ouo.press/gG0kqj
104.22.59.251403 Forbidden 3.8 kB IP 104.22.59.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (836)
Hash 27bb4cdb57acb99270ae63ac0d30b485
1a53b71b8c6c77e7fc9d9801b847e4bd86e7e05d
4929dcc1ec2da211b3fae39a3ea30df76f8eb4afd335b05a182c7da73c3cb82d
GET /gG0kqj HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Date: Tue, 29 Nov 2022 18:25:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Referrer-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: __cf_bm=O_Btn0Hpfi6Qi2SFXIUTTwDxmxFHngWnKh3moibIFZY-1669746358-0-AY7kpW/ke/sWWXUniP10vXM0yJKFj7r0H35uNYviYMl9ja20YuFJTiuk0Kn6NFXf6fxDJmkKwRX0p5bPsIwe+1A=; path=/; expires=Tue, 29-Nov-22 18:55:58 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d6397ad320b51-OSL
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Tue, 29 Nov 2022 20:14:21 GMT
Date: Tue, 29 Nov 2022 18:25:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6036
Cache-Control: max-age=150348
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:25:59 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 12:11:47 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7215
Expires: Tue, 29 Nov 2022 20:26:14 GMT
Date: Tue, 29 Nov 2022 18:25:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 18:19:38 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 381
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SZmS/CilgJL5I+cLYOEjoKIFY1GJQE3OOymP3o2SM0JYI2V1ryC4aY/ph6n+1lgtD4U/Ew4VP54=
x-amz-request-id: R162MB95WKYH0WQB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 17:45:33 GMT
age: 2426
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/styles/challenges.css
104.22.59.251200 OK 2.6 kB URL HTTP/1.1 ouo.press/cdn-cgi/styles/challenges.css
IP 104.22.59.251:0
File type ASCII text, with very long lines (6294), with no line terminators
Hash ba2d8534d208d2a5b158507e004d7150
ab81307634698ea304a68783fa38937f562009a2
63b366fdbfea7cbec639f9a5f24714a831e171570625def9462d724b5c8fdc59
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:25:59 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 15:39:01 GMT
ETag: W/"6384d615-1896"
Server: cloudflare
CF-RAY: 771d6399c91bb511-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 29 Nov 2022 20:25:59 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
ouo.press/favicon.ico
104.22.59.251200 OK 0 B IP 104.22.59.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:25:59 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Sat, 14 Feb 2015 06:41:24 GMT
ETag: "54deee14-0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 3980
Accept-Ranges: bytes
Set-Cookie: __cf_bm=Pf9z4NUWM3ly2gZ2pbUJyCQiPaeXTrKm9rOsrEEYpp8-1669746359-0-AQRwxVNLQ4TeuEEwX4wzg/KB8535eDKur4lrSwVy1BVglPGwmcr3UT91CcIwtRB0VETZS9faAhTAp+/0vN+VabU=; path=/; expires=Tue, 29-Nov-22 18:55:59 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d6399de4cb4f9-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 18:25:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771d6397ad320b51
104.22.59.251200 OK 42 B URL HTTP/1.1 ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771d6397ad320b51
IP 104.22.59.251:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771d6397ad320b51 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:25:59 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 15:39:01 GMT
ETag: "6384d615-2a"
Server: cloudflare
CF-RAY: 771d639a59d4b511-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Tue, 29 Nov 2022 20:25:59 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771d6397ad320b51
104.22.59.251200 OK 24 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771d6397ad320b51
IP 104.22.59.251:0
File type ASCII text, with very long lines (55054), with no line terminators
Hash 419a2ab9b56bac7ea90dfc06a3376315
b243148b0114a7fd57bdc32dd74a2ad134e27f6b
35c5941286d62f9af38853ec22f3d68bf7c3d30a33a6b731f5a733ae9b2017e8
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771d6397ad320b51 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj?__cf_chl_rt_tk=_wFzz5Ogz5ylGv.u58vos7vZOLIpJc0Kf13f.rwjkUk-1669746358-0-gaNycGzNAv0
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:25:59 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Set-Cookie: __cf_bm=C1neq9mgBiaQiKBAUd8gh8LtWsmIYXqjhQ2a3N.Oafk-1669746359-0-AT0M4Z4QAutHHxkST82M/DtGHfi3AV8C4fEBpLWleS5K1R0g3U4DM3r0Cd0sZA7V66df13q5uHvH8rmBCMozXBk=; path=/; expires=Tue, 29-Nov-22 18:55:59 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d639a8a14b511-OSL
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 381ec5590b3943dc09bdafa08c96eb04
f3fe85cb6c55276d5501ac74c747bd8537ed79e4
721858cbf15420c66986526f57d5517d5c4465867a3a6c26bd3bfd10652015dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6067
Cache-Control: max-age=151100
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:25:59 GMT
Etag: "6385e240-116"
Expires: Thu, 01 Dec 2022 12:24:19 GMT
Last-Modified: Tue, 29 Nov 2022 10:43:12 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
104.22.59.251200 OK 54 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
IP 104.22.59.251:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash f7b3c9fe40291763da09e38305add51a
51c592f3650f196080073f27ce6d2e67ed93e04f
85fc7e0fb071a7e113761515a761f8eb781d4863152c4b17f421b99b480de801
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Content-type: application/x-www-form-urlencoded
CF-Challenge: fec7385f28c781b
Content-Length: 1832
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:25:59 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: AYwxkoWcCgD0yYuXQ/kCcUwd79d2nFPWfZ3RAQSkx8r29ZdlVKreV4EayuiJY5i+c69glO5kEKyc+v7yCIYVwq8u3xr9CbdiE/6thIINBKp4onRPTWc5OVOrtRxbhzB3ww3Sy/AsonJZgoVL7zi51ILRb7VngpIvb/ollcCaIc7H6T+pWEeCfj1E5Pg8y8iChacUDBRX+darVyTwvpqc5riFQIsfpgsnthVoCeFr0eNATbD05KIlacopJnY2pg3RCCYh+QfrGxMgJFWtKmuEwBxsC9ywOQ5usYnjYbXVootZIwwDb2ppNipmjc1jPqXKi/GoGpDcJMQLxdYWMIXsyNqzil8y5EwCfBgymV4yDjWWBMmlR5sHsidlgt7CQngF$duRTmcMVb6JjLr5Q+0P/ZA==
Set-Cookie: __cf_bm=WNywwfWUBBoUh8J1ceeVefxMAzOx3NRZveHuGuHRz6w-1669746359-0-AYfO1isFoKAcVIwSBAp372AaY7tYRyd2otuB0T+UBBIiAkmhiGCeW+4m/iYML0eMdXqLPe0/afrow6TbkCDlPkI=; path=/; expires=Tue, 29-Nov-22 18:55:59 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d639bab59b511-OSL
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 18:11:13 GMT
cache-control: public,max-age=3600
age: 886
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 50
Cache-Control: max-age=139298
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:00 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 09:07:38 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
104.18.18.132200 OK 81 kB URL HTTP/2 cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP 104.18.18.132:0
File type Unicode text, UTF-8 text, with very long lines (57362)
Hash c2b6cd26cdd2141a5e1f6a3052aaf0a5
3f96fde7c8b8425ebcbd920e34c14b689addc900
29c1f6f4b1ce22e98e09ea3b637fcdb756845e65233d146c2071b27edd5ca857
GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:25:59 GMT
content-type: application/javascript
cf-ray: 771d639b8943fac8-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"4a87133d7cfb9f9797187d43ffdd5417"
