fitleanhealth.com/mw25ckd_leads-GlucoFreeze-032523
188.114.96.1301 Moved Permanently 266 B URL HTTP/1.1 fitleanhealth.com/mw25ckd_leads-GlucoFreeze-032523
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a9c6a790cfc5fbb4387b17e93d0ac8b4
86c5aabe13c5c10cb086e89f6746d5be3e1a97d6
bbae0545b332a910aae021c51010749a8faca328d8e290096c9ab5bc180ade47
Analyzer Verdict Alert fortinet Phishing
GET /mw25ckd_leads-GlucoFreeze-032523 HTTP/1.1
Host: fitleanhealth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 22:30:39 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Age: 19261
Content-Security-Policy: upgrade-insecure-requests
Location: https://fitleanhealth.com/mw25ckd_leads-GlucoFreeze-032523
Vary: User-Agent, Accept-Encoding
X-Backend: local
X-Cache: cached
X-Cache-Hit: HIT
X-Cacheable: YES:Forced
X-Cacheproxy-Retries: 0/2
X-Content-Type-Options: nosniff
X-Php-Version: 7.4
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7tM4wC%2F%2BCtYcup%2FIcOBEvGZamQoMTrLbBVLxlX2nxJLgZNHmUGc9%2BWJmHecqbfpMC31tt0gavut7G0GhJdxiPkvGrRvNg6cTbyN6tvfIkRGFikArDj55KbrqQBGbt4Ewxun3A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ada998299790b65-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16611
Expires: Sun, 26 Mar 2023 03:07:30 GMT
Date: Sat, 25 Mar 2023 22:30:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16920
Expires: Sun, 26 Mar 2023 03:12:39 GMT
Date: Sat, 25 Mar 2023 22:30:39 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 22:27:45 GMT
content-type: application/json
age: 174
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4258
Expires: Sat, 25 Mar 2023 23:41:37 GMT
Date: Sat, 25 Mar 2023 22:30:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jfadarT9/t/m3YjURJD6B4l3M4pzcYdRmYWO++sZ+X6sX32ggOOFsyBRy7peW6H3BDLRFP9CAUI7VqGXCTeFfA==
x-amz-request-id: F050W5HD82HRS4CG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 22:00:57 GMT
age: 1783
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:30:40 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
trk.anarchywarrior.com/566b7d8b-1550-480f-8818-c13a62597505?&sub1=mw25ckd_032523_leads
172.67.215.10302 Found 0 B URL HTTP/2 trk.anarchywarrior.com/566b7d8b-1550-480f-8818-c13a62597505?&sub1=mw25ckd_032523_leads
IP 172.67.215.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /566b7d8b-1550-480f-8818-c13a62597505?&sub1=mw25ckd_032523_leads HTTP/1.1
Host: trk.anarchywarrior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fitleanhealth.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:40 GMT
content-length: 0
location: https://www.wm74trk.com/28KL6/24PQD1K/?sub1=mw25ckd_032523_leads&sub5=wrp85139rltpruhn262c6k3o&sub3=91.90.42.154
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: 566b7d8b-1550-480f-8818-c13a62597505-v4=n9XXQKIXVQMRgG1AtbiYOe7dn6YTly5kaK1mEkxYRcw; Max-Age=86400; Expires=Sun, 26-Mar-2023 22:30:40 GMT; Domain=trk.anarchywarrior.com; Path=/; HttpOnly
cc-v4=G7YDQCKP43%2F3t35KWcsbbCIqhlbftr4pOnfTDe0vhhslp2W00O0GXp6d9Skdk7nWV%2Fn2SWKuSJDQLF7KYmSMImPRtNc7%2BbiPI8c6vwK4eM%2FYlJ7af5ANPeHyzXXK%2Bl4nSpWGXLogL1aDzuK1gn2Zzg%3D%3D; Max-Age=31536000; Expires=Sun, 24-Mar-2024 22:30:40 GMT; Domain=trk.anarchywarrior.com; Path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2F%2FfRpL1Fp6L3TT8XLUI77bRTtUURo%2FqwWTZE7kc0axUCfLY9cW5fWiTF7ad%2BlCBjUzaHZU00B8IkWPb05GyBICmJbObGTy4Xq0qd5wieKD5J2gRUypJVF5OHs7YRQGfmmc3pP1mGMCa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ada99869b4e0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 22:17:24 GMT
age: 796
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash d69de8a32a9247e26ec8cdd4077d603a
9215b0a57c1d49b53c8fbbe8cf61d706bb513f65
e907fbfc560da12bb14805eec4275b3b78699bf10ff2045708440d101098c3f7
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 22:30:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 15024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 25 Mar 2023 19:33:33 GMT
Expires: Sun, 26 Mar 2023 19:33:33 GMT
ETag: "9215b0a57c1d49b53c8fbbe8cf61d706bb513f65"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8195
Expires: Sun, 26 Mar 2023 00:47:15 GMT
Date: Sat, 25 Mar 2023 22:30:40 GMT
Connection: keep-alive
www.wm74trk.com/28KL6/24PQD1K/?sub1=mw25ckd_032523_leads&sub5=wrp85139rltpruhn262c6k3o&sub3=91.90.42.154
34.107.190.195302 Found 163 B URL HTTP/2 www.wm74trk.com/28KL6/24PQD1K/?sub1=mw25ckd_032523_leads&sub5=wrp85139rltpruhn262c6k3o&sub3=91.90.42.154
IP 34.107.190.195:0
File type HTML document, ASCII text
Hash 0c77c3735bf5bd6de301d815554e31d5
ce985d03afbb60a5f0b3bb3366039e209f4e543d
1970039b1957f89f4ffa2674c9f6c48eab72d0a10759d3be233039a28730fc58
GET /28KL6/24PQD1K/?sub1=mw25ckd_032523_leads&sub5=wrp85139rltpruhn262c6k3o&sub3=91.90.42.154 HTTP/1.1
Host: www.wm74trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fitleanhealth.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 25 Mar 2023 22:30:40 GMT
content-type: text/html; charset=utf-8
content-length: 163
accept-ch: Sec-Ch-Ua-Platform-Version
location: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
set-cookie: uniqueClick_24PQD1K=bd035938-9232-4b29-a10c-c794dce6e40d:1679783440; Path=/; Expires=Tue, 28 Mar 2023 22:30:40 GMT; Secure; SameSite=None
transaction_id=0e4b01eab09c497fbaf64fc163f697ba; Path=/; Expires=Fri, 23 Jun 2023 22:30:40 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 9674015c-7404-442e-b17d-1b3f92270d86
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash d69de8a32a9247e26ec8cdd4077d603a
9215b0a57c1d49b53c8fbbe8cf61d706bb513f65
e907fbfc560da12bb14805eec4275b3b78699bf10ff2045708440d101098c3f7
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 22:30:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 15024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 25 Mar 2023 19:33:33 GMT
Expires: Sun, 26 Mar 2023 19:33:33 GMT
ETag: "9215b0a57c1d49b53c8fbbe8cf61d706bb513f65"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
push.services.mozilla.com/
54.186.169.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.169.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /1OdIVEmOAukXtaa+g1NZg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KuIJ1WIsN3q6XEvJG0DMGfH48AQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcaf15c259e9baa1f6f0097bb1f34af4
65e17e4cde9c05dcf9c31571686362bb9c0c6666
b2a60d1fe79f0810cfdcf2e32b9a531373f66f84268045687dc03b4cd77d3cdd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2A60D1FE79F0810CFDCF2E32B9A531373F66F84268045687DC03B4CD77D3CDD"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16326
Expires: Sun, 26 Mar 2023 03:02:47 GMT
Date: Sat, 25 Mar 2023 22:30:41 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/css/bootstrap.min.css
104.17.25.14200 OK 18 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.2/css/bootstrap.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65326)
Hash fdb6e9f0aa2a1f504c5100bfd3f158f7
db187483f667bf064b0009bbfa428be0fe27751b
e81b8a4c9a7f47d61c661b4e9dc0c501541a5dec5e5cf97f1fd1fb03db4aef64
GET /ajax/libs/twitter-bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: text/css; charset=utf-8
content-length: 17550
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f2c377f-2722e"
last-modified: Thu, 06 Aug 2020 17:01:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2178694
expires: Thu, 14 Mar 2024 22:30:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDemmeRrf1B25fH0UMqvIJ4bF6xUjyY7LjOGphgMT7qfy5qt0FK51%2FDaK9xvcciaA9yxoH1hkF%2FAeMdtQzWEUaKBd5TI6mexPY7J78uMpRLa6JBPVZuzKfxskRJW3KQzia%2FSz3Kx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ada998f3d16b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fast.wistia.com/embed/medias/44xtnk0cns.jsonp
151.101.130.110200 OK 1.6 kB URL HTTP/2 fast.wistia.com/embed/medias/44xtnk0cns.jsonp
IP 151.101.130.110:0
File type ASCII text, with very long lines (5308)
Hash 4e08c9c055dc5892c8dadc6047fe8aa5
01e21d58008a6de09f0ae7a4b84eca004f591925
e9639dd2fe04ae4fe8360a358639def1ecf1af134f7c504a19146d8d68dc930f
GET /embed/medias/44xtnk0cns.jsonp HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, no-cache
content-encoding: br
content-type: application/javascript; charset=utf-8
etag: W/"c33f4809b68cfe5b4a09ff4180de9ab3"
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: db77cacaccf084ead232cfeb5cdfb7ab
x-runtime: 0.041176
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:41 GMT
age: 13541
x-served-by: cache-iad-kjyo7100176-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 81, 1
x-timer: S1679783442.844269,VS0,VE1
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
content-length: 1608
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fast.wistia.com/assets/external/E-v1.js
151.101.130.110200 OK 117 kB URL HTTP/2 fast.wistia.com/assets/external/E-v1.js
IP 151.101.130.110:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 117 kB (117310 bytes)
Hash 069fe9e390ba04b1e305cf15d8cbaca0
e94d72e8f2810227ae13d520d969b85f608328d9
17cf41a535a1b281316f3f3358ccbfd0d4ff9798485106a88023bb3351dc6b4b
GET /assets/external/E-v1.js HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 24 Mar 2023 14:48:39 GMT
etag: "069fe9e390ba04b1e305cf15d8cbaca0"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: text/javascript
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:41 GMT
age: 3016
x-served-by: cache-iad-kjyo7100121-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 40, 104
x-timer: S1679783442.851193,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
asset-version: 1d1291f7b820d76ce634e6d72f254308143836f0
content-length: 117310
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
142.250.74.74200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (65451)
Hash 903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Mar 2023 11:24:26 GMT
expires: Fri, 22 Mar 2024 11:24:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 212775
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
glucofreezenow.com/1xm.jpg
69.172.200.220200 OK 269 kB URL HTTP/2 glucofreezenow.com/1xm.jpg
