r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16803ffa29e10ee999c43eb4e4acfe92
a5ede865a388fa440f20994b43c417d403e9a493
08de8f6abb622e84d2cb6e88dee8fc7c408147ac43da9c24d4cde510ed36b53a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08DE8F6ABB622E84D2CB6E88DEE8FC7C408147AC43DA9C24D4CDE510ED36B53A"
Last-Modified: Mon, 02 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2816
Expires: Mon, 02 Jan 2023 19:12:39 GMT
Date: Mon, 02 Jan 2023 18:25:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8afcbdfc50b3ac9488d629a1a4923b81
933fe7b84c2fbd931da70e92c86fa89110e7cfe7
9857b3b813177c23f90a7e53c7ec1f878362b1da27bc19493bebffc358a4b852
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9857B3B813177C23F90A7E53C7EC1F878362B1DA27BC19493BEBFFC358A4B852"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2814
Expires: Mon, 02 Jan 2023 19:12:37 GMT
Date: Mon, 02 Jan 2023 18:25:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 3b0a4b7e28ad3a91135d52c7457790b5
075f22ab45d169766252467ae44903250e480f9b
312744aeb6fcc4296025205bc70c40316dd3c8a4b626669ac43e32c33104473a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "312744AEB6FCC4296025205BC70C40316DD3C8A4B626669AC43E32C33104473A"
Last-Modified: Sat, 31 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3269
Expires: Mon, 02 Jan 2023 19:20:12 GMT
Date: Mon, 02 Jan 2023 18:25:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 02 Jan 2023 17:47:28 GMT
content-type: application/json
age: 2295
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: KKUzOnP21b7av3KBXoco35c1cZ2A2b+RxRen+aaX3nM2sEx8UV6+aHGPqp/faGLrV/FSa1Vnr5c=
x-amz-request-id: W1KDNX4C4JRY78ZR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 02 Jan 2023 17:58:22 GMT
age: 1641
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c56ffca7de1d5f6bf71da5a4144dc53d
e1d63177659dda5a1e56ada60b6ae322ea0a38b0
a951a6422828278b4ea06672f64fbdf3e07d3aab500b17f382d7360df1d23766
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A951A6422828278B4EA06672F64FBDF3E07D3AAB500B17F382D7360DF1D23766"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20182
Expires: Tue, 03 Jan 2023 00:02:06 GMT
Date: Mon, 02 Jan 2023 18:25:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 02 Jan 2023 18:08:11 GMT
age: 1053
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 949e1488247f88de92a236c833157150
742a3f40ac2806fda515365bfb8683aa66b8f7b0
7d7cecfbae5143277933d1e1abdb6f5295b595edfe2fc83068a8a3eca8d797bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4308
Cache-Control: max-age=143582
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:44 GMT
Etag: "63b29eb2-1d7"
Expires: Wed, 04 Jan 2023 10:18:46 GMT
Last-Modified: Mon, 02 Jan 2023 09:06:58 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 929ca4f05a97ff5ab6ddfe9cebf0f96f
1352c84d8500544a18730b499d3d1fa5c662f9b2
36dd24f745c7e7c49b504c729280f765525c8c509d8c50894bc9d5d42f11eb99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36DD24F745C7E7C49B504C729280F765525C8C509D8C50894BC9D5D42F11EB99"
Last-Modified: Sun, 01 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2024
Expires: Mon, 02 Jan 2023 18:59:28 GMT
Date: Mon, 02 Jan 2023 18:25:44 GMT
Connection: keep-alive
ad.sitemaji.com/ysm_reurl.js
35.186.215.140200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP 35.186.215.140:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding,Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Mon, 02 Jan 2023 16:30:38 GMT
expires: Tue, 03 Jan 2023 16:30:38 GMT
cache-control: max-age=86400,public
age: 6906
last-modified: Thu, 20 Jun 2019 08:55:05 GMT
etag: W/"5d0b49e9-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 013c85e86eac3e14a23da01d95c76be4
2a5eb994793c91b20930114d4ab82cd63a8ad602
89917b5963e8403ce7669fe867a62fbcfb286eb812fff36702899de8c2320edf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
151.101.1.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP 151.101.1.229:0
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:25:44 GMT
age: 9650127
x-served-by: cache-fra19141-FRA, cache-bma1620-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 929ca4f05a97ff5ab6ddfe9cebf0f96f
1352c84d8500544a18730b499d3d1fa5c662f9b2
36dd24f745c7e7c49b504c729280f765525c8c509d8c50894bc9d5d42f11eb99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36DD24F745C7E7C49B504C729280F765525C8C509D8C50894BC9D5D42F11EB99"
Last-Modified: Sun, 01 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2024
Expires: Mon, 02 Jan 2023 18:59:28 GMT
Date: Mon, 02 Jan 2023 18:25:44 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
151.101.1.229200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:25:44 GMT
age: 6350131
x-served-by: cache-fra-eddf8230099-FRA, cache-bma1620-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash b59999e2df98fbffd4d120eca77c5c7b
73ef7c5d66e33729bc7450e742794bba415bab67
09c7d779dea1928ffce65f2a89e981d79b071d6e291d6d8c2e039d0788426fbf
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:44 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "BFC23EC17D17C5DBB9A32384997157F2BE46F271"
Expires: Tue, 03 Jan 2023 06:00:00 GMT
Last-Modified: Mon, 02 Jan 2023 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 341
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 783589fe9a85b4fa-OSL
www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
172.217.21.168200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
IP 172.217.21.168:0
File type ASCII text, with very long lines (26337)
Hash 8c897dfd296ac511f10bb86ba48fca9b
83e18be89e4a6c7ce011c07f9c19286c69ea5af2
c232e658d60f8aca7b2418f56571fe450fc1666d432a4c37c22ed85cb3e8d71e
GET /gtag/js?id=G-N394QBRGC0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 02 Jan 2023 18:25:44 GMT
expires: Mon, 02 Jan 2023 18:25:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79035
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 013c85e86eac3e14a23da01d95c76be4
2a5eb994793c91b20930114d4ab82cd63a8ad602
89917b5963e8403ce7669fe867a62fbcfb286eb812fff36702899de8c2320edf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 493aa543a8895cbaa5dc1548e2d0b090
348b13b2241cb81ab2f8ae80fb1081b7794331a6
114a0ced654ac1333d13386fa353267c35de54752822023452610a171bfc3890
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 02 Jan 2023 18:25:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 01 Jan 2023 21:17:56 GMT
Expires: Mon, 02 Jan 2023 21:17:56 GMT
ETag: "348b13b2241cb81ab2f8ae80fb1081b7794331a6"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.holmesmind.com/js/init.js
54.230.111.38200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:23 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3hWT244zPwmv7eIB_XRdDkr_oWv06c9wtMfgSvDU78owv17k5lAutA==
age: 52
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pB70tXmjaAq2ziyVFcgd9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XnLS+oGipdfY8eUxBXTAKEn8gCU=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f18b0cee43ee78d35bbd7befa93b2440
c5d4614bd1e35cbda6d647eacd3269c305bda2ef
92f2802f9e73ded54c4958dfd371ddc40c84ef07e1ad1445b238bc45d57ecf8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2589
Cache-Control: max-age=171750
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:44 GMT
Etag: "63b31371-1d7"
Expires: Wed, 04 Jan 2023 18:08:14 GMT
Last-Modified: Mon, 02 Jan 2023 17:25:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
cdn.holmesmind.com/js/capmapping.htm
54.230.111.38200 OK 4.7 kB URL HTTP/2 cdn.holmesmind.com/js/capmapping.htm
IP 54.230.111.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (437), with CRLF line terminators
Hash c36f5eb091d6195fe8b68f3b263f999b
43c4760cb0bb957ffed4fb754c4eaaa247b734c5
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
GET /js/capmapping.htm HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4730
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:23 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hXijQmw4uhykrIBZttDQGSdk20A3KanKLv6tnokLh0CjS9YuF8nWRA==
age: 36
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/edmp_init.js
54.230.111.38200 OK 662 B URL HTTP/2 cdn.holmesmind.com/js/edmp_init.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (662), with no line terminators
Hash f58f8a90686f8ffb3325107e8a788b71
d85d37486b87503e0631ff0ee83d95316783cf09
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
GET /js/edmp_init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 662
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:23 GMT
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8y0C5BUCByiI_ltGcoyOnjSGphcHa_T6cBhOCEnBGk5vRd0WZt8bEw==
age: 41
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
54.230.111.38200 OK 9.7 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP 54.230.111.38:0
File type C source, ASCII text, with CRLF line terminators
Hash c1c5e1f8e39229c17de1058941ef4aea
606765b09294df714d9aba0bae8b535b25c96260
f13d5cccdee5742a69ce1d727428ae1e3064434cde08d1f18e03ba2c80621e85
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9724
last-modified: Fri, 23 Dec 2022 03:56:55 GMT
x-amz-version-id: nu3Q4FExJPU4AxPv2qvAu17GSCRePZwj
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:44 GMT
etag: "c1c5e1f8e39229c17de1058941ef4aea"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9JeTOAdkwu3GsoXXukgikNR-w3MreXgO2DjAFEwxY5e6w9HAaJKBgg==
age: 12
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=14209
143.204.55.102200 OK 3.6 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=14209
IP 143.204.55.102:0
Hash 967232f21adb8854391a9431693859a9
06ab6bbc6fd5c2e64154012d6094c8692c8d4ce0
9ad1e084a2e630d7078b92729c31467b76e8681486545a8f46f006e0b4a67014
GET /adserver/Preset.js?z=14209 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 18:15:55 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ufbSC3x-aWjOe7jUC3aXG2KRLSFEv7n9vUOQrJosTJEdhB0FNdQjzg==
age: 590
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/criteoV2.js
54.230.111.38200 OK 2.4 kB URL HTTP/2 cdn.holmesmind.com/js/criteoV2.js
IP 54.230.111.38:0
File type HTML document, ASCII text, with CRLF line terminators
Hash e8f33fcb581483ced4a09b3c8e7550e4
278fdeb6bf2871b7a3a3ca9becef10582e8e87e0
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
GET /js/criteoV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2443
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:26 GMT
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GZUcOFIzBcUq7ANTlnCrVAtMUt0pMWdopvBncI0fa6r-yocXpDgIrw==
age: 31
X-Firefox-Spdy: h2
reurl.cc/stylesheets/rwd/style.css?v=1
35.185.130.121200 OK 7.5 kB URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP 35.185.130.121:0
Hash c09b5a1407cd5cc2857fdbed00dd076b
8d36c9145014929bb233c1ace0d8b2899b77fe20
ca5b4e6dcac0ff550757cf6dcd3fc6346ce0de1e21e3d063d2dadc96db34d7b5
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:44 GMT
content-type: text/css
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-9f6"
expires: Tue, 02 Jan 2024 18:25:44 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/prebid_mainV3.js
54.230.111.38200 OK 3.4 kB URL HTTP/2 cdn.holmesmind.com/js/prebid_mainV3.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash 9bc85b6bbcdee3004a193ca95155895e
cbeca5e46694449c52ff2cb260786ce1e22c93a1
d7b3bbef85a191de394b4f81903a35ddc60a57c645d8389e73e600b538e7e104
GET /js/prebid_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3421
last-modified: Fri, 30 Dec 2022 03:48:51 GMT
x-amz-version-id: Whmx5WfmXfk6Gi4dKadBHkaGVw9.JJQQ
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:26 GMT
etag: "9bc85b6bbcdee3004a193ca95155895e"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YtH92N8g-oTtAoACw2FnttlISxf52oXTPeG-Rs02_f8wecc2-sMwwA==
age: 53
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f18b0cee43ee78d35bbd7befa93b2440
c5d4614bd1e35cbda6d647eacd3269c305bda2ef
92f2802f9e73ded54c4958dfd371ddc40c84ef07e1ad1445b238bc45d57ecf8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2590
