r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14906
Expires: Fri, 31 Mar 2023 23:04:56 GMT
Date: Fri, 31 Mar 2023 18:56:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9814
Expires: Fri, 31 Mar 2023 21:40:04 GMT
Date: Fri, 31 Mar 2023 18:56:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8588
Expires: Fri, 31 Mar 2023 21:19:38 GMT
Date: Fri, 31 Mar 2023 18:56:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 18:16:12 GMT
content-type: application/json
age: 2418
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hM8Lj4S8klvG46l/m2zx5o5IKIyckeKS3yMduhXw+mW7Or7JxHxoxx6SEQzkM1H9ObDRcjhPz6w=
x-amz-request-id: 38ZKZNZ9SKK0JR77
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 18:12:17 GMT
age: 2653
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
shurt.pw/u/zUqbTE
172.67.140.139200 OK 5.2 kB IP 172.67.140.139:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1088), with CRLF, LF line terminators
Hash f431ca616be498bb0833590220b30961
60647468f227338de2774f4676d8f722180df1bf
46faf44b3785b7190a22c270e33d1247c277fe6ce3bfb15b64c012a71c60f389
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /u/zUqbTE HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: AppSession=13e73c89c2560ba900f99fa7d7fbb8e2; path=/u/; HttpOnly
csrfToken=fb813af7b2a005d9c4d6b470280c4e2203894727a6d3aa09f913af1f4db0eee9baf76480b9bc2f103dcfee070f7a6a8cfc979400ac2d89d618ab6a5a654cb598; path=/u/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN,SAMEORIGIN,SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent,User-Agent
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0JLUXiM2SVNl6yxfJeDxCOSFs%2FPPcgnKVk3tY7tfq5QvXyH5PU2Xs7RrG2kALPreoksbqEK5VfBMlBpybE28Us7my6ujeVDWdpbvZ9S%2Bva10Nls1GgQI4vhbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad00ba8adb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:56:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn.prplads.com/video-agent.js?publisherId=6236aa21a8c18bdcf30eff9d2a8b7c1a:a30bda032e038a71ecf6f924868c70edc1e88dbf060df0d8e941fc365283ccaf06cb53dfb2a90cd3bb2477c21103c8fb817b93557ce146df33df735ba13017fc
104.26.3.51200 OK 16 kB URL HTTP/2 cdn.prplads.com/video-agent.js?publisherId=6236aa21a8c18bdcf30eff9d2a8b7c1a:a30bda032e038a71ecf6f924868c70edc1e88dbf060df0d8e941fc365283ccaf06cb53dfb2a90cd3bb2477c21103c8fb817b93557ce146df33df735ba13017fc
IP 104.26.3.51:0
File type Unicode text, UTF-8 text, with very long lines (46692), with no line terminators
Hash 15f2e7d610522f14fbefdcbef5f77da8
a5754995299fa4a746c121e4f1ca91a01cf25625
940ad0205740cf0513bf5d9fc7b5f95b13498b33aefcd8d35e7b2c37b6ffa184
GET /video-agent.js?publisherId=6236aa21a8c18bdcf30eff9d2a8b7c1a:a30bda032e038a71ecf6f924868c70edc1e88dbf060df0d8e941fc365283ccaf06cb53dfb2a90cd3bb2477c21103c8fb817b93557ce146df33df735ba13017fc HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:30 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"93aa7921fb7db19056c9a10288d1482a"
last-modified: Sun, 26 Mar 2023 13:03:48 GMT
x-amz-id-2: xp6dTcn19/4o4DLc0aYuFzLPKcanncJ4vHLLJkaAkreUfBMDVDCgsovUxgfL7FhDIMs7swdJqD8=
x-amz-request-id: YK021151P96BBSE7
cache-control: max-age=86400
cf-cache-status: HIT
age: 3783
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hS2tqDAszitwLn4UhNs9LxK3HccgPlj0w6uQ%2BEEFr86f0RIi84T3ogBRSEe76BxtvIihKnXmohkEktjm1zFSWatJqwEvfC5MX9tNWnBU4QpT0Z2lwoX%2B1%2BfXgB0UqdLGIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b0ad00ecea3b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-8LS05BDZKL
142.250.74.168200 OK 84 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-8LS05BDZKL
IP 142.250.74.168:0
File type ASCII text, with very long lines (30260)
Hash 9ccee1042ae587b961561e38770b7f0a
68ae2e2a072320ce19bc6be6d977eb0b045fb04f
27889762456a28d88cd49e3e50792f70f1e57a38b8a14a06ef3ac5e65fa4383b
GET /gtag/js?id=G-8LS05BDZKL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 31 Mar 2023 18:56:30 GMT
expires: Fri, 31 Mar 2023 18:56:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 84105
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc0bc67cb73720019a64ebe2e6cc00a8
1caa960bc9bf478f88d9401ac9784d42641f513e
a8053d663c8bfb024620c710e40c226c0fc1c82620c511ffed5379ad4191acd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ab61862f016dea85f8aa55e59369d905
a5e81f13052b9e9184caf05a9740c345a40d1f22
e0d580c313088d524a5338e63e4acf9f3f3cb45a54f2528c5d1c4915d71b255b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E0D580C313088D524A5338E63E4ACF9F3F3CB45A54F2528C5D1C4915D71B255B"
Last-Modified: Thu, 30 Mar 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14688
Expires: Fri, 31 Mar 2023 23:01:18 GMT
Date: Fri, 31 Mar 2023 18:56:30 GMT
Connection: keep-alive
shurt.pw/u/new_theme/build/css/link.css?ver=6.4.0
172.67.140.139200 OK 3.5 kB URL HTTP/1.1 shurt.pw/u/new_theme/build/css/link.css?ver=6.4.0
IP 172.67.140.139:0
File type ASCII text, with very long lines (13754), with no line terminators
Hash 99814fb7aa39224034a6a339ca8009b6
fd65ce841acb114c85feeaac23bcb71449207500
2824a4a841813b45beef2d908e89c3839494bd5ee6c592653e991e7370708186
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /u/new_theme/build/css/link.css?ver=6.4.0 HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/u/zUqbTE
Cookie: AppSession=13e73c89c2560ba900f99fa7d7fbb8e2; csrfToken=fb813af7b2a005d9c4d6b470280c4e2203894727a6d3aa09f913af1f4db0eee9baf76480b9bc2f103dcfee070f7a6a8cfc979400ac2d89d618ab6a5a654cb598
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:30 GMT
Content-Type: text/css
Content-Length: 3495
Connection: keep-alive
cache-control: public, max-age=2592000
expires: Sun, 30 Apr 2023 18:56:30 GMT
last-modified: Mon, 13 Jan 2020 22:24:24 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent,User-Agent
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN,SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=533hC%2BAM0bXuKh4s4czSD06L1saiHoIk8bYihpnC6sPc2mAEzh7A0i9uK6KdERbRCfHNN5SJYAor9Ba1Z496y88Pi96sZLSGRVBC3ceFpxNZz8nfNEV1y6sszA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad00eadc0b50c-OSL
alt-svc: h2=":443"; ma=60
shurt.pw/u/js/ads.js?ver=6.4.0
172.67.140.139200 OK 162 B URL HTTP/1.1 shurt.pw/u/js/ads.js?ver=6.4.0
IP 172.67.140.139:0
File type ASCII text, with no line terminators
Hash 19606e42047ff6fc62c605157dacf742
dc53398e76781c27eb48f7f948d35d3dacaf8a69
5c50a649421e815c40de836a05bf30d94daaeb9b4acf314b97db662eb8bdc4e1
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /u/js/ads.js?ver=6.4.0 HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/u/zUqbTE
Cookie: AppSession=13e73c89c2560ba900f99fa7d7fbb8e2; csrfToken=fb813af7b2a005d9c4d6b470280c4e2203894727a6d3aa09f913af1f4db0eee9baf76480b9bc2f103dcfee070f7a6a8cfc979400ac2d89d618ab6a5a654cb598
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=2592000
expires: Sun, 30 Apr 2023 18:56:30 GMT
last-modified: Tue, 03 Sep 2019 05:24:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN,SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: User-Agent,User-Agent, Accept-Encoding
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQU6YEFLbdkFdvqSx%2BqxhQZ4SsUQnMHV%2FEGOlr0B9%2BPNQROKbBwnJ6Fb%2F1HyWPOMs8IwikGrEPiEy8OyurGT%2Bk%2FYdRgn0NlWKzqfFwSkUVc1TYuTv3VpnEOCjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad00ea8fbb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
disploot.com/t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075
143.204.55.43301 Moved Permanently 167 B URL HTTP/1.1 disploot.com/t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075
IP 143.204.55.43:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 31 Mar 2023 18:56:30 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://disploot.com/t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075
X-Cache: Redirect from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bxOOmh1o9s9PIOJQD7tAfuC5CZc5BOQKxhZafBNmhtQc9TIJRfqS3g==
Vary: Origin
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Pragma, Backoff, Expires, Last-Modified, Content-Type, Alert, Retry-After, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 18:14:39 GMT
age: 2511
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9pmfmc/FQyqM2yURM7pEIQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xQbFr+M09RLbhaB9fAj0sFmZ19Q=
Date: Fri, 31 Mar 2023 18:56:30 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
okayarab.com/04/e6/aa/04e6aaf7cf19824c28b9aefc25a57a4d.js
173.233.139.164200 OK 17 kB URL HTTP/1.1 okayarab.com/04/e6/aa/04e6aaf7cf19824c28b9aefc25a57a4d.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (53745), with no line terminators
Hash 1c7c83252eebbc42c225d31e01ca29f5
c916196a9e4ef1c3fa01070c7002aabf50beab16
0811c889c22c04d76e901c920a0d620481de9005183cc2550984f8d7b558d97d
GET /04/e6/aa/04e6aaf7cf19824c28b9aefc25a57a4d.js HTTP/1.1
Host: okayarab.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 31 Mar 2023 18:56:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4451c2e701c1be69a79bf334e32e4392
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
measure.refinery89.com/website/1864/tag_load
54.230.111.8200 OK 43 B URL HTTP/2 measure.refinery89.com/website/1864/tag_load
IP 54.230.111.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /website/1864/tag_load HTTP/1.1
Host: measure.refinery89.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
cache-control: max-age=0, public, s-maxage=21600
server: Microsoft-IIS/10.0
x-powered-by: PHP/7.3.7
date: Fri, 31 Mar 2023 14:51:45 GMT
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wTHksXuj6h3m_vIhovRuS3ST8aFcA7Fe6Be3tCVpgsuvbnMRoRfAPg==
age: 14686
X-Firefox-Spdy: h2
shurt.pw/cloud_theme/build/fonts/fontawesome-webfont.woff2
172.67.140.139200 OK 77 kB URL HTTP/1.1 shurt.pw/cloud_theme/build/fonts/fontawesome-webfont.woff2
IP 172.67.140.139:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /cloud_theme/build/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/u/zUqbTE
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: font/woff2
Content-Length: 77160
Connection: keep-alive
last-modified: Tue, 03 Sep 2019 05:24:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: User-Agent, Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8OoosYAJ5acAWePSP3J3EriIlKfdGoesqQRavO58AVyLnKEKrqQca563Sp9iLJ7yOE2MEjlrj0mDsV8%2FHbquo4YqJqemyTwGn1eXtxCY4VHi1E4184P4zZbfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad00e9e2db500-OSL
alt-svc: h2=":443"; ma=60
shurt.pw/u/new_theme/build/js/script.min.js?ver=6.4.0
172.67.140.139200 OK 60 kB URL HTTP/1.1 shurt.pw/u/new_theme/build/js/script.min.js?ver=6.4.0
IP 172.67.140.139:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0f12c1f3ebcfa16b45c8230dce16bada
ccd1f4ce99a1ad25685abaa1958e839739d03beb
94408b2d687d68b476625b1fa83ae20d02380c07fd1b1cdc030b85a479208bc1
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /u/new_theme/build/js/script.min.js?ver=6.4.0 HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/u/zUqbTE
