Overview

URL error.exteriorgraphicsdesign.com/ga/click/2-320864661-1626-14349-28016-25892-ddcca32d61-q19b7ddbdb
IP66.94.127.114
ASNCONTABO
Location United States
Report completed2022-09-29 06:32:28 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-29 2 error.exteriorgraphicsdesign.com/ga/click/2-320864661-1626-14349-28016-2589 (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (51)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-28 04:39:06 UTC 64.233.165.157
mnemonic passive DNS c.clarity.ms (2) 803 2021-02-03 23:22:47 UTC 2022-09-28 04:41:24 UTC 20.234.93.27
mnemonic passive DNS trc-events.taboola.com (2) 1779 2020-06-09 13:52:57 UTC 2022-09-29 00:11:43 UTC 141.226.228.48
mnemonic passive DNS in.hotjar.com (1) 1746 2018-10-22 17:15:59 UTC 2022-09-28 04:43:52 UTC 54.76.60.60
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS primalhealthcrm.com (1) 313842 2015-02-27 18:15:29 UTC 2022-09-28 00:11:56 UTC 74.124.27.105
mnemonic passive DNS s.yimg.com (2) 375 2012-05-20 22:45:00 UTC 2022-09-28 12:21:03 UTC 188.125.94.204
mnemonic passive DNS vars.hotjar.com (1) 1014 2020-11-05 10:13:14 UTC 2022-09-28 21:50:40 UTC 143.204.55.105
mnemonic passive DNS b-code.liadm.com (1) 3597 2016-01-19 10:23:52 UTC 2022-09-29 06:08:13 UTC 143.204.55.58
mnemonic passive DNS www.google.no (1) 25607 2016-04-05 19:50:59 UTC 2022-09-28 10:46:18 UTC 142.250.74.3
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-29 05:05:36 UTC 143.204.55.115
mnemonic passive DNS r3.o.lencr.org (14) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.77.32
mnemonic passive DNS cdn.primalhealthcrm.com (12) 300433 2015-03-18 17:56:22 UTC 2022-09-28 00:11:56 UTC 74.124.27.105
mnemonic passive DNS script.hotjar.com (1) 887 2020-11-05 16:23:46 UTC 2022-09-29 04:58:22 UTC 143.204.55.96
mnemonic passive DNS trc.taboola.com (1) 602 2013-07-11 10:17:31 UTC 2022-09-28 12:21:36 UTC 151.101.85.44
mnemonic passive DNS ocsp.sca1b.amazontrust.com (7) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
mnemonic passive DNS static.hotjar.com (1) 641 2014-11-01 05:14:27 UTC 2022-09-28 04:35:57 UTC 143.204.55.37
mnemonic passive DNS analytics-ingress-global.bitmovin.com (6) 47119 2017-08-18 05:30:44 UTC 2022-09-29 04:53:18 UTC 35.190.27.197
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-29 04:12:32 UTC 142.250.74.164
mnemonic passive DNS fast.vidalytics.com (4) 218005 2017-02-08 02:49:35 UTC 2022-09-28 07:50:10 UTC 151.139.128.11
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-29 05:03:41 UTC 143.204.55.110
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-09-29 04:42:01 UTC 142.250.74.170
mnemonic passive DNS bat.bing.com (2) 387 2014-04-08 09:23:16 UTC 2022-09-29 05:03:48 UTC 204.79.197.200
mnemonic passive DNS tr.outbrain.com (2) 2017 2017-04-12 07:58:35 UTC 2022-09-29 04:45:13 UTC 64.202.112.159
mnemonic passive DNS cdn.heapanalytics.com (1) 3660 2015-08-10 23:50:56 UTC 2022-09-29 03:48:34 UTC 54.230.111.113
mnemonic passive DNS refineyoursleep.com (2) 0 2020-08-06 15:10:16 UTC 2022-09-28 05:03:23 UTC 74.124.27.101 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (17) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS js.go2sdk.com (1) 24169 2020-07-10 13:46:40 UTC 2022-09-29 04:00:17 UTC 54.230.111.63
mnemonic passive DNS www.clarity.ms (2) 1404 2018-08-22 07:41:57 UTC 2022-09-28 04:41:07 UTC 13.107.246.53
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-29 00:04:53 UTC 142.250.74.10
mnemonic passive DNS ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-09-28 04:46:12 UTC 104.18.20.226
mnemonic passive DNS vibranthealthnetwork.com (1) 579154 2015-04-09 18:56:22 UTC 2022-09-28 00:11:57 UTC 74.124.27.101
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-29 03:20:00 UTC 142.250.74.174
mnemonic passive DNS stackpath.bootstrapcdn.com (1) 2467 2018-04-05 04:41:29 UTC 2022-09-28 12:53:37 UTC 104.18.10.207
mnemonic passive DNS sp.analytics.yahoo.com (1) 816 2014-01-31 20:48:24 UTC 2022-09-28 12:21:03 UTC 212.82.100.181
mnemonic passive DNS c.bing.com (1) 247 2012-05-22 10:26:32 UTC 2022-09-28 04:44:41 UTC 204.79.197.200
mnemonic passive DNS b.clarity.ms (1) 3462 2021-07-27 12:49:08 UTC 2022-09-28 06:47:18 UTC 20.75.32.255
mnemonic passive DNS lotamkt.com (1) 0 2021-08-23 18:06:22 UTC 2022-09-28 04:57:39 UTC 23.20.168.171 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-29 04:12:37 UTC 93.184.220.29
mnemonic passive DNS cdn.taboola.com (1) 1040 2013-07-19 23:48:03 UTC 2022-09-29 00:48:28 UTC 151.101.85.44
mnemonic passive DNS rp.liadm.com (2) 2705 2017-02-01 20:43:30 UTC 2022-09-29 06:06:11 UTC 34.235.93.114
mnemonic passive DNS amplify.outbrain.com (1) 2255 2017-04-12 07:58:35 UTC 2022-09-29 04:42:08 UTC 23.38.201.81
mnemonic passive DNS ocsp.godaddy.com (2) 698 2012-05-20 19:28:57 UTC 2022-09-29 04:12:12 UTC 192.124.249.41
mnemonic passive DNS stats.vidalytics.com (7) 153185 2017-02-08 02:49:35 UTC 2022-09-28 21:21:24 UTC 107.178.211.97
mnemonic passive DNS licensing.bitmovin.com (1) 19299 2017-01-30 06:23:56 UTC 2022-09-29 04:53:18 UTC 35.227.229.24
mnemonic passive DNS error.exteriorgraphicsdesign.com (1) 0 2022-02-01 08:27:06 UTC 2022-09-29 04:31:02 UTC 66.94.127.114 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 35.81.125.88
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-29 04:10:37 UTC 34.120.237.76
mnemonic passive DNS heapanalytics.com (9) 27367 2017-03-09 09:15:38 UTC 2022-09-28 21:33:07 UTC 44.206.92.210
mnemonic passive DNS status.thawte.com (2) 5123 2017-11-27 12:33:51 UTC 2022-09-28 04:48:02 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 66.94.127.114

Date UQ / IDS / BL URL IP
2022-10-27 20:32:25 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 20:32:23 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 19:24:37 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 09:48:23 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 09:48:22 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114

Last 5 reports on ASN: CONTABO

Date UQ / IDS / BL URL IP
2022-12-06 21:51:43 +0000
0 - 0 - 8 femaletourguides.com/uaer/index.php?QBOT.zip 209.126.83.247
2022-12-06 19:53:22 +0000
0 - 0 - 10 moda.maantechnology.com/ 207.244.239.148
2022-12-06 11:12:07 +0000
0 - 0 - 1 programadealimentossnap.com/ 207.244.251.165
2022-12-06 05:36:23 +0000
0 - 0 - 1 delhome.rvjradio.com/public/BtWQSVvy5U393uHpb (...) 207.244.252.18
2022-12-06 05:36:03 +0000
0 - 0 - 1 delhome.rvjradio.com/public/7nk7CuYrTGFdEV1aD (...) 207.244.252.18

