firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 22:15:24 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: H6KJ8yNuCTVKe-5CdIdiWGa7baeVnjofeu7CAr4X8JoSXILGlYneYA==
Age: 1312
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11047
Expires: Tue, 27 Sep 2022 01:41:23 GMT
Date: Mon, 26 Sep 2022 22:37:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -92857HjvtSgVqzLTVp6kreaHONtDox8Pj2xZcvXRefDtfCwqZKTfg==
age: 64921
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
reurl.cc/xgmXr1
35.185.130.121301 Moved Permanently 178 B IP 35.185.130.121:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
Analyzer Verdict Alert openphish Regions Financial Corporation
fortinet Phishing
quad9 Sinkholed
GET /xgmXr1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 26 Sep 2022 22:37:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://reurl.cc/xgmXr1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 22:10:46 GMT
Expires: Mon, 26 Sep 2022 22:39:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x_oTdRS8PbCBaafXwT2aZYMRsosun7JP-ZqHw4ME7A__g1ANcQQ3JA==
Age: 1590
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3534
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:17 GMT
Last-Modified: Mon, 26 Sep 2022 21:38:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f158082325e9f231233d533ba3e1ef56
1d685238ef951572455629043bc825b37f8efc37
876f63b698dee5ded38955ef8bce448eaa1c1c7a86fb2264e4832ce695a3aff6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "876F63B698DEE5DED38955EF8BCE448EAA1C1C7A86FB2264E4832CE695A3AFF6"
Last-Modified: Sun, 25 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14182
Expires: Tue, 27 Sep 2022 02:33:39 GMT
Date: Mon, 26 Sep 2022 22:37:17 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7fqDofVy9bLEmY2jw6t5jw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yJ3yJffusxP9osNcQWVBXYyCbFg=
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
151.101.85.229200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:37:17 GMT
age: 3019197
x-served-by: cache-fra19182-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
151.101.85.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:37:17 GMT
age: 7245239
x-served-by: cache-fra19170-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash c949b695978e4b3a28e654de2513ca21
ddf515441bfb165ab3ce191ed5754eb2b30e32b1
214490a27a0ae554067c8e233854ea6f73ac37688465b6d78adad7f3fed0acee
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:37:17 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "43AE3E80ABEEDB67669C0B327FCCF1583B6372FD"
Expires: Tue, 27 Sep 2022 09:00:00 GMT
Last-Modified: Mon, 26 Sep 2022 21:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2454
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750f7bbad97b1c06-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6a63bfac710f7aebaa5675304efcf4a4
37daa42abe755bb3d4ffe5c08f0ade49613050f6
8bb25da8d176ff816717de075e0c0a53550c87890db2eef55c5bba54893976a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BB25DA8D176FF816717DE075E0C0A53550C87890DB2EEF55C5BBA54893976A6"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20293
Expires: Tue, 27 Sep 2022 04:15:30 GMT
Date: Mon, 26 Sep 2022 22:37:17 GMT
Connection: keep-alive
ad.sitemaji.com/ysm_reurl.js
35.186.215.140200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP 35.186.215.140:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Mon, 26 Sep 2022 12:29:41 GMT
expires: Tue, 27 Sep 2022 12:29:41 GMT
cache-control: max-age=86400,public
age: 36456
last-modified: Thu, 20 Jun 2019 08:55:05 GMT
etag: W/"5d0b49e9-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6a63bfac710f7aebaa5675304efcf4a4
37daa42abe755bb3d4ffe5c08f0ade49613050f6
8bb25da8d176ff816717de075e0c0a53550c87890db2eef55c5bba54893976a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BB25DA8D176FF816717DE075E0C0A53550C87890DB2EEF55C5BBA54893976A6"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20293
Expires: Tue, 27 Sep 2022 04:15:30 GMT
Date: Mon, 26 Sep 2022 22:37:17 GMT
Connection: keep-alive
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash ab369aead2541b0e06dfe2db99a75635
340332916a928b00b4d6a9b05167147396249ee8
45a65ef89ee31f1d3b43ca00d51f3a17b44ad910eaefe3ba5ef7deceacbdca13
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 22:37:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 22:08:22 GMT
Expires: Tue, 27 Sep 2022 22:08:22 GMT
ETag: "340332916a928b00b4d6a9b05167147396249ee8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.holmesmind.com/js/init.js
54.230.111.67200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP 54.230.111.67:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:17 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uvCXCOdkn4V3PQOIUnkEm4LpDtUaYwZ3l47ZdCh5IYgAgu33llcKKA==
age: 53
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5468
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:18 GMT
Last-Modified: Mon, 26 Sep 2022 21:06:10 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
reurl.cc/javascripts/renews.js
35.185.130.121200 OK 5.5 kB URL HTTP/2 reurl.cc/javascripts/renews.js
IP 35.185.130.121:0
Hash 2011de3bbee771cf03057b2f1a8d7e22
83c5df785e5b4d6fc1e95aadac4532dff1fad0ff
1f21e6dc9ba6cc49e42fb2e12a32218b109cb132a5d106166f0674079c53cd68
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
vary: Accept-Encoding
etag: W/"632b0958-19c"
expires: Tue, 26 Sep 2023 22:37:17 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/capmapping.htm
54.230.111.67200 OK 4.7 kB URL HTTP/2 cdn.holmesmind.com/js/capmapping.htm
IP 54.230.111.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (437), with CRLF line terminators
Hash c36f5eb091d6195fe8b68f3b263f999b
43c4760cb0bb957ffed4fb754c4eaaa247b734c5
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
GET /js/capmapping.htm HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4730
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GgJgJh__xoyqEXJayOHayPjVLWNMFRgaBt3SiwzW-2WdufzchNCgzw==
age: 7
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/edmp_init.js
54.230.111.67200 OK 662 B URL HTTP/2 cdn.holmesmind.com/js/edmp_init.js
IP 54.230.111.67:0
File type ASCII text, with very long lines (662), with no line terminators
Hash f58f8a90686f8ffb3325107e8a788b71
d85d37486b87503e0631ff0ee83d95316783cf09
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
GET /js/edmp_init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 662
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Zx0uq5mgfBIEe7X8crKexbCvp4FqAhjrqqF3zvqH41fXPyXDEmkm9w==
age: 12
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
54.230.111.67200 OK 9.5 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP 54.230.111.67:0
File type C source, ASCII text, with CRLF line terminators
Hash ddf163a3d8381378b3e35e39339ad7ab
e6b5dd8946944429e87ac058cd6f025586b812ad
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9530
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cI9nlc1CsJaxdV5aBFRr2BuV_wEnMKzh4RFLYdFs_7wiFKgt4HQYXg==
age: 53
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5468
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:18 GMT
Last-Modified: Mon, 26 Sep 2022 21:06:10 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash 8af836095fd1fbc4385dce2e6e37d94b
f53b054e2ba64d9beaa736cc9fa7452e046bd2a1
1029282176d67f6d6c36ecd2bc23045b68d3250c1372922364438e4c57ce84eb
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fcm.holmesmind.com/cm.php
34.95.67.231200 OK 39 B URL HTTP/2 fcm.holmesmind.com/cm.php
IP 34.95.67.231:0
File type ASCII text, with CRLF line terminators
Hash 2afda5648cd11a22963068421300e1cd
ae0abdd7ec4b438fb61a12c59c04b31045b9a674
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
GET /cm.php HTTP/1.1
Host: fcm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:18 GMT
server: Apache/2.4.29 (Ubuntu)
content-length: 39
content-type: text/html; charset=UTF-8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/bridgewellV3.js
54.230.111.67200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP 54.230.111.67:0
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hd5wfPOi5ygarBRquTG9cYEHJFDNKcxT8nRouTseSjgXTJsvydTazw==
age: 8
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
54.230.111.67200 OK 3.2 kB URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP 54.230.111.67:0
File type ASCII text, with very long lines (3177), with no line terminators
Hash 548ed610a8571343fb3022f543174735
2e9d891cd6e9345ab1b6489030b4a1ccff1c4e54
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0hdHyGr8N076UZOZTGLilPC-60q8fgcBOZL8LRxMAcWQ5fdPALGVbw==
age: 8
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/rtbhouseV2.js
54.230.111.67200 OK 2.8 kB URL HTTP/2 cdn.holmesmind.com/js/rtbhouseV2.js
IP 54.230.111.67:0
File type ASCII text, with CRLF line terminators
Hash 6a605eea47197fa280f27aaf1fa1521d
98323891b349b333d5aef521c4d33e1b8455e4fb
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
GET /js/rtbhouseV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2773
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: F317bGSyIFQ73lv04lPCVNPnznLfxXbmIGfCl6ynsKtjwl9nJ2xRKw==
age: 8
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (8218)
Hash 286c471d2e4575a6f0a862df74febea7
62fe316f9fc667e8dae068f29bee3564469f90dd
0ea96d9efc6ee8cad64272d263bcf723c79adb292153430f69d90c0326ff53c9
GET /rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:37:31 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KGxHHS5FdabwqGLfdP6+pw==
x-fb-debug: 3U5F0ejhIvsE0CjJfPOWYf0+UtJnO21UoeIWInfBvm2OsKKN8/DyB20Yfx5mTl/0C+udIx45/QK3DICNL7+ZnA==
content-length: 16237
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8976)
Hash 174ff3b8c8b7f00c28c803e59feb7d19
2f4bf1e0b1dd1eb314d815600c464b50234c107e
0b51f9dc7a21b8e5e6c96be8002460525a065998afbff954b038ab0e0e42618d
GET /rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:38:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: F0/zuMi38AwoyAPln+t9GQ==
x-fb-debug: WY2cNqx7pfDXQPQSdEnBHsDmPU6xAICcCK3Rc+37EJukGNsC+nLIwN95Ris+bGjicDP/kCkbuE/PqIraVVHBLg==
priority: u=3,i
content-length: 6422
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 9.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (9954)
Hash 36d797d9616ae40e8554001ba0cdc03b
3d6a5feaf1a10e224fc44fd6358ae7f9a92e5f0b
f1c50af0b17dccab12ba237d3b484b6d228e40481e86bb3cf24dc9d37c2b05b4
GET /rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 14:52:57 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: NteX2WFq5A6FVAAboM3AOw==
x-fb-debug: yBmuz8yUHQi4MrYmbN8DJHP+ebGfftxceQy/IvkdGSn0D4upLvRXgiTSt3wDxXR1nw0FCXgXbe10iTTH2bmkDw==
content-length: 9075
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yr/l/en_US/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 8.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yr/l/en_US/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (2973)
Hash 5310cf1cab1de32598c3d6fc3e3bd7b6
7c07c5ee282b9d0a1b2f8496049361cf4382d1c5
b3b168243a1626be322a725d17171ccc2ae3736b2e3b342e3d7366848e35502d
GET /rsrc.php/v3iLl54/yr/l/en_US/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 16:43:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: UxDPHKsd4yWYw9b8PjvXtg==
x-fb-debug: zEBfPCMfY/qJcMLhaXk6ddrrGbgqq+KHPpOq67asB1zNHDgEfmZK4O0QZx9ERro3FhVZbkAZ1p7AVrcjJN4ozw==
priority: u=3,i
content-length: 8450
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 336 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (325)
Hash f82d8f615a2484f0c5c4e4e0f55e8b5d
c1c8ea5d697e2286b0a2bac7b3515a29b7f4cb28
91041f394721520d4dd5a33b28525d50da16e0fda08e102d971148fef1609dd2
GET /rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 10:02:30 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +C2PYVokhPDFxOTg9V6LXQ==
x-fb-debug: FvDA4NYY8MVzQS4Elr46cgAQv0HEnXJ4gcdlhBWnP0VMOxmvX9qfvoPrFxjYoib23IxzZeykJoEgLOjnBjLMrg==
priority: u=3,i
content-length: 336
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/criteoV2.js
54.230.111.67200 OK 2.4 kB URL HTTP/2 cdn.holmesmind.com/js/criteoV2.js
IP 54.230.111.67:0
File type HTML document, ASCII text, with CRLF line terminators
Hash e8f33fcb581483ced4a09b3c8e7550e4
278fdeb6bf2871b7a3a3ca9becef10582e8e87e0