Cookie: AppSession=13e73c89c2560ba900f99fa7d7fbb8e2; csrfToken=fb813af7b2a005d9c4d6b470280c4e2203894727a6d3aa09f913af1f4db0eee9baf76480b9bc2f103dcfee070f7a6a8cfc979400ac2d89d618ab6a5a654cb598
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: application/javascript
Content-Length: 60260
Connection: keep-alive
cache-control: public, max-age=2592000
expires: Sun, 30 Apr 2023 18:56:30 GMT
last-modified: Mon, 13 Jan 2020 21:36:39 GMT
content-encoding: gzip
vary: Accept-Encoding,User-Agent,User-Agent
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN,SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t24AMqpCU7PJulCmnyV358d0ylXZ0kGwkO8DUrwv26ThPgj67CSmRXF9W7nqv4rm8xl3cpcLIxKkGZ1h24F6Jsm0SWB4gk9xr3GKoyBUDPJnF%2Bl4kxqGwsc9AA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad00eabcdb529-OSL
alt-svc: h2=":443"; ma=60
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 5a4c6b2a6494c0f25ca13c9a57b8fe72
a7b706d876b996c0a5bb99c1d4fba6b92eb07bc0
bb28a54e15172cb8bcf2e260af269087a39581db7b20a8ba1d342f81e4866198
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165153
Date: Fri, 31 Mar 2023 18:56:31 GMT
Etag: "64270f00-1d7"
Expires: Sun, 02 Apr 2023 16:49:04 GMT
Last-Modified: Fri, 31 Mar 2023 16:49:04 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2gOI_rb0Vcy8mqLZbTbPpctWz5NpyyyRNN5jqZwLSh1K0KbBdmyT0g==
disploot.com/c/e9hb1uc7tvxuzzd1xc0kx.json?cb=1680288990521
143.204.55.43200 OK 1.7 kB URL HTTP/2 disploot.com/c/e9hb1uc7tvxuzzd1xc0kx.json?cb=1680288990521
IP 143.204.55.43:0
File type JSON data\012- , ASCII text, with very long lines (1690), with no line terminators
Hash 2913b9181380fa5a1e6ba1a25365073d
f96151e6224ad6dbc7f0cf4f31b50b2cb6a0661a
533b45dc4471a1dc193fa7ef68290b78f2c1e2bfeb86a50b185a0b7e16f1f734
GET /c/e9hb1uc7tvxuzzd1xc0kx.json?cb=1680288990521 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Origin: http://shurt.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 1690
last-modified: Thu, 10 Nov 2022 10:39:53 GMT
x-amz-version-id: jMAu2DUHped5Qh4U9CHbw.V9vpU0lUNO
accept-ranges: bytes
server: AmazonS3
date: Fri, 31 Mar 2023 00:59:02 GMT
etag: "2913b9181380fa5a1e6ba1a25365073d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hWDcsK6AP7ywoB6TAgLHtodopHM4-KJh_HW_qZ5yEqtMnA8Gk2u3Ng==
age: 64650
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
explainpompeywistful.com/f5/a9/be/f5a9be79a5a728b7fb0b45808e034af5.js
173.233.137.44200 OK 13 kB URL HTTP/1.1 explainpompeywistful.com/f5/a9/be/f5a9be79a5a728b7fb0b45808e034af5.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (37126), with no line terminators
Hash 360b22c654bb2ab56267a82923e67c42
accb2caa85c4359cd048b60bbdbd2e8238bae4c4
00e926c489867782adca74b3f83f4335462835aea2e67da97b1df67325c4c842
Analyzer Verdict Alert quad9 Sinkholed
GET /f5/a9/be/f5a9be79a5a728b7fb0b45808e034af5.js HTTP/1.1
Host: explainpompeywistful.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b872f57c8def9de1ebaf9e9dd394844
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tags.refinery89.com/v2/shurtpw.js
54.230.111.109200 OK 100 kB URL HTTP/2 tags.refinery89.com/v2/shurtpw.js
IP 54.230.111.109:0
File type Unicode text, UTF-8 text, with very long lines (6852), with CRLF line terminators
Size 100 kB (100410 bytes)
Hash a8273e7c2b0a02fdb0eede899a669c95
15df7094ea83568743f115158039ebb17e6b2a79
f127b7f3d19b016d2e84f318fb0d381400704db9ba1ab3f38dfafdff9b9b5423
GET /v2/shurtpw.js HTTP/1.1
Host: tags.refinery89.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
date: Fri, 31 Mar 2023 18:56:31 GMT
last-modified: Tue, 28 Mar 2023 08:49:19 GMT
etag: W/"9c97e613503f18fd4f7f3a62634b6e7d"
x-amz-server-side-encryption: AES256
cache-control: max-age=21600, public
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cgE325rzV5n9K4OCjhZpA_5RSVLfcev_fSKFz8zAId28iiAHvvsEpg==
X-Firefox-Spdy: h2
disploot.com/r/p.html?f=lcyfrjgefj&e=1135685601495
143.204.55.43200 OK 2.9 kB URL HTTP/2 disploot.com/r/p.html?f=lcyfrjgefj&e=1135685601495
IP 143.204.55.43:0
Hash b5baaa7d7966eec244b40469f4ea024d
bc84f3f1e873d9e1635b91e25a1e32a39fc94a64
a92d08a2c7b1d86904e602bbca0a56ec0100ec832a24379a3287bf693b7892f2
GET /r/p.html?f=lcyfrjgefj&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wAD162IY9GHt5y1fxzztzD8OwR2GRdRY_Shluc-GFn4GDw-bQ5__bg==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.211.2200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (39569)
Hash 29fc35d136f96359569a6a185f6798f7
cb72126a8439729cc96c2e40b2d03b71f56e481e
2a58040eecf9d7a67728b17b6d19be07880b00b7e95518bb2caa98cab88183b3
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27267
date: Fri, 31 Mar 2023 18:56:31 GMT
expires: Fri, 31 Mar 2023 18:56:31 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1528 / 912 of 1000 / last-modified: 1680260850"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
disploot.com/r/p.html?f=tlendmdb&e=1135685601495
143.204.55.43200 OK 2.9 kB URL HTTP/2 disploot.com/r/p.html?f=tlendmdb&e=1135685601495
IP 143.204.55.43:0
Hash 1efea6769a8403192478007cb591d515
0bd53fb19513abb80e277964363d21a08c6bd6ec
748c1d70a93712c32b68377db67b65484c75e96eb6cfa1cda88f6c35cd2db95a
GET /r/p.html?f=tlendmdb&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CB3ps2ZaxSu2P3X-V1hofytzJMOl9pIp_E2-UYGVK_jHXUnKbtFn1w==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.140.24200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.140.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: deba2d4a69be065cf12622ee895c8d1a
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Fri, 31 Mar 2023 18:56:31 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trx3hRUIlrlY1XqYRpMfGwG8NBuo0ZSVSextRyllzpb0CJijHg6eC2QUUhJYhx7Xa3zuOyso1dnDeSbSu8o9ZVkWbt5zCMaJyKdgD7%2BOl5vAGqvhqbvGN2ryAQNRJWKC39V%2B5eg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0ad015888c4152-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hb.adpone.com/prebid7.19.0.js
104.26.11.25200 OK 125 kB URL HTTP/2 hb.adpone.com/prebid7.19.0.js
IP 104.26.11.25:0
File type ASCII text, with very long lines (64662)
Size 125 kB (125008 bytes)
Hash dc0a0e61a3adfc36db534a48b55425a6
61c08ea121d5829a5bbba84a239b4a9503d86ee4
288ed10f4458ea08fd358eed5e2ed1c71807363a129eeb775329891c0f17aeae
GET /prebid7.19.0.js HTTP/1.1
Host: hb.adpone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:31 GMT
content-type: application/javascript
x-amz-id-2: z8zPPgpChpmPHjrETbNpCXccjPHhgx/GJFcxrGv5xpYywnazjILxUOl1MmK1mgPPDqHEJdhQRpw=
x-amz-request-id: AZB8RQQA6SHSSEK2
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
cache-control: max-age=14400
cf-cache-status: HIT
age: 1913
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmbZlLomX9qZhgKSsZmygmA5ujCgBYZxfoeTepmnesQg%2BvWm7xQ1Ygcu0nxo03RmejKqsTMRTFtgdJ5Si%2FYP6ULtzQKbcA623ALRExb6KJPmorMMtG2ji5lSQ5VueF0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b0ad0154903b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.123.95.62200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.123.95.62:0
File type ASCII text, with no line terminators
Hash bbcfe1953a78f84d3e8c50a81bcacb85
c731a825b216197f24e2b01ef48aebc056e0bba6
daf5890f5f982454ea5af4d746dcecd1a2a37aee0249c3cb01e03922a8f662ef
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:31 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
set-cookie: uid_id2=65cfdf93-dcad-41b1-9249-17759314ac78:2:1; expires=Mon, 28 Mar 2033 18:56:31 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
d24ak3f2b.top/advertisers.js
142.0.204.220301 Moved Permanently 169 B URL HTTP/1.1 d24ak3f2b.top/advertisers.js
IP 142.0.204.220:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b67ff43c74c409b92738a1ffb1f475d1
a2412a605ea6acb486140efeaa8724437f1ca2d4
ed0e3abc38200f1ac27c81af2b64db537ceb7379bf2554b7cb6d697aa7daf014
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET /advertisers.js HTTP/1.1
Host: d24ak3f2b.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.17.6
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://d24ak3f2b.top/advertisers.js
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 20b3263cb9114e6f3901a1fde167851b
d13c60abc1236e7f95cc185a761b8efd227b212b
496f56fb104f96415cfa31c1215f9fb40a4d6b72d7970061d9d41a5e46c937a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6384
Cache-Control: max-age=141984
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:31 GMT
Etag: "64269b8f-1d7"
Expires: Sun, 02 Apr 2023 10:22:55 GMT
Last-Modified: Fri, 31 Mar 2023 08:36:31 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fba3499baf3205792790049af7075da9
82aa163c729405c6e053531ae131d753893d2dc8
42bba2dc1d81ca2fec58a566b7e023a3472694acdf962af9659c590f6799833b
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 650
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://shurt.pw
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 9ad33d75-801a-4ed9-bcff-74427a265950
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 069f9934a0e19f21997dc3f7fa07ff1d
0ebd6000c5dac38829ffae5e624d32da5ef2c9a8
f7a956f911c7bafb32638f7e09e81602a4599728a8ba7994fcb8dd03b92f14ea
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3386
Cache-Control: max-age=162051
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:31 GMT
Etag: "6426f5a8-1d7"
Expires: Sun, 02 Apr 2023 15:57:22 GMT
Last-Modified: Fri, 31 Mar 2023 15:00:56 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 8a1231e0d8d9d673004c749b1b022466
266926c8db05083ec091b89ce71bd470c9e4c29c
91e7c94de40dc4e4e9d0f6d3412de8d158ae141c9a2bd8002b89faa0184c064e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5296
Cache-Control: max-age=128334
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:31 GMT
Etag: "64266a7d-1d7"
Expires: Sun, 02 Apr 2023 06:35:25 GMT
Last-Modified: Fri, 31 Mar 2023 05:07:09 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
htlb.casalemedia.com/openrtb/pbjs?s=676854&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%223e2407ca4ac2b78%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%7B%22domain%22%3A%22shurt.pw%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.19.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%2C%22adunitcode%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22433966b1c268288%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676854%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22tid%22%3A%22cdcea835-d582-426a-b0f0-a80aa602542f%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%223fc33290-e3d3-486f-beb5-32731739beb6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22f40bd5618606f2326096f40bd5618606f2326096%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