Last 5 reports on domain: exteriorgraphicsdesign.com

Date UQ / IDS / BL URL IP
2022-10-27 20:32:25 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 20:32:23 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 19:24:37 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 09:48:23 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114
2022-10-27 09:48:22 +0000
0 - 0 - 1 error.exteriorgraphicsdesign.com/ga/click/2-3 (...) 66.94.127.114

Last 2 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-26 05:47:41 +0000
0 - 0 - 1 shio.fashionmedics.com/ga/click/2-74248661-18 (...) 184.154.86.173
2022-09-11 08:52:28 +0000
0 - 0 - 1 nets.whealthhut.com/ga/click/2-308232059-1584 (...) 86.48.3.242


JavaScript

Executed Scripts (39)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (138)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 06:29:35 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Jkd7DhenM7ujYyKgAaZHVFxtMDTeeKVhg3KXuuwtLP_aFvMuaSnrDg==
Age: 162


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4394
Expires: Thu, 29 Sep 2022 07:45:31 GMT
Date: Thu, 29 Sep 2022 06:32:17 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lLwGc545UIaICZZ1bYsAXCFTzS2U0h4SlxPMHjAxQGqnzAkWmOnxNg==
age: 3830
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /ga/click/2-320864661-1626-14349-28016-25892-ddcca32d61-q19b7ddbdb HTTP/1.1 
Host: error.exteriorgraphicsdesign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         66.94.127.114
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 29 Sep 2022 06:31:52 GMT
Server: Apache/2.4.51 (Unix) OpenSSL/1.0.2k-fips PHP/7.3.29
Status: 302 Found
X-Rack-Cache: miss
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
X-Request-Id: 5951345e135080c90cb7fabb1f1a5491
Location: https://lotamkt.com/?a=10362&c=117099&s1=XMlaefkkrmq
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.019904
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Powered-By: Phusion Passenger(R) 6.0.9
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   126
Md5:    4a155cb7350eff759f8e5f4848256945
Sha1:   c0f1dae7a9ca82385b7785248dcafb1a923d09c0
Sha256: d349328f993708f685ab9ecabd1e2fabb58a388c875be12dd640f55628606f52

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 29 Sep 2022 06:32:17 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 06:29:33 GMT
Expires: Thu, 29 Sep 2022 06:37:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YAIsow0jrpO1mlUsc3j8wAlBSwOwVf0mt-B8zZkdDsFbypyVZmyy2w==
Age: 164


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:17 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 03 Oct 2022 05:26:50 GMT
ETag: "2bef986fc29158542a037a654059454fbcf6323a"
Last-Modified: Thu, 29 Sep 2022 05:26:51 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7522ae455e92b500-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    6a87de307b8716edfb14ef8cd9948653
Sha1:   2bef986fc29158542a037a654059454fbcf6323a
Sha256: a37848d9ff2d1b32200bd8cad5c5dfb00391e1116c0f72213e4d51f968600207
                                        
                                            GET /?a=10362&c=117099&s1=XMlaefkkrmq HTTP/1.1 
Host: lotamkt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         23.20.168.171
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Content-Length: 216
Date: Thu, 29 Sep 2022 06:32:17 GMT
Location: https://refineyoursleep.com/news/1662/video_sr_mb?tid=affiliati&cid=517524347|10362|XMlaefkkrmq
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=OqVPc7en+1S1KzSB/K9l15DeZUpAeqCLYUzP9nHZCcSBLNmyazhPLQ==; domain=.lotamkt.com; path=/; SameSite=None; secure; HttpOnly trk=d5GVl1IxbMO1KzSB/K9l15DeZUpAeqCLYUzP9nHZCcSBLNmyazhPLQ==; domain=.lotamkt.com; expires=Sun, 29-Sep-2024 06:32:14 GMT; path=/; SameSite=None; secure; HttpOnly c21558=OqVPc7en+1TZV053juACvtbouiQWXenL11ujIYzSaFg8eBGUI9rwVw==; domain=.lotamkt.com; expires=Sat, 29-Oct-2022 06:32:14 GMT; path=/; SameSite=None; secure; HttpOnly
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   216
Md5:    5c0d409198e320560a6818325a041f47
Sha1:   135bdc6c4215304411aed5c0e17c4f82a8dcb43c
Sha256: 0bbfef270c978c73d67abb41ca0703d5b8ea8dd682ff97df5f622c5591b4b7f0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3584
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:17 GMT
Last-Modified: Thu, 29 Sep 2022 05:32:33 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BC7F4A173BF3CDF792E02D040964BA724C0F0CCC581FEFAF0F9D62840FF655D3"
Last-Modified: Tue, 27 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=876
Expires: Thu, 29 Sep 2022 06:46:54 GMT
Date: Thu, 29 Sep 2022 06:32:18 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AdxXVtBolLMNKN2RfvKUtQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.81.125.88
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: loqi3gJjgslTjkJ5gO7M7egtQAg=

