7c86b23325d36faeff1878c643547c54dd62f182fc7ad5ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4273
Cache-Control: max-age=139743
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Etag: "636a5e28-1d7"
Expires: Thu, 10 Nov 2022 14:59:37 GMT
Last-Modified: Tue, 08 Nov 2022 13:48:24 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
secure-reviewserver.ddns.net/assets/img/favicon-16x16.png
172.174.98.85200 OK 629 B URL HTTP/1.1 secure-reviewserver.ddns.net/assets/img/favicon-16x16.png
IP 172.174.98.85:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b3edcae46fea41cde6b830ecfe7f89e4
f031fd0f0050d9601254e35eecb6d573585418f9
5c838bb93e9d85d3badb18e708a16a8287505922eada63ed4fb7495eaefb0a17
Analyzer Verdict Alert urlquery DynDNS domain detected
GET /assets/img/favicon-16x16.png HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:33 GMT
Server: Apache
Last-Modified: Mon, 02 Nov 2020 23:02:32 GMT
Accept-Ranges: bytes
Content-Length: 629
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
snap.licdn.com/li.lms-analytics/insight.old.min.js
23.36.76.210200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.old.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.old.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 21:02:26 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=23726
date: Wed, 09 Nov 2022 00:10:34 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
142.250.74.162200 OK 313 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (678), with no line terminators
Hash 65aaaa3c8038dff3c0eb4f4a935aea35
872feedfba1eb93a1eb1899fb1d317b4d76c426d
c47f8a57db82f4d68ee45468a2372ead272b71269d9542b0aa2e7b49a25ca357
GET /ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8085313.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&kw=Huntington%20bank%20mobile%20login,%20Huntington%20mobile,%20Huntington%20bank%20mobile%20&p=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&r=<=1848&evt=pageLoad&sv=1&rn=612396
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&kw=Huntington%20bank%20mobile%20login,%20Huntington%20mobile,%20Huntington%20bank%20mobile%20&p=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&r=<=1848&evt=pageLoad&sv=1&rn=612396
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&kw=Huntington%20bank%20mobile%20login,%20Huntington%20mobile,%20Huntington%20bank%20mobile%20&p=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&r=<=1848&evt=pageLoad&sv=1&rn=612396 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=221AFC18C46069F905B5EE4FC5376897; domain=.bing.com; expires=Mon, 04-Dec-2023 00:10:34 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B65A31F1561541259D02156AD8BD1A2C Ref B: OSL30EDGE0417 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:34 GMT
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
142.250.74.162200 OK 316 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (685), with no line terminators
Hash e444bdaa576e8661703325219a582a35
964bb9831a97a4f37802e5515ede89a317271384
256eb563d9892f4e45b57a551cddf32140904477f13bb7f2f2536f7c04d4a97c
GET /ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8085313.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=0&msclkid=N&ec=Visit&ea=Public&el=pub:%20mobile%20login&el2=pub%3A%20mobile%20login&sw=1280&sh=1024&sc=24&evt=custom&rn=708820
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=0&msclkid=N&ec=Visit&ea=Public&el=pub:%20mobile%20login&el2=pub%3A%20mobile%20login&sw=1280&sh=1024&sc=24&evt=custom&rn=708820
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5067672&Ver=2&mid=9834f96a-6cfe-4bc5-9514-7f1703935132&sid=ec2408905fc211ed98ca83604e89852a&vid=ec2413605fc211ed9cc6b1dfc4c9641d&vids=0&msclkid=N&ec=Visit&ea=Public&el=pub:%20mobile%20login&el2=pub%3A%20mobile%20login&sw=1280&sh=1024&sc=24&evt=custom&rn=708820 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1DA01AD568D364B307250882698465EC; domain=.bing.com; expires=Mon, 04-Dec-2023 00:10:34 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9463D27C72044C1E87DF72A2764F69A4 Ref B: OSL30EDGE0417 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:34 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6920c21f74992f705b72858085c3703a
e3c4c970dec64765ffaa82e58fcfd895daa6604e
c25a07e0d2d0da18ff589f72c745679428f06e657a46f877ae3009ba9b302c57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6085
Cache-Control: max-age=95163
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Etag: "6369a8f0-1d7"
Expires: Thu, 10 Nov 2022 02:36:37 GMT
Last-Modified: Tue, 08 Nov 2022 00:55:12 GMT