Cache-Control: max-age=171750
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Etag: "63b31371-1d7"
Expires: Wed, 04 Jan 2023 18:08:15 GMT
Last-Modified: Mon, 02 Jan 2023 17:25:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/yZ/r/0cKQbVrk19s.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 6.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yZ/r/0cKQbVrk19s.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (10595)
Hash abc01c5cb9e1f65a8184bd3fa28ae5df
9483687c254802204e18d50976e413162fa21481
482ebf05a0d3aaa255cf9fe29ae7016d2f0efcf0a88d5e31da31c9ad2f14a9e8
GET /rsrc.php/v3/yZ/r/0cKQbVrk19s.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Dec 2023 16:25:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: q8AcXLnh9lqBhL0/oorl3w==
x-fb-debug: ftEqI4W2ysAuHpvp0ppmFLwTmADGKYXaNQvFhds4lo2nqyxYJckLg5D3/T9bPChn+VhPTJb942kTp3tP4eUtXg==
priority: u=3,i
content-length: 6166
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (8741)
Hash c92ef94e30a2dd9473fd9fe533472b73
97049e47de026939c75a885df9e8bb0fb56515ba
f2981c7109e60cf9f5a9e846a25800dbec20a923db028f310b6feb79415650bb
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 16:05:41 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yS75TjCi3ZRz/Z/lM0crcw==
x-fb-debug: U8TYhtIwieUaE+BpLvk0Xw7ps/yThgqW5XjsZVop3u4YwX5eFaxYBxrF8HgB/MiH1SdTKPWsU3h5vM6jeeb7oQ==
priority: u=3,i
content-length: 16232
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 293 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (327)
Hash 2f913d812811ef7e6fca30334c5972e2
d17caaa167443dc08696c672380f237e0db3fb02
ee8918a2f5d163099104b70f79065abc8fd309e69add57170546f2706956eef8
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 17:31:16 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: LFzj3N7JgCbilCC70EZ2DFc4kSBeJDY5gohLixqt89FJ3uUNf0Py9987R0js/xduiQlz0XzKFsGMNs3jw9qwEQ==
content-length: 293
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 1.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (1984)
Hash 9286a42c6635bf94761964f1b129c0de
21d966c8e5833bec35fd039f80e6f7e47185743a
da4067af50abaeaa27b4dfc7f3accf1346f13d9fd9d3821222bc820378c7ed00
GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 13:47:37 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: koakLGY1v5R2GWTxsSnA3g==
x-fb-debug: X1DwjT/W+lXQIOXoZgxGO60rtitg/Bqekw1pZhtvpwaqzKiIINhdHHNijSzGP+6v/Kb9O3z98Y3UqTe9kVfe6g==
priority: u=3,i
content-length: 1615
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fcm.holmesmind.com/cm.php
34.95.67.231200 OK 39 B URL HTTP/2 fcm.holmesmind.com/cm.php
IP 34.95.67.231:0
File type ASCII text, with CRLF line terminators
Hash 2afda5648cd11a22963068421300e1cd
ae0abdd7ec4b438fb61a12c59c04b31045b9a674
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
GET /cm.php HTTP/1.1
Host: fcm.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:45 GMT
server: Apache/2.4.29 (Ubuntu)
content-length: 39
content-type: text/html; charset=UTF-8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
31.13.72.36200 OK 33 kB URL HTTP/2 www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32456)
Hash 144c5af583bba78e08705b3a455bf44d
a7924e6ba1d58a6175ae4e25f9c6dbc83e7644c2
ac9e898aef8117146ec68af1c72a30e430428d4321e3c146a8b7d3ff261c2521
GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: RTW5UfSZqqaUOns8NGakyheMIdWxdMi/UkoZuUIH+4dF4aPEV4z5mOi5KEUFjShPkZJGJWSHPsCHAb3EWndHdw==
date: Mon, 02 Jan 2023 18:25:45 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yL/r/PlsnJC666Fj.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 6.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yL/r/PlsnJC666Fj.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (7780)
Hash 855b9a9b80d4c186253eba4e0d14b18d
9af34af716b9116d91c7e2012f35cc756afdfbd3
39f68beab2325364f3a27998ec9692c7275ae0fb6d979fc3730bf881b65975ce
GET /rsrc.php/v3/yL/r/PlsnJC666Fj.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Dec 2023 10:01:56 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: hVuam4DUwYYlPrpODRSxjQ==
x-fb-debug: kb9Gt4rhA3p3u5PYUqH9ngWwDSudkef5Oa14blr/C7Qt5S2Ksc0HT0laE6y7BVT/RVd8+jzzpA8pH3epwPGPsQ==
priority: u=3,i
content-length: 6772
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yd/l/en_US/h-L8FQ7MyJY.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 7.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yd/l/en_US/h-L8FQ7MyJY.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (2905)
Hash b3d9bbe7863976aa5b46e02c7798acc8
f3534203ec245879da839b07de21385a5203556d
f29d8841fd47e887686263e49027672a365baa6362e277192f635b303c9e016d
GET /rsrc.php/v3iLl54/yd/l/en_US/h-L8FQ7MyJY.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 00:14:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: s9m754Y5dqpbRuAsd5isyA==
x-fb-debug: IobHyBby+RhEku/vM4FWclA5hgIsGlzTgIuE+RzzXjjaIjrtDr5r4ZfXar/SWjDTKPWlGX2vAyrCwu/D7Ah3Kg==
content-length: 7100
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/s7Li9Aq-hu0.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 4.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/s7Li9Aq-hu0.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type assembler source, ASCII text, with very long lines (2642)
Hash 5024d751c01432036f1fd63f8eb1b611
a3715766ced44ec80370205c277b350ce62cb02b
9aea4f4cab9baea9136507cc618763179c0bc6c80ad6a80eb4f68316b174c95c
GET /rsrc.php/v3/yt/l/0,cross/s7Li9Aq-hu0.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 18:54:50 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: UCTXUcAUMgNvH9Y/jrG2EQ==
x-fb-debug: xPG+utXaPWNSRV1wC2vfzLnYhDfuwbgB+qH5HZoUqZBvGwQTZl7u7wtcs1ZxS6OsFFtKL+3ClkTJt4dcWRaQkw==
priority: u=3,i
content-length: 4696
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y1/l/en_US/ACK0uX4zgFf.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/y1/l/en_US/ACK0uX4zgFf.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (42114)
Hash 7524540c965e62fd3390f6aa427f5443
bd1b7935aef5eb36690c1982886b67470fc8e373
7f456c91da4be41030dff14d2537892f29329d157b92643d4ae329d30d6254d4
GET /rsrc.php/v3iEpO4/y1/l/en_US/ACK0uX4zgFf.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Dec 2023 22:44:56 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dSRUDJZeYv0zkPaqQn9UQw==
x-fb-debug: x+EpoeeCowncmLSbGXl2z+a2h4K1i33IrsJ0WcWyGo2EMKXQPKK1Uzut8aZVDzZXthqreXdDEVYAjwaIJIZnJQ==
content-length: 23498
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3ivrH4/y9/l/en_US/9fMM4A3C7jT.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 80 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ivrH4/y9/l/en_US/9fMM4A3C7jT.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (5723)
Hash 2c9f3c23f7f820195570bbb0f79dff9b
10d9bcc751e6d037430531384b437bd5762514be
2197607873c51e09f4fdac1bf858eef5efac384c62820ab1c308d549f90e8927
GET /rsrc.php/v3ivrH4/y9/l/en_US/9fMM4A3C7jT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 16:38:47 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: LJ88I/f4IBlVcLuw953/mw==
x-fb-debug: z7lY0YvgKCdXH4bAwsEN7yI/vJ2OW4Zv2S+BhQr835RPK/uME8ehwpghfgvQLmzY+E7FFbgKwFuhNxIOlHzbwQ==
priority: u=3,i
content-length: 79541
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/C8hbKUiuCgi.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 3.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/C8hbKUiuCgi.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (2557)
Hash 8fcc1a166c742accd96d4565cf0fa6f8
ee1ebb81eb0638220f40dbae09e967f17b24b995
1f5133968c24fc88f665d1b9a5e0af41e39b3997be897fbcd492ae8e4cea2fca
GET /rsrc.php/v3/yF/r/C8hbKUiuCgi.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 16:31:26 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: j8waFmx0KszZbUVlzw+m+A==
x-fb-debug: 22R9KU4XB3QROrtgflMBYAfahZiS/RPav08N/RmiQhbGGorf9mcaFNZ8cBgONTRkFqkQK49836NUF0wuNnMNSA==
content-length: 3575
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yw/r/-UiReSjdfva.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 390 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yw/r/-UiReSjdfva.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (618)
Hash 0984a4c8a4a6cd15974c8585b70033ad
8893ca1b4cd9037584d995d4c12e44f02c1cfb71
3147ce4394aac97aa02e9a1f01f61f3135df185e8ffbd9420e0fa332d4b3cb6b
GET /rsrc.php/v3/yw/r/-UiReSjdfva.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Dec 2023 16:26:57 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: CYSkyKSmzRWXTIWFtwAzrQ==
x-fb-debug: n6/EWYMkMEXXBula64e6jmCKmZCFBOBPGyW4Pu2gUJ4lnVUZXKlUg+gh/ZcKaqC12noGXaJmA/Y9/ELwnqzVxg==
content-length: 390
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yJ/r/IrGICuLYjuP.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 4.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yJ/r/IrGICuLYjuP.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4488)
Hash 761c9e373ae200327a6dcf8ac2da338c
c173d4b110a89dd29b92b407b255077ab3058af1
3e20129181c179099a7a8d6db200b1230e3b114c47cc5e26ed3f392a73afbcc2
GET /rsrc.php/v3/yJ/r/IrGICuLYjuP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Dec 2023 18:42:02 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dhyeNzriADJ6bc+KwtozjA==
x-fb-debug: yi06s+T2ndW/y9GpSjY4Do56FpyfsSOnfHBo6lNYgOITnViIv2HzPagrqnlVN1oUSaWpwTUTJhAYq0niO29pgA==
content-length: 4666
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yy/r/2f61oWyjOj5.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yy/r/2f61oWyjOj5.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (4643)
Hash 2f3bd3f5da2acb55828c5dcefde8a274
00f21373747009968870397a243322c067466c97
fae6708a549046751d2ec4b001dd8402482494ec07a924132775332ac354f2a1
GET /rsrc.php/v3/yy/r/2f61oWyjOj5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Dec 2023 17:48:16 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: LzvT9doqy1WCjF3O/eiidA==
x-fb-debug: it16Jaatrx+rPZzGZEfn7zAjkbRE6EbTEdLNtQ94hrR3HlkssTUDvdAl9+3QGvMOxrqDUhNkFiBbikuQbndi4A==
priority: u=3,i
content-length: 5358
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 15 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (56522)
Hash 95b85ba6147504d3f15ba46a0c98a2a3
7c252e33f9efe655e2a989ab7c306dee04650cb2
c7e30ff750f116558ed9dff6bf802e914624409873f0be3f319bd8289bec8b36
GET /rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 19 Dec 2023 21:30:15 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lbhbphR1BNPxW6RqDJiiow==
x-fb-debug: rkNxs3KxDXNhZkMOo0DCu80ddojZpfUM+jCXhcGSwD0JT+8+IQHu4EXjSp5uqO1fimIe5ZQqcEKAC2hyCOg42w==
priority: u=3,i
content-length: 15174
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 493aa543a8895cbaa5dc1548e2d0b090
348b13b2241cb81ab2f8ae80fb1081b7794331a6
114a0ced654ac1333d13386fa353267c35de54752822023452610a171bfc3890
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 02 Jan 2023 18:25:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 01 Jan 2023 21:17:56 GMT
Expires: Mon, 02 Jan 2023 21:17:56 GMT
ETag: "348b13b2241cb81ab2f8ae80fb1081b7794331a6"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Dec 2023 15:32:37 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: OlzN21WjzLJ5StoXKMt/QQEFsoEX3aeLqY5bph3r4ZD4kX8saFfUmzB592JCt1Pcp2B1llF12eCVx4WYHyl6Sw==
priority: u=2
content-length: 830
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash ae552af6dbb50ca81b9ce712432193ec
56b1213640022341a51fd7725e59f9fa4a1c342e
e2d557177731512f03e9523504bd4fff02efb9df8001014e5616211ebf861ab7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:45 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Dec 2022 13:06:15 GMT
Expires: Fri, 06 Jan 2023 13:06:14 GMT
Etag: "56b1213640022341a51fd7725e59f9fa4a1c342e"
Cache-Control: max-age=325828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78358a029d5d1c06-OSL
static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/90_WUNArjH8.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ym/l/0,cross/90_WUNArjH8.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4431)
Hash 52aa1e5de34a7a8a9443530f4f21f477