104.18.24.185200 OK 37 B URL HTTP/2 htlb.casalemedia.com/openrtb/pbjs?s=676854&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%223e2407ca4ac2b78%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%7B%22domain%22%3A%22shurt.pw%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.19.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%2C%22adunitcode%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22433966b1c268288%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676854%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22tid%22%3A%22cdcea835-d582-426a-b0f0-a80aa602542f%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%223fc33290-e3d3-486f-beb5-32731739beb6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22f40bd5618606f2326096f40bd5618606f2326096%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
IP 104.18.24.185:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23cdbe0f01abeac2afd2cc421a9209d3
30805a44f52dd24807a74c402bcd81a7259fe896
69f9788b6da71b60a675bada53d56d1d558b2a6478a6b480cec3947c67529ff7
GET /openrtb/pbjs?s=676854&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%223e2407ca4ac2b78%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%7B%22domain%22%3A%22shurt.pw%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.19.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE%22%2C%22tmax%22%3A3000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%2C%22adunitcode%22%3A%22%2F21671350435%2C22684505004%2F300x250-shurt.pw%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22433966b1c268288%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676854%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22tid%22%3A%22cdcea835-d582-426a-b0f0-a80aa602542f%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%223fc33290-e3d3-486f-beb5-32731739beb6%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22f40bd5618606f2326096f40bd5618606f2326096%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D HTTP/1.1
Host: htlb.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:31 GMT
content-type: application/json
content-length: 37
cf-ray: 7b0ad016fd8c1bfe-OSL
access-control-allow-origin: http://shurt.pw
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qiOtTLLPDZHgwsigUp%2FlsrfjOITyv4l%2BcS3iUasXZasLViJDhartS8MAjKd9nzZS7V5Qj9uAdXrsz2KNv6rBkE9qUaQMEVHgGCH8WWyQkBC3%2BMBRZqFuk%2BSN3XrdYghsza2F0OX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
status.rapidssl.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1afc9157967ee3a6672914f941ac1558
11c189c8c2ee4b07ccad3e3c84093caa7e3b6e09
280516ff86bf607913237c855f49b6836209cd3e207b7e456cdcd317156fa9df
POST / HTTP/1.1
Host: status.rapidssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6379
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:31 GMT
Last-Modified: Fri, 31 Mar 2023 17:10:12 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 727 B IP 192.229.221.95:0
Hash e05841a35164b0ca6bbbf711badd0a1b
8b6603aa26776fe7be7f4c0cb79054510dd7c7b4
008237821374a1e3677a81e2d1a97a0bba13bf1b806daa2c14b698591dd9cc6c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5663
Cache-Control: max-age=139491
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:31 GMT
Etag: "642694a3-2d7"
Expires: Sun, 02 Apr 2023 09:41:22 GMT
Last-Modified: Fri, 31 Mar 2023 08:06:59 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 727
region1.google-analytics.com/g/collect?v=2&tid=G-8LS05BDZKL>m=45je33t0&_p=1911277878&cid=1596491001.1680288990&ul=en-us&sr=1280x1024&_s=1&sid=1680288990&sct=1&seg=0&dl=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&dt=Password%20Generator%20-%20Free%20Online%20Password%20Generator&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-8LS05BDZKL>m=45je33t0&_p=1911277878&cid=1596491001.1680288990&ul=en-us&sr=1280x1024&_s=1&sid=1680288990&sct=1&seg=0&dl=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&dt=Password%20Generator%20-%20Free%20Online%20Password%20Generator&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-8LS05BDZKL>m=45je33t0&_p=1911277878&cid=1596491001.1680288990&ul=en-us&sr=1280x1024&_s=1&sid=1680288990&sct=1&seg=0&dl=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&dt=Password%20Generator%20-%20Free%20Online%20Password%20Generator&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://shurt.pw
date: Fri, 31 Mar 2023 18:56:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 523
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:31 GMT
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=39999474627&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=39999474627&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=39999474627&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 536
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:31 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: http://shurt.pw
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
shurt.pw/u/favicon.ico
172.67.140.139200 OK 739 B IP 172.67.140.139:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash bb39c5fb1d3dc2f5dad55cf7547b6e27
cdd7ef9121f4c3174238e0730c61ac6bfa1a7105
860d7c3915085c29fa2a5145aec25fc013ab3d1798cd59ab9c72bcee90cdc0a8
NIDS Severity Alert suricata low ET INFO HTTP Request to a *.pw domain
GET /u/favicon.ico HTTP/1.1
Host: shurt.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/u/zUqbTE
Cookie: AppSession=13e73c89c2560ba900f99fa7d7fbb8e2; csrfToken=fb813af7b2a005d9c4d6b470280c4e2203894727a6d3aa09f913af1f4db0eee9baf76480b9bc2f103dcfee070f7a6a8cfc979400ac2d89d618ab6a5a654cb598; ppu_show_on_04e6aaf7cf19824c28b9aefc25a57a4d=1; ab=2; _ga_8LS05BDZKL=GS1.1.1680288990.1.0.1680288990.0.0.0; _ga=GA1.1.1596491001.1680288990; ppu_main_04e6aaf7cf19824c28b9aefc25a57a4d=1; ppu_exp_04e6aaf7cf19824c28b9aefc25a57a4d=1680289350820
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: public, max-age=31536000
expires: Fri, 29 Mar 2024 23:43:46 GMT
last-modified: Fri, 04 Mar 2022 02:54:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN,SAMEORIGIN,SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: User-Agent,User-Agent, Accept-Encoding
CF-Cache-Status: HIT
Age: 69166
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0B4u8i4nWEXcq6c262pUs0nojlRgM6vfxGCAXcl9yFHgtSgQPCcpUhebQQnOWEpZ3V1aFkjjhWc%2F5XPmskm1BZMAmOyy5cBlpySfDtkX60KRy0PNZQoPpOU7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0ad018083bb50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&tg_i.domain=shurt.pw&tg_i.pbadslot=%2F21671350435%2C22684505004%2F300x250-shurt.pw&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cdcea835-d582-426a-b0f0-a80aa602542f&l_pb_bid_id=6bfc5d9c9ca1038&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7667772767723672
213.19.162.41200 OK 359 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&tg_i.domain=shurt.pw&tg_i.pbadslot=%2F21671350435%2C22684505004%2F300x250-shurt.pw&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cdcea835-d582-426a-b0f0-a80aa602542f&l_pb_bid_id=6bfc5d9c9ca1038&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7667772767723672
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (359), with no line terminators
Hash e8d548da847f8482185fad046a25dccc
c67d30d547d0c0a966c2621767972d64b72be9a7
82362d2ab4a9bd82c73213781043b60d0f6f4be2223569e4982c7b08ac93d253
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE&tg_i.domain=shurt.pw&tg_i.pbadslot=%2F21671350435%2C22684505004%2F300x250-shurt.pw&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cdcea835-d582-426a-b0f0-a80aa602542f&l_pb_bid_id=6bfc5d9c9ca1038&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7667772767723672 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://shurt.pw
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOJWY-1W-C35K; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:31 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrRy7Mj/ABvJe9DtVM30fCgnVg2hSdpo7dmSVqrghALU9b3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:31 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 359
X-Firefox-Spdy: h2
edge.quantserve.com/quant.js
91.228.74.200200 OK 9.1 kB URL HTTP/1.1 edge.quantserve.com/quant.js
IP 91.228.74.200:0
File type ASCII text, with very long lines (22007)
Hash 2886a7b591fd0f0ec7f9ac2c98beedbf
502dc0be7b891070f3f80bffbbe62fb36a2d495b
801121e8606acf065f824bd938b41cdbbff31bb6a80b641596f448e22feaa0e9
GET /quant.js HTTP/1.1
Host: edge.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: private, max-age=604800
Content-Encoding: gzip
Etag: "DUHyBE1e2vdA+NAhXV6BXg=="
Expires: Fri, 07 Apr 2023 18:56:32 GMT
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b309e009fd71e87eee984681d7257ab0
4571d105bb93e64a9654d3dbddde657a36ab749e
019a88bc80df04596fcb5d3fbf3bdb7156f875a3bc7fe7ad7bbe548a69bb221c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shb.richaudience.com/hb/
157.90.0.13200 OK 492 B IP 157.90.0.13:0
ASN #24940 Hetzner Online GmbH
Hash 00e3bc5843da1f82c4484188273e6af9
8c3f2bfde488e90a65758862bdb5d0ad9a0cd928
7c3958f28fabf59e33693c63582e8de8f23a0f3373e964eaa3aa5744ee86919f
POST /hb/ HTTP/1.1
Host: shb.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 673
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.2
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: gzip
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 918
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: http://shurt.pw
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:31 GMT
X-Firefox-Spdy: h2
www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
142.250.74.99200 OK 587 B URL HTTP/2 www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit
IP 142.250.74.99:0
File type ASCII text, with very long lines (921), with no line terminators
Hash 449cb79fad1b792de34d21d58b59f349
775096f4a3ba8aca4be15b3fdd34cd3b23057834
4ab9e4ca8d0c06275858dac7d872fce5d9bee7764cb71a5e291ba83f9402a43f
GET /recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit HTTP/1.1
Host: www.recaptcha.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 31 Mar 2023 18:56:32 GMT
date: Fri, 31 Mar 2023 18:56:32 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 587
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
142.250.74.170200 OK 124 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (2723)
Size 124 kB (123698 bytes)
Hash 6f27a78f50345819b57c641931185010
e5fbfb53f5dfe47d3bfef31bf6122966c02493d2
19f4f555a2d02cb197830a0c2d79d3cfc23db680709c29299f3bd220fc3f1a10
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 123698
date: Fri, 31 Mar 2023 18:56:32 GMT
expires: Fri, 31 Mar 2023 18:56:32 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b309e009fd71e87eee984681d7257ab0
4571d105bb93e64a9654d3dbddde657a36ab749e
019a88bc80df04596fcb5d3fbf3bdb7156f875a3bc7fe7ad7bbe548a69bb221c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e2d5e4593c830bd9a297e9d820fce16b
a48bacab5839fbc2a379e0e1f8703da462f3c31d
c273a26e5fb94b4aa7c494bd09daf02419f99307f90de3891951535ae93e8028
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 138 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 36fe4ce28e7ab0956d5d9bd636dea017
dbd2d00208301bb2cc8ffaabf7f65047ff8515fd
f30cb44e37774a518ccd440a8ff923e5497ee8ebe8a22f6d1849d860d686f8ff
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 652