Server: ECS (amb/6B71)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/5067672.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5067672.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5067672.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=2F9B72ABB04C6A030A7D60FCB11B6B1E; domain=.bing.com; expires=Mon, 04-Dec-2023 00:10:34 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 83023F80B277491A8C93D474558E7088 Ref B: OSL30EDGE0417 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:34 GMT
X-Firefox-Spdy: h2
sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2009%20Nov%202022%2000%3A10%3A30%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&tagmgr=gtm%2Censighten
212.82.100.181200 OK 0 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2009%20Nov%202022%2000%3A10%3A30%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&tagmgr=gtm%2Censighten
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sp.pl?a=10000&d=Wed%2C%2009%20Nov%202022%2000%3A10%3A30%20GMT&n=0&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPrvamMCEH17zJfAXEXJWqWBzf45pcEFEgEBAQFBbGN0YwAAAAAA_eMAAA&S=AQAAAq50MVAYd8k3PCS-JKO_YGs; Expires=Thu, 9 Nov 2023 06:10:34 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 70c1096689fc71f2152ebe6c5c26cd78
06096e48d46a7e2cae7bc7a369ab729910f4473d
84dcca42231d9c3689703524bf60a2cca448645ee6559dbe43c9c0498efc391b
GET /gtag/js?id=AW-391028924&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=AW-391028924&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 09 Nov 2022 00:10:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
sp.analytics.yahoo.com/sp.pl?a=10000&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&et=custom&ec=Visit&ea=Public&el=pub%3A%20mobile%20login&tagmgr=gtm%2Censighten
212.82.100.181200 OK 0 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&et=custom&ec=Visit&ea=Public&el=pub%3A%20mobile%20login&tagmgr=gtm%2Censighten
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sp.pl?a=10000&b=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&.yp=10030245&f=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&enc=UTF-8&et=custom&ec=Visit&ea=Public&el=pub%3A%20mobile%20login&tagmgr=gtm%2Censighten HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: application/x-javascript
accept-ranges: bytes
content-length: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPrvamMCEJqpKgPVYnsMkV26271-HYkFEgEBAQFBbGN0YwAAAAAA_eMAAA&S=AQAAAq4UuURDscnCR4MBP5l5RR0; Expires=Thu, 9 Nov 2023 06:10:34 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
secure-reviewserver.ddns.net/akam/11/pixel_7a8ba97f
172.174.98.85404 Not Found 315 B URL HTTP/1.1 secure-reviewserver.ddns.net/akam/11/pixel_7a8ba97f
IP 172.174.98.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery DynDNS domain detected
POST /akam/11/pixel_7a8ba97f HTTP/1.1
Host: secure-reviewserver.ddns.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
x-dtpc: $552630036_772h9vVALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0
Content-Length: 2773
Origin: http://secure-reviewserver.ddns.net
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/login.php?cmd=login_submit&id=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&session=c5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
Cookie: _gcl_au=1.1.2069311355.1667949847; _fbp=fb.2.1667949847284.1005147557; _uetsid=ec2408905fc211ed98ca83604e89852a; _uetvid=ec2413605fc211ed9cc6b1dfc4c9641d
HTTP/1.1 404 Not Found
Date: Wed, 09 Nov 2022 00:10:34 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Wed, 09 Nov 2022 00:57:03 GMT
Date: Wed, 09 Nov 2022 00:10:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2789
Expires: Wed, 09 Nov 2022 00:57:03 GMT
Date: Wed, 09 Nov 2022 00:10:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11ef1d34ac2d42662fe53fc58c882fdf
16f1e048895ed1ee0c0c071e3939e741113e4969
61c42bae12654cf9bd1e7ca0f616164ff4139dc470fb6c1033176374444d6bda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6272
x-amzn-requestid: 7287a2fe-853d-497f-a63e-1d521dd5326e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3dSGEIIAMF7Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d2bb-4c6803ad2d4ea46e68abd386;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:04:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LDFjqTNKAf14q52-12SgdxG52y16CzeAmZFIIwxEnUFTYp8ZOTT4Ew==
via: 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 18:20:46 GMT
age: 20988
etag: "16f1e048895ed1ee0c0c071e3939e741113e4969"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1448b9-c14a-494a-b2b3-d4d430f83cd7.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1448b9-c14a-494a-b2b3-d4d430f83cd7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da90dc6a5f2fc0c07e1e3d7ac0f1a67c
131acddbc0fefa19de876f5254d21370691b4653