IP 69.172.200.220:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1519x1993, components 3\012- data
Size 269 kB (268956 bytes)
Hash 6058555906b1e0ae50eda7c117652b2e
d48a578f9a7b8f870fcf6c7d5dca9a1fbee04e8c
7cf47a03006043204740a935b6c85719a66f03d78c9be5961b97739739374bdb
GET /1xm.jpg HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: image/jpeg
content-length: 268956
last-modified: Sun, 06 Mar 2022 14:43:44 GMT
etag: "6224c8a0-41a9c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding
x-dis-request-id: 8a4c367920c04f7c0780a82421f2e662
server: DOSarrest
accept-ranges: bytes
X-Firefox-Spdy: h2
glucofreezenow.com/6xm.jpg
69.172.200.220200 OK 463 kB URL HTTP/2 glucofreezenow.com/6xm.jpg
IP 69.172.200.220:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 3235x2241, components 3\012- data
Size 463 kB (463183 bytes)
Hash 7f6ad0f7195793a38e0c68d9302c39a7
4aacf9213b01311999a5b6d0ce9de568ba717b85
9bb40dffe2afff00f3b42fb26faf0cf6127cfc9fcc3339fe5b2ccb4f6b975442
GET /6xm.jpg HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: image/jpeg
content-length: 463183
last-modified: Sun, 06 Mar 2022 14:43:46 GMT
etag: "6224c8a2-7114f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding
x-dis-request-id: 1385afb09220bf41ebe2022fcf177aef
server: DOSarrest
accept-ranges: bytes
X-Firefox-Spdy: h2
glucofreezenow.com/3xm.jpg
69.172.200.220200 OK 330 kB URL HTTP/2 glucofreezenow.com/3xm.jpg
IP 69.172.200.220:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 2415x2002, components 3\012- data
Size 330 kB (330272 bytes)
Hash 7a06be5957059f0874cb383f841e3c85
28da2d3a838587515a64847512896d972f29c848
b6162beb636dc007c25416bbb692bcc8468dd622268b8e8dc00f2e3c09a7ee38
GET /3xm.jpg HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: image/jpeg
content-length: 330272
last-modified: Sun, 06 Mar 2022 14:43:46 GMT
etag: "6224c8a2-50a20"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding
x-dis-request-id: e2b7ba5aefeee6989bcd041e9307c4e9
server: DOSarrest
accept-ranges: bytes
X-Firefox-Spdy: h2
glucofreezenow.com/xkm(1).jpg
69.172.200.220200 OK 34 kB URL HTTP/2 glucofreezenow.com/xkm(1).jpg
IP 69.172.200.220:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1100x527, components 3\012- data
Hash 9d5760f9946d6556a7ff2623b177800c
6fca3c35cb7ce23d55d46fa9a0ad3e7a16ba9ea8
98b8581981e293666aae1977953931103c850844e9a564b088c383cf7e060f33
GET /xkm(1).jpg HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: image/jpeg
content-length: 34327
last-modified: Sun, 06 Mar 2022 14:43:43 GMT
etag: "6224c89f-8617"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding
x-dis-request-id: a5e338fffc57e27cad552448dc9aa5d0
server: DOSarrest
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8385
Expires: Sun, 26 Mar 2023 00:50:27 GMT
Date: Sat, 25 Mar 2023 22:30:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8385
Expires: Sun, 26 Mar 2023 00:50:27 GMT
Date: Sat, 25 Mar 2023 22:30:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8385
Expires: Sun, 26 Mar 2023 00:50:27 GMT
Date: Sat, 25 Mar 2023 22:30:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8385
Expires: Sun, 26 Mar 2023 00:50:27 GMT
Date: Sat, 25 Mar 2023 22:30:42 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6530dbbc16d84b7047fa4bc66364fbf4
a53e0919923151e009e12010c60acb5a9175d37e
e64a2699e763d75a068ee6ceafd4eb2a1922488dc2e052699fb4242f0bf20524
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9486
x-amzn-requestid: b0324b5e-303e-485a-ae57-c001378aa401
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW2eRHjaoAMF74w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6ac1-27f002da252bd7ee19802f3d;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:42:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: V-lhHgr1lyxVF9XaxHQ6abgEwVC_llAl8opmQ8qKJ7Ee76HWSP1ZoA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
age: 1309
etag: "a53e0919923151e009e12010c60acb5a9175d37e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4079fe41a14c57ac6160bdb654f6ef64
99d9cd4a1d423d776284f2d638763ebe33e247ad
218e38cf89853672bb8b24c1c53d58092a75827fb9f7aad02c8e4bbc02d44325
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5916
x-amzn-requestid: 86502622-4d93-4767-a7ab-b963bfc9900b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUHgjoAMFmug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-069ef5781ce60e9821010204;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: r9nGZ_sMvuN7uuq8utQofWNeZtbpZfPWOzrNkaBYrmWCV5KUtGzK4w==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:07 GMT
age: 3215
etag: "99d9cd4a1d423d776284f2d638763ebe33e247ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ff8bb94dc368c89ab13dfcfe312e5cd
7819408faa7e232c57bf448d78cf00e7f98469f6
2a04de377d0d4c7cd4a720420806e3f7a872290fad006ef6a172b86d7c249378
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7882
x-amzn-requestid: cdb6c312-e4b1-41e4-a13e-723f8628961d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW3M0G_3oAMFpWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6beb-37ff37b35f2de72b6faf0bf9;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:47:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 36IijBFVCfKpOEcor_pSyo94rbX4Ym1SD_XbGZIoY16BLfcALXcS1w==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
etag: "7819408faa7e232c57bf448d78cf00e7f98469f6"
content-type: image/jpeg
age: 1309
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Sacramento
172.217.21.170200 OK 9.5 kB URL HTTP/2 fonts.googleapis.com/css2?family=Sacramento
IP 172.217.21.170:0
Hash 3bfa8503f541f58a25e47267957ffad0
23e4c9f1dc5e183887435c81db8a5972e9314788
7c03529f36552964bc419e21e2abfee2235bcdfcc1d1072c0a711bda10d0befc
GET /css2?family=Sacramento HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 22:30:41 GMT
date: Sat, 25 Mar 2023 22:30:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
172.217.21.170200 OK 4.6 kB URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700;900
IP 172.217.21.170:0
Hash 37045cec9dcd6a5e01fb46ecf8eed80f
5fed4217764a73d57620b5114d6755a87ddb22b4
73484c9e1c48a3c14b75fb057f7327e671df17c549d8353b26dd81e032b58cdc
GET /css2?family=Montserrat:wght@400;500;600;700;900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 22:30:41 GMT
date: Sat, 25 Mar 2023 22:30:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ca6091f5f9efa5c7a2e171b1c1538eb
32f01282a1c9e7db058c85e92a1228d498988ac2
9befacd1e0f1f863b1290e9742979a62ece98feff88f7cc3db57f4497ea96a49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7156
x-amzn-requestid: 4c7fa12f-7a53-4960-bcf2-e88ccda4ea12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uTGq2IAMFY9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f698e-381360a95cc2762d499e2839;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 9CXL22uAnmLM15tpB3yS-cgRugdZre0cgBqhnsDrdxDp-xvFzy7A4g==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:18 GMT
etag: "32f01282a1c9e7db058c85e92a1228d498988ac2"
content-type: image/jpeg
age: 3204
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
glucofreezenow.com/controlScript.js
69.172.200.220404 Not Found 9 B URL HTTP/2 glucofreezenow.com/controlScript.js
IP 69.172.200.220:0
File type ASCII text, with no line terminators
Hash 9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
GET /controlScript.js HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: text/plain; charset=utf-8
content-length: 9
set-cookie: persistedParams=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; httponly
persistedParams.sig=qQIP2OdsTFa87s1ohgL1NB6ingI; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; httponly
x-dis-request-id: 6ab14e00192040a2fa07e63a9c395cec
server: DOSarrest
X-Firefox-Spdy: h2
glucofreezenow.com/still-broadcast/assets/js/main.js
69.172.200.220200 OK 0 B URL HTTP/2 glucofreezenow.com/still-broadcast/assets/js/main.js
IP 69.172.200.220:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /still-broadcast/assets/js/main.js HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: application/javascript
content-length: 0
last-modified: Sun, 06 Mar 2022 14:43:43 GMT
etag: "6224c89f-0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding
accept-ranges: bytes
x-dis-request-id: ad80e197a375b1211221682bf808b576
server: DOSarrest
X-Firefox-Spdy: h2
glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
69.172.200.220200 OK 22 kB URL HTTP/2 glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
IP 69.172.200.220:0
Hash 9353ee5dae1028b9e8fb5db2145a1beb
0aeac764827a6706d2a71d105b9ca74dbe618f18
aebd4f91e3e48ec07e04934eee48518437de09722cb0b8854fa11061c1352ed1
GET /still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fitleanhealth.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:41 GMT
content-type: text/html
last-modified: Wed, 11 Jan 2023 09:50:32 GMT
etag: W/"63be8668-1c98a"
pragma: public
vary: Accept-Encoding, Accept-Encoding
content-encoding: gzip
set-cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
cnid=1; path=/
cache-control: public, private
x-dis-request-id: 71d0e081df065dfe3a8f0b35343b9e56
server: DOSarrest
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:48 GMT
expires: Sat, 23 Mar 2024 10:26:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
age: 129834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fast.wistia.com/assets/external/wistia-mux.js
151.101.130.110200 OK 31 kB URL HTTP/2 fast.wistia.com/assets/external/wistia-mux.js
IP 151.101.130.110:0
File type ASCII text, with very long lines (65468)
Hash fa03c21a6e8952e171cdcd98dcfa7b3c
e24d08b3ba411a5f3d4f6b0fd94010a24a7173b4
6d4c76da123aaa59aef4ff4c5b28c086570f2fb8c606bcfe497d9de352f18151
GET /assets/external/wistia-mux.js HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 24 Mar 2023 14:48:40 GMT
etag: "fa03c21a6e8952e171cdcd98dcfa7b3c"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: text/javascript
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:42 GMT
age: 3030
x-served-by: cache-iad-kjyo7100156-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 21, 63
x-timer: S1679783443.681477,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