36b86ba5c1d60f8a22ac66505d2a87cfe8f70e57
4dc896ce32d191f0acab801d8d7afefc96bfabe8b2f3e59463b398eb85397782
GET /rsrc.php/v3/ym/l/0,cross/90_WUNArjH8.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 01 Jan 2024 18:28:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: UqoeXeNKeoqUQ1MPTyH0dw==
x-fb-debug: Tchk4NzH8+q86cQc2MMrsLlOaSa3SqPM+5MdxmyAErR+qXZ9xA3zsAi2bf4tAteQBYssKSRoSJ6DW5FsBDy7lg==
priority: u=2
content-length: 5409
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9521fc47836660f8d8496cec629350bf
1c3e9dd1d530944c9def7ae534ac764193d386d7
191ce61ccb270ee502c7dffc86bf9a14e82fdee6ade5c6afeb50f5af54966a10
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "191CE61CCB270EE502C7DFFC86BF9A14E82FDEE6ADE5C6AFEB50F5AF54966A10"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1381
Expires: Mon, 02 Jan 2023 18:48:46 GMT
Date: Mon, 02 Jan 2023 18:25:45 GMT
Connection: keep-alive
static.xx.fbcdn.net/rsrc.php/v3/y6/r/Fs66-ooFjHN.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 85 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/Fs66-ooFjHN.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (18622)
Hash 33aa1a2f8dcf2e0f1313b420cbdd6783
1b0da05e75a3fc9c2b529b01b529dd4bab20a401
c5f074386e4d39c9850c012cd539aa1f5a56b109344cec9863d4edc331e34366
GET /rsrc.php/v3/y6/r/Fs66-ooFjHN.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 27 Dec 2023 21:15:27 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: M6oaL43PLg8TE7Qgy91ngw==
x-fb-debug: ZLXzuVk9Bkenc3R4zzjLYkO8Wu6wrMThAFJlhqDcqY7pTO5ObMppik+zvpibcS1KxdoGI7jvbNUJwyu+H8W8ug==
content-length: 85051
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/0tzt5m0OcH8.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/0tzt5m0OcH8.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (8976)
Hash c10654d1ecaf65a02dbfbd6d9053f12b
1ad6c14fcd9f79822c8593b4596895fa4a51fc0f
96b39f53daeaceb790124ee537496c8ed8a7770798a4a5414e8c938efdb7be59
GET /rsrc.php/v3/yS/l/0,cross/0tzt5m0OcH8.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 27 Dec 2023 18:46:48 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-fb-rlafr: 0
content-md5: wQZU0eyvZaAtv71tkFPxKw==
x-fb-debug: H+VX/0s9y21E1z5HvOmYiLZScHYR0gDXj85ZbV7Vq6q6tymyNRjY6Xs8FrIY/utd/yJEPkpIjVQ/GpNuexwyHA==
content-length: 6367
x-fb-trip-id: 1904183273
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 493aa543a8895cbaa5dc1548e2d0b090
348b13b2241cb81ab2f8ae80fb1081b7794331a6
114a0ced654ac1333d13386fa353267c35de54752822023452610a171bfc3890
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 02 Jan 2023 18:25:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 01 Jan 2023 21:17:56 GMT
Expires: Mon, 02 Jan 2023 21:17:56 GMT
ETag: "348b13b2241cb81ab2f8ae80fb1081b7794331a6"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b8777426fef010a868ebc9338c76396
e6ec64917f1c5696ba737405e1f91c9f0d8b772f
26c8f641c23590a5ad6e5cb1df737052842edc448000d980fba0fe02cf872bce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26C8F641C23590A5AD6E5CB1DF737052842EDC448000D980FBA0FE02CF872BCE"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 03 Jan 2023 00:25:45 GMT
Date: Mon, 02 Jan 2023 18:25:45 GMT
Connection: keep-alive
img.scupio.com/html/ga.html
143.204.55.37200 OK 438 B URL HTTP/2 img.scupio.com/html/ga.html
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (438), with no line terminators
Hash d7485437fadc873f8fbf81871854edc8
02aa9dde37cd2b22ae68126721d2a3bbb1fbff78
390fade8f9e000d84e82d5e751bdf077ba33d52a4f569eb3f46515d25b44725c
GET /html/ga.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 438
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:27 GMT
accept-ranges: bytes
date: Mon, 02 Jan 2023 17:54:41 GMT
expires: Mon, 02 Jan 2023 18:19:41 GMT
cache-control: max-age=1500
etag: "6327d0fb-1b6"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c4WLQ9wI4y-kKiGawm6mog3_PE-ZIKBk5HmgbSN9J55VYiIRis_tHg==
age: 1863
vary: Origin
X-Firefox-Spdy: h2
img.scupio.com/html/ga-UA-60400357-1.html
143.204.55.37200 OK 438 B URL HTTP/2 img.scupio.com/html/ga-UA-60400357-1.html
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (438), with no line terminators
Hash 6fb57921dfd9ed3151de3d5d325386dd
5039b5aebc3a9d320f95cdf2d32231c50f27b93e
4dbf92b48330425699fc8990678c4c6b4ceca07fc58fca861b2be1b8f91f9b3e
GET /html/ga-UA-60400357-1.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 438
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:27 GMT
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:25:45 GMT
expires: Mon, 02 Jan 2023 18:48:43 GMT
cache-control: max-age=1500
etag: "6327d0fb-1b6"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sskIePhbyDsHUOc7e0yOsSC3KVfMNjUCkN5A9j-4QWm398B7DVLi5w==
age: 122
vary: Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/49wdnsbAGOg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/49wdnsbAGOg
IP 142.250.74.131:0
Hash 422b98999615c91206d7b59d534bb4f9
ce7cc3c4224152409e278a7f3d62b60ee8204a4a
8fd45d986e861f4c57c65c3fb61c78078cef2dbc6baac89bcd665e70a6de01e3
POST /s/gts1d4/49wdnsbAGOg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f9f63e06a0258a620c40e12899c874e7
95f54d97b7d30a185a35ec10d4860f6fdde7f7b0
5c1528ca2a5929f1d9b5f257da9c5aa7d507c82edbc6298cad04819fb914b6e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4866
Cache-Control: max-age=119303
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Etag: "63b23dae-1d7"
Expires: Wed, 04 Jan 2023 03:34:08 GMT
Last-Modified: Mon, 02 Jan 2023 02:13:02 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.37200 OK 23 kB URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.37:0
Hash 085dc6fb99e9b38b1dd52189e9d7fe7b
72dce4a481ebe6c1b9b47cf0414c8b4eeb149f58
a253ac9b8ef1bcae58b166bab4f5cc7e990956e44ade90f7eecc96459609121b
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Mon, 02 Jan 2023 17:48:59 GMT
expires: Wed, 01 Feb 2023 17:48:55 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dwLcoy9njsBDljAj2nEC7JlEcqIRQxk4F58SE29FJUW8SZPuO-_0Dg==
age: 2210
vary: Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f9f63e06a0258a620c40e12899c874e7
95f54d97b7d30a185a35ec10d4860f6fdde7f7b0
5c1528ca2a5929f1d9b5f257da9c5aa7d507c82edbc6298cad04819fb914b6e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5312
Cache-Control: max-age=119749
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Etag: "63b23dae-1d7"
Expires: Wed, 04 Jan 2023 03:41:34 GMT
Last-Modified: Mon, 02 Jan 2023 02:13:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
c.holmesmind.com/cm?tc=getIn&
35.201.76.93200 OK 1.3 kB URL HTTP/2 c.holmesmind.com/cm?tc=getIn&
IP 35.201.76.93:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 2bd9f1e3cdd6f434f665ca96d5447e16
897e849a303184615443c52a6bfdc0846d9dd2d5
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
GET /cm?tc=getIn& HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:45 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp;Expires=Friday, 31-Dec-2032 10:25:45 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
test_cookie=;Expires=Thursday, 01-Jan-1970 08:00:00 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59;Expires=Tuesday, 17-Jan-2023 10:25:45 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
C=null;Expires=Tuesday, 17-Jan-2023 10:25:45 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
RK=null;Expires=Thursday, 13-Apr-2023 10:25:45 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=884716354&cid=14635498.1672683937&ul=en-us&sr=1280x1024&_s=1&sid=1672683936&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FxgmXr1&dt=Regions%20Online%20Banking%20-%20Log%20in%20to%20your%20accounts%20%7C%20Regions&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=884716354&cid=14635498.1672683937&ul=en-us&sr=1280x1024&_s=1&sid=1672683936&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FxgmXr1&dt=Regions%20Online%20Banking%20-%20Log%20in%20to%20your%20accounts%20%7C%20Regions&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=884716354&cid=14635498.1672683937&ul=en-us&sr=1280x1024&_s=1&sid=1672683936&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FxgmXr1&dt=Regions%20Online%20Banking%20-%20Log%20in%20to%20your%20accounts%20%7C%20Regions&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://reurl.cc
date: Mon, 02 Jan 2023 18:25:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bb809cfb572b68b1ae1e01bc048dbcfa
a739e1a0fe77e7914d7ae95ad60100f547537f93
7320fb9fc844b9a3dae88d01238fbe49c8f75911a11129d9d856229c90f9f324
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adcdn.holmesmind.com/adserver/Preset.js?z=13856
143.204.55.102200 OK 747 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13856
IP 143.204.55.102:0
Hash d0c8b03a54a17d552c33b8edf829afaa
d4feee47898bd244586739bc841a7e82e62be894
77336a68c72fe239daf1edda47f35e119f406bb3b2277e761469d9f6d1c5b0c2
GET /adserver/Preset.js?z=13856 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 18:15:55 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sRQS8D5Y_Yq8_W4nhEhK6pGau314gFb59cT6WpAAwZbwzd3RHZocAA==
age: 590
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 02 Jan 2023 18:25:45 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.170200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Dec 2022 20:44:35 GMT
expires: Fri, 29 Dec 2023 20:44:35 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 337270
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 02 Jan 2023 17:34:02 GMT
expires: Mon, 02 Jan 2023 19:34:02 GMT
cache-control: public, max-age=7200
age: 3103
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b8777426fef010a868ebc9338c76396
e6ec64917f1c5696ba737405e1f91c9f0d8b772f
26c8f641c23590a5ad6e5cb1df737052842edc448000d980fba0fe02cf872bce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26C8F641C23590A5AD6E5CB1DF737052842EDC448000D980FBA0FE02CF872BCE"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 03 Jan 2023 00:25:45 GMT
Date: Mon, 02 Jan 2023 18:25:45 GMT
Connection: keep-alive
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 02 Jan 2023 18:25:45 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bb809cfb572b68b1ae1e01bc048dbcfa
a739e1a0fe77e7914d7ae95ad60100f547537f93
7320fb9fc844b9a3dae88d01238fbe49c8f75911a11129d9d856229c90f9f324
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 272
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:45 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 7.0 kB URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
Hash f5419d6096f47d6ea4a49569175efb64
c7065003fe5404e771cc41776cfd971fbcf2792e
83d91e2d7caf299ab3f2f83a71919ceaf87790849e2da466e3f9fbe3b9e6f165
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:44 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-1ad"
expires: Tue, 02 Jan 2024 18:25:44 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/49wdnsbAGOg
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/49wdnsbAGOg
IP 142.250.74.131:0
Hash 422b98999615c91206d7b59d534bb4f9
ce7cc3c4224152409e278a7f3d62b60ee8204a4a
8fd45d986e861f4c57c65c3fb61c78078cef2dbc6baac89bcd665e70a6de01e3
POST /s/gts1d4/49wdnsbAGOg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mma.prnasia.com/media2/1975619/Temple_Mall.jpg?p=medium600
104.16.252.4200 OK 110 kB URL HTTP/2 mma.prnasia.com/media2/1975619/Temple_Mall.jpg?p=medium600
IP 104.16.252.4:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 599x400, components 3\012- data
Size 110 kB (110424 bytes)
Hash e3df5cd238cab5d181b613ab562045f3
6949461aa6923b6cbc769991af850eb53ccb68f0
9ce979ead7e7aad85f755185791a51e29e4b736fd5767778dade6b8e51e75229
GET /media2/1975619/Temple_Mall.jpg?p=medium600 HTTP/1.1
Host: mma.prnasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/jpeg
content-length: 110424
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=0
cf-bgj: h2pri
expires: Mon, 02 Jan 2023 07:13:46 GMT
last-modified: Mon, 02 Jan 2023 07:13:45 GMT
server-timing: intid;desc=a147d40b23626bda