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
GET /js/criteoV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2443
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:18 GMT
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: q1X0wr3CHb2XrfEdAs7spKIyJhoDDujChZ6nOY12ruC520Z0MNLL-w==
age: 8
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (2052)
Hash 883efc20b86990fd486fab545ffc08f4
da322dda14a98744e03655dcf0da9482b4b1e1d0
e207751970ef4bf6e0a64da5e9480ab3b1ee86408a7904796e2f6e225f8ee612
GET /rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:22:29 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: iD78ILhpkP1Ib6tUX/wI9A==
x-fb-debug: ihhk9ZwFPHQ3LQhQkm+7ZNIj70Wei0nFGT78hC3PsSqxIiTVo6Yz+Gaqpw9OyQkOHfApgr6XkEkCuUZ5ZwzRwQ==
content-length: 1689
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yK/l/en_US/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yK/l/en_US/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (42045)
Hash 0d15ae898adcd82bf30fc62fa941911d
eb3af610a1cf31f92e790c8bd08a79e2f0b011d1
98e9d40a3c4e19022b61436d7cbf5dca6bebaa3d5b4dbd0fa455f467ee1935f5
GET /rsrc.php/v3iEpO4/yK/l/en_US/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 15:06:27 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: DRWuiYrc2CvzD8YvqUGRHQ==
x-fb-debug: 75lX+J4ja1t18db0VIQAVCBfh/ud3VEWZE6K1HWNyOMvGDLMWNwjDc8rXcpU8/JLPXM5DBW8MJOUtCp6d5J/FQ==
content-length: 23379
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3ivrH4/yS/l/en_US/4XSefK80Dqr.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 80 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ivrH4/yS/l/en_US/4XSefK80Dqr.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (5791)
Hash f3b0d6fa5202e0e5555feb84376fe4ff
efe5990e663a6422bfe4d48540e4bb4a4f4db50b
e595df81c8a1633a7ea1b01a3697c21c5365e00c1c32d26cdb681df41728c305
GET /rsrc.php/v3ivrH4/yS/l/en_US/4XSefK80Dqr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 05:49:24 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 87DW+lIC4OVVX+uEN2/k/w==
x-fb-debug: /92h+/YQUXO+U7k61vzR9e+Y6+dRbvYCcOhiQ7jRuzq6gJH/vcrGP5CbrmkHWp6jFKZPuHZtvQntRiH8KHsDxg==
content-length: 80142
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 10:02:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: /aIpSYD3Nd/RJ+EpfFQz5WzQpymq6bvGSQLelf6xZhbXpEjwd1+8SdUQpFPI3tB2bj9ReeqSI7sy/TgxWGq45w==
priority: u=3,i
content-length: 827
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y3/r/3Jfi6xowjkv.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y3/r/3Jfi6xowjkv.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (4719)
Hash e027049fcb4849c67c03433cb037d89a
d45928bfdd2a2bf9bfc0adc139acb0dcb5817942
31cc72c78fa9b5ea7ff5457f65cf2fd7ea1b0bf16c991db0e286c3eb5f856b88
GET /rsrc.php/v3/y3/r/3Jfi6xowjkv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 22:36:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 4CcEn8tIScZ8A0M8sDfYmg==
x-fb-debug: D6aeDk54LL8g70astfbkZswSA/yscB+sTeeA5pyQ8WYZtaj17hVG6Aetp/lOg43Na/IUpTWtCc13om12HRGcRg==
priority: u=3,i
content-length: 5548
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 4.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type assembler source, ASCII text, with very long lines (2642)
Hash b231ef3a5a82adbb700a47afedcf9763
36d181d05420fa52c465bcae61a5ccb12bb6700c
566786d1194197a963bc17f61f80913319d7e5a42aa5bab41529308dc32a1a60
GET /rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 24 Sep 2023 16:12:32 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: sjHvOlqCrbtwCkev7c+XYw==
x-fb-debug: Y6TY/V6V5p5i1VGJxDcgRKh+zHYZ6LwlkLSitfjE2Nmo/0ngtlM6b6Jn/bpvXPu/s5a4mebEvBjWxyIIDMCeow==
priority: u=2
content-length: 4524
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/bYH8ziu5vE6.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/bYH8ziu5vE6.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4093)
Hash b18c98bf10210112f3786f96119140b5
62a42017a24d3bf13313400c6bf95b8da6c330fd
d4fd3380e2bfec1adfb559d585f568f48f066a9c6df1d89e608f1794a7f7bf85
GET /rsrc.php/v3/yu/l/0,cross/bYH8ziu5vE6.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 26 Sep 2023 17:54:33 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-fb-rlafr: 0
content-md5: sYyYvxAhARLzeG+WEZFAtQ==
x-fb-debug: mTHUlhfqbi7EyaEaJoSx0d6GW8WzXm3UYK1OdRLOhpGRFh0iuVabFmI2j68Wd6WjA+y0KxLpgUNqiNZDCYY9CA==
priority: u=3,i
content-length: 5625
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yT/r/v6mcuj43rKb.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 11 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yT/r/v6mcuj43rKb.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (10562)
Hash 589054b0a012795f4759c070e7b24ac2
7ec8b737226104cf31f4000a28a2088da1a883d3
bb185d4151227d33c7ce571c6b89ed9fdc6ecfc2847420bd58a8f7f287a444b1
GET /rsrc.php/v3/yT/r/v6mcuj43rKb.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 26 Sep 2023 17:43:05 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: WJBUsKASeV9HWcBw57JKwg==
x-fb-debug: 3maik7BVw9f5af47P1yqugpLWU0hJv98XgXproCYh7WNJ2SJnA+Q6+5YSAotN7KBEnnpx6gx8aHFrlfjV9g7Ew==
priority: u=1,i
content-length: 11124
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 15 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (56532)
Hash 9b3b2deac2716528af0a007a816ea130
11d2c9cca6fd78678588f10685d1431873d09d32
321c5f978ae91c5744944ea8dd9acd554398109f09bde07c7d308fb2b604cc9a
GET /rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:37:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: mzst6sJxZSivCgB6gW6hMA==
x-fb-debug: RfH7R9GwV++b5kAKiKaMw/m24pgKbwIHEXA4KMfRCQeh5ysGqat3fudpAFbVbbqaZe8jmIMV+1AG6E3OPSGjPg==
content-length: 15208
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reurl.cc/stylesheets/rwd/style.css?v=1
35.185.130.121200 OK 1.4 kB URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP 35.185.130.121:0
Hash 480fb5edabaf36afc2c5c6ddca401b0f
625d3d4de87f4ca928c4c0de7b7c9619d3597e81
e6431db5036e6aa54a52fdf797b119b46f96a65f7d3458e4eb819de753455326
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
vary: Accept-Encoding
etag: W/"632b0958-9f6"
expires: Tue, 26 Sep 2023 22:37:17 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y3/r/BjeESKDbisI.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y3/r/BjeESKDbisI.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (5329)
Hash b587fd0cf22e71e100b93f07a0d514fc
e8b202d9a2704432ab65bcc35b38fe0b5cbc9e9a
977396d0763f85d37b0cb457725e6ba24802125e623b0678c907047ec37488d2
GET /rsrc.php/v3/y3/r/BjeESKDbisI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 10:02:36 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: tYf9DPIuceEAuT8HoNUU/A==
x-fb-debug: wiK3K/ujE9Ke27pBuIymxobI29lrqlO4Kzn2mOLlkC14p1nxJeLWigD6eTUysli1DOIpm/SYn0sMrU36kX80og==
priority: u=3,i
content-length: 12294
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 19 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8678)
Hash 76827e384840a6d501cc2231ee427049
5ec72a66d4512f9a5177809e6c80974e44be438f
2fe675d74550d4d030afdd48bfd8d8a86edeb845f6bc8504a2ffb3078cb8d2bd
GET /rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 05:45:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: doJ+OEhAptUBzCIx7kJwSQ==
x-fb-debug: 8E1vWsWWLt0ImoSVly95AMEzDYY/u18G6SrkFIAIpLkYLEl7xrf/Ej6R/kLsyu9z/yO2pVp0fLGHBwpk/RjreQ==
content-length: 18674
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
geo.yahoo.com/b?t=xhkd7&9sdk8454
188.125.72.139200 OK 43 B URL HTTP/2 geo.yahoo.com/b?t=xhkd7&9sdk8454
IP 188.125.72.139:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /b?t=xhkd7&9sdk8454 HTTP/1.1
Host: geo.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:18 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
pragma: no-cache
content-length: 43
content-type: image/gif
x-envoy-upstream-service-time: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash ab369aead2541b0e06dfe2db99a75635
340332916a928b00b4d6a9b05167147396249ee8
45a65ef89ee31f1d3b43ca00d51f3a17b44ad910eaefe3ba5ef7deceacbdca13
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 26 Sep 2022 22:37:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 26 Sep 2022 22:08:22 GMT
Expires: Tue, 27 Sep 2022 22:08:22 GMT
ETag: "340332916a928b00b4d6a9b05167147396249ee8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
static.xx.fbcdn.net/rsrc.php/v3izWV4/yH/l/en_US/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 42 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3izWV4/yH/l/en_US/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (10866)
Hash 32d507f0467f3d64ce38ab07d2081972
7b0fa16ee6c3c5b942e7405a17795035685b188a
18370cc97a909a83c2e424e5e2b8305584a87d20f33ac53b63ac4dcf235a55e1
GET /rsrc.php/v3izWV4/yH/l/en_US/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 19:05:16 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: MtUH8EZ/PWTOOKsH0ggZcg==
x-fb-debug: llmrRosL0aFkhpJml7Kze+ETUtltBIwqcmxsP9TPOxSO4kccmYz9sv3/vr3/Z+8noNs6rdPeEjoNct+uQX5SuQ==
priority: u=3,i
content-length: 42207
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Mon, 26 Sep 2022 20:41:09 GMT
expires: Mon, 26 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 6969
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 6.2 kB URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
Hash 7196b6ce59dcdd2db8b2f75a8e31b18b
d81b081514f138701611d5a53c27704570603f99
8550005f0db76a944cf08cb61d9210e3cab9240fde85e63040ffc4eff1f8f83a
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
vary: Accept-Encoding
etag: W/"632b0958-1ad"
expires: Tue, 26 Sep 2023 22:37:17 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (18569)
Hash 64e679c03d42412a8a16d9dd5d312513
f73a48a0816c11b4e94a708c5757c640cee2270e
ed8552fab9845a545a7667a3af4b48e5de7e48618c1c5c36cca03fc0a96dcb46
GET /rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 12:20:36 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ZOZ5wD1CQSqKFtndXTElEw==
x-fb-debug: GxR3GsopuLgBUx7PF6FME4dIiCqemFTOeUTRe5Kh6XqCisuSSI5pFyDbwqm7NuPkhw5FHK/zhe39Myul+Cih3w==
content-length: 91359
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash abdfd89f6b127df921c5d58f44b48fd1
deee70c294a64f04e113ebf674c9c2ff3e1e4bd2
a1859c79bc5ca3d151114e76d322bcda4a307f2757ccb1bf4f80f86cb8433778
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1859C79BC5CA3D151114E76D322BCDA4A307F2757CCB1BF4F80F86CB8433778"
Last-Modified: Sun, 25 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12623
Expires: Tue, 27 Sep 2022 02:07:41 GMT
Date: Mon, 26 Sep 2022 22:37:18 GMT
Connection: keep-alive
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 1.8 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
Hash ab369aead2541b0e06dfe2db99a75635
340332916a928b00b4d6a9b05167147396249ee8
45a65ef89ee31f1d3b43ca00d51f3a17b44ad910eaefe3ba5ef7deceacbdca13
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: +HIAcBrSQ/srORBFw9jEAKY+v0e0H+Uvc7MTUGR8W0dFf/TMx31139UZAdjpeIzt9CC26pJU+PHiSBeSVdPbaA==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3240
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 22:37:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3240
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 22:37:18 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash 8af836095fd1fbc4385dce2e6e37d94b
f53b054e2ba64d9beaa736cc9fa7452e046bd2a1
1029282176d67f6d6c36ecd2bc23045b68d3250c1372922364438e4c57ce84eb
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d8a8cc8-8c9a-4305-bb96-a248c5e44655.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d8a8cc8-8c9a-4305-bb96-a248c5e44655.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f1af609199093985d73fd1d256482c12
a54f3f4af645c1c93299360bc7dcf06bbae8de81
047e15a2d3ea5b7d1f3d22cdac2ac0446c6267c99deb0b12576366088d29d5b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d8a8cc8-8c9a-4305-bb96-a248c5e44655.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8657
x-amzn-requestid: 172be66b-6140-4ff6-a061-22d177e75c23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YtlXZGujoAMF2vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63288295-6f74795f2b26d54409b2f388;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 14:54:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RCHPkVe_BYTR3-jGiJZ6reK2ZNYa6rvqsK0_QZr0cTiR70JMRPSMuw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:02:04 GMT