asset-version: 1d1291f7b820d76ce634e6d72f254308143836f0
content-length: 31306
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 3b0a7d2d049cee9d96771ee09db52af4
12076c20743f89b044366e2604162bf460b415bd
1f8d5e971f2a0d64e61cddad1dba09413e0eb0f9eb3ec379c798b2e4281a25bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 103
Cache-Control: max-age=145917
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:42 GMT
Etag: "641f0ca8-1d7"
Expires: Mon, 27 Mar 2023 15:02:39 GMT
Last-Modified: Sat, 25 Mar 2023 15:00:56 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
fast.wistia.com/assets/external/engines/hls_video.js
151.101.130.110200 OK 114 kB URL HTTP/2 fast.wistia.com/assets/external/engines/hls_video.js
IP 151.101.130.110:0
File type ASCII text, with very long lines (65469)
Size 114 kB (114490 bytes)
Hash 126e0af6e7ebffc26419036074e1c843
a390f7eca9671af0f873c492bf4eae3f84c2625d
bc43f74340f949aefb2151c0e997dbfae92f5a8521e5e92504cb7d06aeba2930
GET /assets/external/engines/hls_video.js HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 24 Mar 2023 14:48:40 GMT
etag: "126e0af6e7ebffc26419036074e1c843"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: text/javascript
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:42 GMT
age: 3014
x-served-by: cache-iad-kcgs7200074-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 49, 38
x-timer: S1679783443.830714,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
asset-version: 1d1291f7b820d76ce634e6d72f254308143836f0
content-length: 114490
X-Firefox-Spdy: h2
fast.wistia.com/assets/images/blank.gif
151.101.130.110200 OK 1.2 kB URL HTTP/2 fast.wistia.com/assets/images/blank.gif
IP 151.101.130.110:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash fbdc4ed9a1e2ee4917a265306927bcf1
6d177725d8230df0457e72004080f712e26fe624
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
GET /assets/images/blank.gif HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: max-age=315360000, public
content-type: image/gif
etag: "641e1922-4be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 24 Mar 2023 21:41:54 GMT
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:43 GMT
age: 89232
x-served-by: cache-iad-kiad7000052-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 51, 1264
x-timer: S1679783443.025505,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
content-length: 1214
X-Firefox-Spdy: h2
fast.wistia.com/embed/medias/44xtnk0cns.m3u8
151.101.130.110200 OK 935 B URL HTTP/2 fast.wistia.com/embed/medias/44xtnk0cns.m3u8
IP 151.101.130.110:0
Hash 28191ef929a427f2dc223ac4e4e0e8bd
40192dffd81a03eca4d0838a570994ffdc72176d
ddbf315a312b1572a0cb0e62a4266c5b246c3454b64cb474f6eb0f40200ee0df
GET /embed/medias/44xtnk0cns.m3u8 HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, no-cache
content-type: application/x-mpegURL
etag: W/"ddbf315a312b1572a0cb0e62a4266c5b"
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 596fa82a0dcc52b26e5fae8f352293ed
x-runtime: 0.029417
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:43 GMT
age: 13528
x-served-by: cache-iad-kjyo7100105-IAD, cache-bma1670-BMA
x-cache: HIT, MISS
x-cache-hits: 128, 0
x-timer: S1679783443.015464,VS0,VE91
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
content-length: 935
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 486e7630b8a81832135aaad511b01d77
73cfc018f7747794497e374f2e2dfe7957ed2135
f623c064c45a5ddd61f4f960d855faa4b5426742f168c777494985fc35ef005f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3544
Cache-Control: max-age=157620
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:43 GMT
Etag: "641f2cef-1d7"
Expires: Mon, 27 Mar 2023 18:17:43 GMT
Last-Modified: Sat, 25 Mar 2023 17:18:39 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
embed-cloudfront.wistia.com/deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8
54.230.111.74200 OK 93 kB URL HTTP/2 embed-cloudfront.wistia.com/deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8
IP 54.230.111.74:0
Hash 92f6524432911fc8b1501e374678982e
9b49a4dd8dfb529d3e82cd5bd01939da31547ebf
8aa9d4c9c677642edcd19dd43b66990b6d817df2e6317fe4c8e41028e991e080
GET /deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8 HTTP/1.1
Host: embed-cloudfront.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/vnd.apple.mpegurl
content-length: 93305
server: envoy
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
edge-cache-tag: 30ce033c3cc27af9521f5f64a7d90da910d97e22-hls-segment
surrogate-key: 30ce033c3cc27af9521f5f64a7d90da910d97e22-hls-segment
accept-ranges: bytes
x-envoy-upstream-service-time: 135
date: Sat, 25 Mar 2023 12:14:47 GMT
expires: Sun, 24 Mar 2024 11:41:43 GMT
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: khZH4pjyw4f3ao7XTtuVcQXmC9KYd77XR3bliR0N2vdfjpE6aN_lHw==
age: 38940
x-cdn: cloudfront
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
X-Firefox-Spdy: h2
www.clarity.ms/eus-f-sc/s/0.7.5/clarity.js
13.107.238.53200 OK 24 kB URL HTTP/2 www.clarity.ms/eus-f-sc/s/0.7.5/clarity.js
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (56527)
Hash a2ea86db73d1c14db5c71c43b3c1c73f
a791287588cd69d66aafdbea4b216822003854ad
ce2c94e7c8d8f711f3bfbd67daf061a09c4816093c350fba72882d213945a321
GET /eus-f-sc/s/0.7.5/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d95d062a00a927"
x-cache: TCP_HIT
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
x-azure-ref-originshield: 0O1IfZAAAAADKOw6/3j8MRbOVHCM0MCbkQU1TMDRFREdFMTkyMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-azure-ref: 0EnYfZAAAAACmyw6QeC7gSLrJQhqSRPHNU1ZHMjBFREdFMDYyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 25 Mar 2023 22:30:42 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 312 B IP 192.229.221.95:0
Hash f275ddbbdd218034a7b4b9bca9debb26
6d57f763157f97d9e13d6644cdc6272e999acea1
0f87718bea06096a6d67a11d31f41f9227070ed458de8e30f1ac59ffcb8b7137
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5295
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:43 GMT
Etag: "641e8e05-138"
Last-Modified: Sat, 25 Mar 2023 21:02:28 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 312
embed-cloudfront.wistia.com/deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8/seg-1-v1-a1.ts
54.230.111.74200 OK 328 kB URL HTTP/2 embed-cloudfront.wistia.com/deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8/seg-1-v1-a1.ts
IP 54.230.111.74:0
File type MPEG transport stream data\012- data
Size 328 kB (328248 bytes)
Hash 5c074e556997d1ef47c74cdbab88ab26
7dba8ba56b3ff8f6b9b3429e0d3c711fae30d732
9915f45d50bfc93201d0b44b0f796a80bc4631705e000a21f58a1796c9433fa1
GET /deliveries/30ce033c3cc27af9521f5f64a7d90da910d97e22.m3u8/seg-1-v1-a1.ts HTTP/1.1
Host: embed-cloudfront.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: video/MP2T
content-length: 328248
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
edge-cache-tag: 30ce033c3cc27af9521f5f64a7d90da910d97e22-hls-segment e8f7486c0e96f7d02b5cd8d92956581d159a943a
surrogate-key: 30ce033c3cc27af9521f5f64a7d90da910d97e22-hls-segment e8f7486c0e96f7d02b5cd8d92956581d159a943a
accept-ranges: bytes
date: Mon, 20 Mar 2023 07:27:45 GMT
expires: Tue, 19 Mar 2024 06:32:49 GMT
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ev0QrU6fLloJbePCgxGGwF6vUnR01W4r712NrUeaj9cdZcLxLYkQ7w==
age: 489474
x-cdn: cloudfront
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 312 B IP 192.229.221.95:0
Hash f275ddbbdd218034a7b4b9bca9debb26
6d57f763157f97d9e13d6644cdc6272e999acea1
0f87718bea06096a6d67a11d31f41f9227070ed458de8e30f1ac59ffcb8b7137
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5295
Cache-Control: max-age=118689
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:43 GMT
Etag: "641e8e05-138"
Expires: Mon, 27 Mar 2023 07:28:52 GMT
Last-Modified: Sat, 25 Mar 2023 06:00:37 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 312
fast.wistia.com/assets/external/playPauseLoadingControl.js
151.101.130.110200 OK 16 kB URL HTTP/2 fast.wistia.com/assets/external/playPauseLoadingControl.js
IP 151.101.130.110:0
File type ASCII text, with very long lines (60297), with no line terminators
Hash b2b44b80faa65cce5d5bb98b9687d152
75d08cab6749fba40af8155d1754afac39e101c2
6c59ce5a293b58600081ec1339632e7da41e70fc8739726fee0f2b8e7204c1c7
GET /assets/external/playPauseLoadingControl.js HTTP/1.1
Host: fast.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 24 Mar 2023 14:48:40 GMT
etag: "b2b44b80faa65cce5d5bb98b9687d152"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: text/javascript
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
accept-ranges: bytes
date: Sat, 25 Mar 2023 22:30:43 GMT
age: 3030
x-served-by: cache-iad-kjyo7100120-IAD, cache-bma1670-BMA
x-cache: HIT, HIT
x-cache-hits: 40, 67
x-timer: S1679783443.299803,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=0
x-ecma-v: modern
x-browser: firefox
x-browser-version: 105
asset-version: 1d1291f7b820d76ce634e6d72f254308143836f0
content-length: 16032
X-Firefox-Spdy: h2
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.7 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash e95214b9b9e930001c2d121108c70582
a90fd99ea0c6596e050a124b6c1019ca301938fb
754101420b171fe316df5f8da0411db7931e81f1a2aed81ec71500292b3b540f
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1741
Content-Type: application/ocsp-response
Expires: Tue, 28 Mar 2023 15:50:24 GMT
Last-Modified: Fri, 24 Mar 2023 21:08:22 GMT
ETag: "754101420b171fe316df5f8da0411db7931e81f1a2aed81ec71500292b3b540f"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 1FC5A55B075443DD93BB271CFFDAF12F Ref B: OSL30EDGE0408 Ref C: 2023-03-25T22:30:43Z
Date: Sat, 25 Mar 2023 22:30:43 GMT
embed-cloudfront.wistia.com/deliveries/a2c9724d2837a786894a2826cac86344ce5d571e.m3u8
54.230.111.74200 OK 93 kB URL HTTP/2 embed-cloudfront.wistia.com/deliveries/a2c9724d2837a786894a2826cac86344ce5d571e.m3u8
IP 54.230.111.74:0
Hash 42d62ca7249e8fb902d300fc6a54eb87
5d4a72b85f99868a3bc2d928f4682d7ab61a6099
b285b20eae4458d3a5f9402a7d1e672257e280591d287199dc67a7606aaedf7d