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 138
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: d45caa0f-45dc-401c-88ca-bb5f1e71bf0b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 503
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 972b165b63b7739483f8fb7db0310694
d56dec8283c0277291cec96ca94919afd2c9f789
ba022b725be8436b8dfb59c5a48ae579428cb4b5807fde4d388302e6b8ae4716
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA022B725BE8436B8DFB59C5A48AE579428CB4B5807FDE4D388302E6B8AE4716"
Last-Modified: Wed, 29 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14626
Expires: Fri, 31 Mar 2023 23:00:18 GMT
Date: Fri, 31 Mar 2023 18:56:32 GMT
Connection: keep-alive
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=5527674973&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=5527674973&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=5527674973&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:31 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
disploot.com/r/p.html?f=ozueayeq&e=1135685601495
143.204.55.43200 OK 2.4 kB URL HTTP/2 disploot.com/r/p.html?f=ozueayeq&e=1135685601495
IP 143.204.55.43:0
Hash 412a68f06fede6b48e02a7a56ef129c3
5ce63e60ce4787fe781413c807f66cd76114d9fb
b8ff0c37567b688db4348bcd919188db69fcdf0c313250cb5ccd488965259893
GET /r/p.html?f=ozueayeq&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5HnSQQsoeF7VXk6qPENPvzrYH8godMNz0Qcmkzoncck15HoH-8FfrA==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 140 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c9ef707c513eebff1db9784f16e1ae4f
eabf4e0189831617b186f7f788ccd124e5177aa7
c39caa3d80d7fecc563681e1e52e3bac6c89e8afadc7e7c37695eeb7c2af0391
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 656
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 140
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: f418526e-8377-435c-bb3f-15218019a662
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991163&tk_flint=pbjs_lite_v7.19.0&x_source.tid=4d5196bc-d811-47b4-8052-1c0e89bd2d08&l_pb_bid_id=128afefc0ae7eeb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3333481941985622
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991163&tk_flint=pbjs_lite_v7.19.0&x_source.tid=4d5196bc-d811-47b4-8052-1c0e89bd2d08&l_pb_bid_id=128afefc0ae7eeb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3333481941985622
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash cf8764c6ebd6f5494062d8d8ad3db712
cdf02e5a6e96f124ced977895a7a6209cddfa764
5a15897c1cbb4ae916786eea281843f218f81276dd416f0b67b95f74297ba70b
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991163&tk_flint=pbjs_lite_v7.19.0&x_source.tid=4d5196bc-d811-47b4-8052-1c0e89bd2d08&l_pb_bid_id=128afefc0ae7eeb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3333481941985622 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOK29-28-IBJE; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqsrAgRctYVR+9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 503
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-e92MKjc__gVe1.js
54.230.111.33301 Moved Permanently 167 B URL HTTP/1.1 rules.quantcount.com/rules-p-e92MKjc__gVe1.js
IP 54.230.111.33:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /rules-p-e92MKjc__gVe1.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://rules.quantcount.com/rules-p-e92MKjc__gVe1.js
X-Cache: Redirect from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MvP_kjMzCnGp_4hjIkk_rGIs_woyejrdiAWndEZ-Mbk3_0lH3UMjXA==
rules.quantcount.com/rules-p-He6NsVBfMn23v.js
54.230.111.33301 Moved Permanently 167 B URL HTTP/1.1 rules.quantcount.com/rules-p-He6NsVBfMn23v.js
IP 54.230.111.33:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /rules-p-He6NsVBfMn23v.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://rules.quantcount.com/rules-p-He6NsVBfMn23v.js
X-Cache: Redirect from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QU9VRf2uZzUHUqf9Nz-bOo07Q-ewJQxqCpRiJWx0QQQv7SzzMPs0GA==
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=21949909580&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=21949909580&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=21949909580&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991249&tk_flint=pbjs_lite_v7.19.0&x_source.tid=570a425f-c698-445f-9904-88706fa19d9b&l_pb_bid_id=4812febbfb1eef8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5378945211696164
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991249&tk_flint=pbjs_lite_v7.19.0&x_source.tid=570a425f-c698-445f-9904-88706fa19d9b&l_pb_bid_id=4812febbfb1eef8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5378945211696164
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash a6f481594c7dc70286693a1402d70ecb
e53627b639d435e62635c76c5e42c59cff737d9d
b8fa74ca55f07d3e3e69b7e98d3fd9181cb14696a9761ee8b1c3ae4081d62cc7
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991249&tk_flint=pbjs_lite_v7.19.0&x_source.tid=570a425f-c698-445f-9904-88706fa19d9b&l_pb_bid_id=4812febbfb1eef8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5378945211696164 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOK3K-1D-DBV; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqLFp0amcKHbu9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-He6NsVBfMn23v.js
54.230.111.33200 OK 160 B URL HTTP/2 rules.quantcount.com/rules-p-He6NsVBfMn23v.js
IP 54.230.111.33:0
Hash 201719180f231f6ab8d95e87fc7bbed1
e2928d008e88857197fb7e77b888584ea880ea39
8ce93202d21342ad6d3eca7a2061c9207aa5612a69cfb2e6563c1ece3c4493a2
GET /rules-p-He6NsVBfMn23v.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 160
last-modified: Thu, 13 Oct 2022 22:43:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
date: Fri, 31 Mar 2023 18:30:59 GMT
cache-control: max-age=3600
etag: "201719180f231f6ab8d95e87fc7bbed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ucY5P4wjkBKbdn5B57ynTACM4Z-_uaxWiQCdlqVUPLynpIEwZqOFoQ==
age: 1534
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ac54bb3628890e12111d64757053dac
882c767217269bad8ce48c525f3fc09b0b463524
c1ad6c172550ea4fe7b49ec5f913099a74b95f887cb31bfde78e4895b016bc01
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 924
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:32 GMT
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-e92MKjc__gVe1.js
54.230.111.33200 OK 160 B URL HTTP/2 rules.quantcount.com/rules-p-e92MKjc__gVe1.js
IP 54.230.111.33:0
Hash 8450e3bec83284fdd887dfc5da44b7c0
d2c5bd1ae9c9f22a2b6f6ce0436bc1376e4fee73
fa4b6c1c1a06a8815bbdb713aa8b5a890797b487d0c17cba8de9d71df434c52a
GET /rules-p-e92MKjc__gVe1.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 160
last-modified: Fri, 14 Oct 2022 00:08:18 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
date: Fri, 31 Mar 2023 18:03:10 GMT
cache-control: max-age=3600
etag: "8450e3bec83284fdd887dfc5da44b7c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: N0LoISu-rkbi9ZU38hl7N2SdbPaFryc9DfxuLRdvnRcHVuHcsLKTww==
age: 3203
X-Firefox-Spdy: h2
disploot.com/r/p.html?f=lgrwwgst&e=1135685601495
143.204.55.43200 OK 2.4 kB URL HTTP/2 disploot.com/r/p.html?f=lgrwwgst&e=1135685601495
IP 143.204.55.43:0
File type HTML document, ASCII text, with CRLF line terminators
Hash a9a597b7b0fe8fc06657e8ecd1ce22cd
530c0329c174545cc9e32654322756a0a0d35ea5
c6a3473d8fb48a665e8dae46691cc34fdc701671644253ab3671928837a021f1
GET /r/p.html?f=lgrwwgst&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 36-UMVmqmHtDPLKk5p6bKq6G5NQZxqCi5M-8AtPfVUhQa8lhRYcVig==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js
142.250.74.35200 OK 166 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js
IP 142.250.74.35:0
File type HTML document, ASCII text, with very long lines (597)
Size 166 kB (166058 bytes)
Hash 4043af37a3392a9db521ff9ab62d9608
83828688e7a2259ed2f77345851a16122383b422
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321
GET /recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166058
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 08:38:04 GMT
expires: Sat, 30 Mar 2024 08:38:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Mar 2023 04:02:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 37108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ac54bb3628890e12111d64757053dac
882c767217269bad8ce48c525f3fc09b0b463524
c1ad6c172550ea4fe7b49ec5f913099a74b95f887cb31bfde78e4895b016bc01
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
disploot.com/r/p.html?f=gftzjrip&e=1135685601495
143.204.55.43200 OK 2.4 kB URL HTTP/2 disploot.com/r/p.html?f=gftzjrip&e=1135685601495
IP 143.204.55.43:0
File type HTML document, ASCII text, with CRLF line terminators
Hash a9a597b7b0fe8fc06657e8ecd1ce22cd
530c0329c174545cc9e32654322756a0a0d35ea5
c6a3473d8fb48a665e8dae46691cc34fdc701671644253ab3671928837a021f1
GET /r/p.html?f=gftzjrip&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -gN_lzJBUuM-pfkxzbPM9uPu1luUubUqRT1rlMy-s7vSQTVarMILfQ==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 138 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e567f4f8879ce52d7f3a1bcd3989385d
fc267b2cd15dcbd104e0026784c31ddce8276690
cc93874de512c283d93b1131663d7fcb3d5752c4b8b680e6ea39a8857ebcbd68
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 652
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 138
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 13cea2d1-a0a7-4282-80d1-9133d40b9fdf
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 504
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=33277082407&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=33277082407&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=33277082407&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 137 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 685428ddbaefb34953c674e5c07ad9c5
220baf1328d5801494f7aaf8453f28ad909fb35a
919ddb4f7ecdf93d5f535788e341b3433bc30d832851c95f417c03ff2b5b93da
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 651
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 137
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 303d213e-dec6-44eb-818d-e5ae751e806b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991399&tk_flint=pbjs_lite_v7.19.0&x_source.tid=92ba44b1-c369-4a8a-bfbf-359068d23cfe&l_pb_bid_id=227b4dd3256ef28&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49937315265447346
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991399&tk_flint=pbjs_lite_v7.19.0&x_source.tid=92ba44b1-c369-4a8a-bfbf-359068d23cfe&l_pb_bid_id=227b4dd3256ef28&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49937315265447346
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash abfa28b9f177ba64a22a1e6a60949e24
15f13145952ecfe7b61d7bc9006bea6b9bdf6afd
3a49b4ec71219b7db5f209700dc97002a7cfd2cd4d6b8fb7dc02679da2074f36