age: 2114
etag: "a54f3f4af645c1c93299360bc7dcf06bbae8de81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ef2309280110702559aa5b7fee99eb0d
7388354b180aedc0c967bd0cb9e03bcbc89d51f7
9944f18b94df830880aa2321faed53db3f5496c5414617e6982951655c66b484
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:37:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 25 Sep 2022 13:53:14 GMT
Expires: Sun, 02 Oct 2022 13:53:13 GMT
Etag: "7388354b180aedc0c967bd0cb9e03bcbc89d51f7"
Cache-Control: max-age=486354,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750f7bbeda12b4eb-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1205d7e-1174-4788-b080-6eefdcf33480.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1205d7e-1174-4788-b080-6eefdcf33480.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08590e33d7c8ebc6360d1d631f29178d
b37a39808c82e85f1860a48b3f451ef8d172a336
393c2c891699d1c47cb9d73412229624bdb3cc10cc0b509d8ec582d2c9a97aa1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1205d7e-1174-4788-b080-6eefdcf33480.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6836
x-amzn-requestid: 64bb0de3-8ea1-42eb-9f09-8ec659ee9298
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkrdFptoAMFmlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b15-241d20bc25e670e12ff634cf;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kYeh01s4UsRIkT9ASt--Gs5uUHPNIMrkY8eypOkjopOXBh4iwOshFw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:13 GMT
etag: "b37a39808c82e85f1860a48b3f451ef8d172a336"
content-type: image/jpeg
age: 2765
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3140ec95f33c36599de95b25cdade940
932c74fa24b61ee1b1c672b6c19b1e736caab8d3
f7488246ca75fddc504812f4c5944a5a2494cdb14b6ef1db5fb28beca5cff194
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5bf02f4e-91c0-455b-8378-5eae82174db7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9737
x-amzn-requestid: aec3c3e9-42e5-4de5-8882-118002369ef8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreGJxoAMF-oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-527ccd70654c22891262279d;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ukn4d6yPeJJHN5trYK3xbhik2pX41zHki3nG5r6fCzQgm3vYw5lhAA==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:43:16 GMT
age: 3242
etag: "932c74fa24b61ee1b1c672b6c19b1e736caab8d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4197a8a505b360b0c43142faf8cb7f48
4dbd2da7f7c45a97e3f6f6544ed428e892227cc3
434039a91ec37c8ff827c78f7613aa4f6416ded182b01140048a52654a2de4ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06b0646c-a8d3-4b51-ba84-a3c3dff2883c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7128
x-amzn-requestid: 5806782b-498e-427b-be73-a94695e3cacf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlPfFn4IAMFwMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bfc-07a420d631e463286c1dafa0;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:08 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dVs6mb-XGvvd4DXu8yFwO11iheR3QU3O3jFpxjcHZnWCc6jlXpx0Rg==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:51:54 GMT
age: 2724
etag: "4dbd2da7f7c45a97e3f6f6544ed428e892227cc3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d478b7bea64d1a5998967c0a665e6be
b078452d30703ea98ad4a7f7fd411b3e2a42ee71
24158d741732109ae2be7314205ac35f4c8b29785876f2785e8bb0ea906762b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6628
x-amzn-requestid: 1f0e95f2-d860-422f-80ad-96c6e7c941c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1vvHIaoAMFV4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296997-5746c99d78e025945cfdd238;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:19:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9-6jF5OoUb2I2HBasyNXBZC-L6rF1VINmgoBFZMuJ9eNelzkS-8BDQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:08:24 GMT
age: 1734
etag: "b078452d30703ea98ad4a7f7fd411b3e2a42ee71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash efaaa002eb6251769ea6dbf306ced3a1
9f99fa947a603fd6b10ff149e379cd04ad83d27a
238e0ca1aa29223416c34ef2dfcc6570c00e27a98991d91efc16e9bc4083c197
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4573
x-amzn-requestid: ff35a66a-caf2-4ff4-b850-01a584fc2aa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B8FzLIAMFSPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-5b4a410a2827baf5598d58e7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NFjYOqhUeb3yyjMNWpoBNq_xcsX3wXvc3-rqJt4cGbJXY9Sxr5KpDA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 15:29:19 GMT
age: 25679
etag: "9f99fa947a603fd6b10ff149e379cd04ad83d27a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13847
143.204.55.101200 OK 333 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP 143.204.55.101:0
File type ASCII text, with very long lines (756), with no line terminators
Hash c037956b857b3b137190bfa5aef1b76b
648304466bd3a17e05da8530f84bd709a1d097fb
0694bd962ad307d8018a863ad511a66740beef76b6641a52c1cafb8428dfe807
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 22:32:30 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I62WtUd0zqMqtBtY9v_ZyfpIIa9y562scX4vnLtO9NMY34y-yPByiw==
age: 288
X-Firefox-Spdy: h2
img.scupio.com/js/config/17229.json?v=1.0.3839
143.204.55.41200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17229.json?v=1.0.3839
IP 143.204.55.41:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash 59c2ec4f29a71f2f86d49bad26638451
65bf9e22115d11c7ddd2d8166311228667e21968
76339a2f5d9b0ed12192ef1f1c07ab27a56da39c4104ea69bcf18338fe3611e0
GET /js/config/17229.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Mon, 26 Sep 2022 08:06:22 GMT
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:32:29 GMT
expires: Tue, 27 Sep 2022 01:32:29 GMT
cache-control: max-age=10800
etag: "63315d7e-1cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xuRYmBRdtPWpYxNRVlcWz7zbNA_Sd29XUXnK3PeRLOp3Og7xmhdKsw==
age: 288
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05d9e738765f8f1cc584da7d5db170cf
c4e660a8b58ad67a316791fdab309427a1a9562c
f1bc8886c71e54850eff7377d2adeeeca3a81fa9ed0949eab13cdae31a843a0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5034
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Last-Modified: Mon, 26 Sep 2022 21:13:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mma.prnasia.com/media2/844547/proteanTecs_Logo.jpg?p=medium600
104.16.252.4200 OK 16 kB URL HTTP/2 mma.prnasia.com/media2/844547/proteanTecs_Logo.jpg?p=medium600
IP 104.16.252.4:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 299x299, segment length 16, baseline, precision 8, 598x159, components 3\012- data
Hash ae7a528e89fae78a80a36e57297a4731
47d072ca016323eceb580c310f65817a4816b170
0ff393654af0d581f81b0fb37b1c4a5ee3b3097fe7f94480e5c3bf1aec4dabf7
GET /media2/844547/proteanTecs_Logo.jpg?p=medium600 HTTP/1.1
Host: mma.prnasia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: image/jpeg
content-length: 16459
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=0
cf-bgj: h2pri
expires: Mon, 26 Sep 2022 01:56:34 GMT
last-modified: Mon, 26 Sep 2022 01:56:33 GMT
server-timing: intid;desc=290b393afa4538c0
vary: *, Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: HIT
age: 43548
accept-ranges: bytes
set-cookie: __cf_bm=su1c2VDn.hDguYsHQuNQi8ilx5aa8OK7.F3ZQNojXmU-1664231839-0-AXHTwSpc0xL1ZSpn/gVo+8WTP+PsSlS4kNJnprxHxke+Q8OKTm5B9vlGdFIBAKzMCW9sjM/b/jX8+7J7QvRkH4U=; path=/; expires=Mon, 26-Sep-22 23:07:19 GMT; domain=.prnasia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 750f7bc239ac0b45-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05d9e738765f8f1cc584da7d5db170cf
c4e660a8b58ad67a316791fdab309427a1a9562c
f1bc8886c71e54850eff7377d2adeeeca3a81fa9ed0949eab13cdae31a843a0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5034
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Last-Modified: Mon, 26 Sep 2022 21:13:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.74200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:17:49 GMT
expires: Mon, 25 Sep 2023 18:17:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 101970
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash abdfd89f6b127df921c5d58f44b48fd1
deee70c294a64f04e113ebf674c9c2ff3e1e4bd2
a1859c79bc5ca3d151114e76d322bcda4a307f2757ccb1bf4f80f86cb8433778
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1859C79BC5CA3D151114E76D322BCDA4A307F2757CCB1BF4F80F86CB8433778"
Last-Modified: Sun, 25 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12622
Expires: Tue, 27 Sep 2022 02:07:41 GMT
Date: Mon, 26 Sep 2022 22:37:19 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ad1a39cbfdca20bee63616bcb9a73cfc
c465d75879d359563803a17add3f766b68246eee
74ecd42f6d13c5f2a993ab1ab75ef0837ba2bf7d38eb8485d4063303086f52ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Server: ECS (amb/6BC3)
Content-Length: 280
img.racingcharger.tw/wp-content/uploads/2022091508274268.jpg
172.67.178.125200 OK 185 kB URL HTTP/2 img.racingcharger.tw/wp-content/uploads/2022091508274268.jpg
IP 172.67.178.125:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 1350x900, components 3\012- data
Size 185 kB (185059 bytes)
Hash 95d02ac9a66a7a2b5dc87abd2c7ec163
3f10b80880e8047d45547d814b20acfc2c610ac9
02d40d1fcceaab1af04f95a1ab7e0bc9ea9f06ba095e50184aa142f65d9dc22b
GET /wp-content/uploads/2022091508274268.jpg HTTP/1.1
Host: img.racingcharger.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: image/jpeg
content-length: 185059
last-modified: Thu, 15 Sep 2022 08:27:50 GMT
cache-control: max-age=28800
cf-cache-status: HIT
age: 9364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uw910y0sqV7PkAMDP8CnOoo3VU%2BiX9edxkV3Qwaa3GinOZwBAehqCqjd%2FM157jgPoUO2H5LpCo6Nqt%2B%2BTY5LywxfjZS4E0il7ZwRsHCQkDlCHYiVWeDq8F3YPecAicJAhglT8Un92Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f7bc3cbd20b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.scupio.com/js/config/currency.json
143.204.55.41200 OK 108 B URL HTTP/2 img.scupio.com/js/config/currency.json
IP 143.204.55.41:0
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash bd3cd287388c42b4fc2b694945982fa7
ec1cdd9df50fedf5ed601c375f801291fd5894c5
2804d3b38e57b2df6496b83c9f5c432246e33b274cbfb20406fa05944497ed14
GET /js/config/currency.json HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 108
server: nginx/1.12.1
last-modified: Mon, 26 Sep 2022 19:15:04 GMT
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:37:19 GMT
expires: Tue, 27 Sep 2022 01:35:45 GMT
cache-control: max-age=10800
etag: "6331fa38-6c"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: E-PjUrAc6Ij88QfkYyM4WynR28r_zijL-Finxq4zPAAPa7V4zn3MRA==
age: 94
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash ad1a39cbfdca20bee63616bcb9a73cfc
c465d75879d359563803a17add3f766b68246eee
74ecd42f6d13c5f2a993ab1ab75ef0837ba2bf7d38eb8485d4063303086f52ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Last-Modified: Mon, 26 Sep 2022 22:37:19 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appier_mainV3.js
54.230.111.67200 OK 2.3 kB URL HTTP/2 cdn.holmesmind.com/js/appier_mainV3.js
IP 54.230.111.67:0
File type ASCII text, with very long lines (2264), with no line terminators
Hash cd4c3d0c6e56c1aeecaed0f6fef4937c
53a905cc49932bd06e310713f65b4d0a540a7174
e4e43c18c697ecb11658576f47f178fa592456c90069bfd5d71145e9cc4df396
GET /js/appier_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2264
last-modified: Sat, 24 Sep 2022 17:04:55 GMT
x-amz-version-id: 1KQlLxB4eHzJhyqt50Xcld5dpwHVjDdD
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:20 GMT
etag: "cd4c3d0c6e56c1aeecaed0f6fef4937c"
x-cache: RefreshHit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0ci_i9lFpxUJoKMjCTYbLST_HeKYNylutaNx0kJLnuP0UDfV0Jtqrg==
X-Firefox-Spdy: h2
s.yimg.com/dy/ads/native.js
188.125.94.204200 OK 30 kB URL HTTP/2 s.yimg.com/dy/ads/native.js
IP 188.125.94.204:0
File type Unicode text, UTF-8 text, with very long lines (62317), with no line terminators
Hash aae660d86e59d2b86369d2037dc02c2c
996e90375bc9f774379f4d509f603f9dce9624ce
976e1d77055c5f8ad390638d5ff3716216841a9cf55b98ff14080e3ea8e7827e