GET /deliveries/a2c9724d2837a786894a2826cac86344ce5d571e.m3u8 HTTP/1.1
Host: embed-cloudfront.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/vnd.apple.mpegurl
content-length: 93305
server: envoy
last-modified: Mon, 05 Nov 2018 10:11:00 GMT
edge-cache-tag: a2c9724d2837a786894a2826cac86344ce5d571e-hls-segment
surrogate-key: a2c9724d2837a786894a2826cac86344ce5d571e-hls-segment
accept-ranges: bytes
x-envoy-upstream-service-time: 64
date: Sat, 25 Mar 2023 22:30:43 GMT
expires: Sun, 24 Mar 2024 09:57:59 GMT
cache-control: max-age=31536000
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sTUhRzkka4RkiRrQJrusLaEogs8XE2iuUKBbmbmjX_QEpcLuHh705g==
age: 45164
x-cdn: cloudfront
access-control-allow-origin: *
access-control-expose-headers: Server,range,Content-Length,Content-Range,x-cdn
X-Firefox-Spdy: h2
embed-ssl.wistia.com/deliveries/26fa4d76d2c0dab2f8ad43889661b231b96ae145.webp?image_crop_resized=1280x720
54.230.111.70200 OK 205 kB URL HTTP/2 embed-ssl.wistia.com/deliveries/26fa4d76d2c0dab2f8ad43889661b231b96ae145.webp?image_crop_resized=1280x720
IP 54.230.111.70:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 205 kB (205354 bytes)
Hash 7da588c28118b33f794205e564928c6b
8a87d70478a91ec98ba128ad0e6f916c6cbc7555
ecdd4793b50c7608b546169eb6e24610d34b74ca61741b81c2771d7f4ee3aabc
GET /deliveries/26fa4d76d2c0dab2f8ad43889661b231b96ae145.webp?image_crop_resized=1280x720 HTTP/1.1
Host: embed-ssl.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
accept-ranges: none
access-control-request-method: *
content-disposition: inline
edge-cache-tag: 26fa4d76d2c0dab2f8ad43889661b231b96ae145
last-modified: Mon, 27 Dec 2021 16:25:14 UTC
surrogate-key: 26fa4d76d2c0dab2f8ad43889661b231b96ae145 thumbnail-delivery
x-envoy-upstream-service-time: 237
server: envoy
date: Sat, 25 Mar 2023 22:30:43 GMT
cache-control: max-age=31536000
etag: pzzq-ZrCl25Z0777IqN2fJHNoHM=
x-cache: Hit from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WM7zQ00QO0Jkg5vNrqt3ahT_F830zInmYAKndPjhlKyhBqTJNaiyKw==
age: 23989
x-cdn: cloudfront
vary: Origin
X-Firefox-Spdy: h2
y.clarity.ms/collect
104.211.35.148204 No Content 0 B IP 104.211.35.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 594
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 22:30:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://glucofreezenow.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
distillery.wistia.com/x
44.195.191.171204 No Content 0 B IP 44.195.191.171:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /x HTTP/1.1
Host: distillery.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 1714
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 22:30:43 GMT
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
68.219.88.97302 Found 0 B IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&RedC=c.clarity.ms&MXFR=1CA063EBA0CB6C74223A7134A4CB6244
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=1CA063EBA0CB6C74223A7134A4CB6244; domain=.clarity.ms; expires=Thu, 18-Apr-2024 22:30:43 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sat, 25 Mar 2023 22:30:43 GMT
content-length: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4a554fed93d9d56c467006a431aed22
34bc3b4c2444c96196e47e0757786ef89bfea2c8
b81ba8f35c0e1468c2400dd8f018303be8e16f0e95ba3fed2a690b9e89ba9020
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B81BA8F35C0E1468C2400DD8F018303BE8E16F0E95BA3FED2A690B9E89BA9020"
Last-Modified: Sat, 25 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8368
Expires: Sun, 26 Mar 2023 00:50:12 GMT
Date: Sat, 25 Mar 2023 22:30:44 GMT
Connection: keep-alive
matching.ivitrack.com/sync?realm=criteo&uid=k-nZTIytjqvabkv62-5n_2wj76iscJW4gBoA9hEQ
34.117.157.22200 OK 42 B URL HTTP/2 matching.ivitrack.com/sync?realm=criteo&uid=k-nZTIytjqvabkv62-5n_2wj76iscJW4gBoA9hEQ
IP 34.117.157.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /sync?realm=criteo&uid=k-nZTIytjqvabkv62-5n_2wj76iscJW4gBoA9hEQ HTTP/1.1
Host: matching.ivitrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: istio-envoy
date: Sat, 25 Mar 2023 22:30:43 GMT
content-type: image/gif
content-length: 42
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c4a554fed93d9d56c467006a431aed22
34bc3b4c2444c96196e47e0757786ef89bfea2c8
b81ba8f35c0e1468c2400dd8f018303be8e16f0e95ba3fed2a690b9e89ba9020
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B81BA8F35C0E1468C2400DD8F018303BE8E16F0E95BA3FED2A690B9E89BA9020"
Last-Modified: Sat, 25 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8368
Expires: Sun, 26 Mar 2023 00:50:12 GMT
Date: Sat, 25 Mar 2023 22:30:44 GMT
Connection: keep-alive
y.clarity.ms/collect
104.211.35.148204 No Content 0 B IP 104.211.35.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 121820
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 22:30:44 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://glucofreezenow.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=
server-processing-duration-in-ticks: 777800
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 16b626f47a581102b49d63971ba7de07
71a5764d3235a3769641752b4b72e3050e2d4d1e
7ebaa76ccac7e0a75b7e8b9881fc294439bdbb096fe5ab858c463bc275a1157d
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138861
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641eef08-1d7"
Expires: Mon, 27 Mar 2023 13:05:05 GMT
Last-Modified: Sat, 25 Mar 2023 12:54:32 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aHfE8b71s3h0ejhAXbAT3kPSN4tyGrRIp4OnGq_SkZKvdzcTMgp5KQ==
Age: 633
criteo-sync.teads.tv/um?eid=80&uid=k-wn8UBdjqvabkv62-5n_2wj76iseJZ3hRLPQBEw
23.195.255.234200 OK 23 B URL HTTP/2 criteo-sync.teads.tv/um?eid=80&uid=k-wn8UBdjqvabkv62-5n_2wj76iseJZ3hRLPQBEw
IP 23.195.255.234:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash da5b449fff36752a93779fa4067cd2eb
71a96eea77f21ab5f1819b96c4cedd5cd34476ca
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
GET /um?eid=80&uid=k-wn8UBdjqvabkv62-5n_2wj76iseJZ3hRLPQBEw HTTP/1.1
Host: criteo-sync.teads.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
server: akka-http/10.2.10
content-length: 23
expires: Sat, 25 Mar 2023 22:30:44 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 25 Mar 2023 22:30:44 GMT
X-Firefox-Spdy: h2
contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-axfIP9jqvabkv62-5n_2wj76iseIiCmSVerQDg
23.38.200.22200 OK 65 B URL HTTP/2 contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-axfIP9jqvabkv62-5n_2wj76iseIiCmSVerQDg
IP 23.38.200.22:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 9fc4a410879e22eeb224e6c43c95ec52
21aa9fe1c1d54cb7479008698efdb167c8915ca6
e9265c8d1f568b85f487c3cfadb4305e5d7b122a16a9ec9f8a7d116f2fa5fdab
GET /cksync.php?cs=3&type=crt&ovsid=k-axfIP9jqvabkv62-5n_2wj76iseIiCmSVerQDg HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 65
content-type: image/gif
set-cookie: visitor-id=3227850443580255000V10; Expires=Sun, 24 Mar 2024 22:30:44 GMT; domain=.media.net; Path=/;
data-c-ts=1679783444;Expires=Mon, 24 Apr 2023 22:30:44 GMT;path=/;domain=.media.net;
data-c=k-axfIP9jqvabkv62-5n_2wj76iseIiCmSVerQDg~~3;Expires=Mon, 24 Apr 2023 22:30:44 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
x-mnet-hl2: E
expires: Sat, 25 Mar 2023 22:30:44 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 25 Mar 2023 22:30:44 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 569c8dde76c4139934968e10799a623a
d3bc05734eb6d4aaa401dfa58c5f0058bfa088e1
0b16425c42800abfebaa465a6a4e2f5c2f0cfaecccd7eaae987934fa85861b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 36
Cache-Control: max-age=110218
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641e817a-1d7"
Expires: Mon, 27 Mar 2023 05:07:42 GMT
Last-Modified: Sat, 25 Mar 2023 05:07:06 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
pipedream.wistia.com/mput?topic=metrics
52.4.213.160200 OK 2 B URL HTTP/2 pipedream.wistia.com/mput?topic=metrics
IP 52.4.213.160:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /mput?topic=metrics HTTP/1.1
Host: pipedream.wistia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/x-www-form-urlencoded
Content-Length: 7092
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-FJtO7djqvabkv62-5n_2wj76iscHVKW8eCb8Ow&expires=30
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-FJtO7djqvabkv62-5n_2wj76iscHVKW8eCb8Ow&expires=30
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=6434&nid=2149&put=k-FJtO7djqvabkv62-5n_2wj76iscHVKW8eCb8Ow&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 0163a7456b0a5605e8b1fb1d4fba3e4d
Content-Type: image/gif
ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
37.252.173.215307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
IP 37.252.173.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
AN-X-Request-Uuid: 37b363d8-7fe2-453a-9293-2cd31c8c69bd
Set-Cookie: uuid2=2440330734316381546; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 23-Jun-2023 22:30:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/setuid?entity=52&code=k-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q
37.252.171.21307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/setuid?entity=52&code=k-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q
IP 37.252.171.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?entity=52&code=k-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q
AN-X-Request-Uuid: 966a5658-7fbf-4db3-b965-1abb60d9ffa5
Set-Cookie: uuid2=7456282831532289744; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 23-Jun-2023 22:30:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 1fa9b6e556a7ee902fd5d848618774c7
da4e091dd6192b2dadcc6fc8b6ffa08dbe14a5d0
d1a6a253d705fb48ed955ae382acd9053eb789cb07050bfd8ae5c74d7afe3409
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=108128
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641e71e5-1d7"
Expires: Mon, 27 Mar 2023 04:32:52 GMT
Last-Modified: Sat, 25 Mar 2023 04:00:37 GMT
Server: ECAcc (bsa/EB6C)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nhSjhPGR6wFsStk738wC-Lb_0Dt9Zous8D9ms1CbCsmqvo0o-eKpTA==
Age: 1935