last-modified: Fri, 25 Nov 2022 11:46:32 GMT
strict-transport-security: max-age=0
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: e-vtjjiTuJNWqympaO3s7V_aWlOK4yXOIyZWB7ZnvSo2w49xVfwmGQ==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/challenge-platform/h/b/img/771d6397ad320b51/1669746359638/bFWSJCbyQgvQkfo
104.22.59.251200 OK 61 B URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/img/771d6397ad320b51/1669746359638/bFWSJCbyQgvQkfo
IP 104.22.59.251:0
File type PNG image data, 41 x 20, 8-bit/color RGB, non-interlaced\012- data
Hash fa5a9b1d465b4c97baad4fe1a18018f1
eff0b906b31c592184f04458bf0cc0b522b0ea5e
e5a914de8d623576d120563eeae5c5a2baac713695fdb315c5dae3adea10e058
GET /cdn-cgi/challenge-platform/h/b/img/771d6397ad320b51/1669746359638/bFWSJCbyQgvQkfo HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=4ZrptDjTDtOIUwYORulNzoIanz6nY8FjzbVnUFv.5hk-1669746360-0-Aah6giUM4UiamlKY+/OUocbL9djw4UeDsr2iEmumJ/1yY5NKsvkT/OQgKHdbP9tq7PPpyl0lh0SVU5/Gz0Qs06k=; path=/; expires=Tue, 29-Nov-22 18:56:00 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d63a3fe10b511-OSL
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
104.22.59.251200 OK 3.8 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
IP 104.22.59.251:0
File type ASCII text, with very long lines (4996), with no line terminators
Hash 393664192697840e152d02a713ffceb7
c59dce6cf6c004f44d4a6ebc2d194612c225a434
a01601297c83f4ac8c949d96d500cb30f8bd07a21e47cbfd6dff6dfc9689c1b7
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Content-type: application/x-www-form-urlencoded
CF-Challenge: fec7385f28c781b
Content-Length: 15454
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:01 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: DY7nEcIyNhcAVmZ4GDI8wjWJtzGS34NA9k+nadS7Y4c=$nqofrLIVtEe/EqzUugKGWA==
Set-Cookie: __cf_bm=lT0m3zVUxuRnLAfdJHo_unBnvlw5nPS3izXslXFx27U-1669746361-0-AYWAGpAVr3aJ1u2YVYUW8TWGYQwV5t6OdPG85aijGUxwIWmeIDnfIK1PjT0/s8hLjtkaz8tACXBuP47cX2Kvh9E=; path=/; expires=Tue, 29-Nov-22 18:56:01 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d63a4af04b511-OSL
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a90d8c4968f15508ff60b28eae44c97a
b17d3d50d19ac0da8b6b5496a76e858cdd91cf42
be22fbe140d57ff1f4dc5965f0b6dc1461b5796628e7ef77e1e604ab2d4fff90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4043
Cache-Control: max-age=163841
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:01 GMT
Etag: "63861bef-118"
Expires: Thu, 01 Dec 2022 15:56:42 GMT
Last-Modified: Tue, 29 Nov 2022 14:49:19 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a90d8c4968f15508ff60b28eae44c97a
b17d3d50d19ac0da8b6b5496a76e858cdd91cf42
be22fbe140d57ff1f4dc5965f0b6dc1461b5796628e7ef77e1e604ab2d4fff90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4043
Cache-Control: max-age=163841
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:01 GMT
Etag: "63861bef-118"
Expires: Thu, 01 Dec 2022 15:56:42 GMT
Last-Modified: Tue, 29 Nov 2022 14:49:19 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11394
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 18:26:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11394
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 18:26:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11394
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 18:26:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11394
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 18:26:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83c1fedec73299637cc7dc47c48af758
2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 54470
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 33865
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 48971
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2a5c8d4113d282600462749315f2c4f
e2b4d2e15bb7c086333c0da438873e4c139ba931
9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 74347
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 73446
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 748366131b496e41f92e15ce7d1cd0e0
a6c7a59a6599ece2cf0e76c778c920dea94ff469
b9ea2d419742c67e2b14536379e7383524f22645b1af988d5bd72154647fc602
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4862
x-amzn-requestid: 17c6fb35-2dc8-45e4-a226-a74ba94323b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYlHXxIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5d0-5a0f4f667a3747166eb2b338;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ImCYNlZ1ri4mMpJhMnoucEoQPgKly8gj7KvMPFYb6WpsoJ18WyFog==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 12:31:57 GMT
age: 21244
etag: "a6c7a59a6599ece2cf0e76c778c920dea94ff469"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
104.22.59.251200 OK 2.0 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b
IP 104.22.59.251:0
File type ASCII text, with very long lines (2660), with no line terminators
Hash 9e58db3f7b003af8b8c082a6df94e792
7ba6d8cf195598d8b8da524aa2e6fd68c631f587
dafd06adbcb69b3ab8753c109bdf2b1ffcf2b5f083dff1611f5ea4ecd7562bc9
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.7328464178157639:1669745109:iYVEmaxNQIPdqIZJqaD6hGEMP_57V4nZ-bPBfJaBjFA/771d6397ad320b51/fec7385f28c781b HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj
Content-type: application/x-www-form-urlencoded
CF-Challenge: fec7385f28c781b
Content-Length: 16111
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_out: KBQjdfrlFnym77QYnHQwwjbdzQ06iJY/auBHP+QP+Q0BzgeKBmL13CMlKgONKtZfO1IoTTqZ/yiRwqO7ESQ3cQ==$PAcGx2lCYihsiOmLUHa0+g==
cf_chl_out_s: avheWI+rBeWibdTlUph61HZusuJFL5qAxg1lmPmjRzJLvx7hG1M2BbZb4Il2zCfhPEpP6aR73IawC5TB1fXHXe4lL4FDjwpivsaYlWSejqUomE8vXhnuGgUiAnpEzsJJBnQVUcCIt/VNt6lU4n2COB7CY+kIGZ37nt+rT5ifmgfS+aF6d08jpQJHp0f0yc9s$Y0sxUzzEIx5T7pyxHKPjuA==
set-cookie: cf_chl_rc_m=;Expires=Mon, 28 Nov 2022 18:26:03 GMT;SameSite=Strict
__cf_bm=cL_HqmBa6PPFF5sKoOWtUIml.KKJnum7MqO5azjaMdo-1669746363-0-ARwPiKohG5/uAuYE+rC7mhmOoiFnQSYqQ8LHjib4lESC5m6i+GEi+WvxaHZW4eJ6igAqMhfXUgxJ07r3guYfKmE=; path=/; expires=Tue, 29-Nov-22 18:56:03 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d63ae2c6db511-OSL
Content-Encoding: gzip
ouo.press/gG0kqj
104.22.59.251200 OK 3.8 kB IP 104.22.59.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1938)
Hash e4bf8e258ee0ed01008f2ded7c7f4447
7b13c9f4cc0e0269bf61e36797fe6c5a44e0791b
a96dec9bb1819d9f648392c409c71acd4770d020c2706c29f42d199a4edf4bca
POST /gG0kqj HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/gG0kqj?__cf_chl_tk=_wFzz5Ogz5ylGv.u58vos7vZOLIpJc0Kf13f.rwjkUk-1669746358-0-gaNycGzNAv0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1760
Origin: http://ouo.press
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Set-Cookie: cf_clearance=DF9U_REnGLoS408UIhy_I78OplshjXr5xe5xI3NAOyI-1669746363-0-250; path=/; expires=Wed, 29-Nov-23 18:26:03 GMT; domain=.ouo.press; HttpOnly
ouoio_session=eyJpdiI6IkVINVdLam1LT0NGU0ZTTVVEdmVlYUludFRmNENrTW81Qk1pNTI0b211akE9IiwidmFsdWUiOiJBSUNkWHdYTWMyN2xHTG4wSzhUQmtsQVB2NHdYUElvWVlNS3kwYzJ5eHFoMk1jQXhcLzd0NXRGRXhic3ZkXC9HNjloZnVmd3R3UmI0cnc3aDAyVEtuclhnPT0iLCJtYWMiOiI2YmE5YTM3OWE1Y2ViMjcxNTlmODA3ZmE1MjVmMjhhNmRkNzI3MzEwNzA0ZjY0NzU2ZmI3YTA2ZjkyYTQ0NjcxIn0%3D; path=/; httponly