GET /dy/ads/native.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n/hOArWdfNsBTfgr6oI/0NFDFFMbnFWpLBn5FuIPg15lcmjxQO2SRpBD/lfRv8mMZ66si5pA6uc=
x-amz-request-id: 5NHJ6P0TEV8N40W6
date: Mon, 26 Sep 2022 22:28:12 GMT
last-modified: Tue, 08 Feb 2022 12:02:57 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=600
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
x-amzn-internal-status: 304
etag: "7e002e241fddeeb8dd76383206c47a3d-df"
age: 548
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 17906157d222f6aed3a9ffb07789e4ef
5a4fa70bcb8138fd4b542462c4e272cb25699b0f
8d6f39f2007d3e0b5dd1e31ecedc2dbcf6e7fcda749f857d3ce52e02da3c660a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2923
Cache-Control: max-age=102281
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:19 GMT
Etag: "63310abd-139"
Expires: Wed, 28 Sep 2022 03:02:00 GMT
Last-Modified: Mon, 26 Sep 2022 02:13:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=7945837681
178.250.0.165204 No Content 713 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=7945837681
IP 178.250.0.165:0
Hash bcf54e0856bb0845f2feb98f46923386
b2424536a1054e024689dfd0bc016888daa2b9bb
140efb58fa68f9b4dae9aff7be5faabfca9d506aae4f3c8b832448293013e822
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=7945837681 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:18 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
192.0.78.236200 OK 154 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
IP 192.0.78.236:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1640x924, components 3\012- data
Size 154 kB (154179 bytes)
Hash db9807c0d70e3de480bf66c921919769
abcdffa17e3454dfc018d989c53409869e6edd40
7ae2f5b5d641c02de5d3222990df1b555a4a41f06b0eedac42b7f5e984454769
GET /wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: image/jpeg
content-length: 154179
strict-transport-security: max-age=31536000
last-modified: Thu, 01 Sep 2022 07:11:29 GMT
etag: "63105b21-25a43"
expires: Mon, 03 Oct 2022 22:37:19 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
img.scupio.com/js/config/17253.json?v=1.0.3839
143.204.55.41200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17253.json?v=1.0.3839
IP 143.204.55.41:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash 86d0f2b0a75f775733fcb7501a63cb3a
5caf98c7b82d1d6faaa57be82e0b2ab21d9fac07
6148b353c62b93ac3ff1cf51578d4540d0282423999357f54adb4c3b577a75f2
GET /js/config/17253.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Mon, 26 Sep 2022 08:06:23 GMT
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:37:19 GMT
expires: Tue, 27 Sep 2022 01:37:19 GMT
cache-control: max-age=10800
etag: "63315d7f-1cd"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: m7g35mtQrEXdk05qQwOpZ7Fl1dBEhf6JOpkWEVKaUluBwtLyguYhwQ==
access-control-allow-origin: *
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 435
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c40b87455aa76bbed9b0b293b6f8c144
27e7664055f70d33d75bf548366c2d395e836bb3
a70743ad673d33cea686c71155898a4291ea90969100f5aa17baa8b63e234cb9
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:37:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 25 Sep 2022 20:00:19 GMT
Expires: Sun, 02 Oct 2022 20:00:18 GMT
Etag: "27e7664055f70d33d75bf548366c2d395e836bb3"
Cache-Control: max-age=508378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750f7bc53c1ab521-OSL
reurl.cc/javascripts/loading.js
35.185.130.121200 OK 27 kB URL HTTP/2 reurl.cc/javascripts/loading.js
IP 35.185.130.121:0
Hash fd361cd89cedd1bc04f08faf7a89ceee
9def0ff1753dfea560312890e54a33fc4d9581b2
bf95b86caa0b0c8a84cc18a2ec6266dedcefc0caf82ee08e73774e52d271acf9
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
vary: Accept-Encoding
etag: W/"632b0958-86"
expires: Tue, 26 Sep 2023 22:37:17 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.5706954148171831
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.5706954148171831
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.5706954148171831 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 456
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 22:37:19 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.33846068866288725
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.33846068866288725
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.33846068866288725 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 22:37:19 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.9548705912328864
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.9548705912328864
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.9548705912328864 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 22:37:19 GMT
X-Firefox-Spdy: h2
c.holmesmind.com/cm
35.201.76.93302 Found 0 B IP 35.201.76.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx/1.10.3 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: test_cookie=CheckForPermission;Expires=Tuesday, 27-Sep-2022 14:38:18 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 18468eab476e7c29e77bcbd197aa3999
641436d704c479b54f8f9dee1d59af967383490f
262a9ab514db075a21a70decb3c7e92eed75c3b91c423ee7f4798f4cc0d1d74a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "262A9AB514DB075A21A70DECB3C7E92EED75C3B91C423EE7F4798F4CC0D1D74A"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5519
Expires: Tue, 27 Sep 2022 00:09:18 GMT
Date: Mon, 26 Sep 2022 22:37:19 GMT
Connection: keep-alive
t.ssp.hinet.net/
203.75.214.136200 OK 560 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d43485821e28a591cc0cc8c602d4601d
944e703bc38ae7c12b792d8fc064a87b2dcc5b87
fb5d597f78ac793e7bad8628db1c1650e37594499ddbf32b6ed383760e86ce70
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67; expires=Wed, 25-Sep-2024 22:37:19 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=45444112728
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=45444112728
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=45444112728 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 155e62d508605427ea18843581f336f4
d13d12cc337dd075ee07771e83462f822295a7d7
b66e6a20b86accaceeb526259871dced479e7e196273f74d6cd715a675622f3e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B66E6A20B86ACCACEEB526259871DCED479E7E196273F74D6CD715A675622F3E"
Last-Modified: Mon, 26 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21532
Expires: Tue, 27 Sep 2022 04:36:11 GMT
Date: Mon, 26 Sep 2022 22:37:19 GMT
Connection: keep-alive
img.gbyhn.com.tw/2022/09/1664190113-696f8f3b9c1b3bda92b47646b4aed92b-840x525.png
172.67.150.31200 OK 581 kB URL HTTP/2 img.gbyhn.com.tw/2022/09/1664190113-696f8f3b9c1b3bda92b47646b4aed92b-840x525.png
IP 172.67.150.31:0
File type PNG image data, 840 x 525, 8-bit/color RGBA, non-interlaced\012- data
Size 581 kB (580668 bytes)
Hash 75b7bc8b4e5dd31bdffe48b566bff0d7
9a5f4f9a0d97deda36a72254a7582cd23234f3d2
4232d62a9f868277af79d6c64cdd7726aad29f8bc83e2481bfa7cebffbcb1425
GET /2022/09/1664190113-696f8f3b9c1b3bda92b47646b4aed92b-840x525.png HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: image/png
content-length: 580668
cache-control: public, max-age=604800
expires: Mon, 03 Oct 2022 11:02:23 GMT
last-modified: Mon, 26 Sep 2022 11:01:58 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 39240
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbm7eWGDc9V5HPqRGqHml1jG7p%2FGhvuvhEwOUHK0KyrsYjtS3Mp%2FiTXJ3PhiLLmIDdnlBoJLmiCRcLjrMn6m04sBqNtZrFW1TctuPyeAvrzlNAg7IIT7rUp%2BPMwMMN75ILdl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f7bc7ee8ab50b-OSL
X-Firefox-Spdy: h2
img.scupio.com/img/padding/300x250.jpg
143.204.55.41200 OK 58 kB URL HTTP/2 img.scupio.com/img/padding/300x250.jpg
IP 143.204.55.41:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=8, height=0, bps=8, xresolution=110, yresolution=118, resolutionunit=2, width=0], baseline, precision 8, 300x250, components 3\012- data
Hash 2268e9a0adb8ebbdf14028c20e5b473b
6636e41458262bd0de27f805d88793ce836ef390
5e0c4b65a9aa656ce5484dee823c78de192e6b3fd64eab5317713ff31325c89c
GET /img/padding/300x250.jpg HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 57855
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Mon, 26 Sep 2022 21:51:07 GMT
expires: Tue, 26 Sep 2023 21:41:02 GMT
cache-control: max-age=31536000
etag: "607cf99c-e1ff"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 188JItUqBSOOSG2xgpgSVL67fZFADKv5ILbkOILGdMW-aQJoFXXEtg==
age: 3377
vary: Origin
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 155e62d508605427ea18843581f336f4
d13d12cc337dd075ee07771e83462f822295a7d7
b66e6a20b86accaceeb526259871dced479e7e196273f74d6cd715a675622f3e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B66E6A20B86ACCACEEB526259871DCED479E7E196273F74D6CD715A675622F3E"
Last-Modified: Mon, 26 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Tue, 27 Sep 2022 04:36:11 GMT
Date: Mon, 26 Sep 2022 22:37:20 GMT
Connection: keep-alive
bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.5811707321961447
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.5811707321961447
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17229&cb=0.5811707321961447 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=brp4aau1figvk4msbk5tjw0v; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=brp4aau1figvk4msbk5tjw0v; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CEA20220927063719686261; domain=scupio.com; expires=Sun, 26-Sep-2027 22:37:19 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:19 GMT
Content-Length: 0
bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.6637607469562152
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.6637607469562152
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17253&cb=0.6637607469562152 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=0ydbyi1dx4awptzq35cqoy4v; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=0ydbyi1dx4awptzq35cqoy4v; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CVA20220927063719286799; domain=scupio.com; expires=Sun, 26-Sep-2027 22:37:19 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:19 GMT
Content-Length: 0
static.wixstatic.com/media/8d2acb_22c63974ac8e43109419039eab6b291d~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
34.102.176.152200 OK 242 kB URL HTTP/2 static.wixstatic.com/media/8d2acb_22c63974ac8e43109419039eab6b291d~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
IP 34.102.176.152:0
File type PNG image data, 1000 x 562, 8-bit/color RGB, non-interlaced\012- data
Size 242 kB (241605 bytes)
Hash 9fb0d7183da2f24009f25c41e27bd4d2
af0dcff54c2768fe895efbafa0b1d06b0577f00c
dabfee6539494fba7ce5b81e70f27ce2828baf134dccb06322835ee495b618c5
GET /media/8d2acb_22c63974ac8e43109419039eab6b291d~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.21.4.1
content-length: 241605
access-control-allow-origin: *
wix-tracer: 2F9UmAuSqC845M9uxSPYVlT8Jv2
x-seen-by: image-manipulator-5cdc794f79-f6sv4
timing-allow-origin: *
via: 1.1 google
date: Fri, 23 Sep 2022 03:32:29 GMT
cache-control: public, max-age=2592000, immutable
age: 327891
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 438
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:19 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=jxdS9u6mBSKKSPmBnykyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=jxdS9u6mBSKKSPmBnykyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:19 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:20 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=RkOIFJSNBPKmoIcioCkyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=RkOIFJSNBPKmoIcioCkyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:20 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.3801189488470408
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.3801189488470408
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.3801189488470408 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 457
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 22:37:19 GMT
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
ad.holmesmind.com/adserver/prebid.json?cb=1664231837365&hb=1&ver=1.21
52.198.19.32200 OK 20 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1664231837365&hb=1&ver=1.21
IP 52.198.19.32:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /adserver/prebid.json?cb=1664231837365&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 40