eb2.3lift.com/xuid?mid=2711&xuid=k-NKi1Ktjqvabkv62-5n_2wj76isfnTAWeFriHMA&dongle=013b
76.223.111.18200 OK 37 B URL HTTP/2 eb2.3lift.com/xuid?mid=2711&xuid=k-NKi1Ktjqvabkv62-5n_2wj76isfnTAWeFriHMA&dongle=013b
IP 76.223.111.18:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3eacd0132310ea44cad756b378a3bc07
e2216a7e9b73f5cb0279351c78ce61c33475cea7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
GET /xuid?mid=2711&xuid=k-NKi1Ktjqvabkv62-5n_2wj76isfnTAWeFriHMA&dongle=013b HTTP/1.1
Host: eb2.3lift.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-4HErbdjqvabkv62-5n_2wj76isd5zWblZZWmYdP2psvMCI1C
3.122.161.116200 OK 333 B URL HTTP/2 exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-4HErbdjqvabkv62-5n_2wj76isd5zWblZZWmYdP2psvMCI1C
IP 3.122.161.116:0
Hash 2ad66432462d665779fc7534aa5ac6d0
496d9f7a1c78dab6387fa5a92e56efa2e9e55c8d
3009c5be8eb352fb19f429d5b827c391e90e61d35eee05bdd7911bfb70549991
GET /usersync/push?partner=criteo&partnerId=k-4HErbdjqvabkv62-5n_2wj76isd5zWblZZWmYdP2psvMCI1C HTTP/1.1
Host: exchange.mediavine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: text/html; charset=utf-8
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: private, no-cache
set-cookie: mv_tokens=%7B%22mv_uuid%22%3A%22ae724eb0-cb5c-11ed-8de5-d773c61cba0a%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 08 Apr 2023 22:30:44 GMT; Secure; SameSite=None
mv_tokens_eu-v1=%7B%22mv_uuid%22%3A%22ae724eb0-cb5c-11ed-8de5-d773c61cba0a%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 08 Apr 2023 22:30:44 GMT; Secure; SameSite=None
am_tokens=%7B%22mv_uuid%22%3A%22ae724eb0-cb5c-11ed-8de5-d773c61cba0a%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 08 Apr 2023 22:30:44 GMT; Secure; SameSite=None
am_tokens_eu-v1=%7B%22mv_uuid%22%3A%22ae724eb0-cb5c-11ed-8de5-d773c61cba0a%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 08 Apr 2023 22:30:44 GMT; Secure; SameSite=None
criteo=%7B%22id%22%3A%22k-4HErbdjqvabkv62-5n_2wj76isd5zWblZZWmYdP2psvMCI1C%22%2C%22version%22%3A%22criteo%22%7D; Path=/; Expires=Sat, 08 Apr 2023 22:30:44 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash eaa0f8d426c20746ce7e01e97d8e8c89
a67608f1c08f6ba856aa4346b29af389644307a9
890816ddb0ebf2cbebafd7c62714b29e406b444bc34c4c118b64255b62202d64
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 25 Mar 2023 22:30:44 GMT
Last-Modified: Sat, 25 Mar 2023 21:36:02 GMT
Server: ECAcc (bsa/EAE4)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: t0NgkWcpYuRPPisJITL_bs1gQ6q9M6_FhGqvm2rscVQH3o8XIio6ZA==
Age: 3282
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw
142.250.74.130302 Found 440 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ebfdb2347219dbc5ef71ecc93064401c
55fd69074bd0f799b93b85adbaac7b4a871c5c0c
cabeeba8b0c2e5e9bf68e11949672b81823538809ace784c11f20b6e1169135d
GET /pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm=&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw&google_tc=
date: Sat, 25 Mar 2023 22:30:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 440
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 22:45:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash ff6990423fa8f56d36fd3ab0ebafca04
78b19df28e55d320addce61f08ca27240884ebca
bec51b93740fa7335a16766c9e288c464ae59ff90cdd5ef131be6eebe1e111cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4684
Cache-Control: max-age=136116
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641ed47c-1d7"
Expires: Mon, 27 Mar 2023 12:19:20 GMT
Last-Modified: Sat, 25 Mar 2023 11:01:16 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-mH5Rt9jqvabkv62-5n_2wj76iscErNdDVJhr6A
3.127.20.54204 No Content 0 B URL HTTP/2 match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-mH5Rt9jqvabkv62-5n_2wj76iscErNdDVJhr6A
IP 3.127.20.54:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-mH5Rt9jqvabkv62-5n_2wj76iscErNdDVJhr6A HTTP/1.1
Host: match.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 22:30:44 GMT
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm=&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw&google_tc=
142.250.74.130302 Found 332 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm=&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw&google_tc=
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e039345d252905280d1158de28ed0869
73e0471c3f2920a3c7620ce4ebb72faeaac451c2
5684b882e2c3b397e438added6c89849df508425e8aec0a6ba933b14c0cb9976
GET /pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_cm=&google_hm=ay10ZlcwdmRqcXZhYmt2NjItNW5fMndqNzZpc2MyRVl1ZmhZNUdDZw&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_error=3
date: Sat, 25 Mar 2023 22:30:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ
3.71.149.231302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ
IP 3.71.149.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ&verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBBR2H2QCECnyrtsecmtH-CjYw3WTCpkFEgEBAQHHIGQpZAAAAAAA_eMAAA&S=AQAAAogz2PqDBAgV5LYN6zs2S0Q; Expires=Mon, 25 Mar 2024 04:30:44 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
37.252.173.215302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
IP 37.252.173.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
AN-X-Request-Uuid: 500554ba-5548-4018-ac47-b1844a59d398
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q
37.252.171.21200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q
IP 37.252.171.21:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-xA62l9jqvabkv62-5n_2wj76iscAVLOsO9yW2Q HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 76b9e7c8-cd30-4d4a-abbc-e72c6d086853
Set-Cookie: anj=dTM7k!M4/rCxrEQF']wIg2GVIeuaSF!]tbPl@/D!9hy6]/Cv]tiIJ$_4=:[43j)e^g]lBF3Ee[ngQ7^X6<%'4f4u=f_<45e>lmK<cG2`B*bpRz*qF1`*bcV=+gP+4; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 23-Jun-2023 22:30:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash a9bc8c4ca4ab70ccad0de19046a1972c
553ee3971b64db6b8f8111b8900057cd95964ca2
24804800335e95d9c2f7ca0b44e6e1d1ba2d0d31bf227a2d6281a4341f61a519
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2813
Cache-Control: max-age=144639
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641efd16-1d7"
Expires: Mon, 27 Mar 2023 14:41:23 GMT
Last-Modified: Sat, 25 Mar 2023 13:54:30 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 678d29248aa32ac654d461a9453b0bcb
4bfd729759e57cf5444488ca7a7fb637d79c6f9f
90203638d9d2afd2de6de65e8884a8aba4396212df76357380172b0053f6dd53
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "90203638D9D2AFD2DE6DE65E8884A8ABA4396212DF76357380172B0053F6DD53"
Last-Modified: Sat, 25 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9297
Expires: Sun, 26 Mar 2023 01:05:41 GMT
Date: Sat, 25 Mar 2023 22:30:44 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7ef51c0fa2320bb875996a5e9dc8a3b2
9800551f1f2e2b51d6bd2142972770683dc5df97
0e153635305bdf3a1bcda79feac0d97209af15bc0044cc176c3b8a621c768f22
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 01:56:50 GMT
Expires: Sat, 01 Apr 2023 01:56:49 GMT
Etag: "9800551f1f2e2b51d6bd2142972770683dc5df97"
Cache-Control: max-age=530164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ada999f0a360afa-OSL
cm.adform.net/pixel?adform_pid=15&adform_pc=k-geRQutjqvabkv62-5n_2wj76ise81Pae0jKeCg
37.157.4.23200 OK 43 B URL HTTP/2 cm.adform.net/pixel?adform_pid=15&adform_pc=k-geRQutjqvabkv62-5n_2wj76ise81Pae0jKeCg
IP 37.157.4.23:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /pixel?adform_pid=15&adform_pc=k-geRQutjqvabkv62-5n_2wj76ise81Pae0jKeCg HTTP/1.1
Host: cm.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
content-length: 43
last-modified: Wed, 11 Oct 2017 13:40:08 GMT
etag: "59de1f38-2b"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1acdc82b2aa5400857a4bc33075573e0
8925d539e3a6b1fdfb29d9cd32da040721f1ffb5
d2b7aa5dece1b68cc2f9970b3f97c366df11a06eac837bbc855420a8ecfba5c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2140
Cache-Control: max-age=112314
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641e8172-1d7"
Expires: Mon, 27 Mar 2023 05:42:38 GMT
Last-Modified: Sat, 25 Mar 2023 05:06:58 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ&verify=true
3.71.149.231204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ&verify=true
IP 3.71.149.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-1U8KN9jqvabkv62-5n_2wj76isenyay_wGH9IQ&verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 22:30:44 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBBR2H2QCEPDTwMfcFkK6WDw9JJdAqJUFEgEBAQHHIGQpZAAAAAAA_eMAAA&S=AQAAArRlBp9eh6-108Ul4c_PCJ4; Expires=Mon, 25 Mar 2024 04:30:44 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash a5b955b321d64d73e2a0798d051969d8
4248a40c2ed92acd770773d66b0ef1198a7e8d2d
1defc8832131ee288e0357d2e0d643ae4c0f048114bb11c0ec1fb7823d8ad718
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 15036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 25 Mar 2023 20:46:19 GMT
Expires: Sun, 26 Mar 2023 20:46:19 GMT
ETag: "4248a40c2ed92acd770773d66b0ef1198a7e8d2d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
id5-sync.com/s/966/9.gif?puid=k-1jR-ddjqvabkv62-5n_2wj76isfagm_M7vzK0A
141.95.98.65200 43 B URL HTTP/1.1 id5-sync.com/s/966/9.gif?puid=k-1jR-ddjqvabkv62-5n_2wj76isfagm_M7vzK0A
IP 141.95.98.65:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /s/966/9.gif?puid=k-1jR-ddjqvabkv62-5n_2wj76isfagm_M7vzK0A HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Sat, 25-Mar-2023 22:35:44 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Sat, 25 Mar 2023 22:30:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x.bidswitch.net/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30
52.28.194.209302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30
IP 52.28.194.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=ce37525f-6e66-437d-aec5-be1098cd04f1; path=/; expires=Sun, 24-Mar-2024 22:30:44 GMT; domain=.bidswitch.net; samesite=none; secure
c=1679783444; path=/; expires=Sun, 24-Mar-2024 22:30:44 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1679783444; path=/; expires=Sun, 24-Mar-2024 22:30:44 GMT; domain=.bidswitch.net; samesite=none; secure