                                        
                                            GET /news/1662/video_sr_mb?tid=affiliati&cid=517524347|10362|XMlaefkkrmq HTTP/1.1 
Host: refineyoursleep.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         74.124.27.101
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 29 Sep 2022 06:32:18 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8556
Set-Cookie: primal=4u1sil5e4lgg0po1kbimb1urp3; path=/; domain=.refineyoursleep.com fid=1662; expires=Sat, 29-Oct-2022 06:32:18 GMT; Max-Age=2592000; path=/; domain=.refineyoursleep.com tid=affiliati; expires=Thu, 29-Sep-2022 06:32:08 GMT; Max-Age=-10; path=/; domain=.refineyoursleep.com cid=517524347%7C10362%7CXMlaefkkrmq; expires=Thu, 29-Sep-2022 06:32:08 GMT; Max-Age=-10; path=/; domain=.refineyoursleep.com tid=affiliati; expires=Sat, 29-Oct-2022 06:32:18 GMT; Max-Age=2592000; path=/; domain=.refineyoursleep.com cid=517524347%7C10362%7CXMlaefkkrmq; expires=Sat, 29-Oct-2022 06:32:18 GMT; Max-Age=2592000; path=/; domain=.refineyoursleep.com
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (778)
Size:   8556
Md5:    01216ca08e4efca3b50ae6e5b543ecf2
Sha1:   ab14db5623eda4e17074ea4b9c933e7f7d54df2e
Sha256: 544717b9da5031f017bc9e51eb030adafc8741c1e8a70dec212e6065c51f8ec0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/webfont/1.5.18/webfont.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 6490
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 16:50:32 GMT
expires: Fri, 22 Sep 2023 16:50:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 567706
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1190)
Size:   6490
Md5:    c3bdf8c5d3c435f9a254e98df59a76d3
Sha1:   49de71ce7f439579b17b89d41630ecc42990f5f9
Sha256: 6ef91d15e35c54b958239444ffa14bcd4aa4d84f10ea10a5a3af71543b74ee85
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /themes/default/css/site.css HTTP/1.1 
Host: refineyoursleep.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/news/1662/video_sr_mb?tid=affiliati&cid=517524347|10362|XMlaefkkrmq
Cookie: primal=4u1sil5e4lgg0po1kbimb1urp3; fid=1662; tid=affiliati; cid=517524347%7C10362%7CXMlaefkkrmq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         74.124.27.101
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 06:32:18 GMT
Server: Apache
Last-Modified: Thu, 10 Feb 2022 15:37:26 GMT
ETag: "62-5d7abba2ac77a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 116
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   116
Md5:    9cfa7f77fb5552267e4b8acb6d899eb9
Sha1:   fa3c6d774fb6141a24ffa76a90ec354b21d517fe
Sha256: 0eea7414307cc23d6c7a4b912a642b7e70093b7316bcf9e7de5466541c68f35d
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC1BD82672E0C9CC607445677E880AD4145250BED93EE091C880E8E28CEDBDC5"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6754
Expires: Thu, 29 Sep 2022 08:24:53 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC1BD82672E0C9CC607445677E880AD4145250BED93EE091C880E8E28CEDBDC5"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20618
Expires: Thu, 29 Sep 2022 12:15:57 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F9AB8EF4FC6CD5E881B5DAA9BE82B4F2769C262343C5F7785E404FF7B67E232A"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18045
Expires: Thu, 29 Sep 2022 11:33:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC1BD82672E0C9CC607445677E880AD4145250BED93EE091C880E8E28CEDBDC5"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20686
Expires: Thu, 29 Sep 2022 12:17:05 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC1BD82672E0C9CC607445677E880AD4145250BED93EE091C880E8E28CEDBDC5"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Thu, 29 Sep 2022 12:31:36 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8505
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8505
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8505
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8505
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8505
Expires: Thu, 29 Sep 2022 08:54:04 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VwWbbPJtnsSB1Y6riPtCZXX0Ocmxw024YRmlebWN1UQxZX3uvjsvOw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:41:14 GMT
age: 3065
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6390
Md5:    14218a43c5e5bbce546735a780c8ccce
Sha1:   61676358cdbb2373bc644e66f8a84fbc8cc5daf6
Sha256: 905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9034
x-amzn-requestid: ccfaad8d-c270-491f-b0fa-ac56fb1ba14e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVJ_G2doAMFXqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633268a6-1599ec83051ceef5038d1296;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:06:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: G--ubYYfq5CFGAZzorD-TAgKentdIyvzSjrvqjTf_yGWDvjwX75KHg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:21 GMT
age: 7918
etag: "927d5a375d9607b23caadae148566fdff10147b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9034
Md5:    2054ae778a3079d8233ee33045127df6
Sha1:   927d5a375d9607b23caadae148566fdff10147b1
Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 05:17:35 GMT
age: 4484
etag: "7057c6707c7299ac386c6b2164240eff241db294"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6795
Md5:    9f94853ffae41ec3c0e002bc152da1c4
Sha1:   7057c6707c7299ac386c6b2164240eff241db294
Sha256: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 08:28:02 GMT
age: 79457
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7859
Md5:    c62a6368c456e9614ca4c8e360a2ef12
Sha1:   35ec6e80d324bb215796c590a7ffafbaea55d88e
Sha256: 90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2016911-a1a6-4bdf-a8f3-89e94a0aaff7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7810
x-amzn-requestid: 7f6d92e1-c7b1-4dd2-9efa-52ad324ca19d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK6pFvkoAMF_yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334beaa-362b7368566955966db78385;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TbPFEVDpMOjK26iu1UGcx56vtP7Pywq05VAylNubOIfbMgo1qGsA-w==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:12:40 GMT
age: 8379
etag: "31b8538deb0f00d5b4182739a4a2fcc1b956a998"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7810
Md5:    456968f691ae9464d69a37bffe9bd7ce
Sha1:   31b8538deb0f00d5b4182739a4a2fcc1b956a998
Sha256: 5cde1e3158e6c6c0b7a01d3bd32f2aa292b3b205f604e5c4ed71cafedad06bf2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9654
x-amzn-requestid: 7277f59f-452d-4cb6-a76e-1561b4ff3de0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGW2REPzoAMFrww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326b5b-4f5d775830c95b065ce40d3f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:17:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jTiWrrcC29QaFlnaiNH_KmEaphRZhWyzf1JbWb6uL00D3vOMR7Wfyg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 03:28:09 GMT
age: 11050
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9654
Md5:    36ae9444071dd70dcf86802c370ffda9
Sha1:   44cc19b21912d07f82a88af5b2fa6d3e370459bf
Sha256: 99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
                                        
                                            GET /global/js/primal-health-crm-global.js HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Wed, 29 Jun 2022 17:38:23 GMT
ETag: "4ac0-5e2999ea682f8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 4065
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   4065
Md5:    cdd473dea26c380bbcb36646e7ec8ada
Sha1:   705c41f3239209f4b0aa43474e2ca1995e7de73e
Sha256: c87a01955eda5fc5b0291a4243db11974c2a4dfea1a6f6bb7aef477c066bf4f7
                                        
                                            GET /global/css/default.css HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Tue, 18 May 2021 19:13:02 GMT
ETag: "5fed-5c29f7fc311bd-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 4741
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   4741
Md5:    54d8aeda2fcc8bff1c92b5c4af23abb3
Sha1:   4373157ea8ffc52198a2873de7d643736574f5dc
Sha256: 5e637dfc00b4d1fb9f619cb4cef755dc1a8e92b48c09f7495942edb95274ef66
                                        
                                            GET /js/ie10-viewport-bug-workaround.js HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Wed, 31 Jan 2018 19:21:02 GMT
ETag: "280-56417613d8380-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 423
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   423
Md5:    7faf325a95bea2aa9b5667e2ba8331e5
Sha1:   664eca0eef327eab328e9845a3a9a834de767555
Sha256: 14579148d735c8e823af085b60aa4ef437340b8de900c484b29dddcd72e9d5ef
                                        
                                            GET /global/css/bootstrap.min.css HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Mon, 09 Sep 2019 19:46:32 GMT
ETag: "2606e-592240b77bff8-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 23238
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65324)
Size:   23238
Md5:    3b5537dce96f57098998e410b0202920
Sha1:   7732b57e4e3bbc122d63f67078efa7cf5f975448
Sha256: a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
                                        
                                            GET /global/js/bootstrap.min.js HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Mon, 09 Sep 2019 19:46:47 GMT
ETag: "e2d8-592240c5946a6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 15437
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (57791)
Size:   15437
Md5:    8c7f5fa6aa5505726872ce0296828eb5
Sha1:   c7ce2e13bd25da05e7c4bc68be2e57e2cb515d33
Sha256: 8e0286a099efe027b863e8b7265ad2c9e053bfaa083f53749e5bf7301987284a
                                        
                                            GET /global/js/jquery.js HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Mon, 09 Sep 2019 19:51:18 GMT
ETag: "15850-592241c7dbe75-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=2592000, public
Content-Length: 30675
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30675
Md5:    e26795ac1369d6d3fd6e6b165428448f
Sha1:   29fc3c7e89bfafa2f759e13bc51c44ada83f3221
Sha256: fd3a1b4234a1f5d0d1e47881e39a7f49ec05078ee2bf9a8d412b3efc1d4f762b
                                        
                                            GET /v2/tune.js HTTP/1.1 
Host: js.go2sdk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.63
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 17921
last-modified: Wed, 06 Jan 2021 18:55:14 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:05:20 GMT
etag: "074c9e70b17ef9db8aced963fef4e2d9"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: u1OKxwQAo2hHWu-M6Sq2COuwi1RmDFfZGaJ-Z9dXEaAeT5it36V80A==
age: 5220
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7486)
Size:   17921
Md5:    074c9e70b17ef9db8aced963fef4e2d9
Sha1:   caa1063a824083eb483f25bfab3e7aade3441bcd
Sha256: cca8ce472cbf8c44acf7ac24067c2d6075acd1e0cd4c9003de6055289ac5c68a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4608
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:19 GMT
Last-Modified: Thu, 29 Sep 2022 05:15:31 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4608
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:19 GMT
Last-Modified: Thu, 29 Sep 2022 05:15:31 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /images/logo-tpss-moon2.png HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Tue, 05 May 2020 15:11:01 GMT
ETag: "1f3c-5a4e80e3b4beb-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Content-Length: 7990
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 448 x 93, 8-bit/color RGBA, non-interlaced\012- data
Size:   7990
Md5:    8360532417526dae50a73de25364348c
Sha1:   7a850905a9736657e8f76bb3d6a4859dc504e05f
Sha256: c42a73b4ffe4bdc105571cb9c09ee394b84395c1652ac31cb6a4a82980baee47
                                        