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:20 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=yqpuwZKjCHKLnT5roCkyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=yqpuwZKjCHKLnT5roCkyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:20 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
img.scupio.com/img/2011_gym/970x250.png
143.204.55.41200 OK 88 kB URL HTTP/2 img.scupio.com/img/2011_gym/970x250.png
IP 143.204.55.41:0
File type PNG image data, 970 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 631554deae2879a2037e0edf55de2f82
56f44bfa0e33195c2ecf0524cbf985a8e23295d1
5c4e555f2cdb1d2c4bc4bd48cf25afb9944c1faed58be0725a8222e9fe2dd67e
GET /img/2011_gym/970x250.png HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 87751
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Mon, 26 Sep 2022 22:37:20 GMT
expires: Tue, 26 Sep 2023 21:57:37 GMT
cache-control: max-age=31536000
etag: "607cf99c-156c7"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bAmExjHXyPrDNfsqR0zQMXxlBmAm1_lAZQ2iJr1U2Nmv0v8RNatbTA==
age: 2383
vary: Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 59 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash dcd78df9bb10721f3b375b4521ab92f0
292229d6d254da8fef4c4017f8b09316f77817c5
66a3c46c5cf37a2fbd1f09be3facff464db2b5baece0b52c923c67559c9ed8c3
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=53affe27-7dae-431c-80e3-0b22cbb706d2; expires=Wed, 25-Sep-2024 22:37:19 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/drawV2.js
54.230.111.67200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/drawV2.js
IP 54.230.111.67:0
File type ASCII text, with very long lines (5112), with CRLF line terminators
Hash 84d8b1a745228113e60f5e62f0eff6d3
10cd995dbb7293ca49d9bdd93145bf12cb89bdac
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
GET /js/drawV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10359
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 22:37:21 GMT
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: RefreshHit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: V_3w9PWMR-v5BWCjv6dv2U6VURsWGwUBBR7tQmy371-wPJXHWW6UzA==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 140a602a59ca269aeae0ed5e7d874b52
10fb03500d75170536343086030060567a7c6f5c
2e00c15d0ffe14e9c2cf8f6400fb069b6f9fdd69f00388650a041b7f3d582292
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:37:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 24 Sep 2022 22:33:44 GMT
Expires: Sat, 01 Oct 2022 22:33:43 GMT
Etag: "10fb03500d75170536343086030060567a7c6f5c"
Cache-Control: max-age=431182,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750f7bc8df37b521-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 4 B URL HTTP/2 t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
GET /cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 1b38278fa6ffd8c86b24839081164a96
92b5ee31846d802f8d685ffb73f1b4aeff3f79fc
c7e3c4c064d58692c5aeafdc380ae99093b86b8df61150501d66e5b90dbdd9eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:20 GMT
Last-Modified: Mon, 26 Sep 2022 20:49:11 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=98301564830
178.250.0.165200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=98301564830
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 38f1452e195388ece97fea02be3b9560
63cc9b7fe24945f398fe33e67f9457927615a048
f2ed7276c8d7b7add11e76cb2f07bffdecdb46b8223d2148782f2da67649176e
POST /cdb?ptv=130&profileId=184&cb=98301564830 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:20 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.2.130200 OK 40 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.2.130:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 89cfb3e250df5df5f0d4fcc7e037d832
59c9fc9c6400a6daff7f52aaf4f12eb9e4a98685
9f84ec71737e9bb542600c49e538b141fb1cf136b439059aa114a9c23fb8cb33
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-1e2be"
expires: Tue, 27 Sep 2022 22:37:20 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 7.8 kB IP 142.250.74.3:0
File type gzip compressed data, from Unix\012- data
Hash 873c23967684ae0fb9f385f3e75892b8
e2d2c0dbc031fcec24f7a59238fefab46d3992ba
6251b55ffa1b2fcd92805f32a5472919e105146f3ca9511d5ac24a673bed61be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=37649285532
178.250.0.165200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=37649285532
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fe2ae568cf8a9b7a9d96094dfd9c8c98
757435b549f199aa2eada1a155e246df2a0036ea
129947da9c579755eae90715d94355c238408a7a48635e7b42a32a5f805c5f6d
POST /cdb?ptv=130&profileId=184&cb=37649285532 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 22:37:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1079965034.1664231837&jid=1162118816&_u=IEBAAEAAAAAAAC~&z=1180993200 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 22:37:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 471 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
GET /cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 472 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
GET /cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=623&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
52.198.19.32200 OK 1.5 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=623&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
IP 52.198.19.32:0
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 33840a4609c69bd6571c2261e3f3aad5
be1b8d897c63d1070eb8b57d0eba61b4c6cf873e
d049ea32308c5641647ef19c13812a44169a1490699e5b916e13c188f6c9a1ca
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=623&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/html/ls.html
143.204.55.41200 OK 990 B URL HTTP/2 img.scupio.com/html/ls.html
IP 143.204.55.41:0
Hash 056143453324f4d3b0c1885d1d8107fa
249dcb4c8ac99098c6c6ed9de510f0903f2f763e
cb01eff76a8c95a89612edaab0da2c66becf127b9a26be964b9711ef04acee8d
GET /html/ls.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 22:07:24 GMT
expires: Mon, 03 Oct 2022 22:05:49 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IQehee5fFcvClA-KP2dCubP9cqHg-jfshLzc8bHpYqREI6gKlkdLzA==
age: 1892
vary: Origin
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=580&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
52.198.19.32200 OK 857 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=580&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
IP 52.198.19.32:0
File type HTML document, ASCII text, with very long lines (893), with CRLF line terminators
Hash 34801e3d6f11802179353288f1a984fe
fee4abea2f6b6066920145402adfd637922776ba
19c2ae4f17e66a829cd04b9c8916562c3c2449f7a7645c1735230fcb1f6251f9
GET /adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=580&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:20 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=Zkf9Tl80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2YjZKRzMxOHZwb0xRRk9UR1lrcmRKVA; expires=Sat, 21 Oct 2023 22:37:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 274722
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 388 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
Hash 14a420339d91404f8b24391b0064375f
687637bfdb80559276b8abcc8fd35d38fd9b2ce3
03844e475d1534565aacc2631eb5e8bad4600c16e354b00f2b183b64c40bcd8c
GET /rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 21:29:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ydVlLbe5uwIUPR9tcsuFjQ==
x-fb-debug: q0Mc1iaM0lpYvXSPIeTlWbNcMxXcM8YKWWK42ERiHE1N0KVL0a6TBr6icGS5KG/KU2mDCL6z0lNvJd04RYEWUA==
content-length: 48011
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm=&google_ula=3918219&google_hm=Q0JBMjAyMjA5MjcwNjM3MjE0MTc3MzE%3D&layout=js&google_tc=
142.250.74.162302 Found 265 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm=&google_ula=3918219&google_hm=Q0JBMjAyMjA5MjcwNjM3MjE0MTc3MzE%3D&layout=js&google_tc=
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash abc54166d13f3b395572e4450f2eb56c
d6cba7a997a49448dc4d9ec1d5646ba0d069808c
af97901ef0eba7d104b79f85640f2841618e82f00114733acfb384982379ebf4
GET /pixel?google_nid=bw_cookie&google_cm=&google_ula=3918219&google_hm=Q0JBMjAyMjA5MjcwNjM3MjE0MTc3MzE%3D&layout=js&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
date: Mon, 26 Sep 2022 22:37:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 265
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 26 Sep 2022 22:37:21 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d7103c61c45779a7b5d41d348717a808
eefd5e3968dda1f2d6e4eb24977265459ecbe974
093f9f2eaaa017cbd1fa1a8fdd067c242b3e28d18c6925d3116ad8d50f08af0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1020
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:21 GMT
Last-Modified: Mon, 26 Sep 2022 22:20:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash d7103c61c45779a7b5d41d348717a808
eefd5e3968dda1f2d6e4eb24977265459ecbe974
093f9f2eaaa017cbd1fa1a8fdd067c242b3e28d18c6925d3116ad8d50f08af0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6139
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:21 GMT
Last-Modified: Mon, 26 Sep 2022 20:55:02 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 9.4 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (17962)
Hash 0352c3497804064264dcff5c0d310872
3fdbb25ba9ff0632c3cffa08bc58645f65b6ee64
4ef0280235b06e0d55b0b376734460c5916ca0d0b6d17d4fa49d41aed5b96827
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 15 Sep 2022 22:38:47 GMT
Content-Encoding: gzip
Content-Length: 9422
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=55924
Expires: Tue, 27 Sep 2022 14:09:25 GMT
Date: Mon, 26 Sep 2022 22:37:21 GMT
Connection: keep-alive
Vary: Accept-Encoding
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:21 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:20 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.7462312425739774
210.59.219.180200 OK 1.6 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.7462312425739774
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (1194), with CRLF line terminators
Hash 4254d7eb009e6e9650e01127e79b9137
4756d700526e637eb1de9b574c074a58ac4c222c
eb33d050a9eb40a280ffe882d073059759c29f8d096ef44e884201523ad50a30
POST /adpinline/bidinfo.aspx?cb=0.7462312425739774 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 920
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ih1oajggphanya5faj2h3roo; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=ih1oajggphanya5faj2h3roo; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CSA20220927063721293565; domain=scupio.com; expires=Sun, 26-Sep-2027 22:37:21 GMT; path=/; secure; SameSite=None
gx=H4sIACGaMmMA%2fxNmYGDg4ubomnbk8ra2CdYCrEIsHPYCTAASjuKeFwAAAA%3d%3d; domain=scupio.com; expires=Tue, 26-Sep-2023 22:37:21 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Mon, 03-Oct-2022 22:37:21 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:21 GMT
Content-Length: 1606
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 311
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:21 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.30902337827656057
210.59.219.180200 OK 159 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.30902337827656057
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 3b7dcbc81ac09e370c98e5225b275917
8c6e9c2d2a705b478e6d85256d3a414ce959d810
0058c3d3722f8a51ec2f1ffead294fac5f6767952aae03bb1ba1a2bfc3594a53
GET /ssp/initid.aspx?mode=L&cb=0.30902337827656057 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=oq5udug5fv2j21unukayxpbc; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:20 GMT
Content-Length: 159
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CBA20220927063721417731
162.210.196.208302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CBA20220927063721417731
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CBA20220927063721417731 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:21 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Mon, 26 Sep 2022 22:37:21 GMT
connection: close
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash e0809371297fe909d1c505b6aaa1eea7
5fb0ef1bce54750eb59b3d54c86798324960b070