vary: *, Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: HIT
age: 29761
accept-ranges: bytes
set-cookie: __cf_bm=HMaj8XHTW4mSFhajhMLFWY8YBbP1iYZ9EjcyK6jfVh8-1672683946-0-AWvOSf3ctrJNvMb/bJHy2CDCi/UQb61HRLyh3dBKugCCU1D1HxScpGOzFT6eGULP/rYpWJp7GLg+ooSiEcV3mMc=; path=/; expires=Mon, 02-Jan-23 18:55:46 GMT; domain=.prnasia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 78358a067b5db509-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3300
Expires: Mon, 02 Jan 2023 19:20:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3300
Expires: Mon, 02 Jan 2023 19:20:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
img.scupio.com/js/config/currency.json
143.204.55.37200 OK 108 B URL HTTP/2 img.scupio.com/js/config/currency.json
IP 143.204.55.37:0
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 9304f723b7f27b8785172ebad14897b8
6f8ceee56e8d943bbf2f877c45a51ebb4df5bee6
471a6a9274bf01a69b1c26a042147c072cfe79a0f982299f501dcd7aec83f877
GET /js/config/currency.json HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 108
server: nginx/1.12.1
last-modified: Sat, 31 Dec 2022 19:15:04 GMT
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:22:57 GMT
expires: Mon, 02 Jan 2023 21:21:04 GMT
cache-control: max-age=10800
etag: "63b08a38-6c"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H4y1n2w86AcW17XN0feL1aqCHME7etD5g0n5BtFH-MxWP2rOLLejLg==
age: 282
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3300
Expires: Mon, 02 Jan 2023 19:20:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a92938ba6a58bd49a9938a24e404cba
2adeb5279f5a130a4ddc05199bc7b0b197a3cabc
1779831cec3a72aa82e2dab789c043da6a7fa432ff75a644733b0ee5f81b965b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6390ab-134c-4c14-ae9e-9591400607a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10426
x-amzn-requestid: b6ad4eac-168a-477b-9883-f77fffc6468f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d5ZfRG7XIAMF7zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad3c61-7766d0293ca12d6e2436ac66;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 07:06:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fbLIBt1nYKjHIB6qMh22u5A92HgG0_f84qqlf5rqpwl4brcU5UB8eQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 02 Jan 2023 12:48:40 GMT
age: 20226
etag: "2adeb5279f5a130a4ddc05199bc7b0b197a3cabc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e628ac1e25757ac0177f4a392d6b7ddb
d457e65190f24dce30af852e07b2d55f1fe5d808
b51790825ceb10ba7d5ec69081c098b7c82e72e4128dc1c23fa4f45495fbfa65
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2fb1a6c7-1739-4b4c-ae46-a2d718fb6c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5684
x-amzn-requestid: a8295357-6fcf-436d-8884-cbc529f3cba4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxSEVGMcIAMFdXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a9fd4e-3067d9957e1e512174ab34bc;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 20:00:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XU-AgqVtSS4DT7lnUIav920Fg5fSbvOYZ_EFXNedq9TLrt2clB7TUQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 22:12:08 GMT
age: 72818
etag: "d457e65190f24dce30af852e07b2d55f1fe5d808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
i0.wp.com/golike.tw/wp-content/uploads/2022/10/Picture6.jpg?fit=255%2C190&ssl=1
192.0.77.2200 OK 14 kB URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/10/Picture6.jpg?fit=255%2C190&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 255x190, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ffbf57c6e968e08f04dcee30474673db
4fadffeb037a8f74027016e17143fd688063a462
41ab57a52da2816749ec81e0af1d895f481a9dfe2345c73aa94c51b72afc3e06
GET /golike.tw/wp-content/uploads/2022/10/Picture6.jpg?fit=255%2C190&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/webp
content-length: 13910
last-modified: Mon, 02 Jan 2023 10:42:37 GMT
expires: Wed, 01 Jan 2025 22:42:37 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/10/Picture6.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a5282c60412ecae2"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
c.holmesmind.com/cm
35.201.76.93302 Found 6.5 kB IP 35.201.76.93:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0452f1ad1a7813d06adf22e178c5284
615a0072aa450329f48fbf30c921cdb6670b249a
72b733f965c7438896bcd95aac4c9bb10a83a2c35f1c459be488b6751dc1b311
GET /cm HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx/1.10.3 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:45 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: test_cookie=CheckForPermission;Expires=Tuesday, 03-Jan-2023 10:26:45 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa20aba0-739b-4b21-8651-376503398453.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa20aba0-739b-4b21-8651-376503398453.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2eac6cb10f73a9133b10b29991d36d28
50dbba1b337a139007815016c1e1d91309a3ac0e
8f8783c086623f20451d3e5321e2ca2ca64d559370e94b0c2aeb8dfe3c95207d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa20aba0-739b-4b21-8651-376503398453.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5150
x-amzn-requestid: ebece8b2-8256-42b6-8ae3-3654d2b7b319
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d6ZBEFUZoAMF2OQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ada206-10bdc2ae5ee1d4494ebcdaad;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 14:19:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M-erf0gwboJTnX5LWgKYpEjsq5bHuAShdResjK97rTMV1bQNDUof6w==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 02 Jan 2023 07:41:12 GMT
age: 38674
etag: "50dbba1b337a139007815016c1e1d91309a3ac0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb9e048a-d832-4c9c-bbf4-523cf2df949e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb9e048a-d832-4c9c-bbf4-523cf2df949e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63e10036442be6087f22f671351bfcf4
d23fda523cd1581a497c1e8d93b6a3a65bbbd05d
bd17928141e8ba15eaf14f140f9cc6648502da10bef74dab32e1790f68d150d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffb9e048a-d832-4c9c-bbf4-523cf2df949e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10904
x-amzn-requestid: e672bb95-0521-41e2-b44d-18d108768f0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFRyVGO0IAMFfsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fcdb-2e2b0c1e73840de93343ce08;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:36:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jFQMuTFlyJiHJmuLONMfpIurk7XCM02NfcPvqsFaybqOjbrdvphLOw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:58:50 GMT
age: 73616
etag: "d23fda523cd1581a497c1e8d93b6a3a65bbbd05d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c4719f10b16aa492c5dbdb8a1bfc20af
21831c11bfc9679c9f0ebc1f6a39284a5d16be56
c8682ee9e025254ee9cd1d9c663a40707cb170c141a328a7de07ded8de06f787
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8682EE9E025254EE9CD1D9C663A40707CB170C141A328A7DE07DED8DE06F787"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3300
Expires: Mon, 02 Jan 2023 19:20:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
cdn.holmesmind.com/js/bridgewellV3.js
54.230.111.38200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:46 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: RefreshHit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LWO517lacn_3sZyMWvdYU61IoWN65oONtf-BrOG4W0WiCIWer5d8QQ==
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
54.230.111.38200 OK 3.2 kB URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (3177), with no line terminators
Hash 548ed610a8571343fb3022f543174735
2e9d891cd6e9345ab1b6489030b4a1ccff1c4e54
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:46 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: RefreshHit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nFHDS7yn9o0iDdIHiPpjRVLZxp2vvdmH8lHBwOLh0quJXlEy6Km6OA==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3f5efb8-d662-4b58-9319-e024ddd04331.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3f5efb8-d662-4b58-9319-e024ddd04331.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f863eb68713f937898561731454ef32e
b0ca943b8ca57da9cf2c69384e5c598bdfb48d33
4af7b5228d39d0e47a159422483fa6ccf683920241a50e4c6348d176a2783a6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3f5efb8-d662-4b58-9319-e024ddd04331.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7755
x-amzn-requestid: 8a52ee34-c50c-4a05-9fa3-17770c3d61ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFSNAFbJoAMFu8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fd86-09de8074042bc69045896070;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:39:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AwE7pLbWK6Q22wWyQjk_c2sRMBrSsV-SiZoyNdGKqYc5QTafBfuJsA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:58:11 GMT
age: 73655
etag: "b0ca943b8ca57da9cf2c69384e5c598bdfb48d33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 412 B IP 93.184.220.29:0
Hash 0ba1081bf0abe94f8b020fadb2686dcf
4cb533e4cfaa08e99bf8dcd06f5c3578212f013d
2325a330defeb3845900c2b8ddb5df2e6bea4132f92badee854b99a7444d6a71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3421
Cache-Control: max-age=149887
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:46 GMT
Etag: "63b2bacd-139"
Expires: Wed, 04 Jan 2023 12:03:53 GMT
Last-Modified: Mon, 02 Jan 2023 11:06:53 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 22f6f3f695fb26b3628a5ea4365f45c9
56a5ecac0354f10a10ca3405979bc6ff2b216e8d
32fa4edf4adbd0952537a6815c4cac6b2464abeb269d4d7616c9a1328e8acd8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3427
Cache-Control: max-age=149894
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:46 GMT
Etag: "63b2bacd-139"
Expires: Wed, 04 Jan 2023 12:04:00 GMT
Last-Modified: Mon, 02 Jan 2023 11:06:53 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 313
img.racingcharger.tw/wp-content/uploads/2022123002485478.jpg
104.21.67.166200 OK 177 kB URL HTTP/2 img.racingcharger.tw/wp-content/uploads/2022123002485478.jpg
IP 104.21.67.166:0
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, progressive, precision 8, 920x520, components 3\012- data
Size 177 kB (176756 bytes)
Hash b88218f6f910cccb0ce7aa741d089597
ecd7997328f865db726597714490f560ab215acc
84cc0071791a53b5efc7542232cb83d0fbe0f64e0e31c81d6f2ff409ea314a30
GET /wp-content/uploads/2022123002485478.jpg HTTP/1.1
Host: img.racingcharger.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/jpeg
content-length: 176756
last-modified: Fri, 30 Dec 2022 02:49:01 GMT
cache-control: max-age=28800
cf-cache-status: HIT
age: 3230
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAp0dVC2EEUp%2FRZHRO5Itd8aQmRKbiT4sdDFGHjGfulMna8mN5ylIu2sDfV70b21%2B4kXdAzCU2YR3f32u3r0ovR6TjOMoLAnsgMX9vXkGyAdJQ4YmGU1JzN%2BHC87muwdygdvvnJbbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78358a07fdb4b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 436
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=85217116815
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=85217116815
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=85217116815 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:45 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
blog.alphaloan.co/wp-content/uploads/2022/12/%E5%B9%A3%E5%AE%89LOGO.jpg
192.0.78.187200 OK 20 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/12/%E5%B9%A3%E5%AE%89LOGO.jpg
IP 192.0.78.187:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 800x260, components 3\012- data
Hash 86eff3b2c23475e31790c2e5337bba63
4cf282fbdbc37d85c087ecd34d88f457e2e0da6f
ceb3e134330633f08e1a0cf4219b6dbc47e4acf59e0a49d0e47ff96182e89d3e
GET /wp-content/uploads/2022/12/%E5%B9%A3%E5%AE%89LOGO.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/jpeg
content-length: 19532
strict-transport-security: max-age=31536000
last-modified: Wed, 28 Dec 2022 13:01:07 GMT
etag: "63ac3e13-4c4c"