60a17b9d4f66a571b54b17bcdd5ae19942bd8540569663611a3a64c07734417c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1448b9-c14a-494a-b2b3-d4d430f83cd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7108
x-amzn-requestid: bf8302ba-8138-4b4a-8821-fe1c1d1864fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMYDHEoFoAMFqVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636806e0-7b5856224000122233ad81ea;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 19:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EGKvHV1bW_nNzjp6K-vbh2vMp3EvI3lFbFuEJ-j_Nz1y_eLuKWTD4g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:18:43 GMT
age: 6711
etag: "131acddbc0fefa19de876f5254d21370691b4653"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q0yZmbExDP4tH0n1n2qj_NR2Mv_y_dsO0LJ1RKZoS6Me-NLbhpUWqw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 09:08:56 GMT
age: 54098
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24121bb1-6b1a-4b47-9a61-a1e493fc2abd.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24121bb1-6b1a-4b47-9a61-a1e493fc2abd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bf2a87c0a3d9fe8a5be9ce6d3d3c93ad
f919c9f8b2dbaa4346ec065a4629ec44c13036dc
7169ae72c6cdfedb6e9fce98430fbb97d28107b02da6acb1ae5b29671bbcd21f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24121bb1-6b1a-4b47-9a61-a1e493fc2abd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6244
x-amzn-requestid: e6ea985e-290a-4deb-a47e-970fd3b0ee06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJUPeE_voAMFSNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366cd96-28bd8a836f911fda6286f293;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 20:54:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VGCufJWWm6gmF2LuKPY1QYWCcoWEg171x73SSBHyBQLFTnjWti9bww==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 15:51:29 GMT
age: 29945
etag: "f919c9f8b2dbaa4346ec065a4629ec44c13036dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff61972b3-81fe-4685-88de-21199403755b.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff61972b3-81fe-4685-88de-21199403755b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cc233d853dae1e8f6127bc8f7ddd3ae
a99cfd0dc7b73fab94fbecc9c8bdf5945a3387a7
169e6f462cf903a188a13cb95791731fb20f2fdb04c236065e90f834606bb0a8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff61972b3-81fe-4685-88de-21199403755b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5282
x-amzn-requestid: e50bfdbf-6301-4451-9ae9-80127861f8fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTnaHR8IAMFSfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc95-4ee3045e3af315160dc7e933;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:39:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sPVnehGtMgbgGW_D41Q4vGyLdl8cSGpXEf1H0Td5Cy32w7carwcjTg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:44:22 GMT
age: 8772
etag: "a99cfd0dc7b73fab94fbecc9c8bdf5945a3387a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1382cce063e7b64ce1a9360db1cb1a03
e773fbc5ba8bb957bce566d353c4580e46d4b31c
88332359957b997367612f496d866de90680f3ff458ead4e6cdc052ad3fe8858
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bc0bac-c8ba-4055-b51a-0c279033a4e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6458
x-amzn-requestid: 7dc5df31-e521-476f-aee2-6a59192d8c94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTuEwBoAMFpVg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-1a1866f906458f916d6baac8;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TpRz9GwPmcySJ-e0FjxKkBYmlb6wV8LnMoSMD_GJOpSk_phabHP-7Q==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:16:10 GMT
age: 6864
etag: "e773fbc5ba8bb957bce566d353c4580e46d4b31c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
188.125.94.206200 OK 6.9 kB IP 188.125.94.206:0
Hash ba95ac53e65ff1b39b3fc33d91ee2a3d
f2f7b2f779334a229d2a26ffcc363fc75fd079c8
b5ee76af876c9eeee762301b5a82ecad1c57784ad59e2f310f3073e3d8ab8ef6
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lwnNvV4guBRreEXs7xQCMo/zHlSlDHSuSZ3+HNo+MTkUav7zmFXq72Fa76Q16QhZxnJ/JuT7Ey8=
x-amz-request-id: 6VG7DKKZWTSSYGNP
date: Tue, 08 Nov 2022 23:57:15 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 799
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
142.250.74.98200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8085313;type=global;cat=allpv;ord=1570187731993;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Wed, 09 Nov 2022 00:10:34 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
142.250.74.98200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=8085313;type=global;cat=uvisit;ord=1;num=3783848338183;gtm=2odb70;auiddc=2069311355.1667949847;u1=pub%3A%20mobile%20login;u2=undefined%7C;~oref=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