                                            GET /images/btn-close.png HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Wed, 31 Jan 2018 19:20:53 GMT
ETag: "9a8-5641760b42f40-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Content-Length: 2212
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 30 x 31, 8-bit/color RGBA, non-interlaced\012- data
Size:   2212
Md5:    ef7578dd693e23219a00ba8d8e9ad2cf
Sha1:   0342aab5ae4f462c7e57e8e3bb587185bb326a06
Sha256: 6c2260745e7c3720cfabf39a4cab47c4eb50fd0d150601ae893c2a6912e26b0c
                                        
                                            GET /images/ajax-loader-3.gif HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Wed, 31 Jan 2018 19:20:52 GMT
ETag: "f6f-5641760a4ed00-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Content-Length: 3453
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 128 x 15\012- data
Size:   3453
Md5:    ccb089834f9fd4d09ab89da2a4e18c8f
Sha1:   822d59c255d821e181fb337f292d3976962de658
Sha256: 877575d7351d6eaadc3ceeb2dad0d5f678a6759910c24841c78b0ef7856025b3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/next-step-gold.png HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Thu, 07 May 2020 18:03:14 GMT
ETag: "466a-5a512b1cfb4c2-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  PNG image data, 931 x 260, 8-bit colormap, non-interlaced\012- data
Size:   18006
Md5:    e7ad85e2a85bda776f57f096bc2b4daa
Sha1:   2cad70181a65c5556d115736d0a5e3d4b096170e
Sha256: 974206ab05995e5ab54752b167b635b7a5d394cb31a1bf9b6f799121de558dd0
                                        
                                            GET /images/as-seen-on.jpg HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Thu, 08 Apr 2021 19:36:15 GMT
ETag: "597c-5bf7b291e82d1-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Content-Length: 15954
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=72, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=700], baseline, precision 8, 636x72, components 3\012- data
Size:   15954
Md5:    ff8ddf33c05acd43ed65aa38113344f9
Sha1:   ed1d91dee0a953792d59920114b35827b0fa1ae6
Sha256: 5f3a642650f479f25eb9c44b37cfba5f340b76c63acc9369baaf62487e6204f0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
age: 390654
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 18:59:14 GMT
expires: Tue, 26 Sep 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 214385
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Size:   47952
Md5:    17b406b7b8caa297435fa358e194f5a1
Sha1:   e2132f0e97781af56fa966c0fabb49132f2af203
Sha256: 84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:19 GMT
Last-Modified: Thu, 29 Sep 2022 05:29:18 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aBvGTlgisvzUD-hNMl4Mz4sRUJfo1gFFCy-aHmVpy9i6Bq49_dK1-A==
Age: 3781

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "59069C4BFE650544C56FE0889A983085AE88EAC66C745A94E4AEDD9BEFAE8900"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21447
Expires: Thu, 29 Sep 2022 12:29:46 GMT
Date: Thu, 29 Sep 2022 06:32:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C64C9EF21FC85A4AB6A1071306F96714683228FB233116D9EFD24D284FA4CA46"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18510
Expires: Thu, 29 Sep 2022 11:40:50 GMT
Date: Thu, 29 Sep 2022 06:32:20 GMT
Connection: keep-alive

                                        
                                            GET /IPN2/visits_pixel.php?tid=affiliati&cid=517524347|10362|XMlaefkkrmq&ip=168430334&domain=93 HTTP/1.1 
Host: primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 29 Sep 2022 06:32:20 GMT
Server: Apache
Access-Control-Allow-Origin: *
Vary: User-Agent,Accept-Encoding
Set-Cookie: PubVisit=201830428; expires=Fri, 30-Sep-2022 06:32:20 GMT; Max-Age=86400; path=/ MasterTid=affiliati; expires=Fri, 29-Sep-2023 06:32:20 GMT; Max-Age=31536000; path=/
Content-Encoding: gzip
Content-Length: 527
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 1x1, components 3\012- data
Size:   527
Md5:    00b62c6b9684fadb5407aaf99a77fbe7
Sha1:   f16a5742ef54501dacf8e106a66c2161b02a5d47
Sha256: 216394359a8d5ff2d18fc7d719ba061fa3791881dca92be8f6868dbf50a997f9
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:20 GMT
Last-Modified: Thu, 29 Sep 2022 05:31:14 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xaLQfjPNSInHvaa3uB_hvsImhmGFjTh1pAN-IU3t9udhaojPRiK3Aw==
Age: 3666

                                        
                                            GET /js.js HTTP/1.1 
Host: vibranthealthnetwork.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.101
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:20 GMT
Server: Apache
Last-Modified: Fri, 18 Feb 2022 16:47:40 GMT
ETag: "0-5d84da417f2e2"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:20 GMT
Last-Modified: Thu, 29 Sep 2022 04:54:14 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _ynUAa9kyhOwP6vUfetGaZ5cqkLQSq5Rq-hf5niF1nROwSaGqj7oIA==
Age: 5886

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:20 GMT
Last-Modified: Thu, 29 Sep 2022 05:11:58 GMT
Server: ECS (bsa/EB18)
X-Cache: Miss from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UnJGOW8_rIr54zXFu01T7lzuDCY_ojGNKPeEYEd1T25HPeoJLyQsHw==
Age: 4822

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:20 GMT
Last-Modified: Thu, 29 Sep 2022 04:43:39 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: O5wPdQyHjTBMMbBPE-OnUabLnn6wlAz5X1LCgjk_54nf6QmKXktlpw==
Age: 6521

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:20 GMT
Last-Modified: Thu, 29 Sep 2022 05:01:53 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LUAULu9OKySLJrQTHsNfu4figPN2OyZbOmroeFTn9o-rEAzmZJVPLg==
Age: 5427

                                        
                                            GET /api/telemetry?a=1279333676&te=type&te=data&te=cm&te=eventPropertiesTelemetry%20-%20added%20new%20properties&te=val&te=1&st=1664433137106&hv=4.18.4 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /api/add_user_properties_v3?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&_Last%20TID=affiliati&st=1664433137165 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /api/add_user_properties_v3?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&_Last%20FID=1662&st=1664433137165 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /h?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&sp=z&sp=0&sp=ts&sp=1664433137161&sp=d&sp=refineyoursleep.com&sp=h&sp=%2Fnews%2F1662%2Fvideo_sr_mb&sp=t&sp=Special%20Offer&sp=q&sp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=d&pp=refineyoursleep.com&pp=q&pp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=h&pp=%2Fnews%2F1662%2Fvideo_sr_mb&pp=t&pp=Special%20Offer&pp=ts&pp=1664433137161&id0=2341289381479821&k0=FID&k0=1662&k0=TID&k0=affiliati&k0=CID%20Part%201&k0=517524347&k0=CID%20Part%202&k0=10362&k0=CID%20Part%203&k0=XMlaefkkrmq&k0=Page&k0=%2Fnews%2F1662%2Fvideo_sr_mb&t0=Video%20-%20Load%20Started&ts0=1664433137114&st=1664433137164 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /h?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&z=0&h=%2Fnews%2F1662%2Fvideo_sr_mb&q=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&d=refineyoursleep.com&t=Special%20Offer&k=FID&k=1662&k=TID&k=affiliati&k=CID%20Part%201&k=517524347&k=CID%20Part%202&k=10362&k=CID%20Part%203&k=XMlaefkkrmq&ts=1664433137161&st=1664433137162 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /api/add_user_properties_v3?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&_Last%20IP=91.90.42.154&st=1664433137165 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /cp/obtp.js HTTP/1.1 
Host: amplify.outbrain.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.201.81
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Accept-Ranges: bytes
ETag: "51de2e10510f823326f9b30ea6068a2a:1655820557.452892"
Last-Modified: Tue, 21 Jun 2022 14:06:31 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Thu, 29 Sep 2022 06:52:20 GMT
Date: Thu, 29 Sep 2022 06:32:20 GMT
Content-Length: 3249
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (8072), with no line terminators
Size:   3249
Md5:    9b19340ef7db3cbb26aa923adb8dbe6e
Sha1:   082e699bca6e80ca6c72a43f2894f4a32e785e26
Sha256: c042b8b199b2c08fa66f90753998544860e3f64c3a1f47754a66970b3b8c5b2a
                                        