language=eyJpdiI6Imx6M1hmbGRtZkR6NEQyeFZ5VHJHZHV3Wmw5bjZ2ak83UXZOZldEZ1p4Rkk9IiwidmFsdWUiOiJUUWpnMGZITm9Va1ZPYXRBOGZ1TUU4VlFjQ0YzWkRPTzlIM0hhNis4SnZzPSIsIm1hYyI6IjgxNGFhZTk4OTMxMDU0MzU2OGM2MjU0NDg3NjkxYmQzNzAxOTg1NDVjN2E4NDI3MjQzYmJlNjc3ZTAwNDdmZDYifQ%3D%3D; expires=Sun, 28-Nov-2027 18:26:03 GMT; Max-Age=157680000; path=/; httponly
6ffea594ad9882fe2cdf2d6397c5faf275485f8d=eyJpdiI6Im1ZMmFkdlFiY3JQZWxEVEc5WVpWK1wvbGgzYmptbVFMc2FOZ0xXckJLREZvPSIsInZhbHVlIjoiMWxkaGVHK0kzZ1hjUm1DbEZ6VEp1ckp1YVduOWtWNzdhK1NlK3owODgrdjhyZElkZUgxbmtDKzNpMUtjMm5CYzhxdnhOQXBqWGtRUHdqTUYzTnVKQ2FPdER0SDV3dDlZQW9nZTJqOWpQU3BaaUgyU21IR1NnM2thMEI5ZnlTVUFmUHZcL1h2dEUrbDJ5S2hhK053V1Z4WmZJbnJDU2UwOURcL0FOK2FYK01TT0pWR0pTb2dLWFZWcFNxY3FPd1IwRE5zd3QyMlVscDBtUXJCQ3krUm42YkZqOGprVW1kQXdYMmNqQ3lEWGwxckhmYjJpM2lQSFIzUUZkNFFMVk1WaDloblBRMnpMUXBlUHpyMUx1YXR3dWl0M0o2dXQyWW5XQ2NRREJ2QjFQTThYWlB1ZWtzN0pnVmNITFFVNjdpMm14dk5UaUtUd01qa1RPV3VjWHJxdkIrdElLdm9zS083ZXhJVkpkQ0FoWVR2TStIWkhCb1BhXC9Nczc5U2FjQ0UyNkdzIiwibWFjIjoiODBkMjAyMzhlMjllYTAyN2JjZDU1YzJlZDM3MGM0ZWI1Mzk1MDgwMzU2YzM5YmZkNzQ4YTYwZDIwNzhkMzMzMyJ9; expires=Tue, 29-Nov-2022 20:26:03 GMT; Max-Age=7200; path=/; httponly
__cf_bm=X_bxy36W1sy1i8YK9NDflt6KQ8THfNaz02QG.VuN5F8-1669746363-0-ARR6zP+amqPxLhSzxvp1Imms8oVYKbb400a47ZH9AifxlMcvkcW6zSgKaLSiQjvWasDU0W191dhC9OTz7ZHSn8A=; path=/; expires=Tue, 29-Nov-22 18:56:03 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 771d63b22994b511-OSL
Content-Encoding: gzip
ouo.press/css/bootstrap.css
104.22.59.251200 OK 18 kB URL HTTP/1.1 ouo.press/css/bootstrap.css
IP 104.22.59.251:0
File type ASCII text, with very long lines (65452)
Hash ecd7a3b8fdf856cece681f760bad623c
3c16d8b0523e3c6de3b20f7c7f9de2ae48a2949a
40f5215bfeb4c595389b7d02127c47c94e173dbca21022c9f67eca101d03ab92
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/gG0kqj
Cookie: cf_clearance=DF9U_REnGLoS408UIhy_I78OplshjXr5xe5xI3NAOyI-1669746363-0-250; ouoio_session=eyJpdiI6IkVINVdLam1LT0NGU0ZTTVVEdmVlYUludFRmNENrTW81Qk1pNTI0b211akE9IiwidmFsdWUiOiJBSUNkWHdYTWMyN2xHTG4wSzhUQmtsQVB2NHdYUElvWVlNS3kwYzJ5eHFoMk1jQXhcLzd0NXRGRXhic3ZkXC9HNjloZnVmd3R3UmI0cnc3aDAyVEtuclhnPT0iLCJtYWMiOiI2YmE5YTM3OWE1Y2ViMjcxNTlmODA3ZmE1MjVmMjhhNmRkNzI3MzEwNzA0ZjY0NzU2ZmI3YTA2ZjkyYTQ0NjcxIn0%3D; language=eyJpdiI6Imx6M1hmbGRtZkR6NEQyeFZ5VHJHZHV3Wmw5bjZ2ak83UXZOZldEZ1p4Rkk9IiwidmFsdWUiOiJUUWpnMGZITm9Va1ZPYXRBOGZ1TUU4VlFjQ0YzWkRPTzlIM0hhNis4SnZzPSIsIm1hYyI6IjgxNGFhZTk4OTMxMDU0MzU2OGM2MjU0NDg3NjkxYmQzNzAxOTg1NDVjN2E4NDI3MjQzYmJlNjc3ZTAwNDdmZDYifQ%3D%3D; 6ffea594ad9882fe2cdf2d6397c5faf275485f8d=eyJpdiI6Im1ZMmFkdlFiY3JQZWxEVEc5WVpWK1wvbGgzYmptbVFMc2FOZ0xXckJLREZvPSIsInZhbHVlIjoiMWxkaGVHK0kzZ1hjUm1DbEZ6VEp1ckp1YVduOWtWNzdhK1NlK3owODgrdjhyZElkZUgxbmtDKzNpMUtjMm5CYzhxdnhOQXBqWGtRUHdqTUYzTnVKQ2FPdER0SDV3dDlZQW9nZTJqOWpQU3BaaUgyU21IR1NnM2thMEI5ZnlTVUFmUHZcL1h2dEUrbDJ5S2hhK053V1Z4WmZJbnJDU2UwOURcL0FOK2FYK01TT0pWR0pTb2dLWFZWcFNxY3FPd1IwRE5zd3QyMlVscDBtUXJCQ3krUm42YkZqOGprVW1kQXdYMmNqQ3lEWGwxckhmYjJpM2lQSFIzUUZkNFFMVk1WaDloblBRMnpMUXBlUHpyMUx1YXR3dWl0M0o2dXQyWW5XQ2NRREJ2QjFQTThYWlB1ZWtzN0pnVmNITFFVNjdpMm14dk5UaUtUd01qa1RPV3VjWHJxdkIrdElLdm9zS083ZXhJVkpkQ0FoWVR2TStIWkhCb1BhXC9Nczc5U2FjQ0UyNkdzIiwibWFjIjoiODBkMjAyMzhlMjllYTAyN2JjZDU1YzJlZDM3MGM0ZWI1Mzk1MDgwMzU2YzM5YmZkNzQ4YTYwZDIwNzhkMzMzMyJ9
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=109522
ETag: W/"54def1fc-1abd2"
Expires: Tue, 29 Nov 2022 23:09:11 GMT
Last-Modified: Sat, 14 Feb 2015 06:58:04 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 26212
Set-Cookie: __cf_bm=xyk5OEEO23HYqtud49F_5FauWg4BN5XlAB9HfVxE.zM-1669746363-0-AaE/VynxSWviN3QvS618dTpoVurxtCF+PDCyDFfW1UJ3tHgyCq4hwgtgp6/qj+/sjSu+h3Q6ZU+xOHZAPgnvCm8=; path=/; expires=Tue, 29-Nov-22 18:56:03 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d63b4dd00b511-OSL
Content-Encoding: gzip
ouo.press/css/link-safe.css
104.22.59.251200 OK 1.8 kB URL HTTP/1.1 ouo.press/css/link-safe.css
IP 104.22.59.251:0
Hash d91a45478adaa488ef4f1733dfa3c44c
3686ea901ce8ca85bb82f42bf0a8d39095ebf73d
4bb66b15dd5791ec4c9867c3a89ee2ef9bdb5f0bbd0d442a1fbfe2c34e9bc86b
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/gG0kqj
Cookie: cf_clearance=DF9U_REnGLoS408UIhy_I78OplshjXr5xe5xI3NAOyI-1669746363-0-250; ouoio_session=eyJpdiI6IkVINVdLam1LT0NGU0ZTTVVEdmVlYUludFRmNENrTW81Qk1pNTI0b211akE9IiwidmFsdWUiOiJBSUNkWHdYTWMyN2xHTG4wSzhUQmtsQVB2NHdYUElvWVlNS3kwYzJ5eHFoMk1jQXhcLzd0NXRGRXhic3ZkXC9HNjloZnVmd3R3UmI0cnc3aDAyVEtuclhnPT0iLCJtYWMiOiI2YmE5YTM3OWE1Y2ViMjcxNTlmODA3ZmE1MjVmMjhhNmRkNzI3MzEwNzA0ZjY0NzU2ZmI3YTA2ZjkyYTQ0NjcxIn0%3D; language=eyJpdiI6Imx6M1hmbGRtZkR6NEQyeFZ5VHJHZHV3Wmw5bjZ2ak83UXZOZldEZ1p4Rkk9IiwidmFsdWUiOiJUUWpnMGZITm9Va1ZPYXRBOGZ1TUU4VlFjQ0YzWkRPTzlIM0hhNis4SnZzPSIsIm1hYyI6IjgxNGFhZTk4OTMxMDU0MzU2OGM2MjU0NDg3NjkxYmQzNzAxOTg1NDVjN2E4NDI3MjQzYmJlNjc3ZTAwNDdmZDYifQ%3D%3D; 6ffea594ad9882fe2cdf2d6397c5faf275485f8d=eyJpdiI6Im1ZMmFkdlFiY3JQZWxEVEc5WVpWK1wvbGgzYmptbVFMc2FOZ0xXckJLREZvPSIsInZhbHVlIjoiMWxkaGVHK0kzZ1hjUm1DbEZ6VEp1ckp1YVduOWtWNzdhK1NlK3owODgrdjhyZElkZUgxbmtDKzNpMUtjMm5CYzhxdnhOQXBqWGtRUHdqTUYzTnVKQ2FPdER0SDV3dDlZQW9nZTJqOWpQU3BaaUgyU21IR1NnM2thMEI5ZnlTVUFmUHZcL1h2dEUrbDJ5S2hhK053V1Z4WmZJbnJDU2UwOURcL0FOK2FYK01TT0pWR0pTb2dLWFZWcFNxY3FPd1IwRE5zd3QyMlVscDBtUXJCQ3krUm42YkZqOGprVW1kQXdYMmNqQ3lEWGwxckhmYjJpM2lQSFIzUUZkNFFMVk1WaDloblBRMnpMUXBlUHpyMUx1YXR3dWl0M0o2dXQyWW5XQ2NRREJ2QjFQTThYWlB1ZWtzN0pnVmNITFFVNjdpMm14dk5UaUtUd01qa1RPV3VjWHJxdkIrdElLdm9zS083ZXhJVkpkQ0FoWVR2TStIWkhCb1BhXC9Nczc5U2FjQ0UyNkdzIiwibWFjIjoiODBkMjAyMzhlMjllYTAyN2JjZDU1YzJlZDM3MGM0ZWI1Mzk1MDgwMzU2YzM5YmZkNzQ4YTYwZDIwNzhkMzMzMyJ9
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: status=cannot_optimize
ETag: W/"5d951ace-1830"
Expires: Wed, 30 Nov 2022 01:31:13 GMT
Last-Modified: Wed, 02 Oct 2019 21:46:54 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 17690
Set-Cookie: __cf_bm=bR_dlbUQgvMW39xTB1opG67gC4XJjcTZSm6cNnCryXY-1669746363-0-ARN5E45PV/TxXGDm3WIfYDA/PxMcTn1fpqNCC2Kh+DMN6E/4AqXE1FwBn3uLWg1rbxz8xWs9KTUnZbe5Whp4SPE=; path=/; expires=Tue, 29-Nov-22 18:56:03 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d63b4ebf0b4f9-OSL
Content-Encoding: gzip
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.22.59.251200 OK 655 B URL HTTP/1.1 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.22.59.251:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/gG0kqj
Cookie: cf_clearance=DF9U_REnGLoS408UIhy_I78OplshjXr5xe5xI3NAOyI-1669746363-0-250; ouoio_session=eyJpdiI6IkVINVdLam1LT0NGU0ZTTVVEdmVlYUludFRmNENrTW81Qk1pNTI0b211akE9IiwidmFsdWUiOiJBSUNkWHdYTWMyN2xHTG4wSzhUQmtsQVB2NHdYUElvWVlNS3kwYzJ5eHFoMk1jQXhcLzd0NXRGRXhic3ZkXC9HNjloZnVmd3R3UmI0cnc3aDAyVEtuclhnPT0iLCJtYWMiOiI2YmE5YTM3OWE1Y2ViMjcxNTlmODA3ZmE1MjVmMjhhNmRkNzI3MzEwNzA0ZjY0NzU2ZmI3YTA2ZjkyYTQ0NjcxIn0%3D; language=eyJpdiI6Imx6M1hmbGRtZkR6NEQyeFZ5VHJHZHV3Wmw5bjZ2ak83UXZOZldEZ1p4Rkk9IiwidmFsdWUiOiJUUWpnMGZITm9Va1ZPYXRBOGZ1TUU4VlFjQ0YzWkRPTzlIM0hhNis4SnZzPSIsIm1hYyI6IjgxNGFhZTk4OTMxMDU0MzU2OGM2MjU0NDg3NjkxYmQzNzAxOTg1NDVjN2E4NDI3MjQzYmJlNjc3ZTAwNDdmZDYifQ%3D%3D; 6ffea594ad9882fe2cdf2d6397c5faf275485f8d=eyJpdiI6Im1ZMmFkdlFiY3JQZWxEVEc5WVpWK1wvbGgzYmptbVFMc2FOZ0xXckJLREZvPSIsInZhbHVlIjoiMWxkaGVHK0kzZ1hjUm1DbEZ6VEp1ckp1YVduOWtWNzdhK1NlK3owODgrdjhyZElkZUgxbmtDKzNpMUtjMm5CYzhxdnhOQXBqWGtRUHdqTUYzTnVKQ2FPdER0SDV3dDlZQW9nZTJqOWpQU3BaaUgyU21IR1NnM2thMEI5ZnlTVUFmUHZcL1h2dEUrbDJ5S2hhK053V1Z4WmZJbnJDU2UwOURcL0FOK2FYK01TT0pWR0pTb2dLWFZWcFNxY3FPd1IwRE5zd3QyMlVscDBtUXJCQ3krUm42YkZqOGprVW1kQXdYMmNqQ3lEWGwxckhmYjJpM2lQSFIzUUZkNFFMVk1WaDloblBRMnpMUXBlUHpyMUx1YXR3dWl0M0o2dXQyWW5XQ2NRREJ2QjFQTThYWlB1ZWtzN0pnVmNITFFVNjdpMm14dk5UaUtUd01qa1RPV3VjWHJxdkIrdElLdm9zS083ZXhJVkpkQ0FoWVR2TStIWkhCb1BhXC9Nczc5U2FjQ0UyNkdzIiwibWFjIjoiODBkMjAyMzhlMjllYTAyN2JjZDU1YzJlZDM3MGM0ZWI1Mzk1MDgwMzU2YzM5YmZkNzQ4YTYwZDIwNzhkMzMzMyJ9