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991399&tk_flint=pbjs_lite_v7.19.0&x_source.tid=92ba44b1-c369-4a8a-bfbf-359068d23cfe&l_pb_bid_id=227b4dd3256ef28&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49937315265447346 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOK9V-U-7MAF; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoZSr39rzo6Ve9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 923
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:31 GMT
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=44980224525&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=44980224525&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=44980224525&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 503
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8524
Expires: Fri, 31 Mar 2023 21:18:36 GMT
Date: Fri, 31 Mar 2023 18:56:32 GMT
Connection: keep-alive
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991510&tk_flint=pbjs_lite_v7.19.0&x_source.tid=561199e1-5a7f-4a86-9f7e-b743953d4ae0&l_pb_bid_id=1081d9c789cfd908&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4541449538684349
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991510&tk_flint=pbjs_lite_v7.19.0&x_source.tid=561199e1-5a7f-4a86-9f7e-b743953d4ae0&l_pb_bid_id=1081d9c789cfd908&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4541449538684349
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash 6681368fe283be94609b7bdac88f09bc
7ac26d972311b3073965ffdf527e5a44dfd914be
b27ee8574d27ba38d9a6f4e0f2b35f1e23125c39eb6e43cc92f1c24c8fe95c90
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991510&tk_flint=pbjs_lite_v7.19.0&x_source.tid=561199e1-5a7f-4a86-9f7e-b743953d4ae0&l_pb_bid_id=1081d9c789cfd908&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4541449538684349 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOKC2-J-LRG5; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qpdB5gCF5gsY+9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8524
Expires: Fri, 31 Mar 2023 21:18:36 GMT
Date: Fri, 31 Mar 2023 18:56:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8524
Expires: Fri, 31 Mar 2023 21:18:36 GMT
Date: Fri, 31 Mar 2023 18:56:32 GMT
Connection: keep-alive
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 924
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:32 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:49:08 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 76044
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jktkwc3JLU31AY5B5pC5JTjPGARjflqoJRZiD6IpF5-10IO6UNlH_Q==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:33 GMT
age: 76199
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AdbJgoCBGJGvjP53lBj3_GWyuRF8O_fgNTPPEjUmFmyRxMQl2pgTzw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:54:29 GMT
age: 75723
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3paQf8BhyRcZoZNox8660Zyzz0WaiQxJuHmDbj4wpo-rgbDdkxrYgQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:23 GMT
age: 76149
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash c6124d71c25d41b36233fa46ca1fc808
64a1bde5708f0e09a52e6615fa6cca7ec8dcaa4a
9b0d462bb1479c0fa0af6490f81a339b55506dafdb7f42912d1e20e40cab7ebd
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170724
Date: Fri, 31 Mar 2023 18:56:32 GMT
Etag: "64271a47-1d7"
Expires: Sun, 02 Apr 2023 18:21:56 GMT
Last-Modified: Fri, 31 Mar 2023 17:37:11 GMT
Server: ECAcc (nya/7970)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JceTz4LVwvehIz6WumEJTG0MjVingZmA7h8AJgfrM5fUyZGcZ3dobg==
Age: 2685
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:44:51 GMT
age: 76301
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41f0baa1423dbd529f6c47bd51fe708f
f09b44f30b63f5e29dd247f592147ffc6b308e72
313b769259453565919ab14410faea927a23ad75636abc57851dfe67d43ea156
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4370
x-amzn-requestid: 5791c184-d5eb-4666-bc94-f838cd0183af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllHrcIAMFSWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-15fb3d2f67359d6837df5d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: opMjAWEDBvz7pKcnuQrmD_7njQ0X28fR3Ngnoe7WI96zNNNt9oQL5A==
via: 1.1 99db15345b0e5e7ad9c267ae999b8cf4.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 09:17:34 GMT
age: 34738
etag: "f09b44f30b63f5e29dd247f592147ffc6b308e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 504
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 312 B IP 192.229.221.95:0
Hash 591941524b7f5119908ad6c16f137186
fafb04de1dd4e0534d40a10299247583d4c6759d
5755939f1889f4a00de4f9d1404f3cf806b5d9af8fa9f8ca2037af2596c673e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3510
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:32 GMT
Last-Modified: Fri, 31 Mar 2023 17:58:02 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 312
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash aa215963cd9e7ca1b13ab0853509fcc1
c9cf406257890c0926daa89ddb3eb61020c62799
83a9e7e48ca49ebae4c5d8fce4447987b97559717a3985997ac2e73c6d6a16b8
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 651
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 9f437730-c3d8-4776-bbf8-f6d29a547d14
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=51529362207&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=51529362207&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=51529362207&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
143.204.55.14200 OK 2.7 kB URL HTTP/2 test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
IP 143.204.55.14:0
File type JSON data\012- , ASCII text, with very long lines (10367), with no line terminators
Hash fb594f403364e8ae058744aed63ed791
099b6b9fc92039e5dc53ebe428df8fc9a93148f0
a0eeaa93ebfde5b060c27ee17aa9fe81e0efa1efb7a2f2f0000bbb4d5e6be350
GET /GVL-v2/cmp-list.json HTTP/1.1
Host: test.quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Fri, 31 Mar 2023 03:00:35 GMT
last-modified: Thu, 30 Mar 2023 19:52:29 GMT
etag: W/"62fd667efe0c7268fc68ea18d1179e2b"
x-amz-server-side-encryption: AES256
x-amz-version-id: Q2dMm0LZtnIqBsDUTB8PNIsB16c9pwBC
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zgBTl60wWIeAoPduPsQoZUyKgAL8i5DmQqOf7kQso8xLJFOD_OqUAQ==
age: 57358
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 923
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:32 GMT
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991768&tk_flint=pbjs_lite_v7.19.0&x_source.tid=2a477fc5-90ce-4770-85aa-28e95de135c4&l_pb_bid_id=12c20a63f57fb798&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05124216384677405
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991768&tk_flint=pbjs_lite_v7.19.0&x_source.tid=2a477fc5-90ce-4770-85aa-28e95de135c4&l_pb_bid_id=12c20a63f57fb798&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05124216384677405
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash 58e42ad480efc0b0b074f971fffae11a
72c3f0abb3a599871c5cad0f40d15e743c3dd432
8a3e96eb2b9c464a97438851d25aaa7ffab45e669a80348481545a115a31c12b
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991768&tk_flint=pbjs_lite_v7.19.0&x_source.tid=2a477fc5-90ce-4770-85aa-28e95de135c4&l_pb_bid_id=12c20a63f57fb798&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05124216384677405 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:32 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOKIN-S-5GKB; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|SDziDG3X/Egr15cVAiZVMu9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 368
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 368
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:31 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 624 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1160), with no line terminators
Hash fe7c2034b740f6a6901a65460f22e024
4f0e2032af3e2983f3316b405727e69cbcf04a86
433a06fd4655d6b5cc6bd80026342951e4d9b5b011e7da89750f534197d32fe2
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 393
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://shurt.pw
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=1818972333089361969; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857928193661&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 395
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://shurt.pw
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 600 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1126), with no line terminators
Hash 48b43c9d37151aae86b67764c42d2c04
5fe60a0bc6c236599afab29471ee4a2f4ea58a95
efee343c201381a40cff7a423ee07dfe81675551acb169cef172cfb58ae46635
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 369
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=675387748081602639; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857928600048&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 368
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
disploot.com/r/p.html?f=vcapwezoqg&e=1135685601495
143.204.55.43200 OK 2.8 kB URL HTTP/2 disploot.com/r/p.html?f=vcapwezoqg&e=1135685601495
IP 143.204.55.43:0
Hash 5db73074e6ca1e5a07727fe42d74fe08
0f09ead9d02bc9a46a3f0f1304d70c31b7c13290
32319c6263dc00198bd88a29ae25c9dad1056aa5b10a5bb68eca0a1f409c3a6b
GET /r/p.html?f=vcapwezoqg&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zZnBHStu9Dc7OoyCeBfhruEKY-ZTb9ceEiluXYWMQqFZ9D2gJVQm4w==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 369
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 504
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=7822954202&lsavail=0
178.250.7.10200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=7822954202&lsavail=0
IP 178.250.7.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=7.19.0&cb=7822954202&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 494
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://disploot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 513 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (981), with no line terminators
Hash 07fb45c33d7274ee71e2572b5b693dbd
1384f6bfb9189f032e6fcd1c696c6481727e1f3b
6974f251792557ba2bedd5de9b73d37bb22c6d91dc844357d8a88962b8f73d11
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 369
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=6764830858962407536; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857929351118&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.recaptcha.net
Connection: keep-alive
Referer: https://www.recaptcha.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:35 GMT
expires: Wed, 27 Mar 2024 10:31:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 289498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 584 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1108), with no line terminators
Hash f195e21b82b7d5283984f2306ca6e822
bd08653dbe6ac273e0b442334b751ffd38c1181e
d8c4a760e9ccda52f805c002c1fb57cc4f05f38f05228149c44e21158347b259
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 368