c=1679783444; path=/; expires=Sun, 24-Mar-2024 22:30:44 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww
185.80.36.245302 Found 0 B URL HTTP/1.1 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww
IP 185.80.36.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Sat, 25 Mar 2023 22:30:44 GMT
Server: Apache
Cache-Control: no-cache
Expires: 0
Location: /rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Content-Length: 0
Set-Cookie: CMID=ZB92FLPkseP6.7rLvda9AwAA; Path=/; Domain=casalemedia.com; Expires=Sun, 24 Mar 2024 22:30:44 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4444; Path=/; Domain=casalemedia.com; Expires=Fri, 23 Jun 2023 22:30:44 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4444; Path=/; Domain=casalemedia.com; Expires=Fri, 23 Jun 2023 22:30:44 GMT; Max-Age=7776000; Secure; SameSite=None
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
c.bing.com/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&RedC=c.clarity.ms&MXFR=1CA063EBA0CB6C74223A7134A4CB6244
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&RedC=c.clarity.ms&MXFR=1CA063EBA0CB6C74223A7134A4CB6244
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&RedC=c.clarity.ms&MXFR=1CA063EBA0CB6C74223A7134A4CB6244 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glucofreezenow.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&MUID=067A4E0CF1376A3731EE5CD3F0C26B61
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=067A4E0CF1376A3731EE5CD3F0C26B61; domain=.bing.com; expires=Thu, 18-Apr-2024 22:30:44 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Sat, 01-Apr-2023 22:30:44 GMT; path=/; SameSite=None; Secure;
SRM_B=067A4E0CF1376A3731EE5CD3F0C26B61; domain=c.bing.com; expires=Thu, 18-Apr-2024 22:30:44 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2945F67D293B4B46BB4D9DC4716A2919 Ref B: OSL30EDGE0119 Ref C: 2023-03-25T22:30:44Z
date: Sat, 25 Mar 2023 22:30:44 GMT
content-length: 0
X-Firefox-Spdy: h2
ad.yieldlab.net/m?dt_id=8664&ext_id=k-aPpJN9jqvabkv62-5n_2wj76isfmGrkNKArStQ
23.13.245.180204 No Content 0 B URL HTTP/1.1 ad.yieldlab.net/m?dt_id=8664&ext_id=k-aPpJN9jqvabkv62-5n_2wj76isfmGrkNKArStQ
IP 23.13.245.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /m?dt_id=8664&ext_id=k-aPpJN9jqvabkv62-5n_2wj76isfmGrkNKArStQ HTTP/1.1
Host: ad.yieldlab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
x-application-context: application
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Fri, 24 Mar 2023 22:30:44 GMT
Date: Sat, 25 Mar 2023 22:30:44 GMT
Connection: keep-alive
Set-Cookie: id=b77c39da-2de4-4b35-84eb-e83b0de2c099; Path=/; Domain=prod.svc.y6b.de; Expires=Sun, 24-Mar-2024 22:30:44 GMT; Max-Age=31536000; Secure; SameSite=None
dpm.demdex.net/ibs:dpid=28645&dpuuid=
52.51.141.47302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=28645&dpuuid=
IP 52.51.141.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v046-015700753.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=06010247525325378123154516305676624945; Max-Age=15552000; Expires=Thu, 21 Sep 2023 22:30:44 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 6jWDt8h7Qx8=
Content-Length: 0
Connection: keep-alive
x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30
52.28.194.209200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30
IP 52.28.194.209:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=46&user_id=k-BnWb-9jqvabkv62-5n_2wj76isfM4B6h9Xi5gg&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
status.thawte.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 92e5fd8909cc36ced62d240107f1f8b2
314d168136fc38450cf38523fbe3d2bfe82813c7
5e257c6bf9f169e32d3a9bce538932af4b7314766f71277d70df19cf55c2a85c
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1147
Cache-Control: max-age=165717
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641f55ee-1d7"
Expires: Mon, 27 Mar 2023 20:32:41 GMT
Last-Modified: Sat, 25 Mar 2023 20:13:34 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 748e7d7bff47739d07570b76ec24f725
ed91476d8dfb2cbc5bd2a8598cb7b8cb220d6192
c830050408346fde1bba3ee9ebec28f493cf15a34807403c241bebb4ee666a3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3061
Cache-Control: max-age=125805
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641eb28c-1d7"
Expires: Mon, 27 Mar 2023 09:27:29 GMT
Last-Modified: Sat, 25 Mar 2023 08:36:28 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash e6893aff6547c79a9ae650d0e10ad367
89c7d67f34a6353a08ce5e3483bf625f93f6c305
9f03fd0aac72d302987b17595747e8f1944d1c5a8941e8c70695b95d03c4b8ea
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 15:11:57 GMT
Expires: Sat, 01 Apr 2023 15:11:56 GMT
Etag: "89c7d67f34a6353a08ce5e3483bf625f93f6c305"
Cache-Control: max-age=577871,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ada99a0ccdc0afa-OSL
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&MUID=067A4E0CF1376A3731EE5CD3F0C26B61
68.219.88.97200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&MUID=067A4E0CF1376A3731EE5CD3F0C26B61
IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?ctsa=mr&CtsSyncId=4B4C3F6C33F940D2B4DFD41C1E71F82F&MUID=067A4E0CF1376A3731EE5CD3F0C26B61 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glucofreezenow.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 16 Mar 2023 17:16:22 GMT
accept-ranges: bytes
etag: "c4b6d572b58d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Sat, 25-Mar-2023 22:40:44 GMT; path=/; SameSite=None; Secure;
date: Sat, 25 Mar 2023 22:30:44 GMT
content-length: 42
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
52.51.141.47200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
IP 52.51.141.47:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v046-0ec49e33e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: nBoMMn/kRkk=
Content-Length: 59
Connection: keep-alive
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 030cd276b04b21f8665b167ac23bf5ce
2ab01dcd5cef4fabaa9014260488c4e13c743be9
a5c59ff1631acfbd697df2fa612c0654774a739c6f58e1014c895563630888eb
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101210
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641e44ef-1d7"
Expires: Mon, 27 Mar 2023 02:37:34 GMT
Last-Modified: Sat, 25 Mar 2023 00:48:47 GMT
Server: ECAcc (bsa/EB26)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: j1FdQn0vXsqm3rNAgZEUxV_qGLrLRPSHuIbGAYiKUz3fJenwWxdmOw==
Age: 6527
simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ
185.64.189.110200 OK 42 B URL HTTP/2 simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ
IP 185.64.189.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ HTTP/1.1
Host: simage2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:30:43 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_97=3385-uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ&KRTB&23144-uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ&KRTB&23286-uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ&KRTB&23287-uid:k-JCehAtjqvabkv62-5n_2wj76iscbCGDlKqHzMQ; domain=pubmatic.com; secure; expires=Mon, 24-Apr-2023 22:30:43 GMT; path=/
PugT=1679783443; domain=pubmatic.com; secure; expires=Mon, 24-Apr-2023 22:30:43 GMT; path=/
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww&C=1
185.80.36.245200 OK 43 B URL HTTP/1.1 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww&C=1
IP 185.80.36.245:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /rum?cm_dsp_id=20&external_user_id=k-0JrTK9jqvabkv62-5n_2wj76iseZ5g_ILit7Ww&C=1 HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:30:44 GMT
Server: Apache
Cache-Control: no-cache
Content-Type: image/gif
Expires: 0
Pragma: no-cache
Content-Length: 43
Keep-Alive: timeout=1, max=499
Connection: Keep-Alive
visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-l1aZM9jqvabkv62-5n_2wj76ise3hp6K5oAHhg
185.255.84.153200 OK 49 B URL HTTP/2 visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-l1aZM9jqvabkv62-5n_2wj76ise3hp6K5oAHhg
IP 185.255.84.153:0
ASN #200271 Iguane Solutions SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 4408efc0174f07ad685c456f1de521ca
e3bc3250f8f32bd98dc7b05fd8940b74617eb8d1
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
GET /visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-l1aZM9jqvabkv62-5n_2wj76ise3hp6K5oAHhg HTTP/1.1
Host: visitor.omnitagjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=358d31d71037dcd966fd2f3d6fd69130; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Sat, 25 Mar 2023 22:30:44 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
X-Firefox-Spdy: h2
ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw
3.64.164.161302 Found 0 B URL HTTP/2 ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw
IP 3.64.164.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw HTTP/1.1
Host: ad.360yield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: text/plain
content-length: 0
location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw
set-cookie: tuuid=8615e8d6-dce0-4136-9758-3a5e655c2636; Expires=Fri, 23 Jun 2023 22:30:44 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
tuuid_lu=1679783444; Expires=Fri, 23 Jun 2023 22:30:44 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
server-processing-duration-in-ticks: 711675
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw
3.64.164.161200 OK 43 B URL HTTP/2 ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw
IP 3.64.164.161:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/match?publisher_dsp_id=38&external_user_id=k-wWuVg9jqvabkv62-5n_2wj76isd_U47w95M3vw HTTP/1.1
Host: ad.360yield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash f2070749504b4597961aac1c33c735ac
5c9b069f3762ee7c6be4810ca34b03fbfe11e92b
82ca7ba59f933a474505c0ba5fee2cca18db6c494478e051be7773bedff455b7
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170756
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641f653b-1d7"
Expires: Mon, 27 Mar 2023 21:56:40 GMT
Last-Modified: Sat, 25 Mar 2023 21:18:51 GMT