f97bd9215fd244239904e0eec3ecc604ade12f8b422bc78690e47cb493de1503
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 22:37:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 30 Sep 2022 21:17:00 GMT
ETag: "5fb0ef1bce54750eb59b3d54c86798324960b070"
Last-Modified: Mon, 26 Sep 2022 21:17:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3061
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750f7bd30a021c06-OSL
27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67.t.ssp.hinet.net/pixel?bd=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67&t=a546ca&referrer=%25%25%20referrer%20%25%25
203.75.214.136200 OK 0 B URL HTTP/2 27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67.t.ssp.hinet.net/pixel?bd=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67&t=a546ca&referrer=%25%25%20referrer%20%25%25
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67&t=a546ca&referrer=%25%25%20referrer%20%25%25 HTTP/1.1
Host: 27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 216 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 01bc1111fbba500133b4ecb5d01293d0
74d6067e7fb5706aa40a3a19c40a8fe05c0856a5
431cdfcef50c710ac20411308cc19b3e2b143953a4bd924d445774f433e3346b
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca; expires=Wed, 25-Sep-2024 22:37:21 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/adsbyscupio.js?v=1.0.2
143.204.55.41200 OK 1.8 kB URL HTTP/2 img.scupio.com/js/adsbyscupio.js?v=1.0.2
IP 143.204.55.41:0
File type ASCII text, with very long lines (4522)
Hash bcb43a2fd6f6ce3adc87127e5747c0b9
58b12b64bfd917474ffa3c122b7e7ac591ac8e01
a26b17ff2aaadb1f42f4a62d92fdf6a4c6ffa593e113bf92be01de7d152412aa
GET /js/adsbyscupio.js?v=1.0.2 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:19 GMT
expires: Tue, 27 Sep 2022 01:34:02 GMT
cache-control: max-age=10800
etag: W/"607cf957-11ab"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lFaw5lSSGGetrLXhRn7TsOjinTK0xiMhDxV-cwX3GLjX2W9nj9_bMg==
age: 197
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.117.js
178.250.2.130200 OK 34 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.117.js
IP 178.250.2.130:0
Hash 4e6160a215566a06c7e1434df344ceb8
c4cba3da45214ff7037eb23580572135799678dd
711f72ef49240abba3a870148fc048f8892b54ba55b096aa67560976968cb4f7
GET /js/ld/publishertag.prebid.117.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: text/javascript
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
etag: W/"61cc54f6-15c19"
expires: Tue, 27 Sep 2022 22:37:20 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CSA20220927063721293565
162.210.196.208302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CSA20220927063721293565
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CSA20220927063721293565 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:21 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Mon, 26 Sep 2022 22:37:21 GMT
connection: close
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b2211f11194fe1d4617d472dfd62667d
12a7fa3cf0d08249e972c282c31c95f578afe235
16bbb877d0e4713aa9f1847a19473a9c25ff0a44d2fa489b2197a069eeff707f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3749
Cache-Control: max-age=95520
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:21 GMT
Etag: "6330ed1c-1d7"
Expires: Wed, 28 Sep 2022 01:09:21 GMT
Last-Modified: Mon, 26 Sep 2022 00:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
adcdn.holmesmind.com/adserver/Preset.js?z=13849
143.204.55.101200 OK 396 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13849
IP 143.204.55.101:0
File type ASCII text, with very long lines (1120), with no line terminators
Hash c6f7cbb06b457b3e458ee120ca2ddc7b
90cb2e0710707b1062e2cc2dac73650b8a581391
789ed9f6784468a56735b330ebaacfcfc77130b440964b800af813741df63577
GET /adserver/Preset.js?z=13849 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 22:37:21 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1ev_PIhV5xWzy5uVViElPReyA0_cK598KNu3TaFbw73H03_0hSyN5A==
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.236200 OK 39 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.236:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 37c1f851d47b5c2433a2d143bb1ce98a
688eead8797500847b2e05c709c248b8fa77c6a9
aebf7192bebc10ffa36b364f8d2aea732d6ee21f2cb4df2690ff26c07142e886
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 115054
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.9084308353650254
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.9084308353650254
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.9084308353650254 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 22:37:21 GMT
X-Firefox-Spdy: h2
creditcards.com.tw/wp-content/uploads/2020/05/%E5%9B%9B%E5%A4%A7%E9%A3%9F%E7%89%A9%E5%A4%96%E9%80%81%E5%B9%B3%E5%8F%B0%E6%8E%A8%E8%96%A6%E7%8F%BE%E9%87%91%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
192.0.78.244200 OK 0 B URL HTTP/2 creditcards.com.tw/wp-content/uploads/2020/05/%E5%9B%9B%E5%A4%A7%E9%A3%9F%E7%89%A9%E5%A4%96%E9%80%81%E5%B9%B3%E5%8F%B0%E6%8E%A8%E8%96%A6%E7%8F%BE%E9%87%91%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg
IP 192.0.78.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2020/05/%E5%9B%9B%E5%A4%A7%E9%A3%9F%E7%89%A9%E5%A4%96%E9%80%81%E5%B9%B3%E5%8F%B0%E6%8E%A8%E8%96%A6%E7%8F%BE%E9%87%91%E5%9B%9E%E9%A5%8B%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg HTTP/1.1
Host: creditcards.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: image/jpeg
content-length: 155775
strict-transport-security: max-age=31536000
last-modified: Mon, 22 Jun 2020 07:19:43 GMT
etag: "5ef05b8f-2607f"
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
t.ssp.hinet.net/utag.js
203.75.214.136200 OK 2.4 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with very long lines (5049), with no line terminators
Hash 59793fa476d4f5e0b177acef44ee8083
57823f81de683ebb08335e827f30b9f904283fc7
5628ea7c968a79272ef5a76b95432ab372b7bc79f962030b963aba8902389741
GET /utag.js HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: application/javascript
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
vary: Accept-Encoding
etag: W/"62de3d74-134a"
expires: Mon, 26 Sep 2022 22:47:19 GMT
cache-control: max-age=600
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=76&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
52.198.19.32200 OK 1.1 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=76&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
IP 52.198.19.32:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1099), with CRLF line terminators
Hash f215fda6f9dadcc3a7487eb6f0a486c8
0b371af5a52126e9a1a8ff77cce20f73d1a26b2a
9701b57c4557b9db93863c1c5cfbd2e9998dda2e01ef786daa396472b7c0d8c9
GET /adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=76&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=keFuCvz-Cp68dql2oikyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=keFuCvz-Cp68dql2oikyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:22 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Ea0UiyqUDxuX3MnYoikyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=Ea0UiyqUDxuX3MnYoikyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:22 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.78.222307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.78.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 26 Sep 2022 22:37:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=5qgVGmVcCeKuF_YyoikyYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=5qgVGmVcCeKuF_YyoikyYw; Path=/; Domain=c.appier.net; Expires=Tue, 26 Sep 2023 22:37:22 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 332 B IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (305), with no line terminators
Hash 8851dfafcfd0e20f3a7191ce8296ed62
fcdfb8d70cdb0d4ceee1efe02349e37762c9e184
223eb69c8b787fa7f3f429d900182dfb3f056a190b3786e4a4854dfb1dcbd4f8
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=Syq-ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WXV1cnY2em5Ma1AlMkZsdkt4Nk93Ylgw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=qBtXjF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WlZIQ2dLREtZVFZ1alJkSVFzWHlFUA; expires=Sat, 21 Oct 2023 22:37:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 314937
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
69.173.158.64204 No Content 0 B URL HTTP/1.1 pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
IP 69.173.158.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=xapi-bridgewell HTTP/1.1
Host: pixel-apac.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
Content-Type: image/gif
m.holmesmind.com/ml/google?cf_uid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&uu_m=undefined&google_error=3
35.227.249.156200 OK 0 B URL HTTP/2 m.holmesmind.com/ml/google?cf_uid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&uu_m=undefined&google_error=3
IP 35.227.249.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ml/google?cf_uid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&uu_m=undefined&google_error=3 HTTP/1.1
Host: m.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvAfbIZN5oRp9SDDw3udIc_U7jWlWGJZmUR6cG8qAN8A73AOy-fGLOWgtM0OF5U9wWPuliOlpx2SxKvv01nVbJlAA
expires: Mon, 26 Sep 2022 23:37:22 GMT
date: Mon, 26 Sep 2022 22:37:22 GMT
cache-control: public, max-age=3600
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 0
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-storage-class: REGIONAL
accept-ranges: bytes
content-length: 0
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:21 GMT
Content-Length: 0
8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net/pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=cf&referrer=https%3A%2F%2Freurl.cc
203.75.214.136200 OK 0 B URL HTTP/2 8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net/pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=cf&referrer=https%3A%2F%2Freurl.cc
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=cf&referrer=https%3A%2F%2Freurl.cc HTTP/1.1
Host: 8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:22 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net/pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=50ef57&referrer=
203.75.214.136200 OK 0 B URL HTTP/2 8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net/pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=8352947b-4779-4b23-bdbf-ec976c4d07ca&t=50ef57&referrer= HTTP/1.1
Host: 8352947b-4779-4b23-bdbf-ec976c4d07ca.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:22 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 56 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 7acd56c089697edb7d15937701a158ab
cad3c2fdc91f446e000e157b7153564832382934
9b23ea9e2e0617c45d7d086444b4dbe6dd0beac3ade124f34ad8c0bbd15931f1
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca; expires=Wed, 25-Sep-2024 22:37:21 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.91200 OK 448 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.91:0
File type JSON data\012- , ASCII text, with very long lines (452), with no line terminators
Hash c747ca2a82cdc52782af2dc750c9e3c4
055b7a24abc0ab74b22ca454de302fa17c8936cc
72d054c9ce1f7c02e3852049d40bd396ce6a214ec153380246fc75bbd91dfcd5
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 117943
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 26 Sep 2022 22:37:21 GMT
Content-Length: 0
t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:22 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ads.aralego.com/sdk
192.96.200.41301 Moved Permanently 0 B IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
cdn.aralego.net/ucfad/sdk/us-east/sdk
104.26.5.103200 OK 44 kB URL HTTP/2 cdn.aralego.net/ucfad/sdk/us-east/sdk
IP 104.26.5.103:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (43705), with no line terminators
Hash 0edbdb34f8b86da4290bfd11394f5a36
3452910b1954171c86caec8b08c4301b961e71fd
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a
GET /ucfad/sdk/us-east/sdk HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:23 GMT
content-type: application/octet-stream
content-length: 43705
last-modified: Thu, 22 Sep 2022 10:05:53 GMT
etag: "632c3381-aab9"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 2934