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=555020=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=6322923001021862004; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857929172186&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 0 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 370
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
pragma: no-cache
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 620 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1198), with no line terminators
Hash 6c90fa39ad0fbaf5cf6cb99c90702741
d25ffce16dd81acafff0b3635b5e08abc80ffef2
c350a97c0fa0e4c005ecca5189417d7c4a0471e00dd703a2509a22692769c699
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 369
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=806695047328043245; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857929014578&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 468 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (909), with no line terminators
Hash ab43be8d3d2ab442588ff9f558e5ff9e
8d22f68a94b78b61b9cc555031eefbc2fc20de69
f05e6d2776f1e75212501d91ad1aa17a9e20046c6972b2cca45d612e3d3e9246
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 370
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=4007445559824486529; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857929815120&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 922
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:32 GMT
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash cd572b71c6806d7d4c10f4ad1646d208
95d07744db2525d08e6752b6f389983fda0290df
6b8796573defb8b772aaeadf1a1568595df53e6da1fb47e12eeae58652d20980
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 655
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ddcc0f41-9a23-4129-94b2-9741a5907faf
Set-Cookie: icu=ChgI0ed4EAoYASABKAEw4dmcoQY4AUABSAEQ4dmcoQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 29-Jun-2023 18:56:33 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=8845444572903356342; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 29-Jun-2023 18:56:33 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
prg.smartadserver.com/prebid/v1
185.86.139.116200 OK 518 B URL HTTP/1.1 prg.smartadserver.com/prebid/v1
IP 185.86.139.116:0
ASN #201081 SmartAdServer SAS
File type JSON data\012- , ASCII text, with very long lines (1044), with no line terminators
Hash 5ff5dd9a2310319cba2ea00071340757
60bb96d6b48a64ea794e0420558b9fa152b8f90d
36b96c414033a91f0818badeeeeb8aaa526d9e52fe71bd3a70c2510fed1a0689
POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 368
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d12999%3b%24o%3d11100; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
vs=408130=5388176; domain=.smartadserver.com; path=/
TestIfCookie=ok; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
pid=3462560603922370589; expires=Sun, 31 Mar 2024 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd2=q=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0&c=1&l=819242284&lo=988266927<=638158857929780525&o=1; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
sasd=%24qc%3D1311348260%3B%24ql%3DMedium%3B%24qpc%3D1006%3B%24qt%3D216_1430_41056t%3B%24dma%3D0; expires=Sat, 01 Apr 2023 18:56:32 GMT; domain=.smartadserver.com; path=/
transfer-encoding: chunked
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
simplewebanalysis.com/stats
3.123.95.62200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.123.95.62:0
File type ASCII text, with no line terminators
Hash bbcfe1953a78f84d3e8c50a81bcacb85
c731a825b216197f24e2b01ef48aebc056e0bba6
daf5890f5f982454ea5af4d746dcecd1a2a37aee0249c3cb01e03922a8f662ef
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Cookie: uid_id2=65cfdf93-dcad-41b1-9249-17759314ac78:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:33 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991953&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c08e5bf1-b75c-4701-ab06-543c1913857b&l_pb_bid_id=1249cffeede962c&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8568360545964885
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991953&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c08e5bf1-b75c-4701-ab06-543c1913857b&l_pb_bid_id=1249cffeede962c&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8568360545964885
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash 997940ff12785f10a75b5768a400c3a6
550dc3797792f6f5dcbb6343b3a9c92ccf9b7c5b
1c30295f444515037c35fa63aae1b0c5fcef6d385d76269a6cbd4f4803e6bbc3
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288991953&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c08e5bf1-b75c-4701-ab06-543c1913857b&l_pb_bid_id=1249cffeede962c&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8568360545964885 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:33 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOKOZ-1L-KUJL; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoCwA2K11cife9DtVM30fCgnVg2hSdpo7erKnPALAqxqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:32 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.83.142.19200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.83.142.19:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 50305f1b6387e7171675a8d0fadc8746
5e86273424f7519d039d385db673a8f4732b0613
790fc0cf9b7393d480768cdf63d8c81ea88d8d65c64a8c01597a7e35dd38db99
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 654
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 31 Mar 2023 18:56:33 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disploot.com
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 774b940a-7a31-4339-b2c4-6083c8e94a93
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
143.204.55.76200 OK 43 kB URL HTTP/2 quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
IP 143.204.55.76:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65512), with no line terminators
Hash 6c0f9f5688296e3af73cf52dd5f6f82f
41df23ef5980d5b112a652681025c0dbe2e46018
6a5660f1e760a9cb09588113fcc048f7438d04662906be42fe548cceac0a9ffe
GET /GVL-v2/vendor-list-trimmed-v1.json HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Fri, 31 Mar 2023 03:00:36 GMT
last-modified: Fri, 31 Mar 2023 03:00:33 GMT
etag: W/"13c8f6bf426ccc6ec046a6e01bf1677f"
x-amz-server-side-encryption: AES256
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3KGaeHI_5ROfD_xTLuiT_5LH8LbjrAkkA7JWeN1wRDgADZn3Hmze2w==
age: 57358
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469
34.236.45.130200 OK 766 B URL HTTP/2 api.purpleads.io/x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469
IP 34.236.45.130:0
File type JSON data\012- , ASCII text, with very long lines (1782), with no line terminators
Hash 70f6be1fc3533ac0bdfc66d602d2db46
52e280563cd548faba3ead524a00863de80a117e
2188972c850f5588b1c7f489cd3aba20c1e196a25562e81cb2bd41a21a93ebf4
GET /x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Content-Type: application/json
x-purpleads-version: 2.1.20
x-request-url: aHR0cDovL3NodXJ0LnB3L3UvelVxYlRF
Authorization: Bearer 6236aa21a8c18bdcf30eff9d2a8b7c1a:a30bda032e038a71ecf6f924868c70edc1e88dbf060df0d8e941fc365283ccaf06cb53dfb2a90cd3bb2477c21103c8fb817b93557ce146df33df735ba13017fc
Origin: http://shurt.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:33 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
access-control-expose-headers: pa-user-id
x-request-id: 760152bf-86b7-4725-880e-c55d8cf0a851
x-api-version: 0.47.4
etag: W/"6f6-l3wHB87q+j4m/ch7+culEVvX2KM"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
185.184.8.90204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP 185.184.8.90:0
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 503
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 31 Mar 2023 18:56:33 GMT
access-control-allow-origin: https://disploot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
api.purpleads.io/x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469
34.236.45.130200 OK 36 B URL HTTP/2 api.purpleads.io/x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469
IP 34.236.45.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 548b36c1aae4df119f109cc0123690a3
c4de01190242ea37fc345b2122767d4cc4db7499
cfb05e615ce69ae251e5f5474e59d5027b0ce3f54fb052ac247f85797a1a8df4
OPTIONS /x/v2/v?pid=009d2b956a05463e98ac89b78e09bb0a&ts=1680288991469 HTTP/1.1
Host: api.purpleads.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Referer: http://shurt.pw/
Origin: http://shurt.pw
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:32 GMT
access-control-allow-origin: http://shurt.pw
access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-expose-headers: pa-user-id
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288992206&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cd8946af-e05f-4a6b-aa8c-6270764395bb&l_pb_bid_id=1203b858aae1bde8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7394903350895135
213.19.162.41200 OK 327 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288992206&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cd8946af-e05f-4a6b-aa8c-6270764395bb&l_pb_bid_id=1203b858aae1bde8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7394903350895135
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (327), with no line terminators
Hash df83af7d3524477d5da3f58a1246b8ab
70b6eb6e45bed83030b073fb4215625381c606fd
f78ffc08b066eb083d44e6531bb613437df9ede4a55c0c1314f261772e48c6de
GET /a/api/fastlane.json?account_id=17210&site_id=318290&zone_id=2046446&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,f40bd5618606f2326096f40bd5618606f2326096,1,,,&rf=shurt.pw&tg_i.page=http%3A%2F%2Fshurt.pw%2F&tg_i.domain=shurt.pw&tg_i.pbadslot=adpn-adtag-1680288992206&tk_flint=pbjs_lite_v7.19.0&x_source.tid=cd8946af-e05f-4a6b-aa8c-6270764395bb&l_pb_bid_id=1203b858aae1bde8&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7394903350895135 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 31 Mar 2023 18:56:33 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LFWWOKW8-1M-2XZV; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:33 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qoO6SAVj2lErO9DtVM30fCgnVg2hSdpo7c62eNEfbVJqdb3Sbg30/XKzG6FmltYou1I+3B5/S4PVg==; Domain=.rubiconproject.com; Path=/; Expires=Sat, 30-Mar-2024 18:56:33 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 327
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.190.77204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.190.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 923
Origin: https://disploot.com
Connection: keep-alive
Referer: https://disploot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://disploot.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 31 Mar 2023 18:56:33 GMT
X-Firefox-Spdy: h2
quantcast.mgr.consensu.org/tcfv2/40/cmp2ui-en.js
143.204.55.76200 OK 96 kB URL HTTP/2 quantcast.mgr.consensu.org/tcfv2/40/cmp2ui-en.js
IP 143.204.55.76:0
Hash 6618b0613e1c33bcb0a00742aab904b7