expires: Mon, 09 Jan 2023 18:25:46 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 437
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=77546043474
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=77546043474
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=77546043474 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:45 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash bbfa28f5be353bf8d270a8db6c284821
cbe788791eaf19fe020d45632aee46ae63090462
3f75aed431fb9db997f24eb8cfbb820f8d66210841bcf394def2db0f5494d554
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Dec 2022 09:45:00 GMT
Expires: Fri, 06 Jan 2023 09:44:59 GMT
Etag: "cbe788791eaf19fe020d45632aee46ae63090462"
Cache-Control: max-age=313752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78358a086844b4ff-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash ecf04b721a5142b80b1440993f0d3ea1
d9fb909c63e8aa2c974e94233d34ef5f90767322
40c362816bcaa521b011593d183884163610c9618044d3263d9dd3588100f185
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 31 Dec 2022 08:16:28 GMT
Expires: Sat, 07 Jan 2023 08:16:27 GMT
Etag: "d9fb909c63e8aa2c974e94233d34ef5f90767322"
Cache-Control: max-age=394840,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78358a0779f21c06-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7e7620d9aa0d8271b1ba03d829331de2
0d125961f373a9407bc33aa3791d7e26e033b8ea
8da7bc1e46810c43a431cdbb334d10dae8eaf01dac6bfa55b0ef72d231653a34
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8DA7BC1E46810C43A431CDBB334D10DAE8EAF01DAC6BFA55B0EF72D231653A34"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 03 Jan 2023 00:25:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
static.wixstatic.com/media/08c74d_17598fe2b9f24f218e4aadcf3648f936~mv2.png/v1/fit/w_1000,h_720,al_c,q_80/file.png
34.102.176.152200 OK 1.6 MB URL HTTP/2 static.wixstatic.com/media/08c74d_17598fe2b9f24f218e4aadcf3648f936~mv2.png/v1/fit/w_1000,h_720,al_c,q_80/file.png
IP 34.102.176.152:0
File type PNG image data, 1000 x 562, 8-bit/color RGBA, non-interlaced\012- data
Size 1.6 MB (1649061 bytes)
Hash ad63a9799aa939906515cba209d93d72
631b32801ec365539f31408abc11521227fc443d
f6d5fa3bc05476a7bb9894788535fae58701600e82c3b7ec846943daeca25530
GET /media/08c74d_17598fe2b9f24f218e4aadcf3648f936~mv2.png/v1/fit/w_1000,h_720,al_c,q_80/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.21.4.1
content-length: 1649061
access-control-allow-origin: *
wix-tracer: 2JPgQV0ToxoMlp8BOBozptXRaE2
x-seen-by: image-manipulator-77c4b7b444-v6n5q
timing-allow-origin: *
via: 1.1 google
date: Sun, 25 Dec 2022 16:18:35 GMT
cache-control: public, max-age=15552000, immutable
age: 698831
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecc177007be967bd6d83cecd16a86e86
5a16500affad28126456ad3c4af24195c27598a4
1aa3e4535e74596da1701535698113ea293ad25318577495b8c1909b750702bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1AA3E4535E74596DA1701535698113EA293AD25318577495B8C1909B750702BC"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 03 Jan 2023 00:25:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash bbfa28f5be353bf8d270a8db6c284821
cbe788791eaf19fe020d45632aee46ae63090462
3f75aed431fb9db997f24eb8cfbb820f8d66210841bcf394def2db0f5494d554
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 30 Dec 2022 09:45:00 GMT
Expires: Fri, 06 Jan 2023 09:44:59 GMT
Etag: "cbe788791eaf19fe020d45632aee46ae63090462"
Cache-Control: max-age=313752,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78358a086a03b500-OSL
ad.holmesmind.com/adserver/prebid.json?cb=1672683937738&hb=1&ver=1.21
52.196.193.254200 OK 3.9 kB URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1672683937738&hb=1&ver=1.21
IP 52.196.193.254:0
Hash e0b637a7bdd7ad04e42ecc0900c466f0
d9858836a3738ad6f8569da6e9acc2868efea473
5184212343ffa751fb7f7faaee6d90669d31f5d5ef29ecc54afa9ab62ef345c4
POST /adserver/prebid.json?cb=1672683937738&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 41
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
img.gbyhn.com.tw/2022/12/1672491552-97acf0f11c7f11f8ad0dc0a46bcc66c3-840x525.jpg
104.21.96.9200 OK 122 kB URL HTTP/2 img.gbyhn.com.tw/2022/12/1672491552-97acf0f11c7f11f8ad0dc0a46bcc66c3-840x525.jpg
IP 104.21.96.9:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 840x525, components 3\012- data
Size 122 kB (121613 bytes)
Hash fae42b9fe51c9528c6c00619dc5e20c5
a24e121b025acf6900b36c86dc238adff1bd3f25
947770541b71041422a933b29c3c5cf78537f8f9d5df07c06a38c6c0bc9f7c69
GET /2022/12/1672491552-97acf0f11c7f11f8ad0dc0a46bcc66c3-840x525.jpg HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/jpeg
content-length: 121613
cache-control: public, max-age=604800
expires: Sat, 07 Jan 2023 12:59:50 GMT
last-modified: Sat, 31 Dec 2022 12:59:12 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 191927
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cixjQ0M55QBR4sYf0%2BdQawTa4ncWMNUBtdM7E3PHN58dJcKmfMn%2BqSa5B6ulIrLdDx61PTeKA6kY7NeB%2BSjbVLS4mRXGMLoVKKUugoHpa1jc%2BZ7Zc%2BpIsGZK2yStRcaNNl1k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78358a0a2f82b50c-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e63adc098e0937b1d2f845c278858181
3730915770dcd535ae6160ca3909eb76923c81c0
b96c4769aa530b2f124aee63068f7312341b74dacf08675a4050c34d9de28e6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B96C4769AA530B2F124AEE63068F7312341B74DACF08675A4050C34D9DE28E6E"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17782
Expires: Mon, 02 Jan 2023 23:22:08 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
ad.holmesmind.com/adserver/prebid.json?cb=1672683937727&hb=1&ver=1.21
52.196.193.254200 OK 491 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1672683937727&hb=1&ver=1.21
IP 52.196.193.254:0
Hash 9db3d29f913ac784a978744b4d77029a
571d8a2d589a4826e525560f24af975d697a433f
d1cf12fb7c05761864bc3ab2e2a95213b9e2de2b6b292eb36593188c4756a77a
POST /adserver/prebid.json?cb=1672683937727&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 41
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ecc177007be967bd6d83cecd16a86e86
5a16500affad28126456ad3c4af24195c27598a4
1aa3e4535e74596da1701535698113ea293ad25318577495b8c1909b750702bc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1AA3E4535E74596DA1701535698113EA293AD25318577495B8C1909B750702BC"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 03 Jan 2023 00:25:46 GMT
Date: Mon, 02 Jan 2023 18:25:46 GMT
Connection: keep-alive
www.rayskyinvest.com/wp-content/uploads/2022/12/%E5%B0%81%E9%9D%A2%E5%9C%96%E8%A8%AD%E8%A8%88%EF%BC%9AGate.io-%E5%B9%B3%E5%8F%B0%E5%B9%A3-GT-%E4%BB%8B%E7%B4%B9%EF%BC%9A%E6%8C%81%E6%9C%89%E7%8D%8E%E5%8B%B5%E3%80%81VIP-%E7%AD%89%E7%B4%9A%E8%88%87%E6%8A%95%E8%B3%87%E6%87%89%E7%94%A8-2-750x375.png
35.197.227.153200 OK 444 kB URL HTTP/2 www.rayskyinvest.com/wp-content/uploads/2022/12/%E5%B0%81%E9%9D%A2%E5%9C%96%E8%A8%AD%E8%A8%88%EF%BC%9AGate.io-%E5%B9%B3%E5%8F%B0%E5%B9%A3-GT-%E4%BB%8B%E7%B4%B9%EF%BC%9A%E6%8C%81%E6%9C%89%E7%8D%8E%E5%8B%B5%E3%80%81VIP-%E7%AD%89%E7%B4%9A%E8%88%87%E6%8A%95%E8%B3%87%E6%87%89%E7%94%A8-2-750x375.png
IP 35.197.227.153:0
File type PNG image data, 750 x 375, 8-bit/color RGBA, non-interlaced\012- data
Size 444 kB (443995 bytes)
Hash 617064bdaefffd281152473c64321368
ac5c51663f6677ebf32fd40c0b05a30f3833651f
0c960f85b00c609867b4f030629a07ecf25b39b19f333422b84a3c29c235416f
GET /wp-content/uploads/2022/12/%E5%B0%81%E9%9D%A2%E5%9C%96%E8%A8%AD%E8%A8%88%EF%BC%9AGate.io-%E5%B9%B3%E5%8F%B0%E5%B9%A3-GT-%E4%BB%8B%E7%B4%B9%EF%BC%9A%E6%8C%81%E6%9C%89%E7%8D%8E%E5%8B%B5%E3%80%81VIP-%E7%AD%89%E7%B4%9A%E8%88%87%E6%8A%95%E8%B3%87%E6%87%89%E7%94%A8-2-750x375.png HTTP/1.1
Host: www.rayskyinvest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: image/png
content-length: 443995
last-modified: Sat, 31 Dec 2022 10:34:42 GMT
etag: "63b01042-6c65b"
expires: Sun, 31 Dec 2023 18:15:14 GMT
cache-control: max-age=31536000
x-cdn-c: static
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=970&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=300&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=300&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FxgmXr1&host=reurl.cc&xr=0&w=300&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
scontent-lhr8-1.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=k2znkadIcbkAX8ff6y1&_nc_ht=scontent-lhr8-1.xx&oh=00_AfB25Txo6nBptN5lgtzrYgq8qUVTgMfyf-KFkloGP9bPAg&oe=63B75E55
157.240.221.16200 OK 1.3 kB URL HTTP/2 scontent-lhr8-1.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=k2znkadIcbkAX8ff6y1&_nc_ht=scontent-lhr8-1.xx&oh=00_AfB25Txo6nBptN5lgtzrYgq8qUVTgMfyf-KFkloGP9bPAg&oe=63B75E55
IP 157.240.221.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 2bd9f1e3cdd6f434f665ca96d5447e16
897e849a303184615443c52a6bfdc0846d9dd2d5
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
GET /v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=k2znkadIcbkAX8ff6y1&_nc_ht=scontent-lhr8-1.xx&oh=00_AfB25Txo6nBptN5lgtzrYgq8qUVTgMfyf-KFkloGP9bPAg&oe=63B75E55 HTTP/1.1
Host: scontent-lhr8-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 08 Sep 2022 19:16:03 GMT
x-haystack-needlechecksum: 760809244
x-needle-checksum: 88386505
content-type: image/jpeg
content-digest: adler32=2540016234
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
content-length: 1345
x-fb-trip-id: 1679558926
date: Mon, 02 Jan 2023 18:25:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-lhr8-1.xx.fbcdn.net/v/t39.10873-6/30515262_2063886733859433_4326262631036878848_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=a86453&_nc_ohc=Pr9XP3f5BxAAX8Q9fOD&_nc_ht=scontent-lhr8-1.xx&oh=00_AfAovTQbsxQfyIXw1zb2tKZ1o282IN1gmF6ZQulEkdKMkQ&oe=63B8F437
157.240.221.16200 OK 8.2 kB URL HTTP/2 scontent-lhr8-1.xx.fbcdn.net/v/t39.10873-6/30515262_2063886733859433_4326262631036878848_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=a86453&_nc_ohc=Pr9XP3f5BxAAX8Q9fOD&_nc_ht=scontent-lhr8-1.xx&oh=00_AfAovTQbsxQfyIXw1zb2tKZ1o282IN1gmF6ZQulEkdKMkQ&oe=63B8F437
IP 157.240.221.16:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 375x260, components 3\012- data
Hash c0dd2acf5eb0c7fe6b526f3fa8c0f8dc
6c6712d8e2480f4e6c52e23ad87deb7e5a522966
060fffb7839de812e979bef5d8bc55164bce3d7cd1724f1ad88d0e79b7436807
GET /v/t39.10873-6/30515262_2063886733859433_4326262631036878848_n.jpg?_nc_cat=1&ccb=1-7&_nc_sid=a86453&_nc_ohc=Pr9XP3f5BxAAX8Q9fOD&_nc_ht=scontent-lhr8-1.xx&oh=00_AfAovTQbsxQfyIXw1zb2tKZ1o282IN1gmF6ZQulEkdKMkQ&oe=63B8F437 HTTP/1.1
Host: scontent-lhr8-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Wed, 25 Apr 2018 00:41:36 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 2037122957
x-needle-checksum: 2698313803
content-digest: adler32=2698313803
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
content-length: 8196
x-fb-trip-id: 1679558926
date: Mon, 02 Jan 2023 18:25:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=bvmLbNdWBlG0JZ1cqiGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=bvmLbNdWBlG0JZ1cqiGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:46 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=rarBlTLvAPCFd5GQqiGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=rarBlTLvAPCFd5GQqiGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:46 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=402&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
52.196.193.254200 OK 805 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=402&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
IP 52.196.193.254:0
File type HTML document, ASCII text, with very long lines (893)
Hash 166da6876c1c3473c019e6b51e5e7aa6
52048b5bc45971fd70f5653fe11b01a896364cac
f66377c22c316671a05d108007df5b70c72fcd0bd1a7254ec00c08491fb500d1
GET /adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=402&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=UJKJLtdDB0eplvz9qiGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=UJKJLtdDB0eplvz9qiGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:46 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.9576665104979608