Server: ECAcc (bsa/EA8F)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PVrch-9DyLNmcQHaXiZ5pkLqaISQbWY4p7GZO8lC5KpUPCjaF965rA==
Age: 2269
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 54ee36c8e078d2564b519175903d2be1
267ac4911149d8d5946cb56120faa1a8bb8ca8a2
39b4677d98d1118810daf1366a18e36d4daeb45a8a1c530c43925eff7a9328db
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165046
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641f4aa5-1d7"
Expires: Mon, 27 Mar 2023 20:21:30 GMT
Last-Modified: Sat, 25 Mar 2023 19:25:25 GMT
Server: ECAcc (nya/796A)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iPsp4Ak-xTO4_kD6B28rxylve9ll92qiqEDirldIqV03op-z3TPyfQ==
Age: 3365
sync-criteo.ads.yieldmo.com/sync?id=k-WouhZtjqvabkv62-5n_2wj76ise6M-CCj9n8yg&pn_id=criteo&ext=1
54.155.81.193200 OK 43 B URL HTTP/2 sync-criteo.ads.yieldmo.com/sync?id=k-WouhZtjqvabkv62-5n_2wj76ise6M-CCj9n8yg&pn_id=criteo&ext=1
IP 54.155.81.193:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?id=k-WouhZtjqvabkv62-5n_2wj76ise6M-CCj9n8yg&pn_id=criteo&ext=1 HTTP/1.1
Host: sync-criteo.ads.yieldmo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: img/gif;charset=utf-8
content-length: 43
set-cookie: yieldmo_id=g947dc942c70e5ea3fd5%7C1679783444760%7C0%7C; Domain=.yieldmo.com; Expires=Sun, 24-Mar-2024 22:30:44 GMT; Path=/; Secure; SameSite=None; Secure
ptrcriteo=k-WouhZtjqvabkv62-5n_2wj76ise6M-CCj9n8yg; Domain=ads.yieldmo.com; Expires=Sun, 24-Mar-2024 22:30:44 GMT; Path=/; Secure; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, Pragma, *
access-control-allow-methods: POST, GET, OPTIONS
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
X-Firefox-Spdy: h2
sync.outbrain.com/cookie-sync?p=criteo&uid=k-XpQCr9jqvabkv62-5n_2wj76isdI6tldgJ8AEg&initiator=partner
64.202.112.191200 OK 0 B URL HTTP/1.1 sync.outbrain.com/cookie-sync?p=criteo&uid=k-XpQCr9jqvabkv62-5n_2wj76isdI6tldgJ8AEg&initiator=partner
IP 64.202.112.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync?p=criteo&uid=k-XpQCr9jqvabkv62-5n_2wj76isdI6tldgJ8AEg&initiator=partner HTTP/1.1
Host: sync.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:30:44 GMT
Content-Length: 0
Cache-Control: no-cache
X-TraceId: 94143533ad1e77887d71bb8f57a925af
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 37b431992187f752fbb4090a20683a9c
a2e8a8d755669e776e5031533666bb3c1edbf483
3798c5b5438ba588603f2c2fa821fa49cb2146caf7981f8f2643a77fdab3e503
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6565
Cache-Control: max-age=90091
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:30:44 GMT
Etag: "641e195a-1d7"
Expires: Sun, 26 Mar 2023 23:32:15 GMT
Last-Modified: Fri, 24 Mar 2023 21:42:50 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
52.208.205.244204 No Content 0 B URL HTTP/2 beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
IP 52.208.205.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch.gif?partner=criteo&partner_uid= HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 25 Mar 2023 22:30:44 GMT
set-cookie: _kuid_=PdNxE3vb; Expires=Thu, 21-Sep-23 22:30:44 GMT; Max-Age=15552000; Domain=.krxd.net; Path=/
cache-control: private, no-cache, no-store
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n012-dub-prod.krxd.net
x-request-time: D=30 t=1679783444
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:30:44 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=
server-processing-duration-in-ticks: 364641
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash a94ff915a8d12828dd90ccb8f704d429
c628e9130cdeac08830630163470d4875f53dcc6
756f1837ff2ba6502aff135a398b77a1a3a75e9d5c7a022cb304caf7d8eec261
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "756F1837FF2BA6502AFF135A398B77A1A3A75E9D5C7A022CB304CAF7D8EEC261"
Last-Modified: Sat, 25 Mar 2023 14:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=622
Expires: Sat, 25 Mar 2023 22:41:07 GMT
Date: Sat, 25 Mar 2023 22:30:45 GMT
Connection: keep-alive
s.thebrighttag.com/cs?btt=0&tp=cr&uid=
3.133.28.46200 OK 35 B URL HTTP/2 s.thebrighttag.com/cs?btt=0&tp=cr&uid=
IP 3.133.28.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /cs?btt=0&tp=cr&uid= HTTP/1.1
Host: s.thebrighttag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:45 GMT
content-type: image/gif
content-length: 35
x-bt-requestid: af306e91-cb5c-11ed-82b4-0000ac1702bb
cache-control: private, must-revalidate
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin:
server: nginx
p3p: CP=NOI DSP COR NID
X-Firefox-Spdy: h2
y.clarity.ms/collect
104.211.35.148204 No Content 0 B IP 104.211.35.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5121
Origin: https://glucofreezenow.com
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 22:30:45 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://glucofreezenow.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-f4hUpNjqvabkv62-5n_2wj76isfblj0n3MqZsA
185.86.139.101200 OK 43 B URL HTTP/2 rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-f4hUpNjqvabkv62-5n_2wj76isfblj0n3MqZsA
IP 185.86.139.101:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?partnerid=79&partneruserid=k-f4hUpNjqvabkv62-5n_2wj76isfblj0n3MqZsA HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Sat, 25 Mar 2023 22:30:43 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=8438318115127633644; expires=Mon, 22 Apr 2024 22:30:44 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Mon, 22 Apr 2024 22:30:44 GMT; domain=smartadserver.com; path=/
csync=79:k-f4hUpNjqvabkv62-5n_2wj76isfblj0n3MqZsA; expires=Sun, 24 Mar 2024 22:30:44 GMT; domain=smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Firefox-Spdy: h2
dynamic.criteo.com/js/ld/ld.js?a=89824
178.250.0.147200 OK 0 B URL HTTP/2 dynamic.criteo.com/js/ld/ld.js?a=89824
IP 178.250.0.147:0
GET /js/ld/ld.js?a=89824 HTTP/1.1
Host: dynamic.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: application/javascript; charset=utf-8
server: Kestrel
cache-control: public,max-age=10800
content-encoding: br
vary: Origin, Accept-Encoding
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
display.buygoods.com/v1/disclaimer?id=disclaimer-bg&account_id=6808&background=white
172.66.40.141200 OK 0 B URL HTTP/2 display.buygoods.com/v1/disclaimer?id=disclaimer-bg&account_id=6808&background=white
IP 172.66.40.141:0
GET /v1/disclaimer?id=disclaimer-bg&account_id=6808&background=white HTTP/1.1
Host: display.buygoods.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-credentials: true
strict-transport-security: max-age=31536000;
cache-control: private
cf-cache-status: DYNAMIC
set-cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
__cflb=02DiuHqbnvaBNqZ2uGBKRYmBT9SdWdqrafMzdQFvyhcYt; SameSite=Lax; path=/; expires=Sun, 26-Mar-23 21:30:42 GMT; HttpOnly
server: cloudflare
cf-ray: 7ada99903d34b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fitleanhealth.com/mw25ckd_leads-GlucoFreeze-032523
188.114.96.1200 OK 0 B URL HTTP/2 fitleanhealth.com/mw25ckd_leads-GlucoFreeze-032523
IP 188.114.96.1:0
Analyzer Verdict Alert fortinet Phishing
GET /mw25ckd_leads-GlucoFreeze-032523 HTTP/1.1
Host: fitleanhealth.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:40 GMT
content-type: text/html;charset=UTF-8
age: 0
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-security-policy: upgrade-insecure-requests
expires: Mon, 07 Jul 1777 07:07:07 GMT
pragma: no-cache
set-cookie: prli_click_653=mw25ckd_leads-GlucoFreeze-032523; expires=Mon, 24-Apr-2023 22:30:40 GMT; Max-Age=2592000; path=/
prli_visitor=641f761018512; expires=Sun, 24-Mar-2024 22:30:40 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=300
vary: Accept-Encoding, User-Agent
x-backend: local
x-cache: uncached
x-cache-hit: MISS
x-cacheable: YES:Forced
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff
x-fawn-proc-count: 1,2,24
x-php-version: 7.4
x-redirect-powered-by: Pretty Link Beginner 3.2.4 http://prettylink.com
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5RsX4JiMD1H0X7Jx%2BgBy5XwKUtKdciBAHhb813QXS8u%2BuHhRBOEZIdOvVUqhPbehH8kY8VV6%2BshulMOer49lF0dAlY0gcGL3JucUpY5LhjfmGURr2I1%2BIYlFstq5bFrjHf3Rfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ada9983caa7b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3maf0.n3cdn1.secureserver.net/wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.2.4&time=1679654730
162.159.136.45200 OK 0 B URL HTTP/2 r3maf0.n3cdn1.secureserver.net/wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.2.4&time=1679654730
IP 162.159.136.45:0
GET /wp-content/plugins/pretty-link/pro/js/javascript-redirect.js?ver=3.2.4&time=1679654730 HTTP/1.1
Host: r3maf0.n3cdn1.secureserver.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fitleanhealth.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:40 GMT
content-type: application/javascript
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 16 Mar 2022 02:36:08 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: uncached
x-cache-hit: MISS
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 116441
expires: Tue, 25 Apr 2023 22:30:40 GMT
cache-control: public, max-age=2678400
server: cloudflare
cf-ray: 7ada9985df15b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.clarity.ms/tag/7u0gjnakkh
13.107.238.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/7u0gjnakkh
IP 13.107.238.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/7u0gjnakkh HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=728caf1cc1604fa08b466bd66d7dc5e7.20230325.20240324; expires=Sun, 24 Mar 2024 22:30:42 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
x-cache: CONFIG_NOCACHE
x-azure-ref: 0EnYfZAAAAAAQIbKfQl5pQoepyvr2ts01U1ZHMjBFREdFMDYyMAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Sat, 25 Mar 2023 22:30:42 GMT
X-Firefox-Spdy: h2