expires: Wed, 09 Nov 2022 00:10:34 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1667952631047&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4262805406&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1667952631038&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2691113522&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1667952631042&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1654010249&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849063932/?random=1667952630823&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1899177860&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/786635084/?random=1667952630786&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3835764970&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4784079f08e5276b7bd670aed075be5c
997cfb14816a90e340a5f391257d3f8157bc220b
5b88bc0709a5c7a375c380199d49f76e3beedfddf895b80abc3699d73bdf142a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 00:10:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=0&ipr=y
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=0&ipr=y
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/391028924/?random=1667952631212&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1877912845&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/849073348/?random=1667952630771&cv=11&fst=1667952000000&bg=ffffff&guid=ON&async=1>m=2oab70&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&tiba=Mobile%20Banking%20Login%20%7C%20Huntington%20Bank&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1706852209&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 00:10:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1667952631029%26url%3Dhttp%253A%252F%252Fsecure-reviewserver.ddns.net%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%2526session%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJAkX5REAMhLQAAAYRZuWo8Wu9BvrfzUVdeK5mjwC97sNcrPQF6CSVlZso8XN7e_Su8sfSD0GRueQ; Max-Age=2592000; Expires=Fri, 09 Dec 2022 00:10:34 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJT4koE8oAgWAAAAYRZuWo8TLjFqOzNYcDoHVSj7b2dFlG1AoiEEpTSlhsAW-CZ6hsw7OK2X6X7AoPBNL4V3A; Max-Age=2592000; Expires=Fri, 09 Dec 2022 00:10:34 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&c43b8c13-5705-4972-8386-09898c6d042a"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 09-Nov-2023 00:10:34 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2370:u=1:x=1:i=1667952634:t=1668039034:v=2:sig=AQHAPuSfVc-bCIlZLHHbNZZlAfdAQ3mi"; Expires=Thu, 10 Nov 2022 00:10:34 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXs/nxGzrnhxOtixiSbhA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 1DDEEA066A17478CBF77C99094CBBD5D Ref B: OSL30EDGE0109 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:33 GMT
content-length: 0
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1667952631029%26url%3Dhttp%253A%252F%252Fsecure-reviewserver.ddns.net%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%2526session%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1667952631029%26url%3Dhttp%253A%252F%252Fsecure-reviewserver.ddns.net%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%2526session%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D291554%26time%3D1667952631029%26url%3Dhttp%253A%252F%252Fsecure-reviewserver.ddns.net%252Flogin.php%253Fcmd%253Dlogin_submit%2526id%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%2526session%253Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&2c629397-d3e4-47b3-8392-c21a780d0271"; Domain=.linkedin.com; Expires=Thu, 09-Nov-2023 00:10:34 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202211090010340b2e5cd2-2012-4110-871a-cf2c93aabfa2AQGuo1bzP3hbAaHrzyAo0Arq04ixngCp"; Domain=.www.linkedin.com; Expires=Thu, 09-Nov-2023 00:10:34 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2Njc5NTI2MzQ7MjswMjG1YtKBM7KoW/Y/aCaUgUnYt6QztuztjGkKrQE+uZwYVQ==; Domain=.linkedin.com; Expires=Mon, 08 May 2023 00:10:34 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2370:u=1:x=1:i=1667952634:t=1668039034:v=2:sig=AQHAPuSfVc-bCIlZLHHbNZZlAfdAQ3mi"; Expires=Thu, 10 Nov 2022 00:10:34 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com *.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXs/nxJ2qYNNHWk2Xw5cg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 1FD4A6C2FC0C4EF7A7A60195DC46E9D0 Ref B: OSL30EDGE0109 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:34 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=291554&time=1667952631029&url=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&11216310-4827-4ee5-8d0b-be05c546d062"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 09-Nov-2023 00:10:34 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2370:u=1:x=1:i=1667952634:t=1668039034:v=2:sig=AQHAPuSfVc-bCIlZLHHbNZZlAfdAQ3mi"; Expires=Thu, 10 Nov 2022 00:10:34 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXs/nxNL6lnlVtnZRTXZA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 23B6F675814E442ABEA7037A7972D956 Ref B: OSL30EDGE0109 Ref C: 2022-11-09T00:10:34Z