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.9576665104979608
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17229&cb=0.9576665104979608 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=jgfocyzyhvus0m50j33gnopc; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=jgfocyzyhvus0m50j33gnopc; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CJA20230103022546904489; domain=scupio.com; expires=Sun, 02-Jan-2028 18:25:46 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 02 Jan 2023 18:25:46 GMT
Content-Length: 0
adcdn.holmesmind.com/adserver/Preset.js?z=14210
143.204.55.102200 OK 378 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=14210
IP 143.204.55.102:0
File type ASCII text, with very long lines (933), with no line terminators
Hash 5ded3532d44eb7684accca91e6cabc11
f21c57012fdfae106a8f2791fd61fbd50e7bfa62
93cce7034a6b2aacd3d16c06d77da5b45aba4df9bc838ab8976b93340279c0fe
GET /adserver/Preset.js?z=14210 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 18:15:55 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mH8BkpB2p99j2WivuWoZdkO2R4CWOZEwQvmfalIFNTYiCn6BWPSZ9w==
age: 590
X-Firefox-Spdy: h2
b9582f59-8176-4a7f-b456-793b44699e77.t.ssp.hinet.net/pixel?bd=b9582f59-8176-4a7f-b456-793b44699e77&t=a546ca&referrer=%25%25%20referrer%20%25%25
203.75.214.136200 OK 0 B URL HTTP/2 b9582f59-8176-4a7f-b456-793b44699e77.t.ssp.hinet.net/pixel?bd=b9582f59-8176-4a7f-b456-793b44699e77&t=a546ca&referrer=%25%25%20referrer%20%25%25
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=b9582f59-8176-4a7f-b456-793b44699e77&t=a546ca&referrer=%25%25%20referrer%20%25%25 HTTP/1.1
Host: b9582f59-8176-4a7f-b456-793b44699e77.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash 4f5436cd1f34daae866d0ff7ff2cc852
7f0383a94dc4fc54ed344b632a3a3f8df12a526b
1d92c4407cda4d637d9339bc07880ed6ff5f26ce99a4271242eafff8886c27f0
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:42 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
t.ssp.hinet.net/
203.75.214.136200 OK 1.8 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 11e4d9a66f9ce2e70ccf5c237e04ec33
85c19a4b585971f22f0db519b696b9e13f26f71f
d57d7de22a6a40077f88581b091db0fec9cc66d50eaf003e8a28dea033244e9f
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=990118ad-fcab-4a6b-831e-f03a4c0549c1; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash 4f5436cd1f34daae866d0ff7ff2cc852
7f0383a94dc4fc54ed344b632a3a3f8df12a526b
1d92c4407cda4d637d9339bc07880ed6ff5f26ce99a4271242eafff8886c27f0
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:42 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash 4f5436cd1f34daae866d0ff7ff2cc852
7f0383a94dc4fc54ed344b632a3a3f8df12a526b
1d92c4407cda4d637d9339bc07880ed6ff5f26ce99a4271242eafff8886c27f0
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:42 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash 4f5436cd1f34daae866d0ff7ff2cc852
7f0383a94dc4fc54ed344b632a3a3f8df12a526b
1d92c4407cda4d637d9339bc07880ed6ff5f26ce99a4271242eafff8886c27f0
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:42 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
scontent-lhr8-1.xx.fbcdn.net/v/t39.30808-6/323137017_3400568556887057_634424668671727472_n.jpg?stp=dst-jpg_p160x160&_nc_cat=103&ccb=1-7&_nc_sid=8024bb&_nc_ohc=grFO2urMcMsAX-KZN1f&_nc_ht=scontent-lhr8-1.xx&oh=00_AfBAzIL00j1FuEi-piH-wrqIoc2ZFxKfbHcgiL1p4u9gdQ&oe=63B7C60B
157.240.221.16200 OK 12 kB URL HTTP/2 scontent-lhr8-1.xx.fbcdn.net/v/t39.30808-6/323137017_3400568556887057_634424668671727472_n.jpg?stp=dst-jpg_p160x160&_nc_cat=103&ccb=1-7&_nc_sid=8024bb&_nc_ohc=grFO2urMcMsAX-KZN1f&_nc_ht=scontent-lhr8-1.xx&oh=00_AfBAzIL00j1FuEi-piH-wrqIoc2ZFxKfbHcgiL1p4u9gdQ&oe=63B7C60B
IP 157.240.221.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 324x160, components 3\012- data
Hash 13b364d9ef358ccf82c6a643566eb0a2
2788dd41d7373ed643db2ef87bed62cd2bfd12b6
e68596db9395e592060f644f74614d87ffb930335bf17d8ace0f906ca0a2383d
GET /v/t39.30808-6/323137017_3400568556887057_634424668671727472_n.jpg?stp=dst-jpg_p160x160&_nc_cat=103&ccb=1-7&_nc_sid=8024bb&_nc_ohc=grFO2urMcMsAX-KZN1f&_nc_ht=scontent-lhr8-1.xx&oh=00_AfBAzIL00j1FuEi-piH-wrqIoc2ZFxKfbHcgiL1p4u9gdQ&oe=63B7C60B HTTP/1.1
Host: scontent-lhr8-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 01 Jan 2023 11:49:05 GMT
x-haystack-needlechecksum: 8640490
x-needle-checksum: 2448634827
content-type: image/jpeg
content-digest: adler32=4270506394
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
content-length: 12316
x-fb-trip-id: 1679558926
date: Mon, 02 Jan 2023 18:25:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/drawV2.js
54.230.111.38200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/drawV2.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (5112), with CRLF line terminators
Hash 84d8b1a745228113e60f5e62f0eff6d3
10cd995dbb7293ca49d9bdd93145bf12cb89bdac
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
GET /js/drawV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10359
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 02 Jan 2023 18:25:48 GMT
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: RefreshHit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IrQyY2UAWBgPQODukwm8RNsMOojFfdFy77rRUmsf7fUyz2npFNKvZw==
X-Firefox-Spdy: h2
scontent-lhr8-2.xx.fbcdn.net/v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=105&ccb=1-7&_nc_sid=8024bb&_nc_ohc=pm2DP33jcv0AX8ZYxkB&_nc_ht=scontent-lhr8-2.xx&oh=00_AfCxoiei42XFMtqtDBDgxCOYq0FKsD42f0j4TFG3-ECvVg&oe=63B8742F
157.240.214.11200 OK 25 kB URL HTTP/2 scontent-lhr8-2.xx.fbcdn.net/v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=105&ccb=1-7&_nc_sid=8024bb&_nc_ohc=pm2DP33jcv0AX8ZYxkB&_nc_ht=scontent-lhr8-2.xx&oh=00_AfCxoiei42XFMtqtDBDgxCOYq0FKsD42f0j4TFG3-ECvVg&oe=63B8742F
IP 157.240.214.11:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x350, components 3\012- data
Hash 3b7be0ae88efca6e1768192c0f09118e
16e3b4d79cfd5bd5a6175ff5110db4eb217f96bf
994e77b9ea84983465f70541f9bb11bdb7261e4ff7e7fe2d9b7a071c96f62e5c
GET /v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=105&ccb=1-7&_nc_sid=8024bb&_nc_ohc=pm2DP33jcv0AX8ZYxkB&_nc_ht=scontent-lhr8-2.xx&oh=00_AfCxoiei42XFMtqtDBDgxCOYq0FKsD42f0j4TFG3-ECvVg&oe=63B8742F HTTP/1.1
Host: scontent-lhr8-2.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 03 Dec 2022 16:57:36 GMT
x-haystack-needlechecksum: 3260002693
x-needle-checksum: 3807705429
content-type: image/jpeg
content-digest: adler32=3857915714
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
content-length: 24678
x-fb-trip-id: 1679558926
date: Mon, 02 Jan 2023 18:25:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.scupio.com/img/2011_gym/300x250.png
143.204.55.37200 OK 48 kB URL HTTP/2 img.scupio.com/img/2011_gym/300x250.png
IP 143.204.55.37:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c3510046694eefff341c5f6b8993d3a
81e58c928d85e4f9f4eb124d5ee382c4d5501c56
7684143ee568b9ce13d69133030aa4077efd37eb289bac09d70ba9364f2ae93e
GET /img/2011_gym/300x250.png HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48374
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:25:47 GMT
expires: Tue, 02 Jan 2024 18:23:28 GMT
cache-control: max-age=31536000
etag: "607cf99c-bcf6"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Y7LuZ7BOiaGmHiLQLbig_LxiPSOZxeBagwOkatVMpF1_jgd6tmqdkg==
age: 139
vary: Origin
X-Firefox-Spdy: h2
img.scupio.com/img/padding/970x250.jpg
143.204.55.37200 OK 48 kB URL HTTP/2 img.scupio.com/img/padding/970x250.jpg
IP 143.204.55.37:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=8, height=0, bps=8, xresolution=110, yresolution=118, resolutionunit=2, width=0], baseline, precision 8, 970x250, components 3\012- data
Hash a06621da052a3d68d5224335607b7be9
5f4bdcbe8daca4c030c20d0a32ac76c037c162d8
1219005b1ac715570be263a42b98d63280456e8fc7fcdfdf704536cfe5f9e9b2
GET /img/padding/970x250.jpg HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 47545
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Mon, 02 Jan 2023 18:25:47 GMT
expires: Tue, 02 Jan 2024 18:06:15 GMT
cache-control: max-age=31536000
etag: "607cf99c-b9b9"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ga--khOrjjTyYJnPQz-HH6mY588gh50X_j4lkYzxpJnaj6PmGAR7WA==
age: 1172
vary: Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%
203.75.214.136200 OK 314 B URL HTTP/2 t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 042cb25424fc0b8bd648e3faf1e07118
3779a95dc3af5617fa2a407df7965fc8b33b756b
8ce8d7a12c0a8a2c037242d11274bec9a17dc6618747910795d11c7e01a4caf3
GET /cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%% HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
143.204.55.37200 OK 125 kB URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP 143.204.55.37:0
Size 125 kB (125199 bytes)
Hash ea1f5cb41918576a17a129905e3eb4d6
4bd1737e760a70703f128dc75bf9cc8b8e24f13e
9ba8558d26edd0c7c958ae9cea388873c9b2e968b15031fa00991b8163d353ef
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Mon, 02 Jan 2023 18:25:45 GMT
expires: Wed, 01 Feb 2023 18:25:37 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: M9eBW6DR5qxexnOM1Dhx2TIobPVRxBlLNwH_lxBAPC9mX9TRv5aZNg==
age: 8
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 391
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Mon, 02 Jan 2023 18:25:47 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=d1449065-f42e-4cc3-91fe-3894b7418c17; Max-Age=864000; Path=/; SameSite=lax
uuid=d1449065-f42e-4cc3-91fe-3894b7418c17; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 391
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Mon, 02 Jan 2023 18:25:47 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=4fe02eb3-1351-4bc3-9969-a06f19e879f5; Max-Age=864000; Path=/; SameSite=lax
uuid=4fe02eb3-1351-4bc3-9969-a06f19e879f5; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 392
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Mon, 02 Jan 2023 18:25:47 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=47f9baf7-6966-4a46-9d9a-576d1d0a0088; Max-Age=864000; Path=/; SameSite=lax
uuid=47f9baf7-6966-4a46-9d9a-576d1d0a0088; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=fcayJLb5DJGFxGIzqyGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=fcayJLb5DJGFxGIzqyGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:47 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=-F0ykWgHDFmsd6JhqyGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=-F0ykWgHDFmsd6JhqyGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:47 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.7090211271401821
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.7090211271401821
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.7090211271401821 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 02 Jan 2023 18:25:47 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.943459699806957
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.943459699806957
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.943459699806957 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 02 Jan 2023 18:25:47 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.6595192505271803
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.6595192505271803
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6595192505271803 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 02 Jan 2023 18:25:47 GMT
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.117.js
178.250.2.130200 OK 58 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.117.js
IP 178.250.2.130:0
File type HTML document, ASCII text, with very long lines (65354)
Hash f1f507f7f6bf05dbfb7c56765ce2dddd
f18ecae804b4b7f6904f4e1cadfe3584da3ffa3e
0f4bf552b56cf566a70526af0b82820d8f6059a30d7b47280dea6d74ab4c9a7f