sslwidget.criteo.com/event?a=89824&v=5.14.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523%26ref%3Dhttps%253A%252F%252Ffitleanhealth.com&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=8IzaJV8zcDdaN3lkSTJqT1RsS2J5azlLTWE1WUJ2YlY3eU1SJTJCZDJURjF1VkdhbzM4a0Y2RExWelhjWXAlMkYzR2IwVGFma0dqUnY4VFh6WHVEVDdTbTRaZDBGeWJIc0F0NTdUaGtrNlZzV2lLb0lLSyUyQlV3NGJWZWolMkY5RGdsdFZPUWt4VCUyQk1xWnk0ZFNERFplM0phVWlraiUyRnVMQUElM0QlM0Q&tld=glucofreezenow.com&dy=1&fu=https%253A%252F%252Fglucofreezenow.com%252Fstill-broadcast%252Findex.html%253Faff_id%253D7990%2526subid%253Dmw25ckd_032523_leads%2526subid5%253D0e4b01eab09c497fbaf64fc163f697ba&pu=https%253A%252F%252Ffitleanhealth.com%252F&dtycbr=50008
178.250.1.9200 OK 0 B URL HTTP/2 sslwidget.criteo.com/event?a=89824&v=5.14.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523%26ref%3Dhttps%253A%252F%252Ffitleanhealth.com&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=8IzaJV8zcDdaN3lkSTJqT1RsS2J5azlLTWE1WUJ2YlY3eU1SJTJCZDJURjF1VkdhbzM4a0Y2RExWelhjWXAlMkYzR2IwVGFma0dqUnY4VFh6WHVEVDdTbTRaZDBGeWJIc0F0NTdUaGtrNlZzV2lLb0lLSyUyQlV3NGJWZWolMkY5RGdsdFZPUWt4VCUyQk1xWnk0ZFNERFplM0phVWlraiUyRnVMQUElM0QlM0Q&tld=glucofreezenow.com&dy=1&fu=https%253A%252F%252Fglucofreezenow.com%252Fstill-broadcast%252Findex.html%253Faff_id%253D7990%2526subid%253Dmw25ckd_032523_leads%2526subid5%253D0e4b01eab09c497fbaf64fc163f697ba&pu=https%253A%252F%252Ffitleanhealth.com%252F&dtycbr=50008
IP 178.250.1.9:0
GET /event?a=89824&v=5.14.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523%26ref%3Dhttps%253A%252F%252Ffitleanhealth.com&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=8IzaJV8zcDdaN3lkSTJqT1RsS2J5azlLTWE1WUJ2YlY3eU1SJTJCZDJURjF1VkdhbzM4a0Y2RExWelhjWXAlMkYzR2IwVGFma0dqUnY4VFh6WHVEVDdTbTRaZDBGeWJIc0F0NTdUaGtrNlZzV2lLb0lLSyUyQlV3NGJWZWolMkY5RGdsdFZPUWt4VCUyQk1xWnk0ZFNERFplM0phVWlraiUyRnVMQUElM0QlM0Q&tld=glucofreezenow.com&dy=1&fu=https%253A%252F%252Fglucofreezenow.com%252Fstill-broadcast%252Findex.html%253Faff_id%253D7990%2526subid%253Dmw25ckd_032523_leads%2526subid5%253D0e4b01eab09c497fbaf64fc163f697ba&pu=https%253A%252F%252Ffitleanhealth.com%252F&dtycbr=50008 HTTP/1.1
Host: sslwidget.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: application/x-javascript
server: Kestrel
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
expires: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
timing-allow-origin: *
server-processing-duration-in-ticks: 11444813
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-DaeJ9Njqvabkv62-5n_2wj76iscVsC-lmIAbVg
141.226.228.48200 OK 0 B URL HTTP/2 sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-DaeJ9Njqvabkv62-5n_2wj76iscVsC-lmIAbVg
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sg/criteortb-network/1/rtb-h/?taboola_hm=k-DaeJ9Njqvabkv62-5n_2wj76iscVsC-lmIAbVg HTTP/1.1
Host: sync-t1.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:30:44 GMT
x-fastly-to-nlb-rtt: 22164
access-control-allow-credentials: true
X-Firefox-Spdy: h2
d10lpsik1i8c69.cloudfront.net/w.js
54.230.245.178200 OK 0 B URL HTTP/2 d10lpsik1i8c69.cloudfront.net/w.js
IP 54.230.245.178:0
GET /w.js HTTP/1.1
Host: d10lpsik1i8c69.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sat, 25 Mar 2023 22:12:40 GMT
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
cache-control: max-age=3600
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _1WllBcwjS94-YI-pkdiua_cFbPKAvh1zfJVij92OYQCsusedMEZoA==
age: 1083
X-Firefox-Spdy: h2
glucofreezenow.com/favicon.ico
69.172.200.220200 OK 0 B URL HTTP/2 glucofreezenow.com/favicon.ico
IP 69.172.200.220:0
GET /favicon.ico HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: image/x-icon
last-modified: Sun, 06 Mar 2022 14:43:46 GMT
etag: W/"6224c8a2-1b76"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding, Accept-Encoding
content-encoding: gzip
x-dis-request-id: e95cae87bc35f12ea0a61537f9fb1529
server: DOSarrest
X-Firefox-Spdy: h2
criteo-partners.tremorhub.com/sync?UICR=k-lAN2utjqvabkv62-5n_2wj76isdgFhb8KRYY8g
3.212.185.15200 OK 0 B URL HTTP/2 criteo-partners.tremorhub.com/sync?UICR=k-lAN2utjqvabkv62-5n_2wj76isdgFhb8KRYY8g
IP 3.212.185.15:0
GET /sync?UICR=k-lAN2utjqvabkv62-5n_2wj76isdgFhb8KRYY8g HTTP/1.1
Host: criteo-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
set-cookie: tvid=60f36ba5c310465b8fe5c45e395a9576; Domain=.tremorhub.com; Expires=Mon, 25-Mar-2024 04:19:04 GMT; Path=/; Secure; SameSite=None
tv_UICR=k-lAN2utjqvabkv62-5n_2wj76isdgFhb8KRYY8g; Domain=.tremorhub.com; Expires=Mon, 24-Apr-2023 22:30:44 GMT; Path=/; Secure; SameSite=None
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
IP 178.250.0.163:0
GET /dis/rtb/appnexus/cookiematch.aspx?appnxsid=0 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 529680
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
tracking.buygoods.com/track/?a=6808&firstcookie=0&tracking_redirect=&referrer=https%3A%2F%2Ffitleanhealth.com%2F&sessid2=&product=gluco_freeze,gluco_freeze_3,gluco_freeze_6&caller_url=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba
172.66.43.22200 OK 0 B URL HTTP/2 tracking.buygoods.com/track/?a=6808&firstcookie=0&tracking_redirect=&referrer=https%3A%2F%2Ffitleanhealth.com%2F&sessid2=&product=gluco_freeze,gluco_freeze_3,gluco_freeze_6&caller_url=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba
IP 172.66.43.22:0
GET /track/?a=6808&firstcookie=0&tracking_redirect=&referrer=https%3A%2F%2Ffitleanhealth.com%2F&sessid2=&product=gluco_freeze,gluco_freeze_3,gluco_freeze_6&caller_url=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba HTTP/1.1
Host: tracking.buygoods.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: application/javascript
p3p: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Tue, Jan 12 1999 01:01:01 GMT
set-cookie: spiaffid_6808=7990; expires=Fri, 23-Jun-2023 22:30:42 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spisubid_6808=mw25ckd_032523_leads; expires=Fri, 23-Jun-2023 22:30:42 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spicampaign_id_6808=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
spireferrer_6808=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
spireferrer_6808=91.90.42.154:fitleanhealth.com:glucofreezenow.com%2Fstill-broadcast; expires=Fri, 23-Jun-2023 22:30:42 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spisessid2_6808=sessid20230325223021436; expires=Fri, 23-Jun-2023 22:30:42 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spi_funnel_codename_6808=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7ada99938f74b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
settings.luckyorange.net/?u=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba&s=322491
172.67.75.100200 OK 0 B URL HTTP/2 settings.luckyorange.net/?u=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba&s=322491
IP 172.67.75.100:0
GET /?u=https%3A%2F%2Fglucofreezenow.com%2Fstill-broadcast%2Findex.html%3Faff_id%3D7990%26subid%3Dmw25ckd_032523_leads%26subid5%3D0e4b01eab09c497fbaf64fc163f697ba&s=322491 HTTP/1.1
Host: settings.luckyorange.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glucofreezenow.com/
Origin: https://glucofreezenow.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:43 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://glucofreezenow.com
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcBfEHnVn4DbO7KDk552ssLQQkvpNDLgy%2FE6sBUSFpWWy42EAQ2KQ9ALRbCOWRCTgUbRcjwSm2IIebwSjGPjO8lseBK54F5EkqcxqNbTLUYn8vY%2BK6ht%2Bni%2BxxttOBZ5go6AHizsIrBpZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ada9995df81b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
glucofreezenow.com/controlScript.css
69.172.200.220200 OK 0 B URL HTTP/2 glucofreezenow.com/controlScript.css
IP 69.172.200.220:0
GET /controlScript.css HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: text/css
last-modified: Wed, 11 Jan 2023 09:49:05 GMT
etag: W/"63be8611-1f3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding, Accept-Encoding
content-encoding: gzip
x-dis-request-id: 54da57489171d449b4ad22f13fd8cd97
server: DOSarrest
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.3200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.3:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98983
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=4rMOyF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQiUyRkxoSnZhZnlCTUxyZVFaTHg5NnlxcWxvbzVMS3FNZFIySktaS2czMjBJ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=qyHLJF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQiUyRkxoSnZhZnlCTUxyZVFaTHg5NnlvSzhrUFRCSEZUaVRqWjBGYjZaZVN4; expires=Thu, 18 Apr 2024 22:30:43 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 396953
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_error=3
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_error=3
IP 178.250.0.163:0
GET /dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-tfW0vdjqvabkv62-5n_2wj76isc2EYufhY5GCg&google_error=3 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:44 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 157193
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
glucofreezenow.com/still-broadcast/assets/css/styles.min.css
69.172.200.220200 OK 0 B URL HTTP/2 glucofreezenow.com/still-broadcast/assets/css/styles.min.css
IP 69.172.200.220:0
GET /still-broadcast/assets/css/styles.min.css HTTP/1.1
Host: glucofreezenow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/still-broadcast/index.html?aff_id=7990&subid=mw25ckd_032523_leads&subid5=0e4b01eab09c497fbaf64fc163f697ba
Cookie: uid=wKhaAmQfdhGQcAA6AwTeAg==; cnid=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:30:42 GMT
content-type: text/css
last-modified: Sun, 06 Mar 2022 14:43:43 GMT
etag: W/"6224c89f-563"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
pragma: public
vary: Accept-Encoding, Accept-Encoding
content-encoding: gzip
x-dis-request-id: b1d3fe317ea5f5ae59d42c80e27df672
server: DOSarrest
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Oswald:wght@400;500;600;700;800
172.217.21.170200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Oswald:wght@400;500;600;700;800
IP 172.217.21.170:0
GET /css2?family=Oswald:wght@400;500;600;700;800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glucofreezenow.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 22:30:41 GMT
date: Sat, 25 Mar 2023 22:30:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2