date: Wed, 09 Nov 2022 00:10:34 GMT
content-length: 0
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877
3.232.79.195301 Moved Permanently 134 B URL HTTP/1.1 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877
IP 3.232.79.195:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Wed, 09 Nov 2022 00:10:37 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://trk.clinch.co:443/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 2481c37c8da9631cde360b4de8e961da
d98fac613a6d87272d7c693a4f0c56e03151a6b8
11a4b4e21e8392690e31abe78d1b7837067eaa30e08544080d85742fbfb9fed3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 09 Nov 2022 00:10:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 08 Nov 2022 18:26:05 GMT
Expires: Wed, 09 Nov 2022 18:26:05 GMT
ETag: "d98fac613a6d87272d7c693a4f0c56e03151a6b8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b6a89db9608f34e9454e3504327aabc
20c73e47664a3c27b7e7410a5bed537c3e889704
f288eee2c2e88251c3038b73dd55abd4825a23df5b1cd2c0724f6aac4cc7cd49
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F288EEE2C2E88251C3038B73DD55ABD4825A23DF5B1CD2C0724F6AAC4CC7CD49"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4378
Expires: Wed, 09 Nov 2022 01:23:35 GMT
Date: Wed, 09 Nov 2022 00:10:37 GMT
Connection: keep-alive
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1
100.24.162.178200 OK 28 B URL HTTP/1.1 mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1
IP 100.24.162.178:0
File type ASCII text, with no line terminators
Hash b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028
POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2262
Origin: http://secure-reviewserver.ddns.net
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:37 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877
3.232.79.195302 Found 0 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877
IP 3.232.79.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877 HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
Cookie: clinch-sid=674b22fb-6e12-4d0e-8f99-06e6e917fcf9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 09 Nov 2022 00:10:37 GMT
content-length: 0
location: https://trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877&try2=true
server: clinch
X-Firefox-Spdy: h2
trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877&try2=true
3.232.79.195200 OK 79 B URL HTTP/2 trk.clinch.co/trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877&try2=true
IP 3.232.79.195:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 70c92fdbfdaad0989a68617939cf615c
4cc7e0778377d6e89b665e1741c798b9df21693a
3a2f25076dd3c45cd69196f5c15d3ae2678b208bc5f8ac053d54d4a1fb792006
GET /trk?cid=ojfb3O&dsid=wifbQOP&type=pageView&product=ecommerce&referrer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2&version=3.4&a=1667952633877&try2=true HTTP/1.1
Host: trk.clinch.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-reviewserver.ddns.net/
Connection: keep-alive
Cookie: clinch-sid=674b22fb-6e12-4d0e-8f99-06e6e917fcf9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 00:10:37 GMT
content-type: text/html
content-length: 79
server: clinch
cache-control: no-store
x-robots-tag: none
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1
100.24.162.178200 OK 28 B URL HTTP/1.1 mef957.dynatrace-managed.com/bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1
IP 100.24.162.178:0
File type ASCII text, with no line terminators
Hash b3b616cdccc63672fb7dfb1c9cf17b94
209c6645bf2bfc5aa3114d56846f37b51f018728
1280314b5bc8ff4f42b0ae1b45c42bceeddce7f4a09a13e24aa7f316dd4ae028
POST /bf/55ab56e3-f58b-45f8-a01d-56e2db48866f?dtCookie=null;referer=http%3A%2F%2Fsecure-reviewserver.ddns.net%2Flogin.php%3Fcmd%3Dlogin_submit%26id%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2%26session%3Dc5a8f554701d350196467576bc37c4a2c5a8f554701d350196467576bc37c4a2;visitID=VALKAOHRHKPOSGHKMKQHCHDWHVROWMTP-0;app=0bd76d7cc9264013;end=1 HTTP/1.1
Host: mef957.dynatrace-managed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12773
Origin: http://secure-reviewserver.ddns.net
Connection: keep-alive
Referer: http://secure-reviewserver.ddns.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 00:10:39 GMT
Content-Type: text/plain;charset=utf-8
Cache-Control: no-cache
Content-Length: 28