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 15:39:19 GMT
ETag: W/"6384d627-4d7"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d63b4ea47b512-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Thu, 01 Dec 2022 18:26:03 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
fonts.googleapis.com/css?family=Questrial
142.250.74.74200 OK 387 B URL HTTP/1.1 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.74:0
Hash 7b73b3eed6a43db40b0640388112329f
ad4bb62a66f1f95c0a252f83345b40d40dcd5bb4
1776d3903d4f6fb36773bac4ccb4b86c0658838f29674d1fb506859506a41bc3
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 29 Nov 2022 18:26:03 GMT
Date: Tue, 29 Nov 2022 18:26:03 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
hhklc.com/c.js
104.21.70.122301 Moved Permanently 0 B IP 104.21.70.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 301 Moved Permanently
Date: Tue, 29 Nov 2022 18:26:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 29 Nov 2022 19:26:03 GMT
Location: https://hhklc.com/c.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgrGJrK7gyd9m%2F6tu48xEfgwbrIJH2732wUql7pGFJIK0og6ayuu10ryt0Q%2FFy5TVIH%2FMJHe%2Fr1%2BfIviIow2%2F1mT%2BYeQzMToi1xVgNoK5UPQvHN7nYsBK39kdk0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d63b4ec3e0b4d-OSL
alt-svc: h2=":443"; ma=60
ecdn.analysis.fi/static/js/fab.js
54.230.111.87200 OK 4.2 kB URL HTTP/1.1 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.87:0
File type ASCII text, with very long lines (574)
Hash 28a0bef1ecb63168106f97b637ab3414
e577575dd115f6a95aea8c2ae87d2c30c8464728
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4240
Connection: keep-alive
Server: nginx/1.20.0
Last-Modified: Tue, 14 Dec 2021 15:30:51 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Date: Tue, 29 Nov 2022 18:23:36 GMT
Expires: Tue, 29 Nov 2022 19:23:10 GMT
Cache-Control: max-age=3600
ETag: "61b8b8ab-1090"
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: eIxTzqcPAIfWUGw8esrVIjs83RRaxbHBCPPXthCZuHr0Gw9NFeei9w==
Age: 173
ecdn.firstimpression.io/fi_client.js
54.230.111.89200 OK 100 kB URL HTTP/1.1 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.89:0
File type ASCII text, with very long lines (618)
Size 100 kB (100184 bytes)
Hash acafb8fe97520e90609391535a3afd04
c13df344994913b6a19b63225fbea7a69027c26c
1caaabba5dc3d7872e2cfa8f856d27e5aab9616e266b953a61f09c1c8796fbd4
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 29 Nov 2022 18:11:52 GMT
Server: nginx/1.20.0
X-Powered-By: PHP/8.0.14
X-XSS-Protection: 0
Last-Modified: Tue, 29 Nov 2022 18:11:52 UTC
ETag: W/"f1bddb2a50cf4f786ce64b7cb5e2c232"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uI4EJAClsIcQ5QOWlPMBCJluY9OxVIcAMK3LJ38suZPrj6KilZa8bg==
Age: 851
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.132200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.132:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 729acee2a72aedc9406dba71bf4c1d00
e7f1dea037aaa2df1c1e5b884dc5d73b7bc35e82
7e9b8e953f317a7a47db6df1d1ac8be5c78e9a9524a0a07755c748c2198f816a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 29 Nov 2022 18:26:03 GMT
date: Tue, 29 Nov 2022 18:26:03 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tv.gourdycortes.com/1clkn/16562
23.109.248.177200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 23.109.248.177:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 18:26:03 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Wed, 30-Nov-2022 18:26:03 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Wed, 30-Nov-2022 18:26:03 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185302 Found 5.7 kB URL HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 29 Nov 2022 18:26:01 GMT
cache-control: max-age=300, public
location: /turnstile/v0/b/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
vary: accept-encoding
server: cloudflare
cf-ray: 771d63a54b48b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.runative-syndicate.com/sdk/v1/n.js
8.247.219.249200 OK 6.5 kB URL HTTP/1.1 cdn.runative-syndicate.com/sdk/v1/n.js
IP 8.247.219.249:0
Hash 0bb2a4da48cfb14f184dfc8b4be2e8c8
7cad31a8efab200b114b9c7b1d38aa01ea5ac3f5
75a606a1d4a188232206cc0d66196a59a95d9eedc0915cd457ddc8beda7ed3a5
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Fri, 12 Aug 2022 08:59:19 GMT
Content-Type: application/javascript
Content-Length: 5220
Connection: keep-alive
Last-Modified: Wed, 23 Mar 2022 15:25:35 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"623b3bef-3202"
Age: 9451604
Accept-Ranges: bytes
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.44200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (37180), with no line terminators
Hash d0250793014ec917f4f3329053e22995
944fdd4779b89a206b246bebe46325f3014e26d7
08248b8d3f42cea9ff8e73f0e770498c94589937a0aa39a9af8bc57e0f48dd93
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 164cf475c78b621443020f754830dc3d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 6d4aa81497d78e8890f1833dfd810f3b
1a661b0ea7a2272d32a364d110f8b2525a13a72a
c3127cd2765f7a80a75f4000fbbd0680b93a944448f0260b6c4a1dd6b041bbfa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159994
Date: Tue, 29 Nov 2022 18:26:04 GMT
Etag: "63860997-1d7"
Expires: Thu, 01 Dec 2022 14:52:38 GMT
Last-Modified: Tue, 29 Nov 2022 13:31:03 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OPEi1j4uPqO4O77UVFjtIaMZYk26K33vXKO6iJQZNG6ckjrMRvsl6g==
Age: 4895
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 4c6e97560be1b0c2d1d6e4c796f8f647
02157f31726f03ffdfa0b26aaa7ad22db520ec3e
b267e952e28d19efe15feb4e1f9c6e8c5805f75e068e4bc2c81a1f09b249772b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1; expires=Fri, 26 Nov 2032 18:26:04 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
cdn.run-syndicate.com/sdk/v1/n.css
8.248.225.238200 OK 8.3 kB URL HTTP/1.1 cdn.run-syndicate.com/sdk/v1/n.css
IP 8.248.225.238:0
File type ASCII text, with very long lines (8277), with no line terminators
Hash 37ebbc4b85fb5383d08547f5fe9d8d9f
99dac34980b1fd00028f76e782444bdf948724c5
24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Thu, 03 Mar 2022 22:40:12 GMT
Content-Type: text/css
Content-Length: 8277
Connection: keep-alive
ETag: "6114dd75-2055"
Last-Modified: Thu, 12 Aug 2021 08:36:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 23399152
Accept-Ranges: bytes
friendshipmale.com/sfp.js