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSEbBMSAfiAa9UpE4%2BuVMTb%2BNRlbVga73z0u4Nixm9OcbmPZYeLU4EdL%2FyHqH5dfW1wGuagfoMJTqt2N68GE71e6NJahVEneMA1imaH6ogzAstT7qT5PzoK2nda0C4VxrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f7bdaca7a1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 800 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
Hash ce513a7a8852f8c03cf81e6386b2095f
b13b19a4b118cf26db1ed3da4720e7a2354d1a53
007d5d1b60e2c548f2a64957c34350403055a14ba3e926a6d9dc46bfa8381de0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 1165751
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/show_ads.js
216.58.207.226200 OK 40 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP 216.58.207.226:0
File type ASCII text, with very long lines (2320)
Hash 6b33b658cf2bf792e7df07cb662ec969
0b71475869e307525050eb03d938d2c34561c1e3
6a99de71fd7ca6dd5c40ecbda17246a3c66c68e5adc671ff077dd3a4f8dfaab2
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 26 Sep 2022 22:37:23 GMT
expires: Mon, 26 Sep 2022 22:37:23 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 1613755216219691996
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 40357
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
162.210.196.208200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:23 GMT; Secure; SameSite=None
content-type: text/html; charset=utf-8
content-length: 46
vary: Accept-Encoding
date: Mon, 26 Sep 2022 22:37:23 GMT
connection: close
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 327 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
Hash 9b9c1ec9374fae37820db17da9eb20c2
984b2f38cc5611bed1e282f5bdac1d43f04a25f4
97520ff3698febb4a94fc95f238f7d37794cb1217aec8ad41d348f4a5bfe4fb1
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://img.scupio.com/
Origin: https://img.scupio.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 410843
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 57 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 2cceec0fcf4cfcafba3eb6310e307bc0
a2b4c40f0f64ca820b6eded6cb5e1fc1b3f6f187
28d7e284b28be3a4763111b5d805bc8c90e606dd9769a498749649d42654d1c3
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2fb3c221-8983-458d-9152-14251789aa77; expires=Wed, 25-Sep-2024 22:37:19 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 555 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash db2b88caa2c34dc0d6153583839218f2
1752062cf41f0778d347bc5e115d1caef1233630
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
GET /cm?c=50ef57&cid=934-TGP3V5VRTxTjbExzcESM3eLJEadtfRYP&mp=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:22 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH%26SID%3D54266%26Tags%3D2005%2C2004%2C2003
52.197.129.187200 OK 28 kB URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH%26SID%3D54266%26Tags%3D2005%2C2004%2C2003
IP 52.197.129.187:0
File type ASCII text, with very long lines (45165)
Hash 4c32f5f52fabfa61813f7ffaf6aabcde
ab05d6000409ba2241915b3cf7db35b8cc7bc432
e4164a8386619066400e1b18edd2e370c94775c327df9d1d32910309635b4e18
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH%26SID%3D54266%26Tags%3D2005%2C2004%2C2003 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:22 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
162.210.196.208200 OK 35 B URL HTTP/1.1 sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
set-cookie: euconsent-v2=; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:23 GMT; Secure; SameSite=None
gdpr=1; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:23 GMT; Secure; SameSite=None
sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Tue, 26 Sep 2023 22:37:23 GMT; Secure; SameSite=None
content-type: image/gif
content-length: 35
date: Mon, 26 Sep 2022 22:37:23 GMT
connection: close
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8cd97aaf3e95e1e9bbdf8b739727d7cd
858cf438048356fc972c737cc84e1439c18dec5e
18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=reurl.cc
142.250.74.34200 OK 390 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.34:0
Hash 8be67dad40c4a147687075e0a20b83e5
ed5be22a72746d925339461c48219ef53b77750f
87929a44254f0d931d16d46d9532ee79d158f33600b6d658f8ce888744f8b6e0
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787
172.217.21.162200 OK 197 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 795aa29ce0344bb9dd322473ac1b25f1
cb74000d8b123715acf05009458206beee2d53db
65bb4dc147324b23445405bd0a0b1af0158d059a0aff12e11735492028f7bdc5
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
cache-control: private
content-length: 197
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787
172.217.21.162200 OK 196 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 1bb713c00c9a936a269a539d573d56e3
8eec271bf34fd64897d6d1c40c010625dd14f2b8
67da87220b5bf7efa61a8a24064ef7cf310f84cb6ca31865290dd028f6712db3
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
cache-control: private
content-length: 196
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=reurl.cc
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:23 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
203.75.214.136200 OK 100 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type gzip compressed data, max compression\012- data
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FxgmXr1&ea=0&wgl=1&dt=1664231841413&bpp=20&bdt=288&idt=236&shv=r20220922&mjsv=m202209220101&ptt=5&saldr=sa&cookie=ID%3D87800538dfc4995f-22cd5cce2fce00ef%3AT%3D1664231843%3ART%3D1664231843%3AS%3DALNI_Mb3DxBN3Usm8fPguVc6A_wEK5-uUA&correlator=7854367573081&frm=23&ife=1&pv=2&ga_vid=1079965034.1664231837&ga_sid=1664231842&ga_hid=1678262593&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1704757162&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761792%2C31062931&oid=2&pvsid=1344980973593100&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ox5cjxb5qrrx&fsb=1&dtd=395
142.250.74.66200 OK 24 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FxgmXr1&ea=0&wgl=1&dt=1664231841413&bpp=20&bdt=288&idt=236&shv=r20220922&mjsv=m202209220101&ptt=5&saldr=sa&cookie=ID%3D87800538dfc4995f-22cd5cce2fce00ef%3AT%3D1664231843%3ART%3D1664231843%3AS%3DALNI_Mb3DxBN3Usm8fPguVc6A_wEK5-uUA&correlator=7854367573081&frm=23&ife=1&pv=2&ga_vid=1079965034.1664231837&ga_sid=1664231842&ga_hid=1678262593&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1704757162&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761792%2C31062931&oid=2&pvsid=1344980973593100&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ox5cjxb5qrrx&fsb=1&dtd=395
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (64715), with no line terminators
Hash 4df33dac17e4781e00b8841e4e7ece43
9c708d52796141bd80ecf76ab1480516fbed0c11
b17336f4ed68b4121e4e5ab26d077613bc5b4b3f17610f44e879e0e8d9851913
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FxgmXr1&ea=0&wgl=1&dt=1664231841413&bpp=20&bdt=288&idt=236&shv=r20220922&mjsv=m202209220101&ptt=5&saldr=sa&cookie=ID%3D87800538dfc4995f-22cd5cce2fce00ef%3AT%3D1664231843%3ART%3D1664231843%3AS%3DALNI_Mb3DxBN3Usm8fPguVc6A_wEK5-uUA&correlator=7854367573081&frm=23&ife=1&pv=2&ga_vid=1079965034.1664231837&ga_sid=1664231842&ga_hid=1678262593&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1704757162&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761792%2C31062931&oid=2&pvsid=1344980973593100&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ox5cjxb5qrrx&fsb=1&dtd=395 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 26 Sep 2022 22:37:24 GMT
server: cafe
content-length: 24350
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 26-Sep-2022 22:52:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 26 Sep 2022 22:37:24 GMT
cache-control: private
X-Firefox-Spdy: h2
e22bf02ffc2884488a30402fb385f004.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 e22bf02ffc2884488a30402fb385f004.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: e22bf02ffc2884488a30402fb385f004.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 26 Sep 2022 22:37:24 GMT
expires: Tue, 26 Sep 2023 22:37:24 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=701&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
52.198.19.32200 OK 26 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=701&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
IP 52.198.19.32:0
Hash ae865efae1cf981a22858bbe359bc35a
fc9e434b4d8c8177e0f31bc4d9a3a2bb5452cc63
881668a20a90b3fcc81df89f7382b94bc323644972f477f1ac97fef411ba8508
GET /adserver/ads.js?z=13849&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=701&o=4&d=1&b=3&ts=1&ii=2&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH; Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
680153f31ae6337e43613a30d6ed847a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 680153f31ae6337e43613a30d6ed847a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: 680153f31ae6337e43613a30d6ed847a.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 26 Sep 2022 22:37:24 GMT
expires: Tue, 26 Sep 2023 22:37:24 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23d19b3f71f6460e3d033f2516cbb30e
0eba190af730382c4ac0a433424a4c7a8c796064
b52695792218b549e210c8ce75ef9fca11319ed2ee82447817460bb7e7e87ae1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23d19b3f71f6460e3d033f2516cbb30e
0eba190af730382c4ac0a433424a4c7a8c796064
b52695792218b549e210c8ce75ef9fca11319ed2ee82447817460bb7e7e87ae1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20220922/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220922/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1624)
Hash f46cc3169ffbd99218f62616e2dc44ea
f44964026d2af9900a059c88967c9e8d067def45
9c82ae03291d76510460e1468338fd9303e25ccbf65e94c66e7a3e2173d7b29c
GET /pagead/js/r20220922/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 9559
x-xss-protection: 0
date: Mon, 26 Sep 2022 22:01:54 GMT
expires: Mon, 10 Oct 2022 22:01:54 GMT
cache-control: public, max-age=1209600
etag: 12142024561622733046
content-type: text/javascript; charset=UTF-8
age: 2130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20220922/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220922/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1494)
Hash d4c271459de87911060fd730756373be
9100e62d0d61513c1b489e47a6a35b84e8be4a25
b14fbcdbed0b02e9656b4d5ff183d84c25b076ac0b1087d2feb9254ee9ce8c24
GET /pagead/js/r20220922/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 7553
x-xss-protection: 0
date: Mon, 26 Sep 2022 22:08:17 GMT
expires: Mon, 10 Oct 2022 22:08:17 GMT
cache-control: public, max-age=1209600
etag: 15375136450269253166
content-type: text/javascript; charset=UTF-8
age: 1747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Mon, 26 Sep 2022 22:37:24 GMT
expires: Mon, 26 Sep 2022 22:37:24 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/b6810b6596f7ed55ed76c68d0358aca1.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.163200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/b6810b6596f7ed55ed76c68d0358aca1.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.163:0
File type C++ source, ASCII text, with very long lines (1792)
Hash dc869492c13c6684ab4eb7bf97d94e03
12c6685c433c3eb68db7babb6074f65a86b81350
7e6f05d389449ba380ad360c900ee4e5d0a05f7e0aac3c52a99d7fc684654e3e
GET /mysidia/b6810b6596f7ed55ed76c68d0358aca1.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 13684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 08:45:12 GMT
expires: Sat, 24 Dec 2022 08:45:12 GMT
cache-control: public, max-age=7776000
last-modified: Fri, 23 Sep 2022 10:37:32 GMT
content-type: text/javascript
age: 136332
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 442996
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.41200 OK 38 kB URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.41:0
Hash e07e3e173875f668b3cba18cbb652c0f
a30f5755d248d8f7b59477dc40c65bfee5762397
aeedef6f66fffa6df9d072a82ed4222375f9e8e971b8a7a0e87fa1fbc407d590
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 21:51:04 GMT
expires: Wed, 26 Oct 2022 21:48:59 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TzGRgSlW9hO3e7mfx0wX0_Wxf2dXtYwe7M8Ie5Gwq0yPjg4hZVbhVA==
age: 2899
vary: Origin