                                            GET /wi/ytc.js HTTP/1.1 
Host: s.yimg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.125.94.204
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TXEHCovb7BvrM0h0lZ0ZLhRuDUYjUVL2SDcEsSimaFMn84dd0BbD6crNCSWjGy7BJ7Edh38wIfw=
x-amz-request-id: VVJN7W6EQES283TV
date: Thu, 29 Sep 2022 05:58:43 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 2018
content-length: 5929
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16553), with no line terminators
Size:   5929
Md5:    2f6a1b8a4843f74a5ba54c055fcb3850
Sha1:   919a5f9166f3f9c73803cebd312ad016570a30d8
Sha256: 1b6439153633e4e2dc23c743e14218931c1b4912bc7a3ad64bfee1d2d6982f50
                                        
                                            GET /libtrc/unip/1074154/tfa.js HTTP/1.1 
Host: cdn.taboola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.44
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
x-amz-id-2: uVQ2Kp74w7SzLQaocn4yD7nrS8EoQgrxcXzAax/5Sh08E7bYDQdS2wVYjDeobkxe86UsT9JhVtc=
x-amz-request-id: TN60AKKVQKZMK3JE
x-amz-replication-status: COMPLETED
last-modified: Sun, 25 Sep 2022 11:08:34 GMT
etag: "5b862c6b3d457db51a45eceece43ecb7"
x-amz-version-id: ICU6ksb_DdYxGnEl5jMVj3IMB18crXyP
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Thu, 29 Sep 2022 06:32:20 GMT
via: 1.1 varnish
age: 3960
x-served-by: cache-bma1634-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664433140.407381,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 82
content-length: 17962
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (58509)
Size:   17962
Md5:    ef4ef43e7287b3187c204296a0dcbbfe
Sha1:   99088f063958ecceb269bbb5610488faacbf6c9f
Sha256: 3a79bc527e0b7354c7a83d22590eb0a6285a6a08526f915bca080e4cbbe9cbe8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Thu, 29 Sep 2022 04:41:09 GMT
expires: Thu, 29 Sep 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 6671
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /bat.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         204.79.197.200
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: private,max-age=1800
content-length: 11367
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=0B9462957ECE68A03B1B70BB7F3B6940; domain=.bing.com; expires=Tue, 24-Oct-2023 06:32:20 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 570B578E418341E89C58A09190BBE85A Ref B: OSL30EDGE0117 Ref C: 2022-09-29T06:32:20Z
date: Thu, 29 Sep 2022 06:32:20 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size:   11367
Md5:    293ae3e0fc8b0d5c143fdf9d8490228d
Sha1:   3976c659b908e70818a3a1ac71860b497fe2d1a9
Sha256: 04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /global/img/faviconsr.ico HTTP/1.1 
Host: cdn.primalhealthcrm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.124.27.105
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Thu, 29 Sep 2022 06:32:20 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, origin, x-requested-with, content-type
Last-Modified: Mon, 04 May 2020 20:18:39 GMT
ETag: "3aee-5a4d83c8bb740-gzip"
Accept-Ranges: bytes
Vary: User-Agent,Accept-Encoding
Cache-Control: max-age=2592000, public
Content-Encoding: gzip
Content-Length: 3464
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   3464
Md5:    47b8dabcc032d70ca57687a54013e4ac
Sha1:   ec2b12d1a96a5075c7b32515ef04b7aa35e537cb
Sha256: 3590aa9018469eaa96de8fab05681fb94f886b9d75d9b86d68126c9eb6f5b910
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         192.124.249.41
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Thu, 29 Sep 2022 06:32:20 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 28 Sep 2022 21:32:48 GMT
Expires: Thu, 29 Sep 2022 21:32:48 GMT
ETag: "92559ccfe237539d123b29085708666e45a620e0"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1778
Md5:    91aeda53c7726ce8e29cc1eb871e6315
Sha1:   92559ccfe237539d123b29085708666e45a620e0
Sha256: bec8494b8bc023d54056e2b8d68d6887f3c8079e00e1483ee24587e1b28e7400
                                        
                                            GET /c/hotjar-1796349.js?sv=5 HTTP/1.1 
Host: static.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.37
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/63e0d322332d1ce55d017c62a59bdec3
strict-transport-security: max-age=604800; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wYtqWhCVfBEstXUuJujxpH3VgO_VgHKJdmpln5xjmuBv7vvABcSzRA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3790)
Size:   2196
Md5:    a9d4418a45ce60e79d585e547aa1c65e
Sha1:   25a6ca6d9a9cb7cc3327b5d50a453cbc6024bcd9
Sha256: 1f486fac77a4538ce3c7c6048eb67e1753f6ad3a1bf9ba0a6b4ce459e30cc58e
                                        
                                            GET /box-69edcc3187336f9b0a3fbb4c73be9fe6.html HTTP/1.1 
Host: vars.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.105
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1044
date: Wed, 07 Sep 2022 09:17:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified: Wed, 07 Sep 2022 09:16:57 GMT
strict-transport-security: max-age=604800; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VSltGLCl_UIm5X4h9K8ttkZI58Qijn9Grdl8KoIG0kgsdCqBa0Z65A==
age: 1890913
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Size:   1044
Md5:    f6a9ca04b0687ea3c0d98e8430c8c77b
Sha1:   35503b2deb23091a9a9c6c68d4020dbdf879588e
Sha256: 8e4328ecb6b395499567369e3c227231dbdaf361f43ce315934d7a2a3abbed41
                                        
                                            GET /h?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&sp=ts&sp=1664433137161&sp=d&sp=refineyoursleep.com&sp=h&sp=%2Fnews%2F1662%2Fvideo_sr_mb&sp=q&sp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=d&pp=refineyoursleep.com&pp=q&pp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=h&pp=%2Fnews%2F1662%2Fvideo_sr_mb&pp=t&pp=Special%20Offer&pp=ts&pp=1664433137161&id0=5483607258049077&k0=FID&k0=1662&k0=TID&k0=affiliati&k0=CID%20Part%201&k0=517524347&k0=CID%20Part%202&k0=10362&k0=CID%20Part%203&k0=XMlaefkkrmq&k0=Page&k0=%2Fnews%2F1662%2Fvideo_sr_mb&t0=Video%20-%20Load%20Complete&ts0=1664433138067&st=1664433138068 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            GET /api/telemetry?a=1279333676&te=type&te=data&te=cm&te=eventPropertiesTelemetry%20-%20added%20new%20properties&te=val&te=1&st=1664433137112&hv=4.18.4 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            POST /analytics HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1257
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:20 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            GET /awesome-log?cid=DOBezDQw HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: image/gif
                                        
server: istio-envoy
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 43
cache-control: no-cache, public, max-age=2592000
etag: "DOBezDQw/hKpck7yGvgTnp7lI"
access-control-expose-headers: Access-Control-Allow-Origin, Cache-Control, ETag, etag
access-control-allow-headers: Accept, Content-Type, Origin, Range, X-Requested-With
access-control-allow-methods: GET, POST, PUT, OPTIONS
x-envoy-upstream-service-time: 20
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    57f187c7a868faeac558007a8eb6cb2e
Sha1:   11ab10ab109fdb53d91d444ac781101f5a6360c6
Sha256: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
                                        
                                            POST /licensing HTTP/1.1 
Host: licensing.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 150
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         35.227.229.24
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
date: Thu, 29 Sep 2022 06:32:20 GMT
content-length: 165
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   165
Md5:    bad32d07dc1ad9e3d334785067afbf34
Sha1:   653f8f612c6646daae0122b3b27e2c11486f86a4
Sha256: 41d9103b84690ae5330f1de907c91f6964d58cbb449887cf1bb0e13475dc0638
                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         192.124.249.41
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Thu, 29 Sep 2022 06:32:21 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 28 Sep 2022 21:32:48 GMT
Expires: Thu, 29 Sep 2022 21:32:48 GMT
ETag: "92559ccfe237539d123b29085708666e45a620e0"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1778
Md5:    91aeda53c7726ce8e29cc1eb871e6315
Sha1:   92559ccfe237539d123b29085708666e45a620e0
Sha256: bec8494b8bc023d54056e2b8d68d6887f3c8079e00e1483ee24587e1b28e7400
                                        