104.21.234.92200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:04 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 6536c4a95e1bb8ccfcabe273c9310135
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 29 Nov 2022 18:26:04 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2XWrmL3aIlTrbI2vPJZmjJHdM28pIQbuWvW2YE9adV2u1G6AqD8TjvLsy6rvLuoLb%2Ft1E9gk99L6XU%2BaFv7WTio3hJAXG3dt2A0SdvTin%2BhfU4hlkjqVSQYBRbgoO3%2FiETPr3o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771d63b8cf6e7308-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
216.58.207.227200 OK 19 kB URL HTTP/1.1 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19292
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 25 Nov 2022 14:28:03 GMT
Expires: Sat, 25 Nov 2023 14:28:03 GMT
Cache-Control: public, max-age=31536000
Age: 359881
Last-Modified: Wed, 27 Apr 2022 16:12:54 GMT
Content-Type: font/woff2
run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,kqj&adtype=label-under&callback=callback_SybiG
136.243.134.97200 OK 4.7 kB URL HTTP/1.1 run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,kqj&adtype=label-under&callback=callback_SybiG
IP 136.243.134.97:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (8800), with no line terminators
Hash 0429e8b933de3e8cd027c1c32a374348
2e8bdc03c57c1bd29e5e86ed769e9cef236a2592
c678fb191d1f28032a97cb042701c9d13e0891990f8caf4ea23ef795df0c87be
GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,kqj&adtype=label-under&callback=callback_SybiG HTTP/1.1
Host: run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 29 Nov 2022 18:26:04 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
X-Request-Id: e780f03b26bb45b9
Set-Cookie: ts_uid=99144377-424a-4b8f-8529-fadc2a13c23b; expires=Mon, 29 May 2023 18:26:04 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
widgets.outbrain.com/images/widgetIcons/achoice.svg
2.18.173.74200 OK 2.7 kB URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 2.18.173.74:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Hash 9d26fa4e7238ed94f1d0d92afb453b3e
ae18efe7d09337bf2f580b3f5bc912284aad7821
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Thu, 29 Dec 2022 18:26:04 GMT
date: Tue, 29 Nov 2022 18:26:04 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.134200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.134:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 07:04:08 GMT
expires: Wed, 30 Nov 2022 07:04:08 GMT
cache-control: public, max-age=86400
age: 40916
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.35200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 83767
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 18:26:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 18:26:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=336023,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771d63bbec450b69-OSL
lcdn.tsyndicate.com/images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp
8.247.219.249200 OK 9.2 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp
IP 8.247.219.249:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a1ae644ba4fcaac6d9ce47cf82d7058a
f8df54e72325f37ed55147e6705e02cdd18c25c2
33a27d5aa39a48767831f7c48e40878f7c26a02d29c24dfe246703b2723be6ac
GET /images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:04 GMT
content-type: image/webp
content-length: 9241
last-modified: Thu, 10 Nov 2022 11:53:00 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"636ce61c-2402"
age: 1574378
accept-ranges: bytes
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 4c6e97560be1b0c2d1d6e4c796f8f647
02157f31726f03ffdfa0b26aaa7ad22db520ec3e
b267e952e28d19efe15feb4e1f9c6e8c5805f75e068e4bc2c81a1f09b249772b
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Cookie: uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHWmBGDTJgaNFrMGFPmRgsaYsSUaYGDxo0ZJ8nYmAHDho0yMMLkqCHiYZg6YzLCMENDZg0bMVoMHWOShpkwYVqEsSEGRosbOMjEGNPSTA4xY2T0hEjGzkIZMGDMoPEQTh0xC2fIaOgQIhw4Z4_KfTgHzkQdM3LYqCnDxsMxbfDqoIHjhuAcPsmYWWhDxkMxbtzEhXGDsY0bD9u4wahDBo0cOXC0FU06Rg61hkXUkcMm7owZg3HEriNWx0A6dODM0fHiBR48bMqocXFGThg6aczkYTPaI50yc1yMedPmxY86dNp8mfNmNskeOczQpMHZxhjBY2aUacmlTtrCc2L0oHnDcf37NswhQw8NmRYDDTH8BwN-M-wnGGE2KIhfDT0w5pgNOUjoHhtpjLHGF2mQ0YMeeMAQBRZIuLFGEXBkkUYcdzzxhRtSZGFEGUVUgcYac-CQxRAxWHHFDWu84aMeTgSxRBp6mCFEE2G0QcUMVNiRRxtMUHmEHWTAUYYbNOSBAxt5wEAHFTnQsUQeS2RxBRw3SBeDGWYIiAQSM0ixhhJNcNgEGlEcEYcQQsAhxB1fnFFFEkRIUUUaGqqhX4L2LWiDGjkQOBYZ3GVU3hsuwCEHdgod9txCWyDYRVtyBAXYSjVdNpkOMLgAQ0UijAGHeKK6Wut9bIkghx2KofVQGbq2sdCvaj1URx1pZITagTTM0N9JpkWFEg5msFSDDDm08BQZYYURw0gyzADXQ2koJkIOMbjwmgs0yOBCQzSMJQeI7sIrb6313gvSWHWEkVETb-iRBhtshPFCDbaCgMIVabjB6R1zgOAEFSDE8OsOIFDshg00gIwHySAPyxAMEMOQAghHIFvkC2h5fOutIBiRxqhmvIHHCx63PNYYrorgxBNjvbEv0RkdPRYbRRfhxKZl2PHFqLUxVEN_OOCGQ1oPyXGGZqXV0NhDB1kthhwL4aCaCGl_0cYbZJylG65kyPFGXA-9odBirPqcx0LB8pwRGsDBQdwLn4Y66hxzvDDWHRnFIMPXY6FR-YL58jVsRnrT8ZzSLdThRhp0nJSDC-RavmnRB33RulgWKcuQTTl0NhPJtfcWA-6640bDabEZdDV2cHxx6u0YBs-7CFUrn5wcdPy9xVqrQiTGX3CX8VQdbEzUFtTLHrar1c5Btzet9MoALmi5tiZDHwoEBA%3D%3D&r=1&s=c80cb7ef92308b915e1af75ba83c61607dbcfbe34347f832db855c62062e34721669746364&w=t&ir=245x208
136.243.46.131200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHWmBGDTJgaNFrMGFPmRgsaYsSUaYGDxo0ZJ8nYmAHDho0yMMLkqCHiYZg6YzLCMENDZg0bMVoMHWOShpkwYVqEsSEGRosbOMjEGNPSTA4xY2T0hEjGzkIZMGDMoPEQTh0xC2fIaOgQIhw4Z4_KfTgHzkQdM3LYqCnDxsMxbfDqoIHjhuAcPsmYWWhDxkMxbtzEhXGDsY0bD9u4wahDBo0cOXC0FU06Rg61hkXUkcMm7owZg3HEriNWx0A6dODM0fHiBR48bMqocXFGThg6aczkYTPaI50yc1yMedPmxY86dNp8mfNmNskeOczQpMHZxhjBY2aUacmlTtrCc2L0oHnDcf37NswhQw8NmRYDDTH8BwN-M-wnGGE2KIhfDT0w5pgNOUjoHhtpjLHGF2mQ0YMeeMAQBRZIuLFGEXBkkUYcdzzxhRtSZGFEGUVUgcYac-CQxRAxWHHFDWu84aMeTgSxRBp6mCFEE2G0QcUMVNiRRxtMUHmEHWTAUYYbNOSBAxt5wEAHFTnQsUQeS2RxBRw3SBeDGWYIiAQSM0ixhhJNcNgEGlEcEYcQQsAhxB1fnFFFEkRIUUUaGqqhX4L2LWiDGjkQOBYZ3GVU3hsuwCEHdgod9txCWyDYRVtyBAXYSjVdNpkOMLgAQ0UijAGHeKK6Wut9bIkghx2KofVQGbq2sdCvaj1URx1pZITagTTM0N9JpkWFEg5msFSDDDm08BQZYYURw0gyzADXQ2koJkIOMbjwmgs0yOBCQzSMJQeI7sIrb6313gvSWHWEkVETb-iRBhtshPFCDbaCgMIVabjB6R1zgOAEFSDE8OsOIFDshg00gIwHySAPyxAMEMOQAghHIFvkC2h5fOutIBiRxqhmvIHHCx63PNYYrorgxBNjvbEv0RkdPRYbRRfhxKZl2PHFqLUxVEN_OOCGQ1oPyXGGZqXV0NhDB1kthhwL4aCaCGl_0cYbZJylG65kyPFGXA-9odBirPqcx0LB8pwRGsDBQdwLn4Y66hxzvDDWHRnFIMPXY6FR-YL58jVsRnrT8ZzSLdThRhp0nJSDC-RavmnRB33RulgWKcuQTTl0NhPJtfcWA-6640bDabEZdDV2cHxx6u0YBs-7CFUrn5wcdPy9xVqrQiTGX3CX8VQdbEzUFtTLHrar1c5Btzet9MoALmi5tiZDHwoEBA%3D%3D&r=1&s=c80cb7ef92308b915e1af75ba83c61607dbcfbe34347f832db855c62062e34721669746364&w=t&ir=245x208