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 442996
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 22:37:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.0.157200 OK 457 B IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (482), with no line terminators
Hash 7803c4ac3c7afc4795e8e0d3fe6ec94f
744ae23ca6e12e4d8808a1be4e99a38e55a57f8a
d55c771b8be84516f0c2f6f17d247d58c1d18471173ca7dfe8a5e1b13fab43b0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=qBtXjF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WlZIQ2dLREtZVFZ1alJkSVFzWHlFUA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=dq0DdF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WWdORnZvYWUxTVNlZXBRQ2FxWmJGRQ; expires=Sat, 21 Oct 2023 22:37:24 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 278501
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.236200 OK 39 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.236:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 37c1f851d47b5c2433a2d143bb1ce98a
688eead8797500847b2e05c709c248b8fa77c6a9
aebf7192bebc10ffa36b364f8d2aea732d6ee21f2cb4df2690ff26c07142e886
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:23 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 111062
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 7.0 kB IP 178.250.0.157:0
Hash 923380211cb4e47879eeff9c048b862b
dad395908cd9e3888b29f9d2a6f6662a74c03681
09c29e446430f488cb316035d40da210eaec78702add5ef617fb4c39ccc9c7da
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=dq0DdF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WWdORnZvYWUxTVNlZXBRQ2FxWmJGRQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=2AtBJF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2YUhoVVlsT04lMkZaZ3l0aDBwVXNVWGhR; expires=Sat, 21 Oct 2023 22:37:25 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 285063
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=ASMX_180M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WnJnayUyRmRzOHo3NmYlMkIyOXdETyUyRmZaZg&idsd=137452942,1529892151&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=ASMX_180M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WnJnayUyRmRzOHo3NmYlMkIyOXdETyUyRmZaZg&idsd=137452942,1529892151&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=ASMX_180M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WnJnayUyRmRzOHo3NmYlMkIyOXdETyUyRmZaZg&idsd=137452942,1529892151&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 805400
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
143.204.55.41200 OK 0 B URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP 143.204.55.41:0
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:19 GMT
expires: Wed, 26 Oct 2022 22:33:32 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QiKCtNlss3MOVFaEOndVH6yQgpXqj5Yc-wnu16a2FGIHqM2u_26tiQ==
age: 227
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:19 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca; expires=Wed, 25-Sep-2024 22:37:19 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
GET /rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 26 Sep 2023 13:38:12 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 2bQwGr4bYKNbTSzv9qY/OA==
x-fb-debug: 6ytlU/6f/N2TIarEodUYJfMTuLnYkzrw4othocc0NzSjcRIWoo1EHgVk9zZOrsmXRWn5FYg89ZMffvuWZ0T0Ig==
content-length: 7308
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 22:37:18 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.41200 OK 0 B URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.41:0
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 21:51:04 GMT
expires: Wed, 26 Oct 2022 21:48:59 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ceY5ID8YuzFNlD9bSPfOxH8NEbx0vOXriT4uAM3MMp_VWCAmAw8xEA==
age: 2899
vary: Origin
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=dq0DdF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WWdORnZvYWUxTVNlZXBRQ2FxWmJGRQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=ASMX_180M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WnJnayUyRmRzOHo3NmYlMkIyOXdETyUyRmZaZg; expires=Sat, 21 Oct 2023 22:37:25 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 328328
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
reurl.cc/xgmXr1
35.185.130.121200 OK 0 B IP 35.185.130.121:0
Analyzer Verdict Alert openphish Regions Financial Corporation
fortinet Phishing
quad9 Sinkholed
GET /xgmXr1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://wiki.oceanreeflifegame.com/wp-admin/css/colors/sunrise/me/new/
content-encoding: gzip
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13848
143.204.55.101200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13848
IP 143.204.55.101:0
GET /adserver/Preset.js?z=13848 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 22:32:30 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5XwfLLjGnHqSQQaegc5vyTAlzU4xFuJPvPbocrt4eexOC2i3bncAbA==
age: 288
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=cf&cid=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH&mp=8352947b-4779-4b23-bdbf-ec976c4d07ca HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=58&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
52.198.19.32200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=58&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P
IP 52.198.19.32:0
GET /adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=58&o=4&d=1&b=3&ts=1&ii=3&FPCK=3207-EhMv84KulLfBWYVcar6eAFGpv8sQnh5T&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=8352947b-4779-4b23-bdbf-ec976c4d07ca
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=8352947b-4779-4b23-bdbf-ec976c4d07ca
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=8352947b-4779-4b23-bdbf-ec976c4d07ca HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13856
143.204.55.101200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13856
IP 143.204.55.101:0
GET /adserver/Preset.js?z=13856 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 22:32:30 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: MA0jAgiSQYQ4qlSzWFEQyWMMr59qdul8s2SlUhX2VsYWU4hE6V86_Q==
age: 288
X-Firefox-Spdy: h2
img.scupio.com/js/ad.js
143.204.55.41200 OK 0 B IP 143.204.55.41:0
GET /js/ad.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:55 GMT
content-encoding: gzip
date: Mon, 26 Sep 2022 22:33:00 GMT
expires: Mon, 26 Sep 2022 22:47:27 GMT
cache-control: max-age=900
etag: W/"6327d117-12f95"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8ZizQfP4KMrWOdlhCVJA_0P0iCTG8JtseUicrZTCIGIZgh9G64655g==
age: 291
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.91200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.91:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 111598
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_8717-1-scaled.jpg?fit=2560%2C1920&ssl=1
192.0.77.2200 OK 0 B URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_8717-1-scaled.jpg?fit=2560%2C1920&ssl=1
IP 192.0.77.2:0
GET /golike.tw/wp-content/uploads/2022/09/img_8717-1-scaled.jpg?fit=2560%2C1920&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:19 GMT
content-type: image/webp
content-length: 224544
last-modified: Mon, 26 Sep 2022 09:15:23 GMT
expires: Wed, 25 Sep 2024 21:15:23 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/09/img_8717-1-scaled.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "6e2868feb59a0c33"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 22:37:21 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-16120"
expires: Tue, 27 Sep 2022 22:37:21 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=2AtBJF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2YUhoVVlsT04lMkZaZ3l0aDBwVXNVWGhR&idsd=137452942,1529892151&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=2AtBJF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2YUhoVVlsT04lMkZaZ3l0aDBwVXNVWGhR&idsd=137452942,1529892151&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=D8FCAV9JejElMkZzaVhIY0x1RGhuZEZzbVZIQm14Y21PNnZWTjduMmJSVnJmcVNnNXV4MUdlU2c3ZjBNT25zcUlSNmclMkJQNUIlMkZDbU1MWkh3dVJoWUs0QkFPZUMlMkJIYWhoVjFzN1IxaGZSQlZZY1BUaURmb0QxYmp3NFRRRFhkVkZGdkV5Nmcy&info=2AtBJF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2YUhoVVlsT04lMkZaZ3l0aDBwVXNVWGhR&idsd=137452942,1529892151&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 916110
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
reurl.cc/javascripts/ga2.js?v=2
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/ga2.js?v=2
IP 35.185.130.121:0
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/ga2.js?v=2 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:17 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 12:53:44 GMT
vary: Accept-Encoding
etag: W/"632b0958-218"
expires: Tue, 26 Sep 2023 22:37:17 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FxgmXr1&caps=16&cb=jsonpCallback0
212.82.100.146200 OK 0 B URL HTTP/2 ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FxgmXr1&caps=16&cb=jsonpCallback0
IP 212.82.100.146:0
ASN #34010 Yahoo! UK Services Limited
GET /nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FxgmXr1&caps=16&cb=jsonpCallback0 HTTP/1.1
Host: ads.yap.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding, User-Agent
content-encoding: gzip
date: Mon, 26 Sep 2022 22:37:18 GMT
age: 0
strict-transport-security: max-age=31536000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
c.holmesmind.com/cm?tc=getIn&
35.201.76.93200 OK 0 B URL HTTP/2 c.holmesmind.com/cm?tc=getIn&
IP 35.201.76.93:0
GET /cm?tc=getIn& HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Mon, 26 Sep 2022 22:37:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: P=735221-yhGjqteFRwOR8tL47TRpvNLKLy5QJ0ZH;Expires=Friday, 24-Sep-2032 14:37:18 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
test_cookie=;Expires=Thursday, 01-Jan-1970 08:00:00 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
Vision=20220927-23:59,20220927-09,20220927-09,20220927-23:59;Expires=Tuesday, 11-Oct-2022 14:37:18 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
C=null;Expires=Tuesday, 11-Oct-2022 14:37:18 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
RK=null;Expires=Thursday, 05-Jan-2023 14:37:18 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=Syq-ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WXV1cnY2em5Ma1AlMkZsdkt4Nk93Ylgw&idsd=137452942,1529892151
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=Syq-ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WXV1cnY2em5Ma1AlMkZsdkt4Nk93Ylgw&idsd=137452942,1529892151
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=Syq-ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WXV1cnY2em5Ma1AlMkZsdkt4Nk93Ylgw&idsd=137452942,1529892151 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 886793
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
IP 142.250.74.10:0
GET /css?family=Roboto%3A300%2C400%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 22:37:24 GMT
date: Mon, 26 Sep 2022 22:37:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=dq0DdF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WWdORnZvYWUxTVNlZXBRQ2FxWmJGRQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:25 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=fvPpB180M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQmlpZm5JZzE5RFJSem5aQUhvYTU2WTcxcHJlY3ZNZUtFU0o4MWhMMmExWA; expires=Sat, 21 Oct 2023 22:37:25 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 329765
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=27c7bd3e-f077-4e4a-9a61-1ea6f1b55d67 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:20 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 26 Sep 2022 22:37:21 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=8352947b-4779-4b23-bdbf-ec976c4d07ca; expires=Wed, 25-Sep-2024 22:37:21 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.236200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.236:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 122548
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.236200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.236:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 22:37:24 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98913
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2