GET /js/ld/publishertag.prebid.117.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: text/javascript
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
etag: W/"61cc54f6-15c19"
expires: Tue, 03 Jan 2023 18:25:47 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=184&cb=66989609414
178.250.0.165200 OK 165 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=184&cb=66989609414
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ffb20ef31dc2df473e8301b6c0f4673e
8880ef5216514099d18dfc809f34447fff41f5b8
08a740168af790a12fa3ffd2673e6507c1be81b4646589b7e923a6a0962193b3
POST /cdb?ptv=132&profileId=184&cb=66989609414 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 165
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 30 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
File type ASCII text, with very long lines (65354)
Hash 49422765e31d4ac76b0c729a10a7c6f3
e34908f74a39cb20b7cea3ced6146ce9f2fb07e4
93d681dc5d4408ff0dd4295b3d92198a65e16ea8d790757a900439cd6f27f4c7
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Tue, 03 Jan 2023 18:25:47 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e54beb09fb9e5929791e1fc618ef53a7
b62c274020cf28098b12cc533a18c0e8730a7ced
2fccbc09b726507436abbc41dd85e3fccf0f3ecb2e5c02ac458f713a17289795
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c9e66de9ceb695d9cd970f5e4f87dd29
ab77184c5cbf5cca2311e01c909fd478869ed157
3dff3f5dd16b0fdd3c884f58e9c3980a227b8b5c050027d3eab996ea78a22f9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2985
Cache-Control: max-age=158428
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Etag: "63b2dddf-139"
Expires: Wed, 04 Jan 2023 14:26:16 GMT
Last-Modified: Mon, 02 Jan 2023 13:36:31 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
static.criteo.net/js/ld/publishertag.js
178.250.2.130200 OK 41 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.2.130:0
Hash 10d7d4cbee184a1a626a52abb2a5c089
7a387ee2e5a19fd30f4af2c3a62b917a8fd1ba8a
689a0b8efa1296db319716d040316778a5f17a15d7135690ac7c8ca6207058b4
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Tue, 03 Jan 2023 18:25:47 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/show_ads.js
172.217.21.162200 OK 34 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP 172.217.21.162:0
File type ASCII text, with very long lines (3583)
Hash 55377c8d5e18f8f53813495190cba188
cdf05ffb5a39ad7a820f57f5a9e376b436fb3e01
aa6702f91b25a8462eb82d308301ea296891ac5bac19736cfdb082afdbe20bf5
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 02 Jan 2023 18:25:48 GMT
expires: Mon, 02 Jan 2023 18:25:48 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 5684267285580131214
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 34204
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c9e66de9ceb695d9cd970f5e4f87dd29
ab77184c5cbf5cca2311e01c909fd478869ed157
3dff3f5dd16b0fdd3c884f58e9c3980a227b8b5c050027d3eab996ea78a22f9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2985
Cache-Control: max-age=158428
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Etag: "63b2dddf-139"
Expires: Wed, 04 Jan 2023 14:26:16 GMT
Last-Modified: Mon, 02 Jan 2023 13:36:31 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 1e5f6648bcc9672534190ad860337cd3
4b9ca785426f186dac74190817c4f9e29fd32b15
a173bf0dd0123f3a57dd6fc9a8da5c0ff657eefe1a58baca9afe5b8bff162613
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2148
Cache-Control: max-age=124514
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Etag: "63b25caa-13a"
Expires: Wed, 04 Jan 2023 05:01:02 GMT
Last-Modified: Mon, 02 Jan 2023 04:25:14 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 1e5f6648bcc9672534190ad860337cd3
4b9ca785426f186dac74190817c4f9e29fd32b15
a173bf0dd0123f3a57dd6fc9a8da5c0ff657eefe1a58baca9afe5b8bff162613
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2089
Cache-Control: max-age=124455
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Etag: "63b25caa-13a"
Expires: Wed, 04 Jan 2023 05:00:03 GMT
Last-Modified: Mon, 02 Jan 2023 04:25:14 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=FiI0YV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czBqdiUyQlFFM3p3bmFsODVMZnZwdFVLZWQ5Wmh4Tms2bGVDNEJ6SW1pQ0djdA; expires=Sat, 27 Jan 2024 18:25:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 260124
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f2aca84763e956a352b0948daeb7007f
227d89c6d52b9c506b3e794a2d61d0253f1bc64e
ca6ad03c1367bff73af9cee0dfa2ee66a44b02bd776345717029718508177d5c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=hBmv9l80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnNqVGJCMzglMkJqR0k5TEU1RVl5ZlFZN2YxV01TUENzTllJRGVJOThCb3Fu; expires=Sat, 27 Jan 2024 18:25:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 212359
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=451&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
52.196.193.254200 OK 20 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=451&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
IP 52.196.193.254:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=451&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31071250
172.217.21.162200 OK 120 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31071250
IP 172.217.21.162:0
File type ASCII text, with very long lines (5821)
Size 120 kB (120013 bytes)
Hash e51a5e6e2fb16c70c275f8bee8269b20
612c63ffb83c846ed7326df21f99f815467e4d45
b6861a42cf22dc9ee90dde1d8148d443c18f91b6f5da492e294a82b43b186f1a
GET /pagead/managed/js/adsense/m202212060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4485239425924787&plah=reurl.cc&bust=31071250 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 02 Jan 2023 18:25:48 GMT
expires: Mon, 02 Jan 2023 18:25:48 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 241493070608618335
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 120013
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=798&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
52.196.193.254200 OK 873 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=798&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
IP 52.196.193.254:0
File type HTML document, ASCII text, with very long lines (986)
Hash 054b7a1abf04ad15496fedf565d33365
e6a6d522588447e772b3fdb7fd900b347085606f
343b61cf171e8c35839488ad8b54ed58c6b15dbeefbe14604bd5003e39a4f68a
GET /adserver/ads.js?z=14210&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=798&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.225200 OK 437 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.225:0
Hash 26c67acc8c29013334589460adc5b0ab
21b3bbc927aae551e7499fe7c5fa3b4c6fb20e9d
10268bd5f0097893d110288ea9a7a0b0bca3247ea14b93c55713bbe86dcb4ea1
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 85350
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_tc=
142.250.74.98302 Found 316 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_tc=
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 29632dd3115d2e17c6ea6abc57b2d233
e2e225d82fe808bd8d2df223b1334be27b4eed81
3ed131a9e9d1c87525a5459a8502d138ac9e84b96f5178015b1446bf5e2ac483
GET /pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://m.holmesmind.com/ml/google?cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_error=3
date: Mon, 02 Jan 2023 18:25:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 428
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Mon, 02 Jan 2023 18:25:48 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
prebid.scupio.com/recweb/prebid.aspx?cb=0.0983935861124543
210.59.219.181204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.0983935861124543
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.0983935861124543 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 02 Jan 2023 18:25:48 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 62ea4b9d19009c517d6c76c845859862
96a2b7376f029ac6ab582413b74774d672c1b259
9735d6908598b6efe9098a2cd653b401fee121bd8afe1228e42d3964b73ee826
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d9adcfc6fef23f07c7487a3ef7e1d0db
e6ab36c6e98e994f9d9a730d2a7cd060918cb6cc
6ddf09915b30d676e4f59e32a815e7693f8114473f98637f62e1e0a65a80707e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
178.250.2.146200 OK 5.3 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
IP 178.250.2.146:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 58d9d810ed5d0c5f4b45b635aad75c25
94f3b0199a198f9c870a837496821f6bbd9bf28e
ed5c915bcc7f570a328a76115186c534a6e80d64d7597656a7ee64699266c744
GET /syncframe?origin=publishertag&topUrl=reurl.cc HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=2637a416-014d-4cf2-97de-a5005ecbb2ec; expires=Sat, 27 Jan 2024 18:25:47 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 602256
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 02 Jan 2023 18:25:48 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:47 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 308
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:48 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 62ea4b9d19009c517d6c76c845859862
96a2b7376f029ac6ab582413b74774d672c1b259
9735d6908598b6efe9098a2cd653b401fee121bd8afe1228e42d3964b73ee826
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/csm/events
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 02 Jan 2023 18:25:47 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 606fcf39141ef88b306e57d4e668a4a7
44beb9bacadce23c8840f7aaf7684e3ca51b8f24
70590f19e047aa25431a481210a260e9a57a103f6686954b0bdbd93bf9350863
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e06f41c0e763a4376a360c7633b672b6
e3d7c2c83ca9b1440fc18a17131da38273d912d8
1e0f9f4316e633eb2a1b8b08603040331a033c729335a75c58528d5d6ab18ae2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
216.58.207.194200 OK 251 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
IP 216.58.207.194:0
File type ASCII text, with very long lines (383), with no line terminators
Hash 1ac90ffa62b357053e627d2c9d227b0b
7bee8d276851b1e5d08d7e5e797a7d9830decd67
f5fcec2217cc61600f5fc50ee6de70bc86bd236d1ec5d0a3c692ea7ccafbfb25
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 02 Jan 2023 18:25:48 GMT
server: cafe
cache-control: private
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e06f41c0e763a4376a360c7633b672b6
e3d7c2c83ca9b1440fc18a17131da38273d912d8
1e0f9f4316e633eb2a1b8b08603040331a033c729335a75c58528d5d6ab18ae2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.scupio.com/js/adsbyscupio.js?v=1.0.2
143.204.55.37200 OK 3.5 kB URL HTTP/2 img.scupio.com/js/adsbyscupio.js?v=1.0.2
IP 143.204.55.37:0
File type ASCII text, with very long lines (4522), with CRLF, LF line terminators
Hash 6405315e663da0a74ba2e887e58fafbb
40995ea6b7dabf901e5172be1f16f4fcdbfacb04
348ac06b1fc442dc56d192d5af645162aaacd03eedaf79d6321a36f62966b592
GET /js/adsbyscupio.js?v=1.0.2 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
content-encoding: gzip
date: Mon, 02 Jan 2023 18:25:47 GMT
expires: Mon, 02 Jan 2023 21:25:25 GMT
cache-control: max-age=10800
etag: W/"607cf957-11ab"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iLorL6rR5UtI-CoRsqPueaqd_8OGw7SWSVFPvY5nSpgdd_wmn_XZYA==
age: 22
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.40155180219711184
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.40155180219711184
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 8df0768b509fc7c9965eccae750622ed
066e894d5cd63c3f582e763aafae52076213ff40
a0a6e5e3e68a6cf678c7039bbcdba469804227238a0f10b568366086111377ff
POST /adpinline/bidinfo.aspx?cb=0.40155180219711184 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 921
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=5ptivjcxl5qlednx5cilgbxw; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=5ptivjcxl5qlednx5cilgbxw; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CMA20230103022548332871; domain=scupio.com; expires=Sun, 02-Jan-2028 18:25:48 GMT; path=/; secure; SameSite=None