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHWmBGDTJgaNFrMGFPmRgsaYsSUaYGDxo0ZJ8nYmAHDho0yMMLkqCHiYZg6YzLCMENDZg0bMVoMHWOShpkwYVqEsSEGRosbOMjEGNPSTA4xY2T0hEjGzkIZMGDMoPEQTh0xC2fIaOgQIhw4Z4_KfTgHzkQdM3LYqCnDxsMxbfDqoIHjhuAcPsmYWWhDxkMxbtzEhXGDsY0bD9u4wahDBo0cOXC0FU06Rg61hkXUkcMm7owZg3HEriNWx0A6dODM0fHiBR48bMqocXFGThg6aczkYTPaI50yc1yMedPmxY86dNp8mfNmNskeOczQpMHZxhjBY2aUacmlTtrCc2L0oHnDcf37NswhQw8NmRYDDTH8BwN-M-wnGGE2KIhfDT0w5pgNOUjoHhtpjLHGF2mQ0YMeeMAQBRZIuLFGEXBkkUYcdzzxhRtSZGFEGUVUgcYac-CQxRAxWHHFDWu84aMeTgSxRBp6mCFEE2G0QcUMVNiRRxtMUHmEHWTAUYYbNOSBAxt5wEAHFTnQsUQeS2RxBRw3SBeDGWYIiAQSM0ixhhJNcNgEGlEcEYcQQsAhxB1fnFFFEkRIUUUaGqqhX4L2LWiDGjkQOBYZ3GVU3hsuwCEHdgod9txCWyDYRVtyBAXYSjVdNpkOMLgAQ0UijAGHeKK6Wut9bIkghx2KofVQGbq2sdCvaj1URx1pZITagTTM0N9JpkWFEg5msFSDDDm08BQZYYURw0gyzADXQ2koJkIOMbjwmgs0yOBCQzSMJQeI7sIrb6313gvSWHWEkVETb-iRBhtshPFCDbaCgMIVabjB6R1zgOAEFSDE8OsOIFDshg00gIwHySAPyxAMEMOQAghHIFvkC2h5fOutIBiRxqhmvIHHCx63PNYYrorgxBNjvbEv0RkdPRYbRRfhxKZl2PHFqLUxVEN_OOCGQ1oPyXGGZqXV0NhDB1kthhwL4aCaCGl_0cYbZJylG65kyPFGXA-9odBirPqcx0LB8pwRGsDBQdwLn4Y66hxzvDDWHRnFIMPXY6FR-YL58jVsRnrT8ZzSLdThRhp0nJSDC-RavmnRB33RulgWKcuQTTl0NhPJtfcWA-6640bDabEZdDV2cHxx6u0YBs-7CFUrn5wcdPy9xVqrQiTGX3CX8VQdbEzUFtTLHrar1c5Btzet9MoALmi5tiZDHwoEBA%3D%3D&r=1&s=c80cb7ef92308b915e1af75ba83c61607dbcfbe34347f832db855c62062e34721669746364&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 18:26:05 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHiMIMDBpkaNFqIiREjTAsaHHG0CEMjjJgWZWLCaClDRo0yNGaIeBimzpiMMMzQIGOjho0YLYKOuXHSTBiTYWyIgdHiBg4yMcbgQJlDzBgZOyGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTlmjcB_OgTNRx4wcNmDYkGHj4Zg2dnXQwHEDcA6eZMwsHPxQjBs3b2HcWHxjxsM2bjDqkEEjRw4ca0GLjpEDbWERdeSweTtjRuAcMh7WAatjIB06cOboePECDx42ZdS4OCMnDJ00ZvKwCU3GeZk5Lsa8afPiRx06bb7MeRN7TJkeOczMmKnZxhjAY2aU2cqlzlnCc2L0WH-jcf37NswhQw8NkRYDDTH8BwN-M-wHmGCEKYhfDT1w5piE7rGRxhhrfJEGGT1QEUV8etywRBA0yGGFHFc8ERwRWshxRxxOQGHGFSYWcUQNSKQhhRJ2NCEEFUNckQUdaLiBwxtkfCEEDVm0cIYYSGgRJQ5LRCEGDW_YQYYaRMShxBQwvMGEFk3UEQQTUtDwBRlYHBGHHTMUUYQWX1RRxBJIOKHGTWLYIcQZRQTxxRlVJEGEFFWkgaEa-iVo34I2qJEDgWGRsV1G5L3hAhxyXKeQYc4ttAWCXawlx09-lZHUa2JIpgMMLsBQkQhjwBEeqKzSep9aIshhR2JmPVRGrm0s5CtautWRRkamHZhTfyeRZhINYmzUAg41yJBDC06R8VUYMczw1QxuPZRGYiLkEIMLrblAgwwuNERDWHJ4yK678NI6b70ghVVHGBk18YYeabDBRhgv1FArCChckYYbmt4xBwhOUAFCDL7uAILEbthAg8d4iOyxsAzB4DAMKYBwxLFrvPGCWRzbaisIRqQRqhlv4PECxyuHNQarIjjxRFhv5Dt0RkaHxQbRRTiRaRl2fBHqbAzV0B8OtnUEw0NynIHZaDUw9tBBVYshx0I4oCYC2l-0wWRZOBx1thxvvPXQGwoppmrPeSwE7M4ZofEbHMO90Omnoc4xxwth3ZFRDDJ0FBYaky94r17CZoQ3Hc4l3UIdbqRBx0k5uCAu5ZkSfdCbY7BuUbIM2WBDDpvZYBuw4PEWg-2406C7yKXdAJnV18HxRam135777sZWHQZyctDR9xZppQqRGH29XYZTdbAx0VpPU2SYrlU391zes8pL0g2vjbGaDH0oEBA%3D&r=1&s=6684cdd32e4a40c1de3d5010942a265d63c29c5eae9f83054d7d95cad412dddd1669746364&w=t&ir=245x208
136.243.46.131200 OK 96 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHiMIMDBpkaNFqIiREjTAsaHHG0CEMjjJgWZWLCaClDRo0yNGaIeBimzpiMMMzQIGOjho0YLYKOuXHSTBiTYWyIgdHiBg4yMcbgQJlDzBgZOyGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTlmjcB_OgTNRx4wcNmDYkGHj4Zg2dnXQwHEDcA6eZMwsHPxQjBs3b2HcWHxjxsM2bjDqkEEjRw4ca0GLjpEDbWERdeSweTtjRuAcMh7WAatjIB06cOboePECDx42ZdS4OCMnDJ00ZvKwCU3GeZk5Lsa8afPiRx06bb7MeRN7TJkeOczMmKnZxhjAY2aU2cqlzlnCc2L0WH-jcf37NswhQw8NkRYDDTH8BwN-M-wHmGCEKYhfDT1w5piE7rGRxhhrfJEGGT1QEUV8etywRBA0yGGFHFc8ERwRWshxRxxOQGHGFSYWcUQNSKQhhRJ2NCEEFUNckQUdaLiBwxtkfCEEDVm0cIYYSGgRJQ5LRCEGDW_YQYYaRMShxBQwvMGEFk3UEQQTUtDwBRlYHBGHHTMUUYQWX1RRxBJIOKHGTWLYIcQZRQTxxRlVJEGEFFWkgaEa-iVo34I2qJEDgWGRsV1G5L3hAhxyXKeQYc4ttAWCXawlx09-lZHUa2JIpgMMLsBQkQhjwBEeqKzSep9aIshhR2JmPVRGrm0s5CtautWRRkamHZhTfyeRZhINYmzUAg41yJBDC06R8VUYMczw1QxuPZRGYiLkEIMLrblAgwwuNERDWHJ4yK678NI6b70ghVVHGBk18YYeabDBRhgv1FArCChckYYbmt4xBwhOUAFCDL7uAILEbthAg8d4iOyxsAzB4DAMKYBwxLFrvPGCWRzbaisIRqQRqhlv4PECxyuHNQarIjjxRFhv5Dt0RkaHxQbRRTiRaRl2fBHqbAzV0B8OtnUEw0NynIHZaDUw9tBBVYshx0I4oCYC2l-0wWRZOBx1thxvvPXQGwoppmrPeSwE7M4ZofEbHMO90Omnoc4xxwth3ZFRDDJ0FBYaky94r17CZoQ3Hc4l3UIdbqRBx0k5uCAu5ZkSfdCbY7BuUbIM2WBDDpvZYBuw4PEWg-2406C7yKXdAJnV18HxRam135777sZWHQZyctDR9xZppQqRGH29XYZTdbAx0VpPU2SYrlU391zes8pL0g2vjbGaDH0oEBA%3D&r=1&s=6684cdd32e4a40c1de3d5010942a265d63c29c5eae9f83054d7d95cad412dddd1669746364&w=t&ir=245x208
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 4 x 75, 8-bit/color RGB, non-interlaced\012- data
Hash 62997b415897f652c8cf6c1b3dfe15c7
d667ef5568f2fed9424d1348942d63385d9f70b7
956f4186e522d83352f4b0675accb74e48bd644b4f7799fac08813c64d53dd1d
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zCyHiMIMDBpkaNFqIiREjTAsaHHG0CEMjjJgWZWLCaClDRo0yNGaIeBimzpiMMMzQIGOjho0YLYKOuXHSTBiTYWyIgdHiBg4yMcbgQJlDzBgZOyGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTlmjcB_OgTNRx4wcNmDYkGHj4Zg2dnXQwHEDcA6eZMwsHPxQjBs3b2HcWHxjxsM2bjDqkEEjRw4ca0GLjpEDbWERdeSweTtjRuAcMh7WAatjIB06cOboePECDx42ZdS4OCMnDJ00ZvKwCU3GeZk5Lsa8afPiRx06bb7MeRN7TJkeOczMmKnZxhjAY2aU2cqlzlnCc2L0WH-jcf37NswhQw8NkRYDDTH8BwN-M-wHmGCEKYhfDT1w5piE7rGRxhhrfJEGGT1QEUV8etywRBA0yGGFHFc8ERwRWshxRxxOQGHGFSYWcUQNSKQhhRJ2NCEEFUNckQUdaLiBwxtkfCEEDVm0cIYYSGgRJQ5LRCEGDW_YQYYaRMShxBQwvMGEFk3UEQQTUtDwBRlYHBGHHTMUUYQWX1RRxBJIOKHGTWLYIcQZRQTxxRlVJEGEFFWkgaEa-iVo34I2qJEDgWGRsV1G5L3hAhxyXKeQYc4ttAWCXawlx09-lZHUa2JIpgMMLsBQkQhjwBEeqKzSep9aIshhR2JmPVRGrm0s5CtautWRRkamHZhTfyeRZhINYmzUAg41yJBDC06R8VUYMczw1QxuPZRGYiLkEIMLrblAgwwuNERDWHJ4yK678NI6b70ghVVHGBk18YYeabDBRhgv1FArCChckYYbmt4xBwhOUAFCDL7uAILEbthAg8d4iOyxsAzB4DAMKYBwxLFrvPGCWRzbaisIRqQRqhlv4PECxyuHNQarIjjxRFhv5Dt0RkaHxQbRRTiRaRl2fBHqbAzV0B8OtnUEw0NynIHZaDUw9tBBVYshx0I4oCYC2l-0wWRZOBx1thxvvPXQGwoppmrPeSwE7M4ZofEbHMO90Omnoc4xxwth3ZFRDDJ0FBYaky94r17CZoQ3Hc4l3UIdbqRBx0k5uCAu5ZkSfdCbY7BuUbIM2WBDDpvZYBuw4PEWg-2406C7yKXdAJnV18HxRam135777sZWHQZyctDR9xZppQqRGH29XYZTdbAx0VpPU2SYrlU391zes8pL0g2vjbGaDH0oEBA%3D&r=1&s=6684cdd32e4a40c1de3d5010942a265d63c29c5eae9f83054d7d95cad412dddd1669746364&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 18:26:05 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 19b80a71a969eb1653f9851c5b8c817b
2a3a0d2d8024d5c14bb55bd7c9deb733262d82c6
65ad49c20655deb663808a9fd88509a632a31b25b88d99a16067ca7ab745705b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65AD49C20655DEB663808A9FD88509A632A31B25B88D99A16067CA7AB745705B"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11895
Expires: Tue, 29 Nov 2022 21:44:20 GMT
Date: Tue, 29 Nov 2022 18:26:05 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
192.243.59.20200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 29 Nov 2022 18:26:05 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc82742b98df6cb9be1015da8a8b5e41
Strict-Transport-Security: max-age=0; includeSubdomains
specialistinsensitive.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11%3A1%3A1
173.233.137.60200 OK 4.4 kB URL HTTP/1.1 specialistinsensitive.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11%3A1%3A1
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (6117), with no line terminators
Hash 3dd102da436eb56b7a9ed15947294f04
6c179fb449c668bff6604ccd65117a5df98878dd
33bac87e14f8f9660c3c14f37f6b37bcea058701fdee14a4bd7515264eac3184
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6dc3415c-4837-4f6d-b025-65e7eaaa0d11%3A1%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:06 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://ouo.press
Access-Control-Allow-Origin: http://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Wed, 30 Nov 2022 18:26:05 GMT; secure; SameSite=None
uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1; expires=Tue, 06 Dec 2022 18:26:05 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 30 Nov 2022 18:26:06 GMT; secure; SameSite=None