1afdff7594fe95d9ede57f317a3988b0bfe823fd
2dcfd9106a389efdccb545836680a08b54b353ad0b37676b3b2e607b17b30707
GET /tcfv2/40/cmp2ui-en.js HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 604800
last-modified: Fri, 13 May 2022 16:53:22 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Thu, 30 Mar 2023 19:03:18 GMT
cache-control: max-age=172800
etag: W/"a69e17fb2f729417757e5fbbee7ccc37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nXB6tim1qyVTvTi0-bg_I_e2RFcJA53VdGZ3tnjNrm7LHV_uZR0xhg==
age: 86067
X-Firefox-Spdy: h2
audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22He6NsVBfMn23v%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%22Shurt.pw%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.40%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22G4xDKuzJ%2B49xs7swWNWgCw%22%2C%22clientTimestamp%22%3A1680288992553%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-f3x1flpifx0ih3neql7n%22%7D
3.120.70.208200 OK 2 B URL HTTP/2 audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22He6NsVBfMn23v%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%22Shurt.pw%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.40%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22G4xDKuzJ%2B49xs7swWNWgCw%22%2C%22clientTimestamp%22%3A1680288992553%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-f3x1flpifx0ih3neql7n%22%7D
IP 3.120.70.208:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
GET /?log=%7B%22accountId%22%3A%22He6NsVBfMn23v%22%2C%22domain%22%3A%22shurt.pw%22%2C%22publisher%22%3A%22Shurt.pw%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.40%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22G4xDKuzJ%2B49xs7swWNWgCw%22%2C%22clientTimestamp%22%3A1680288992553%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-f3x1flpifx0ih3neql7n%22%7D HTTP/1.1
Host: audit-tcfv2.quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shurt.pw
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:33 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f5a9be79a5a728b7fb0b45808e034af5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
15.197.172.60200 OK 2.8 kB URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f5a9be79a5a728b7fb0b45808e034af5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
IP 15.197.172.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2830), with no line terminators
Hash 6a5871c7beff97731b0a878ffeea175d
ae9385f04a25e56d7876a69f9b6dc2d9661c13bd
fb2ccf59da0ab415f5bdd6a0d8aac68fdbd7fda00bb98dfef9f6665da7843f30
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=f5a9be79a5a728b7fb0b45808e034af5&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 31 Mar 2023 18:56:33 GMT
Content-Type: text/html
Content-Length: 2830
Last-Modified: Wed, 15 Mar 2023 22:55:19 GMT
Connection: keep-alive
ETag: "64124cd7-b0e"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_RmTWQhmZSwUF15TssKYT5ATdoVwFFmrxfeDuGLNVpFx/+eurmMzUW6QqqDVzNtoKoQyzm43tnm3YbHCPa9HthQ
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400;
country=;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400;
Accept-Ranges: bytes
unseenreport.com/pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=04e6aaf7cf19824c28b9aefc25a57a4d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
15.197.172.60200 OK 2.8 kB URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=04e6aaf7cf19824c28b9aefc25a57a4d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
IP 15.197.172.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2830), with no line terminators
Hash 6a5871c7beff97731b0a878ffeea175d
ae9385f04a25e56d7876a69f9b6dc2d9661c13bd
fb2ccf59da0ab415f5bdd6a0d8aac68fdbd7fda00bb98dfef9f6665da7843f30
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=65cfdf93-dcad-41b1-9249-17759314ac78&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=04e6aaf7cf19824c28b9aefc25a57a4d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shurt.pw/
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 31 Mar 2023 18:56:33 GMT
Content-Type: text/html
Content-Length: 2830
Last-Modified: Wed, 15 Mar 2023 22:55:19 GMT
Connection: keep-alive
ETag: "64124cd7-b0e"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ev8liLC2JxoIB/CqCWszJZ8aolvniRezavZrE6QIkQMjx56CS6srzQfxuWH74+zcuwvJup4gDFMTjKmrGDlxLg
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400;
country=;Path=/;Max-Age=86400;
city="";Path=/;Max-Age=86400;
expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400;
Accept-Ranges: bytes
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash a9ce036f6d6084fa604e6255fcd312a1
5fa9617161c87aece377b2686fb594eca22b6cc5
a979c968786382b901173539f5e73f091b0491b7ee5bfb792af49bb898f296a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5100
Cache-Control: max-age=110481
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:34 GMT
Etag: "64262587-1d7"
Expires: Sun, 02 Apr 2023 01:37:55 GMT
Last-Modified: Fri, 31 Mar 2023 00:12:55 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6129dd95b3968e1b239294057bec93f8
7aa71805c566c49e20f3860732135c35582f41ab
f228cf64c8953eafb2c34fe1411a04a07698ab19075d5e3c6794eefc2c807fb7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F228CF64C8953EAFB2C34FE1411A04A07698AB19075D5E3C6794EEFC2C807FB7"
Last-Modified: Fri, 31 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20848
Expires: Sat, 01 Apr 2023 00:44:04 GMT
Date: Fri, 31 Mar 2023 18:56:36 GMT
Connection: keep-alive
csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=0&gdpr_consent=
35.214.153.92307 Temporary Redirect 0 B URL HTTP/2 csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=0&gdpr_consent=
IP 35.214.153.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=0&gdpr_consent= HTTP/1.1
Host: csync.loopme.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
set-cookie: viewer_token=2daf20f3-31ec-4d02-8883-007b0636c5fd; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Fri, 30-Jun-2023 18:56:36 GMT; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=2daf20f3-31ec-4d02-8883-007b0636c5fd&gdpr_consent=null&gdpr=0
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
server: _
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash e10b35d19ac3728474c612d3aaa8793f
fcdffb584277919d3cbe7541caca4ae9ae44af0f
85ee7828222da84b301271fa7dd0dacf6e1d640c1e4fb0944f67b883c048d344
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 31 Mar 2023 18:56:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 31 Mar 2023 18:44:57 GMT
Expires: Sat, 01 Apr 2023 18:44:57 GMT
ETag: "fcdffb584277919d3cbe7541caca4ae9ae44af0f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash c581f0618751aa58f2e339998ebc5b94
ee4e82a43776b8a993ea578d205ac9e7d5fc750e
33e287abfe7e45d2cf7f8932ddf72376d2e9e95884647ff43159b0ebecbf4d1b
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 04 Apr 2023 18:21:40 GMT
ETag: "ee4e82a43776b8a993ea578d205ac9e7d5fc750e"
Last-Modified: Fri, 31 Mar 2023 18:21:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 760
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0ad033ed601bfe-OSL
image8.pubmatic.com/AdServer/ImgSync?p=156383
198.47.127.18302 Found 59 B URL HTTP/2 image8.pubmatic.com/AdServer/ImgSync?p=156383
IP 198.47.127.18:0
File type HTML document, ASCII text
Hash 992c77f78faff67c3f2a15342811620b
4879cd6da55176e39b8a519060bfb3a162eb30a9
87937e7cfd21b2d731f3230926884a9e2b040eef804857980eae2b0a4a32d943
GET /AdServer/ImgSync?p=156383 HTTP/1.1
Host: image8.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=156383&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; secure;
date: Fri, 31 Mar 2023 18:56:35 GMT
content-length: 59
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent=
185.86.139.102302 Found 0 B URL HTTP/2 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent=
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:35 GMT
cache-control: no-cache,no-store
location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=3576335528838959257; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
csync=135:TAM_OK; expires=Sun, 31 Mar 2024 18:56:36 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent=
185.86.139.102302 Found 0 B URL HTTP/2 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent=
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
cache-control: no-cache,no-store
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=4744731061878919269; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
csync=134:OB_OK; expires=Sun, 31 Mar 2024 18:56:36 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash e467384d60ce7942ea98313e9c237628
38c172492cab5e5a095eba056c049bb861e16c0b
9b3329a874cab98f81a97fe4afe11923896259685fdcd8908027fc938e14afd5
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 31 Mar 2023 18:56:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 30 Mar 2023 21:33:27 GMT
Expires: Fri, 31 Mar 2023 21:33:27 GMT
ETag: "38c172492cab5e5a095eba056c049bb861e16c0b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
image8.pubmatic.com/AdServer/ImgSync?p=156383&rdf=1
198.47.127.18200 OK 0 B URL HTTP/2 image8.pubmatic.com/AdServer/ImgSync?p=156383&rdf=1
IP 198.47.127.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /AdServer/ImgSync?p=156383&rdf=1 HTTP/1.1
Host: image8.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:36 GMT
content-length: 0
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
3.33.220.150200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 3.33.220.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:36 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
185.80.36.245302 Found 0 B URL HTTP/1.1 dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
IP 185.80.36.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: dsum.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Fri, 31 Mar 2023 18:56:36 GMT
Server: Apache
Cache-Control: no-cache
Expires: 0
Location: /pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Content-Length: 0
Set-Cookie: CMID=ZCcs5F.sB7ySSn4KF39u-gAA; Path=/; Domain=casalemedia.com; Expires=Sat, 30 Mar 2024 18:56:36 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4520; Path=/; Domain=casalemedia.com; Expires=Thu, 29 Jun 2023 18:56:36 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4520; Path=/; Domain=casalemedia.com; Expires=Thu, 29 Jun 2023 18:56:36 GMT; Max-Age=7776000; Secure; SameSite=None
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 18:56:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.criteo.net/js/ld/publishertag.prebid.130.js
178.250.0.130200 OK 59 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.130.js
IP 178.250.0.130:0
File type ASCII text, with very long lines (65354)
Hash e5d4e4089beb9e862de6775435b47835
b0c40b74669fd150925900019253ce8df9bba97a
0677bfbae01a0117ec0c419c89284747dd184359ab9cf7a42abf382d3537ea57
GET /js/ld/publishertag.prebid.130.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:56:34 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-16120"