                                            GET /modules.cf44a0a6b448df1b035e.js HTTP/1.1 
Host: script.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.96
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 66148
date: Wed, 28 Sep 2022 11:37:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "5f131c93ccff63ccc86d0067d0eebf99"
last-modified: Wed, 28 Sep 2022 11:36:53 GMT
strict-transport-security: max-age=604800; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TyI_EapoMPKS9Ll07SYHE-6xaAP68wKvCAx1q-Ta5W6-aRW2RL9t5g==
age: 68115
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (48714)
Size:   66148
Md5:    5f131c93ccff63ccc86d0067d0eebf99
Sha1:   a599898399783be0db5f757c043b828a0726deec
Sha256: 91980f4223c639c3849139a6e692ccf10310f0b57d74b403198af020fc7398a2
                                        
                                            GET /action/0?ti=11042310&Ver=2&mid=bb9b269a-8ca5-461e-9255-90dc6ace9369&sid=76e949e03fc011edae30ffde97659114&vid=76e948703fc011ed89050936891e5292&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Special%20Offer&p=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&r=&lt=2865&evt=pageLoad&sv=1&rn=417865 HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         204.79.197.200
HTTP/2 204 No Content
                                        
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=36A73766D67B67A610FD2548D78E6629; domain=.bing.com; expires=Tue, 24-Oct-2023 06:32:21 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DF3CD16BCF71417B986F2E06E9F29C78 Ref B: OSL30EDGE0117 Ref C: 2022-09-29T06:32:21Z
date: Thu, 29 Sep 2022 06:32:21 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-58496902-46&cid=260719434.1664433138&jid=1462037621&gjid=196322115&_gid=898740492.1664433138&_u=YGBAgEABAAAAAE~&z=2034161245 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.165.157
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://refineyoursleep.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 29 Sep 2022 06:32:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            GET /a-060r.min.js HTTP/1.1 
Host: b-code.liadm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.58
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 13:56:34 GMT
cache-control: public, max-age=86400
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YadCpy8cbvx4LmzJaj_3_2LLDEvOv83gxcXRKS68zqm9FraedHNOKw==
age: 59746
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (28096), with CRLF, LF line terminators
Size:   11125
Md5:    819a5a160f4985b4f15e11e7eabc4b4d
Sha1:   74187a36d9c7ca2643e04cee05dda3c3d8e39ef6
Sha256: 2a49d76d1aeb2862ba397d9ff2b2198fb10776ba9070678d964b810c1bba562d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wi/config/10012620.json HTTP/1.1 
Host: s.yimg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         188.125.94.204
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: YBV68S4CPWAQD7J3
x-amz-id-2: 5KucWIlsToTvfBQIndDw23KhYeHI+az+ottBC2Yab1phJ7LdglZD3Pp9VlRZW7DmVnk0N+oNfH8=
date: Thu, 29 Sep 2022 06:32:20 GMT
server: ATS
referrer-policy: no-referrer-when-downgrade
cache-control: public,max-age=3600
age: 1
content-encoding: gzip
content-length: 22
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   22
Md5:    14293ad9ad0ffaf9f7a3acf1b0793b66
Sha1:   718dea6b65b9516e5e33fac53451056397deb255
Sha256: 73a1b438b0221511fb3dde18e019f5ab045811b2248d25d424e40980c683a9dc
                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3737
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:21 GMT
Last-Modified: Thu, 29 Sep 2022 05:30:04 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6427
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:21 GMT
Last-Modified: Thu, 29 Sep 2022 04:45:14 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-58496902-46&cid=260719434.1664433138&jid=1462037621&_u=YGBAgEABAAAAAE~&z=1313541809 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 06:32:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-58496902-46&cid=260719434.1664433138&jid=1462037621&_u=YGBAgEABAAAAAE~&z=1313541809 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 06:32:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /tag/uet/11042310 HTTP/1.1 
Host: www.clarity.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         13.107.246.53
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: no-cache, no-store
content-length: 1495
expires: -1
set-cookie: CLID=d2ea5139f5374d19b3111fcac2c97be7.20220929.20230929; expires=Fri, 29 Sep 2023 06:32:21 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 09Ts1YwAAAAAdZnr49j8OR7gV+WMbjDM4U1ZHMjBFREdFMDUxNQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 29 Sep 2022 06:32:20 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1495), with no line terminators
Size:   1495
Md5:    63edddac7b1c3174affbe17ad478f79f
Sha1:   9a9cf8d41aeb51094caa7540263d844b3c397afa
Sha256: 93fe663d51a6192745091a67ca50b63b5d1539c5d6a60dccc3cda6f495db2b0c
                                        
                                            GET /j?dtstmp=1664433138075&aid=a-060r&se=e30&duid=4e7568173087--01ge3z4a8xznf1qzsj6a9g541j&tna=v2.4.2&pu=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlIGNsYXNzPSJzd2l0Y2hGYXZUaXRsZSI-U3BlY2lhbCBPZmZlcjwvdGl0bGU-PGgxIGNsYXNzPSJoZWFkbGluZSI-SG93IFRvIFB1dCBBbiBFbmQgVG8gU2xlZXBsZXNzIE5pZ2h0cyBBbmQgR3JvZ2d5IE1vcm5pbmdzIEJ5IFNpbXBseSBSZWFjdGl2YXRpbmcgWW91ciBCcmFpbuKAmXMg4oCcU2xlZXAgWm9uZeKAnTwvaDE- HTTP/1.1 
Host: rp.liadm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.235.93.114
HTTP/2 302 Found
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 0
trace-id: 72f21b5f734ea1be
vary: Origin
location: /j?dtstmp=1664433138075&aid=a-060r&se=e30&duid=4e7568173087--01ge3z4a8xznf1qzsj6a9g541j&tna=v2.4.2&pu=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlIGNsYXNzPSJzd2l0Y2hGYXZUaXRsZSI-U3BlY2lhbCBPZmZlcjwvdGl0bGU-PGgxIGNsYXNzPSJoZWFkbGluZSI-SG93IFRvIFB1dCBBbiBFbmQgVG8gU2xlZXBsZXNzIE5pZ2h0cyBBbmQgR3JvZ2d5IE1vcm5pbmdzIEJ5IFNpbXBseSBSZWFjdGl2YXRpbmcgWW91ciBCcmFpbuKAmXMg4oCcU2xlZXAgWm9uZeKAnTwvaDE-&n3pc=true
set-cookie: lidid=4567eb03-af99-4169-ae55-be42c2f6bc1b; Max-Age=63072000; Expires=Sat, 28 Sep 2024 06:32:21 GMT; SameSite=None; Path=/; Domain=.liadm.com; Secure; HTTPOnly
request-time: 1
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://refineyoursleep.com
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
X-Firefox-Spdy: h2

                                        
                                            GET /unifiedPixel?marketerId=00c8cb59043e91fe98cbb336c2f007ab19&obApiVersion=1.0&obtpVersion=1.8.2&name=PAGE_VIEW&dl=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&optOut=false&bust=009596332978630329&referrer= HTTP/1.1 
Host: tr.outbrain.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         64.202.112.159
HTTP/1.1 200 OK
Content-Type: image/gif;
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Content-Length: 60
Cache-Control: no-cache
X-TraceId: 2cf056e2167cac1b3aa6644c7ab518b3
content-encoding: gzip


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   60
Md5:    fb0fc5c090282e372b8bf8ff13ae3ee2
Sha1:   2de3834253ece606ce4d2a6f10a59654b6fa378b
Sha256: 90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 29 Sep 2022 06:32:21 GMT
Last-Modified: Thu, 29 Sep 2022 05:15:27 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 87cocAYFQjs3oDR55rwxFwPrVPjhhh5A1_idIeEKHMBsWOa287QXDg==
Age: 4614