uncs=1; expires=Wed, 30 Nov 2022 18:26:06 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 30 Nov 2022 18:26:06 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 30 Nov 2022 18:26:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: df6ec7a1a5669355b0bd02acdc029b0d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH308QFC8elEE8KJhJ9XTPP%2Few7LquBGMSdlcD4qW6qnpSTk1XU9U9PQkeggvLXoTxpMfOm2TD6iIunhWZeJGAkPGw5GC8ieBR2LPMZGD0g%2B7ve%2FW%2Bw3uv6t5efkYocna68Z7ZUVqz5XqVVl7bVIkwhaus3an4tEqvVDZV0givVAbTn%2B2%2F6dN6lb5eeUfyrlmuUZ9Sn%2FqVm8rK2AyWZyxU%2BqjtV9u0Gtaqfj3EwP4Xu9yDYx5E%2F4w8DyUml7d%2BfgzFx0h6396QrpuZ9I23e7lmmbHoi8P3k25iigS9xRhbD3FyON%2BGcRNCvrwAkxzOHcD096cOEKkJ8Z74iJLDuUxE%2FYNzpZGGTBCJZ1D0x5B6DMXG4OYulDghABdYW0fSe7BmbMG2z1k2ZSfk0tO%2FoYoJufTbC0h631zXalC5bXSeKZM4DOISajCG6oyR5kfIdjyo4gg8%2BxRK%2FEKWn64i6e2vO22gxOmrDcGD0K%2FzpbAVNJfCuCGWIlqrLzXqsikZY1T4%2FiwipcZQ8RhaDsGch3z6KQ957CFPPfTEaYXV2zGlzTiKg6AVcs6DgPN6qyHqIghbMUXOpx6GyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqBgBIUiKDKCol8eCO1qrnwgtMsjf95r8x6UI5N19tiByToyIXvpGXluFtxfH32HrjytSBE0qB82gqBVawvepCysCc6ZjEUcxL4Pp0ood2Fmc0edPPsEqTr5X4mIHcHpI3D1Clj%2BElgxatYo2NYobFHsJA9Nbqqplc5BmBJpdhnZtrenz8iLMwHtPzxIfnz1i8%2FWf78iPgS3JVJb4mP1E0FH3x%2FdMgXZv2UKRx6vp5nqqR02vdXbGcvkxa%2FelduFsWLlhhs%2BvManxHR8dEe6bJUlQiUdR76%2BroSQ9qaxXJLvV9ymjDZyt3U9t0merm68dXOlNxOoTDIGUycffAKuJuT%2Ftjt7ry%2F%2FeQ3KjmHzEr38mMwLyozB0124dKHeGQKrFztR6qHIy5GtRYtDrQi0XGAWlXD%2FwtFi3nP30bEeWHYXSa9E35bo6xJMD%2BHyi6MstcdXfw1mhUh7o0hbbz%2FSVn9%2BHq1TpxVZj2ksaU1GcTuKm4yKdhy2I9b2ZTOqMx%2BZm%2FB7az%2F8AwAA%2F%2F8BAAD%2F%2Fwaw6rKHBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH308QFC8elEE8KJhJ9XTPP%2Few7LquBGMSdlcD4qW6qnpSTk1XU9U9PQkeggvLXoTxpMfOm2TD6iIunhWZeJGAkPGw5GC8ieBR2LPMZGD0g%2B7ve%2FW%2Bw3uv6t5efkYocna68Z7ZUVqz5XqVVl7bVIkwhaus3an4tEqvVDZV0givVAbTn%2B2%2F6dN6lb5eeUfyrlmuUZ9Sn%2FqVm8rK2AyWZyxU%2BqjtV9u0Gtaqfj3EwP4Xu9yDYx5E%2F4w8DyUml7d%2BfgzFx0h6396QrpuZ9I23e7lmmbHoi8P3k25iigS9xRhbD3FyON%2BGcRNCvrwAkxzOHcD096cOEKkJ8Z74iJLDuUxE%2FYNzpZGGTBCJZ1D0x5B6DMXG4OYulDghABdYW0fSe7BmbMG2z1k2ZSfk0tO%2FoYoJufTbC0h631zXalC5bXSeKZM4DOISajCG6oyR5kfIdjyo4gg8%2BxRK%2FEKWn64i6e2vO22gxOmrDcGD0K%2FzpbAVNJfCuCGWIlqrLzXqsikZY1T4%2FiwipcZQ8RhaDsGch3z6KQ957CFPPfTEaYXV2zGlzTiKg6AVcs6DgPN6qyHqIghbMUXOpx6GyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqBgBIUiKDKCol8eCO1qrnwgtMsjf95r8x6UI5N19tiByToyIXvpGXluFtxfH32HrjytSBE0qB82gqBVawvepCysCc6ZjEUcxL4Pp0ood2Fmc0edPPsEqTr5X4mIHcHpI3D1Clj%2BElgxatYo2NYobFHsJA9Nbqqplc5BmBJpdhnZtrenz8iLMwHtPzxIfnz1i8%2FWf78iPgS3JVJb4mP1E0FH3x%2FdMgXZv2UKRx6vp5nqqR02vdXbGcvkxa%2FelduFsWLlhhs%2BvManxHR8dEe6bJUlQiUdR76%2BroSQ9qaxXJLvV9ymjDZyt3U9t0merm68dXOlNxOoTDIGUycffAKuJuT%2Ftjt7ry%2F%2FeQ3KjmHzEr38mMwLyozB0124dKHeGQKrFztR6qHIy5GtRYtDrQi0XGAWlXD%2FwtFi3nP30bEeWHYXSa9E35bo6xJMD%2BHyi6MstcdXfw1mhUh7o0hbbz%2FSVn9%2BHq1TpxVZj2ksaU1GcTuKm4yKdhy2I9b2ZTOqMx%2BZm%2FB7az%2F8AwAA%2F%2F8BAAD%2F%2Fwaw6rKHBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH308QFC8elEE8KJhJ9XTPP%2Few7LquBGMSdlcD4qW6qnpSTk1XU9U9PQkeggvLXoTxpMfOm2TD6iIunhWZeJGAkPGw5GC8ieBR2LPMZGD0g%2B7ve%2FW%2Bw3uv6t5efkYocna68Z7ZUVqz5XqVVl7bVIkwhaus3an4tEqvVDZV0givVAbTn%2B2%2F6dN6lb5eeUfyrlmuUZ9Sn%2FqVm8rK2AyWZyxU%2BqjtV9u0Gtaqfj3EwP4Xu9yDYx5E%2F4w8DyUml7d%2BfgzFx0h6396QrpuZ9I23e7lmmbHoi8P3k25iigS9xRhbD3FyON%2BGcRNCvrwAkxzOHcD096cOEKkJ8Z74iJLDuUxE%2FYNzpZGGTBCJZ1D0x5B6DMXG4OYulDghABdYW0fSe7BmbMG2z1k2ZSfk0tO%2FoYoJufTbC0h631zXalC5bXSeKZM4DOISajCG6oyR5kfIdjyo4gg8%2BxRK%2FEKWn64i6e2vO22gxOmrDcGD0K%2FzpbAVNJfCuCGWIlqrLzXqsikZY1T4%2FiwipcZQ8RhaDsGch3z6KQ957CFPPfTEaYXV2zGlzTiKg6AVcs6DgPN6qyHqIghbMUXOpx6GyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqBgBIUiKDKCol8eCO1qrnwgtMsjf95r8x6UI5N19tiByToyIXvpGXluFtxfH32HrjytSBE0qB82gqBVawvepCysCc6ZjEUcxL4Pp0ood2Fmc0edPPsEqTr5X4mIHcHpI3D1Clj%2BElgxatYo2NYobFHsJA9Nbqqplc5BmBJpdhnZtrenz8iLMwHtPzxIfnz1i8%2FWf78iPgS3JVJb4mP1E0FH3x%2FdMgXZv2UKRx6vp5nqqR02vdXbGcvkxa%2FelduFsWLlhhs%2BvManxHR8dEe6bJUlQiUdR76%2BroSQ9qaxXJLvV9ymjDZyt3U9t0merm68dXOlNxOoTDIGUycffAKuJuT%2Ftjt7ry%2F%2FeQ3KjmHzEr38mMwLyozB0124dKHeGQKrFztR6qHIy5GtRYtDrQi0XGAWlXD%2FwtFi3nP30bEeWHYXSa9E35bo6xJMD%2BHyi6MstcdXfw1mhUh7o0hbbz%2FSVn9%2BHq1TpxVZj2ksaU1GcTuKm4yKdhy2I9b2ZTOqMx%2BZm%2FB7az%2F8AwAA%2F%2F8BAAD%2F%2Fwaw6rKHBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:06 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0b225e8ff341aef2dbec43d7bfacc817
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 38bb14620de55e1982559251c0ebeac9
2a0778a21ec60d9f3cfdf4d5772123a4149729d1
ada2027e8be54e2bb79d0a88473871db54ba9f329a0034cac5413d80d80af1a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADA2027E8BE54E2BB79D0A88473871DB54BA9F329A0034CAC5413D80D80AF1A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15296
Expires: Tue, 29 Nov 2022 22:41:02 GMT
Date: Tue, 29 Nov 2022 18:26:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12667
Expires: Tue, 29 Nov 2022 21:57:13 GMT
Date: Tue, 29 Nov 2022 18:26:06 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 29 Nov 2022 18:26:06 GMT
Date: Tue, 29 Nov 2022 18:26:06 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fdf%2Fbd%2F7a%2Fdfbd7a33d1397e7e7063b1664658e57d%2F1601889852.html&l=1379&fd=537
173.233.137.60200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fdf%2Fbd%2F7a%2Fdfbd7a33d1397e7e7063b1664658e57d%2F1601889852.html&l=1379&fd=537
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2Fdf%2Fbd%2F7a%2Fdfbd7a33d1397e7e7063b1664658e57d%2F1601889852.html&l=1379&fd=537 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:06 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6345f845bbd2c2950fe27f4a0faf2353
27e0ccd4d3d81cb9382dcdbd3e8f61b19a674d76
68579d0b5925d3df0cdbc6acf7fe94428b15cea08e93a549308a104762511dd5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68579D0B5925D3DF0CDBC6ACF7FE94428B15CEA08E93A549308A104762511DD5"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8713
Expires: Tue, 29 Nov 2022 20:51:19 GMT
Date: Tue, 29 Nov 2022 18:26:06 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/84/83/0e/84830eeb6afb1a25a871aa22c0042566/1667590271.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:06 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:31:19 GMT
etag: "63656887-7ffb"
expires: Thu, 01 Dec 2022 18:26:06 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c22f6742a681063615a548ae5fbc532
631eaaad4049c5b6f54eb2b4e127b77240868636
a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12666
Expires: Tue, 29 Nov 2022 21:57:13 GMT
Date: Tue, 29 Nov 2022 18:26:07 GMT
Connection: keep-alive
specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Funiversal%2Fwhite%2Fssp%2Fcss%2Fanimate.css&l=79245&fd=360
173.233.137.60200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Funiversal%2Fwhite%2Fssp%2Fcss%2Fanimate.css&l=79245&fd=360
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Funiversal%2Fwhite%2Fssp%2Fcss%2Fanimate.css&l=79245&fd=360 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 21:13:25 GMT
Expires: Thu, 23 Nov 2023 21:13:25 GMT
Cache-Control: public, max-age=31536000
Age: 508362
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 21:12:34 GMT
Expires: Thu, 23 Nov 2023 21:12:34 GMT
Cache-Control: public, max-age=31536000
Age: 508413
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/style.css