expires: Sat, 01 Apr 2023 18:56:34 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=
142.250.74.2302 Found 347 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 02a8ac82cfe6c083853b37bcdfc2b799
cdc95118fa246ce446dc7fb78b184152cc07a3c8
a1e55bb7656681f493aaa1859c25ea2e6337d19718c98b6048dc28c5ce1ed649
GET /pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=&google_tc=
date: Fri, 31 Mar 2023 18:56:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 347
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 31-Mar-2023 19:11:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=&C=1
185.80.36.245200 OK 43 B URL HTTP/1.1 dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=&C=1
IP 185.80.36.245:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /pbusermatch?origin=prebid&site_id=676854&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=&C=1 HTTP/1.1
Host: dsum.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 18:56:36 GMT
Server: Apache
Cache-Control: no-cache
Content-Type: image/gif
Expires: 0
Pragma: no-cache
Content-Length: 43
Keep-Alive: timeout=1, max=499
Connection: Keep-Alive
cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=&google_tc=
142.250.74.2302 Found 298 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=&google_tc=
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 0553a98da57856138de9af0bc437fc9c
6e51b6698f971bf8da3ac029455b1f0b52b7a0a7
6bfdbca6ae07fff7d50208eabb102c0a433862ded6e46637519e710538bd477a
GET /pixel?google_nid=smart_adserver_eb&google_hm=NDc0NDczMTA2MTg3ODkxOTI2OQ==&gdpr=0&gdpr_consent=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://ssbsync.smartadserver.com/api/sync?callerId=3&gdpr=0&gdpr_consent=&google_error=3
date: Fri, 31 Mar 2023 18:56:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 298
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&gdpr=0&gdpr_consent=&google_error=3
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&gdpr=0&gdpr_consent=&google_error=3
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&gdpr=0&gdpr_consent=&google_error=3 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=OTAxMDE2MjQ4NjI1OTYxODAzOQ%3D%3D
set-cookie: pid=9010162486259618039; expires=Tue, 30 Apr 2024 18:55:36 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=Njk1Njk0NDk2OTQ1MDc4NjkyMQ%3D%3D
set-cookie: pid=6956944969450786921; expires=Tue, 30 Apr 2024 18:55:36 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=
52.46.155.104302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=
IP 52.46.155.104:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent= HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Fri, 31 Mar 2023 18:56:36 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: TPSQ522T97R0C716WGW2
Set-Cookie: ad-id=AzWr48vskEPHjDQDftGkJns|t; Domain=.amazon-adsystem.com; Expires=Sun, 01-Oct-2023 18:56:36 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=MTMxNjAyNDczNDk0NTUxMzUxOA%3D%3D
set-cookie: pid=1316024734945513518; expires=Tue, 30 Apr 2024 18:55:36 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=NjgyMTk4MDk2NTExMzMwMzI5NA%3D%3D
set-cookie: pid=6821980965113303294; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=&dcc=t
52.46.155.104200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=&dcc=t
IP 52.46.155.104:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=3576335528838959257&gdpr=0&gdpr_consent=&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Fri, 31 Mar 2023 18:56:36 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: FPP9KVGCZ4VNVBB1GT7C
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=NTIxNjQ2MTc4OTc0MzQxOTUxOA%3D%3D
set-cookie: pid=5216461789743419518; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:37 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=MTY2NTg3NzU3OTU3ODM0NzU5NA%3D%3D
set-cookie: pid=1665877579578347594; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=NDYyNTc0ODM5NDYyNjY1MDM0OA%3D%3D
set-cookie: pid=4625748394626650348; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=Njk5NjA2NjI2MjgyMTE1MjMz
set-cookie: pid=699606626282115233; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
185.86.139.102302 Found 0 B URL HTTP/2 ssbsync.smartadserver.com/api/sync?callerId=3&google_error=5
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/sync?callerId=3&google_error=5 HTTP/1.1
Host: ssbsync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-length: 0
date: Fri, 31 Mar 2023 18:56:36 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=&google_hm=ODk4MDQ2OTg2NTUxMzg4MTc5OQ%3D%3D
set-cookie: pid=8980469865513881799; expires=Tue, 30 Apr 2024 18:55:37 GMT; domain=smartadserver.com; path=/; secure; samesite=none
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=2daf20f3-31ec-4d02-8883-007b0636c5fd&gdpr_consent=null&gdpr=0
185.86.139.102200 OK 0 B URL HTTP/2 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=2daf20f3-31ec-4d02-8883-007b0636c5fd&gdpr_consent=null&gdpr=0
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
GET /redir/?issi=1&partnerid=124&partneruserid=2daf20f3-31ec-4d02-8883-007b0636c5fd&gdpr_consent=null&gdpr=0 HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Fri, 31 Mar 2023 18:56:36 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=8606476126401728653; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
csync=124:2daf20f3-31ec-4d02-8883-007b0636c5fd; expires=Sun, 31 Mar 2024 18:56:36 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Firefox-Spdy: h2
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE
167.235.113.204200 OK 0 B URL HTTP/2 sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE
IP 167.235.113.204:0
ASN #24940 Hetzner Online GmbH
GET /bf7c142f4339da0278e83698a02b0854/?referrer=http%3A%2F%2Fshurt.pw%2Fu%2FzUqbTE HTTP/1.1
Host: sync.richaudience.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 18:56:35 GMT
content-type: image/png
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Firefox-Spdy: h2
tags.refinery89.com/prebid/prebid6.29.3.js
54.230.111.109200 OK 0 B URL HTTP/2 tags.refinery89.com/prebid/prebid6.29.3.js
IP 54.230.111.109:0
GET /prebid/prebid6.29.3.js HTTP/1.1
Host: tags.refinery89.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 13 Mar 2023 16:25:41 GMT
last-modified: Mon, 13 Mar 2023 16:24:30 GMT
etag: W/"7cab59e7d8c16a4603d8efeefee91d4d"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, public
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O_0jTy2ZiZY_Ay9i9L5lTuoCNwgo-i1u5jt3BSc7QT0yTTdg186Xxg==
age: 1564250
X-Firefox-Spdy: h2
cdn.prplads.com/prebid-video-7.22.0-2023-02-06.js
104.26.3.51200 OK 0 B URL HTTP/2 cdn.prplads.com/prebid-video-7.22.0-2023-02-06.js
IP 104.26.3.51:0
GET /prebid-video-7.22.0-2023-02-06.js HTTP/1.1
Host: cdn.prplads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 31 Mar 2023 18:56:30 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=272657
etag: W/"26908555ff2c3247cc82b5a2bb6d6c20"
last-modified: Mon, 20 Feb 2023 13:50:01 GMT
x-amz-id-2: DzXa2bATu8nmohu9nzK/y/aw62LQ5WwOpip0+kZ4vOKnbCj3qwpMvAnLiXqEmxvBPhog8z602+A=
x-amz-request-id: 2MJMZPH40B348F7G
cache-control: max-age=86400
cf-cache-status: HIT
age: 4402
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6RqyhbEwJ%2FXg72zGVzmpL8Xy8wh2wZDKQ69hmJJPiV8x5B2y4SJU22pNcRtGnLTsi7WzMQFPX2Wu0P2bRywNVxDk%2BL9TNdBk5BMZkZpXoKNLjdVyq3JQaHp3Egog2U8Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b0ad0118b86b51d-OSL
content-encoding: br
X-Firefox-Spdy: h2
cmp.quantcast.com/choice/He6NsVBfMn23v/shurt.pw/choice.js?tag_version=V2
143.204.55.76200 OK 0 B URL HTTP/2 cmp.quantcast.com/choice/He6NsVBfMn23v/shurt.pw/choice.js?tag_version=V2
IP 143.204.55.76:0
GET /choice/He6NsVBfMn23v/shurt.pw/choice.js?tag_version=V2 HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Mar 2023 09:04:34 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: br
cache-control: max-age=3600
date: Fri, 31 Mar 2023 18:56:12 GMT
etag: W/"481202fa7ab0981cf773f25c0fe5a231"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gTrHhxc_woCrMQbn_3fSYrmROFaBtMMzzG8HUqTDncLVkFT9lnHhnw==
age: 20
X-Firefox-Spdy: h2
disploot.com/r/p.html?f=dopqul&e=1135685601495
143.204.55.43200 OK 0 B URL HTTP/2 disploot.com/r/p.html?f=dopqul&e=1135685601495
IP 143.204.55.43:0
GET /r/p.html?f=dopqul&e=1135685601495 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
server: AmazonS3
content-encoding: gzip
date: Fri, 31 Mar 2023 01:14:14 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7fH2FchjzMB_AcSmTEfWAqvno8nRlCRZZtJA-JCzC2cXYn0DBhFxNg==
age: 63819
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=46bbf9b8-6b50-4d70-b961-2c6db3290d77&gdpr=0&gdpr_consent=[GDPR_CONSENT]
185.86.139.102200 OK 0 B URL HTTP/2 rtb-csync.smartadserver.com/redir/?issi=1&partnerid=130&partneruserid=46bbf9b8-6b50-4d70-b961-2c6db3290d77&gdpr=0&gdpr_consent=[GDPR_CONSENT]
IP 185.86.139.102:0
ASN #201081 SmartAdServer SAS
GET /redir/?issi=1&partnerid=130&partneruserid=46bbf9b8-6b50-4d70-b961-2c6db3290d77&gdpr=0&gdpr_consent=[GDPR_CONSENT] HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
date: Fri, 31 Mar 2023 18:56:35 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=2110449854840705036; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Wed, 01 May 2024 18:56:36 GMT; domain=smartadserver.com; path=/
csync=130:46bbf9b8-6b50-4d70-b961-2c6db3290d77; expires=Sun, 31 Mar 2024 18:56:36 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Firefox-Spdy: h2
cmp.quantcast.com/tcfv2/40/cmp2.js?referer=shurt.pw
143.204.55.76200 OK 0 B URL HTTP/2 cmp.quantcast.com/tcfv2/40/cmp2.js?referer=shurt.pw
IP 143.204.55.76:0
GET /tcfv2/40/cmp2.js?referer=shurt.pw HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shurt.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Fri, 13 May 2022 16:53:18 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Thu, 30 Mar 2023 05:23:58 GMT
cache-control: max-age=172800
etag: W/"7ceb23d8e799a5d2e886219d1bea7d5d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: C0QHcZ5EbkMUOl7JcnN09G4Whe5eGRxWua3g4iHYgqMDS96x3M5S5A==
age: 141203
X-Firefox-Spdy: h2
disploot.com/t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075
143.204.55.43200 OK 0 B URL HTTP/2 disploot.com/t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075
IP 143.204.55.43:0
GET /t.js?i=e9hb1uc7tvxuzzd1xc0kx&cb=8238911680288990075 HTTP/1.1
Host: disploot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shurt.pw/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 31 Mar 2023 16:50:03 GMT
last-modified: Fri, 31 Mar 2023 14:38:21 GMT
etag: W/"fc0cb40925a89abffcdaaa9cb15787c2"
x-amz-server-side-encryption: AES256
x-amz-version-id: Lv.0vGx1kIh5Na1EYQyAOC1VKG4k_nBt
server: AmazonS3
content-encoding: br
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A-JqiCOokhGZXsOHvh7tgd0ML4xyLNL1v3SXDjXofKmH2aWxz8T2eg==
age: 7589
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2