                                        
                                            GET /video/DOBezDQw/HUjuKumKcypbkfn0/61240/52296/stream.mpd HTTP/1.1 
Host: fast.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.139.128.11
HTTP/2 200 OK
content-type: application/dash+xml
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
accept-ranges: bytes
content-length: 2621
x-hw: 1664433140.cds024.sk1.hn,1664433140.cds209.sk1.s,1664433140.dop008.la3.r,1664433141.cds233.la3.c,1664433141.cds209.sk1.p
x-cdn: 4
x-guploader-uploadid: ADPycduTbMyTxukQYnyfyFWwgrdVm5UstvL7Et5a_o39NNAF3-oPtEk10dRaXk-Xy5AVBhEKd3_aw7fswQs57SEJw9Vz7RP_KYwv
cache-control: public, max-age=31104000
etag: "fcc3e08cedb8dbcc572faabcaeabcb5d"
x-goog-generation: 1648481768937712
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2621
x-goog-hash: crc32c=PHLYVA==, md5=/MPgjO2428xXL6q8rqvLXQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
last-modified: Mon, 28 Mar 2022 15:36:09 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  XML 1.0 document text\012- XML document, ASCII text
Size:   2621
Md5:    fcc3e08cedb8dbcc572faabcaeabcb5d
Sha1:   053815266a8db8be691059018e26970d762ab0e0
Sha256: cc01f3a2d5c3e1f61d05f4765942eac8d658eb6c3e65c57464da4ab2995f24ad
                                        
                                            GET /cachedClickId?marketerId=00c8cb59043e91fe98cbb336c2f007ab19 HTTP/1.1 
Host: tr.outbrain.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         64.202.112.159
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 29 Sep 2022 06:32:21 GMT
Content-Length: 56
X-TraceId: 146785059ac7ea77dafd4da860803c59
content-encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   56
Md5:    77fbe8ab311fa20557d95906363035ed
Sha1:   5806df80f09a37e070d5f37c49f19797c2763fd0
Sha256: 4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
                                        
                                            GET /sp.pl?a=10000&d=Thu%2C%2029%20Sep%202022%2006%3A32%3A18%20GMT&n=0&b=Special%20Offer&.yp=10012620&f=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&enc=UTF-8&yv=1.13.0 HTTP/1.1 
Host: sp.analytics.yahoo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         212.82.100.181
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
expires: Thu, 29 Sep 2022 06:32:21 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPU7NWMCEIZOV4GEbaWu8Gf0EPCzb6sFEgEBAQGNNmM_YwAAAAAA_eMAAA&S=AQAAAvn3MzJw81TimC7pS1GGu-c; Expires=Fri, 29 Sep 2023 12:32:21 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    bff56ce49dd485d195fdfa0a02342568
Sha1:   74fb4071deab7d3ab083562067b735df32c43397
Sha256: 0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
                                        
                                            GET /j?dtstmp=1664433138075&aid=a-060r&se=e30&duid=4e7568173087--01ge3z4a8xznf1qzsj6a9g541j&tna=v2.4.2&pu=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlIGNsYXNzPSJzd2l0Y2hGYXZUaXRsZSI-U3BlY2lhbCBPZmZlcjwvdGl0bGU-PGgxIGNsYXNzPSJoZWFkbGluZSI-SG93IFRvIFB1dCBBbiBFbmQgVG8gU2xlZXBsZXNzIE5pZ2h0cyBBbmQgR3JvZ2d5IE1vcm5pbmdzIEJ5IFNpbXBseSBSZWFjdGl2YXRpbmcgWW91ciBCcmFpbuKAmXMg4oCcU2xlZXAgWm9uZeKAnTwvaDE-&n3pc=true HTTP/1.1 
Host: rp.liadm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Referer: https://refineyoursleep.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.235.93.114
HTTP/2 200 OK
content-type: application/json
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 13
trace-id: e4068c159392bea8
vary: Origin
request-time: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-pixel-event-id: 755aebf1-b938-4232-a5c0-749d30ccd1c2
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://refineyoursleep.com
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   13
Md5:    97efe0b7ee61e154d57e80758bb797d8
Sha1:   810b4e115fe9f5ae697666febf2a9abf0b21c9ec
Sha256: efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
                                        
                                            POST /analytics/error HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 524
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:21 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            POST /analytics HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1836
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:21 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            POST /analytics/error HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 513
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:21 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            GET /eus2/s/0.6.41/clarity.js HTTP/1.1 
Host: www.clarity.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.246.53
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
                                        
cache-control: public,max-age=86400
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8d107429df470"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 09Ts1YwAAAADuzYZ7tyWRRovpCe89W+DzU1ZHMjBFREdFMDUxNQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 29 Sep 2022 06:32:20 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (54809)
Size:   23509
Md5:    1a7d206cf77e52160f7d49ab1c167fe5
Sha1:   08d824c483c1a2428bdc4e583d61a5ca8d1afb74
Sha256: 5404eb1ed3f4542d873f4e0610572ad480353446ea8e6f7e2bb76034cf051652
                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 408
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 16
x-envoy-upstream-service-time: 1
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            GET /h?a=1279333676&u=5116957712927322&v=712420121134751&s=567344750806354&b=web&tv=4.0&sp=ts&sp=1664433137161&sp=d&sp=refineyoursleep.com&sp=h&sp=%2Fnews%2F1662%2Fvideo_sr_mb&sp=q&sp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=d&pp=refineyoursleep.com&pp=q&pp=%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq&pp=h&pp=%2Fnews%2F1662%2Fvideo_sr_mb&pp=t&pp=Special%20Offer&pp=ts&pp=1664433137161&id0=2805926485646633&k0=FID&k0=1662&k0=TID&k0=affiliati&k0=CID%20Part%201&k0=517524347&k0=CID%20Part%202&k0=10362&k0=CID%20Part%203&k0=XMlaefkkrmq&k0=Page&k0=%2Fnews%2F1662%2Fvideo_sr_mb&t0=Video%20-%20Played&ts0=1664433138975&st=1664433138977 HTTP/1.1 
Host: heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         44.206.92.210
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 37
server: nginx
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma: no-cache
etag: W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   37
Md5:    3eacd0132310ea44cad756b378a3bc07
Sha1:   e2216a7e9b73f5cb0279351c78ce61c33475cea7
Sha256: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
                                        
                                            POST /analytics HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1827
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:21 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 541
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 16
x-envoy-upstream-service-time: 1
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            GET /c.gif HTTP/1.1 
Host: c.clarity.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         20.234.93.27
HTTP/2 302 Found
                                        
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=2D3F6A5D3E34486A9B0A4F7913411C9B&RedC=c.clarity.ms&MXFR=04E98CBDD14063E73DE19E93D5406DC3
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure; MUID=04E98CBDD14063E73DE19E93D5406DC3; domain=.clarity.ms; expires=Tue, 24-Oct-2023 06:32:22 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 541
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 16
x-envoy-upstream-service-time: 1
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            GET /c.gif?CtsSyncId=2D3F6A5D3E34486A9B0A4F7913411C9B&RedC=c.clarity.ms&MXFR=04E98CBDD14063E73DE19E93D5406DC3 HTTP/1.1 
Host: c.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://refineyoursleep.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         204.79.197.200
HTTP/2 302 Found
                                        
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=2D3F6A5D3E34486A9B0A4F7913411C9B&MUID=3AC74AB53FA966230A1C589B3E5C6790
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=3AC74AB53FA966230A1C589B3E5C6790; domain=c.bing.com; expires=Tue, 24-Oct-2023 06:32:22 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F92CECABECBF401088D48AD71514CE71 Ref B: OSL30EDGE0117 Ref C: 2022-09-29T06:32:22Z
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 524
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 16
x-envoy-upstream-service-time: 0
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            GET /c.gif?CtsSyncId=2D3F6A5D3E34486A9B0A4F7913411C9B&MUID=3AC74AB53FA966230A1C589B3E5C6790 HTTP/1.1 
Host: c.clarity.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://refineyoursleep.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         20.234.93.27
HTTP/2 200 OK
content-type: image/gif
                                        