172.64.108.13200 OK 1.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/style.css
IP 172.64.108.13:0
Hash 19562203802e96c8a4b2d7f5cfd0ff4d
039d88703d9277ef76ce57d886b7b21810110d9d
e98154ed31181bae4a191c2276e57acb8673d12471fe811bf852c615b1c86a9e
GET /sb/notifications/dating/default/us/universal/white/ssp/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:07 GMT
content-type: text/css
last-modified: Fri, 27 Aug 2021 12:48:43 GMT
etag: W/"6128df2b-112c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPYNHWQf4CBpkxAyRklo71JN%2B4J7%2F59akOZ2R7%2FoTQK9lzV8wGmz2mJ7ySXguGYpvStgrMmzws%2ByzYeKVEs1tIPlvnDsQ%2BrnuJTWowNaqO00iVNdeXLWJa2%2FvvPImxiCQM32foU%2BRq%2F%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771d63c90edcd170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/dating/default/us/universal/white/ssp/css/animate.css
IP 172.64.108.13:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/notifications/dating/default/us/universal/white/ssp/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:07 GMT
content-type: text/css
last-modified: Mon, 05 Oct 2020 09:08:43 GMT
etag: W/"5f7ae29b-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9zc9zGUrV8CGkvI6k%2BS1zOJcT2AhHNT3vfW0dK2LHV2K%2BBf5LXPBt0FuNk18cBU2iHwur%2BTiRQRl9pUL5ccNmTV9%2B2nYj4oaqCdWilwtxqCeW%2B8zTDTe5UVzBlv8Ke%2BhM4Z9dBPYrT6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771d63c8de49d170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3p%2BDCoLixYMyiAcFM%2Bme7vkzh2XjGgnGJOyuBsRLdVX1pJyarqaqe3oSPAQXlr0I40mPnTfJhtVFXDwr0vEiASHjYcnBeBPBo7BnmcnAuB90f9%2Br9x3ee1V397Nz4iKjZ5sf6F2pFF2sV93KG1sy5jq3lfXbFc%2BtukuVLRk3gqXKYPIz%2Fbc9t15136y8J1hXL9Zcz3U916usSCMiPVicspDJw7ZXbbvVoFb16gEG5mlsMweWOuD9c%2FIiJB9f3f71ESQrEfe%2BvyFsN9XJW%2B%2F2MkVTbdDnRx%2FG3VjnMXrzMTIOovhotg1tx4R8fQk6Ppo5gO4fTBwglGPiPPYQxkczmQj7hxdKQwURI%2BTPIe%2BXEKqEpCWYvgPJTwnAONY3EPfur2uT050Llk7YMbny5F%2FIfEyu%2FPES4t53y0oOKre0ylKpY4tBVEAOSshOiSQ7RrrrQObHYOnnkPw3svhkDXHvYMMqDcnPXm9w5gdenS0ELb%2B5EEQNvhC6tfpCoy6aglLqcs%2BbRiRlCRmVUGIIah1kk086yCIHWeKgx88qtN6OXLcZhZHvtwLGmO8zVm81eJ37QStykbGJhyHSZAimhmBmD4nZQ1cOYbKfYbcLWO7ApgR9XiAXBLklyClBLgnylCDvF4dc2Zot7nNls9Cb9dqs%2B8VIp519eqjTjojJfnJOXpgG988nP6ArziqC%2Bw3XCxq%2B36q1OWu6NKhxxqiIeORHngcrC0h7aWpzV54%2B%2FxiJPH2mQEiPYdUxmHwNNHsFNB81ay7o9ihoudiNH%2BhMVxMjrAXXBZL0KtIdZ1%2Bdk5enAtp%2FORDs5NpXX2z8ucQ%2FBjMFElPgU%2FkLQUfdG93UOTm4qXNLHm0kqezJXTq51VspTcXlb94XO7k2fPWGHT64zibEZHx4W9h0jcZcxh1Lvl2WnAuzog0T5MdVuyXCzcxuL2cmzpK1zXdWVntTgVLHJag8%2FegzMDkmz5ru9L2%2B%2Bvd1SFPCZAV62QmZFaQuwZI92GSu3moCo%2BY7YeIgz4qRqYXzQyUJlJhjGhaw%2F8PhfN6399AxDmh6B3GvQN8U6KsCVA1hs8ujNDEn1373p4VQOaNQGecgVEZ9eRGtlWeVuheIVthqMs5DwbjXrPkt33VrnAfNtvDaSO2Y3V3%2F6T8AAAD%2F%2FwEAAP%2F%2FErhkVIcEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3p%2BDCoLixYMyiAcFM%2Bme7vkzh2XjGgnGJOyuBsRLdVX1pJyarqaqe3oSPAQXlr0I40mPnTfJhtVFXDwr0vEiASHjYcnBeBPBo7BnmcnAuB90f9%2Br9x3ee1V397Nz4iKjZ5sf6F2pFF2sV93KG1sy5jq3lfXbFc%2BtukuVLRk3gqXKYPIz%2Fbc9t15136y8J1hXL9Zcz3U916usSCMiPVicspDJw7ZXbbvVoFb16gEG5mlsMweWOuD9c%2FIiJB9f3f71ESQrEfe%2BvyFsN9XJW%2B%2F2MkVTbdDnRx%2FG3VjnMXrzMTIOovhotg1tx4R8fQk6Ppo5gO4fTBwglGPiPPYQxkczmQj7hxdKQwURI%2BTPIe%2BXEKqEpCWYvgPJTwnAONY3EPfur2uT050Llk7YMbny5F%2FIfEyu%2FPES4t53y0oOKre0ylKpY4tBVEAOSshOiSQ7RrrrQObHYOnnkPw3svhkDXHvYMMqDcnPXm9w5gdenS0ELb%2B5EEQNvhC6tfpCoy6aglLqcs%2BbRiRlCRmVUGIIah1kk086yCIHWeKgx88qtN6OXLcZhZHvtwLGmO8zVm81eJ37QStykbGJhyHSZAimhmBmD4nZQ1cOYbKfYbcLWO7ApgR9XiAXBLklyClBLgnylCDvF4dc2Zot7nNls9Cb9dqs%2B8VIp519eqjTjojJfnJOXpgG988nP6ArziqC%2Bw3XCxq%2B36q1OWu6NKhxxqiIeORHngcrC0h7aWpzV54%2B%2FxiJPH2mQEiPYdUxmHwNNHsFNB81ay7o9ihoudiNH%2BhMVxMjrAXXBZL0KtIdZ1%2Bdk5enAtp%2FORDs5NpXX2z8ucQ%2FBjMFElPgU%2FkLQUfdG93UOTm4qXNLHm0kqezJXTq51VspTcXlb94XO7k2fPWGHT64zibEZHx4W9h0jcZcxh1Lvl2WnAuzog0T5MdVuyXCzcxuL2cmzpK1zXdWVntTgVLHJag8%2FegzMDkmz5ru9L2%2B%2Bvd1SFPCZAV62QmZFaQuwZI92GSu3moCo%2BY7YeIgz4qRqYXzQyUJlJhjGhaw%2F8PhfN6399AxDmh6B3GvQN8U6KsCVA1hs8ujNDEn1373p4VQOaNQGecgVEZ9eRGtlWeVuheIVthqMs5DwbjXrPkt33VrnAfNtvDaSO2Y3V3%2F6T8AAAD%2F%2FwEAAP%2F%2FErhkVIcEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRit3p%2BDCoLixYMyiAcFM%2Bme7vkzh2XjGgnGJOyuBsRLdVX1pJyarqaqe3oSPAQXlr0I40mPnTfJhtVFXDwr0vEiASHjYcnBeBPBo7BnmcnAuB90f9%2Br9x3ee1V397Nz4iKjZ5sf6F2pFF2sV93KG1sy5jq3lfXbFc%2BtukuVLRk3gqXKYPIz%2Fbc9t15136y8J1hXL9Zcz3U916usSCMiPVicspDJw7ZXbbvVoFb16gEG5mlsMweWOuD9c%2FIiJB9f3f71ESQrEfe%2BvyFsN9XJW%2B%2F2MkVTbdDnRx%2FG3VjnMXrzMTIOovhotg1tx4R8fQk6Ppo5gO4fTBwglGPiPPYQxkczmQj7hxdKQwURI%2BTPIe%2BXEKqEpCWYvgPJTwnAONY3EPfur2uT050Llk7YMbny5F%2FIfEyu%2FPES4t53y0oOKre0ylKpY4tBVEAOSshOiSQ7RrrrQObHYOnnkPw3svhkDXHvYMMqDcnPXm9w5gdenS0ELb%2B5EEQNvhC6tfpCoy6aglLqcs%2BbRiRlCRmVUGIIah1kk086yCIHWeKgx88qtN6OXLcZhZHvtwLGmO8zVm81eJ37QStykbGJhyHSZAimhmBmD4nZQ1cOYbKfYbcLWO7ApgR9XiAXBLklyClBLgnylCDvF4dc2Zot7nNls9Cb9dqs%2B8VIp519eqjTjojJfnJOXpgG988nP6ArziqC%2Bw3XCxq%2B36q1OWu6NKhxxqiIeORHngcrC0h7aWpzV54%2B%2FxiJPH2mQEiPYdUxmHwNNHsFNB81ay7o9ihoudiNH%2BhMVxMjrAXXBZL0KtIdZ1%2Bdk5enAtp%2FORDs5NpXX2z8ucQ%2FBjMFElPgU%2FkLQUfdG93UOTm4qXNLHm0kqezJXTq51VspTcXlb94XO7k2fPWGHT64zibEZHx4W9h0jcZcxh1Lvl2WnAuzog0T5MdVuyXCzcxuL2cmzpK1zXdWVntTgVLHJag8%2FegzMDkmz5ru9L2%2B%2Bvd1SFPCZAV62QmZFaQuwZI92GSu3moCo%2BY7YeIgz4qRqYXzQyUJlJhjGhaw%2F8PhfN6399AxDmh6B3GvQN8U6KsCVA1hs8ujNDEn1373p4VQOaNQGecgVEZ9eRGtlWeVuheIVthqMs5DwbjXrPkt33VrnAfNtvDaSO2Y3V3%2F6T8AAAD%2F%2FwEAAP%2F%2FErhkVIcEAAA%3D HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:07 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 26e7846470094fe672e89e9bd122a09b
Strict-Transport-Security: max-age=0; includeSubdomains
specialistinsensitive.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 specialistinsensitive.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=6dc3415c-4837-4f6d-b025-65e7eaaa0d11:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 29 Nov 2022 18:26:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.barscreative1.com/sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/df/bd/7a/dfbd7a33d1397e7e7063b1664658e57d/1601889852.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:06 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 16 Nov 2020 15:00:21 GMT
etag: W/"5fb29405-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 29 Nov 2022 19:26:06 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/b/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 0 B URL HTTP/2 challenges.cloudflare.com/turnstile/v0/b/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:0
GET /turnstile/v0/b/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:01 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 771d63a56b61b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hhklc.com/c.js
104.21.70.122200 OK 0 B IP 104.21.70.122:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 18:26:03 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Tue, 29 Nov 2022 19:10:48 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EjX8sP7agB%2BuUaycvWcFcstxpC%2BLcr6sOj3CqtJziVyBLivrQJSOLO2SUgXcHkuAS8jVgUNe%2F0AUrSfxLlBLGGqMfINtf182mchj4g9uggmeU8UCkQJ516gxdvk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771d63b54d9db4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2