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
accept-ranges: bytes
etag: "8d3298b0aac7d81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Thu, 29-Sep-2022 06:42:22 GMT; path=/; SameSite=None; Secure;
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 42
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    32023bb33cfb2a1990a4ef2d85b6ac16
Sha1:   23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
Sha256: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 513
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 16
x-envoy-upstream-service-time: 1
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            POST /scribe HTTP/1.1 
Host: stats.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 255
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         107.178.211.97
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-methods: POST,OPTIONS
date: Thu, 29 Sep 2022 06:32:22 GMT
content-length: 16
x-envoy-upstream-service-time: 0
access-control-allow-origin: *
server: istio-envoy
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   16
Md5:    a1cbd35d4488ac8cc6f959d4c633dc37
Sha1:   11844023759429ec785ae1c18e6a9c69803ee2bd
Sha256: 707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c
                                        
                                            GET /1074154/log/3/unip?en=pre_d_eng_tb&tos=1586&scd=100&ssd=1&est=1664433137985&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1664433139574&vi=1664433137983&ri=fcb97d14586c4cb905c18026a18086a0&ref=null&cv=20220922-16-RELEASE&item-url=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq HTTP/1.1 
Host: trc-events.taboola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         141.226.228.48
HTTP/2 204 No Content
                                        
server: nginx
date: Thu, 29 Sep 2022 06:32:22 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://refineyoursleep.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

                                        
                                            POST /collect HTTP/1.1 
Host: b.clarity.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 121783
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         20.75.32.255
HTTP/2 204 No Content
                                        
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://refineyoursleep.com
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Thu, 29 Sep 2022 06:32:22 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /1074154/log/3/unip?en=pre_d_eng_tb&tos=4588&scd=100&ssd=1&est=1664433137985&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1664433142575&vi=1664433137983&ri=fcb97d14586c4cb905c18026a18086a0&ref=null&cv=20220922-16-RELEASE&item-url=https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq HTTP/1.1 
Host: trc-events.taboola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.226.228.48
HTTP/2 204 No Content
                                        
server: nginx
date: Thu, 29 Sep 2022 06:32:25 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://refineyoursleep.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2

                                        
                                            POST /analytics HTTP/1.1 
Host: analytics-ingress-global.bitmovin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1806
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.190.27.197
HTTP/2 204 No Content
content-type: application/json
                                        
server: v1.53.1
date: Thu, 29 Sep 2022 06:32:25 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

                                        
                                            GET /video/DOBezDQw/fE3hsU0RSw93Dcuo/img/thumbnail/1overlay-opt-3-5ff7a5bd71d7b.gif HTTP/1.1 
Host: fast.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.139.128.11
HTTP/2 200 OK
content-type: image/gif
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
content-length: 352025
last-modified: Fri, 08 Jan 2021 00:22:21 GMT
accept-ranges: bytes
x-guploader-uploadid: ADPycdvRb1ru04hREDdAdUbqvCMsgYiRnH577Q8yPoSs7dDBHPx5otQZfjwR8wzu09726t44AZX1qR8UvuTguDmNbCSiQtPWi5m0
x-goog-generation: 1610065341644167
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 352025
x-goog-hash: crc32c=7Q3i8g==, md5=HhONN/pfuaDSo3CBd09V9g==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
cache-control: public, max-age=31104000
etag: "1e138d37fa5fb9a0d2a37081774f55f6"
age: 1120
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-hw: 1664433141.cds258.sk1.hn,1664433141.cds261.sk1.c
x-cdn: 4
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 
Host: stackpath.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.10.207
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Thu, 29 Sep 2022 06:32:19 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 9879893
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7522ae533f38b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/heap-1279333676.js HTTP/1.1 
Host: cdn.heapanalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.113
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Thu, 29 Sep 2022 06:31:50 GMT
server: nginx
etag: W/"1b5ce-6tWSLi2bR3oFWBbvyjUG6w"
cache-control: public, max-age=120
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: _Xvss4KExDSY7CsSPq5H0tGdpf7IBP63GqzKQ_lAAjiFUOnqXluKEw==
age: 29
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /api/v2/client/sites/1796349/visit-data?sv=5 HTTP/1.1 
Host: in.hotjar.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 131
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.76.60.60
HTTP/2 200 OK
content-type: application/json
                                        
date: Thu, 29 Sep 2022 06:32:21 GMT
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1074154/trc/3/json?tim=1664433137990&data=%7B%22id%22%3A47%2C%22ii%22%3A%22%2Fnews%2F1662%2Fvideo_sr_mb%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1664433137983%2C%22cv%22%3A%2220220922-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-dianeprimalhealthlpcom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1664433137989%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Frefineyoursleep.com%2Fnews%2F1662%2Fvideo_sr_mb%3Ftid%3Daffiliati%26cid%3D517524347%7C10362%7CXMlaefkkrmq%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A100%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1 
Host: trc.taboola.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.44
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Thu, 29 Sep 2022 06:32:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1634-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664433141.112837,VS0,VE94
vary: Accept-Encoding
x-vcl-time-ms: 94
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /embeds/DOBezDQw/1q01xpVeThenmcsk/player-dash-mse.min.js HTTP/1.1 
Host: fast.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://refineyoursleep.com
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.139.128.11
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 29 Sep 2022 06:32:19 GMT
last-modified: Thu, 25 Aug 2022 13:58:52 GMT
accept-ranges: bytes
x-guploader-uploadid: ADPycdu8s8LV1U7QoFP5VGY5tLsMXrWR2lknZMH8kbUxLb-yzv8q9cOrhj_um_Gc8YsHIvczH69IL7sXhawCqb48-sRjig
x-goog-generation: 1661435932011405
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 494002
x-goog-hash: crc32c=UKYPmw==, md5=ItdUsAMIIjlekR3SAWI23g==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type, x-hw, server, x-cdn, x-cdn-info
server: UploadServer
cache-control: public, max-age=300, s-maxage=2592000
etag: "22d754b0030822395e911dd2016236de"
age: 993
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-cdn: 4
content-encoding: gzip
x-hw: 1664433139.cds024.sk1.hn,1664433139.cds024.sk1.hc,1664433139.cds253.sk1.c,1664433139.cds024.sk1.sl
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /embeds/DOBezDQw/1q01xpVeThenmcsk/loader.min.js HTTP/1.1 
Host: fast.vidalytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.139.128.11
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 29 Sep 2022 06:32:19 GMT
expires: Sat, 29 Oct 2022 06:32:19 GMT
x-guploader-uploadid: ADPycdtIzdCGun0BCiVoK1Ahd4wkqeCBZnEF45XK0nsLvQ64CzGs6_fQ63Nh_uiIySDKWrtTprjHKyDz8yfdL8lZLJuLgWfWWuDT
x-goog-generation: 1661435931587555
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 9740
x-goog-hash: crc32c=UGf3Sg==, md5=RTFBS4WjwFRDfCw9HS1fXQ==
x-goog-storage-class: MULTI_REGIONAL
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: Content-Type, x-hw, server, x-cdn, x-cdn-info
server: UploadServer
cache-control: public, max-age=300, s-maxage=2592000
etag: "4531414b85a3c054437c2c3d1d2d5f5d"
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
last-modified: Thu, 25 Aug 2022 13:58:51 GMT
x-cdn-info: loader
x-cdn: 4
content-encoding: gzip
x-hw: 1664433139.cds258.sk1.hn,1664433139.cds258.sk1.hc,1664433139.cds223.sk1.sc,1664433139.cds223.sk1.p,1664433139.cds258.sk1.sl
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans:400,400i,700,700i,900,900i HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://refineyoursleep.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 06:32:19 GMT
date: Thu, 29 Sep 2022 06:32:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---