gx=H4sIACySs2MA%2fxNmYGDg4uaYt%2bXH3Zn7tlkLsAqxcNgLMAEAajc9TRcAAAA%3d; domain=scupio.com; expires=Tue, 02-Jan-2024 18:25:48 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Mon, 09-Jan-2023 18:25:48 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 02 Jan 2023 18:25:48 GMT
Content-Length: 1479
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:48 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=fHe4k12YChGqlIePrCGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=fHe4k12YChGqlIePrCGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:48 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:48 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=_XPV-bZfBeGgqbtVrCGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=_XPV-bZfBeGgqbtVrCGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:48 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.58.205307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.58.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 02 Jan 2023 18:25:48 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=xYS9g1ZCBKG-ihKVrCGzYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=xYS9g1ZCBKG-ihKVrCGzYw; Path=/; Domain=c.appier.net; Expires=Tue, 02 Jan 2024 18:25:48 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 177 B IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 684dd21cf6ae3dc75ff5cc6dfb737b99
ca178129be354b31540d18f0a10810ab05cfad98
1024c1c1134540ed304066bcd17c375bfa28b1ff9ed1431d148b9fd9c5fc9775
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=RuWkb180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmppejglMkJxNjZoUWExdmV6a25kWU1EOA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=gnbA6V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmdlektqR0x3TEMyJTJCWG1wTjBFRXk4SQ; expires=Sat, 27 Jan 2024 18:25:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 247763
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=b9582f59-8176-4a7f-b456-793b44699e77
203.75.214.136200 OK 16 kB URL HTTP/2 t.ssp.hinet.net/emome2?u=b9582f59-8176-4a7f-b456-793b44699e77
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash a28632b80b631fd7549ef028922bc431
250f1ccd9711405e0b8df8244b9013f1df5576dd
c5c7c3597ff0e3f4c5c632e1cb0bbac88c7ae885f9291373c7501c17ca1d76a7
GET /emome2?u=b9582f59-8176-4a7f-b456-793b44699e77 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/html/ls.html
143.204.55.37200 OK 678 B URL HTTP/2 img.scupio.com/html/ls.html
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1165)
Hash 75c270ef4cc4c772806c79ba7d2d9dcf
79ec54dc64597a0ab220e1896cc510a1a67e5b85
fca44230ebede6e914636e76cd638afc5a6dbf2625ab9a39f1716286c586aa09
GET /html/ls.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Mon, 02 Jan 2023 17:49:02 GMT
expires: Mon, 09 Jan 2023 17:45:37 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DTqK-JmZ20naCAQIZ0Fe_1i1cuQ7ueGUnVdyj_zV3PJI1y25hcTBbg==
age: 2411
vary: Origin
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
104.85.187.217301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
IP 104.85.187.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
date: Mon, 02 Jan 2023 18:25:48 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4362ff74c4daf36c9a591cdb2384c7f3
4ac143159aac7447b18322cc4d85e45c32888d61
ee2f1448be2a02ce34b77bcd66c0f0b91d6e688284f7d9b43f7b6a8f7162ab47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d3c30dffa2bba8e499786c8bc4884d07
b9787fdc0a130f20be7c50b3b8f2543ffc2eaabe
3a7eed1de0402a9054ac59a972d4b9dc803bf36dff881a3e180ea8dfddfc0ec6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gem.gbc.criteo.com/newidsd
185.235.84.75200 OK 9.8 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.75:0
Hash 89e8febbcd8f108c6a648e433c83c5af
c732dece74c627694fb25a8233f9c29e71fa6cb2
b46a6e7c89721bffb1e230591ebb8782c5bb5b821b952201cf5a31bd83112c4b
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 95352
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
216.58.211.1200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.211.1:0
File type ASCII text, with very long lines (1542)
Hash 6f59900fa87e133bae329372aebefe36
260937d2934233c07b112f3564ec9eca7b529fd7
156c12ec7d6973b5742504716567b70740dd66bee9cc0e1a1608df56e77011fd
GET /pagead/js/r20221207/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7480
x-xss-protection: 0
date: Sun, 01 Jan 2023 22:01:24 GMT
expires: Sun, 15 Jan 2023 22:01:24 GMT
cache-control: public, max-age=1209600
age: 73465
etag: 15631949847000551034
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18728)
Hash e96f0320f6e13599daad627ed1f696ee
0775ee72e95bd80cd0230507713bfdb19986440e
ec4693cfc01750410c9a9b341e9aa7ad6213271b57f237ce16bbc781f8a74493
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 02 Jan 2023 07:27:15 GMT
Content-Encoding: gzip
Content-Length: 10066
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=46839
Expires: Tue, 03 Jan 2023 07:26:28 GMT
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: keep-alive
Vary: Accept-Encoding
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.8371096607135581
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.8371096607135581
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 835bab67acad8d30ff54cca1ce4b8670
63374042b782071c047e02282dbabc893720f317
554262070066122ee535d7df985aa29ab0d0ed9725d360525d72b5ccc2ab3ff6
GET /ssp/initid.aspx?mode=L&cb=0.8371096607135581 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=b4mhgvthggflklkuwkrf3lmo; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Jan 2023 18:25:48 GMT
Content-Length: 160
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.35200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.35:0
File type C++ source, ASCII text, with very long lines (1833)
Hash d423039334318b32567d199ce1d9238e
e9ecb9be252647406e9ac7d57645beb00f22a8f1
4ea40f24181f3b9df05fd0b365a5a679de8ab34489f81127420075a618b297e1
GET /mysidia/5abbe811e7745ada511aeaa994a13f9f.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 14213
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 31 Dec 2022 16:20:25 GMT
expires: Fri, 31 Mar 2023 16:20:25 GMT
cache-control: public, max-age=7776000
age: 180324
last-modified: Thu, 08 Dec 2022 23:34:55 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.34272734136297056
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.34272734136297056
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 3dbc96141827f6710a5bf8e21a96227c
9186f3e3c7dbc67832482a677bdeeb913c95d03a
7de012aa51858a43e26a779c5709028d48c7aff5f6738383571a9aad61371fc2
GET /ssp/initid.aspx?mode=L&cb=0.34272734136297056 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=oo3mquvpunwdiwtcr0tgcw1w; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Jan 2023 18:25:48 GMT
Content-Length: 160
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548715363
192.96.203.13302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548715363
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548715363 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=d46fa354-9b29-31c8-bcbc-9af747ba5c72; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:49 GMT; Secure; SameSite=None
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 111
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: close
fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
216.58.207.227200 OK 28 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 28288, version 1.0\012- data
Hash 53b5e785dfdca21fa7adf7119fa1f8cc
a3a86dfd216ad29183ba5493ae39d45b62f9d8b8
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
GET /s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28288
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Dec 2022 20:35:00 GMT
expires: Thu, 28 Dec 2023 20:35:00 GMT
cache-control: public, max-age=31536000
age: 424249
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 881a0e572ff718f9bed0c76ab3d03426
d1dbff4067cd4a9b069cef0fb1a2118dd50c92c5
329fb6eb905b8c5f40d9a36c4f3b953d6555f3f621e43f1c83133a632a1d6334
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
178.250.2.146200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
IP 178.250.2.146:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 336d3e015f987a65d205999a49be4805
57a3f572cd89347b5ead196670776134f1f0f69e
9621f1cc5441ed0d364b0fb9986a8c6742af2c5c356e6e4edb432728fe319ff3
GET /syncframe?origin=publishertag&topUrl=reurl.cc HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=44d00aa0-6180-4227-b613-ef9c62c6066a; expires=Sat, 27 Jan 2024 18:25:47 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 764391
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700
IP 142.250.74.106:0
Hash 70db3e0e0bd6b14b243a2e202595c7e5
7c35bc13c69dedda69a29be5be2dee4fe776e7cd
a77c4eaebebf4c5383cda52890aba0917f3f605053f682a6b92ac5b3a16817ef
GET /css?family=Google%20Sans%3A400%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 02 Jan 2023 18:25:49 GMT
date: Mon, 02 Jan 2023 18:25:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/drt/ui
142.250.74.132302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.132:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 02 Jan 2023 18:25:49 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548332871
192.96.203.13302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548332871
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CMA20230103022548332871 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=d46fa354-9b29-31c8-bcbc-9af747ba5c72; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:49 GMT; Secure; SameSite=None
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 111
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: close
bidder.criteo.com/cdb?ptv=132&profileId=184&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&cb=86693685435
178.250.0.165200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=184&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&cb=86693685435
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 58a0ac75599028ec38451dcbfb391ec0
bad656dd7f85b76128afdb63051178cc1b8ff010
3da62fdbb335c4c200edde3cfed9badf4fdcd481365ae42d09fc98a66611d2e9
POST /cdb?ptv=132&profileId=184&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&cb=86693685435 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1101e790155151825b0e2280f101cb46
5328eb876f4f45574954ef948dd5072cf909e4a8
aa7dd247145c4566fb5f4d4c4f678c050701b0a7b5c5c0fa0bdea539fc858959
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2843
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Last-Modified: Mon, 02 Jan 2023 17:38:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash d8d7ed75692690703133d26e3c8ef9f5
344c555f2648bb1f33f3b4043745f463a92e69d4
6e4cc569031dd46d4ff521ee3f2c08e20c89a378da91ae421a1a09e0506c18b6
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 18:25:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 06 Jan 2023 17:09:19 GMT
ETag: "344c555f2648bb1f33f3b4043745f463a92e69d4"
Last-Modified: Mon, 02 Jan 2023 17:09:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3232
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78358a1c0867b4fa-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1101e790155151825b0e2280f101cb46
5328eb876f4f45574954ef948dd5072cf909e4a8
aa7dd247145c4566fb5f4d4c4f678c050701b0a7b5c5c0fa0bdea539fc858959
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2924
Cache-Control: max-age=113395
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Etag: "63b22e34-1d7"
Expires: Wed, 04 Jan 2023 01:55:44 GMT
Last-Modified: Mon, 02 Jan 2023 01:07:00 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1101e790155151825b0e2280f101cb46
5328eb876f4f45574954ef948dd5072cf909e4a8
aa7dd247145c4566fb5f4d4c4f678c050701b0a7b5c5c0fa0bdea539fc858959
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2843
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Last-Modified: Mon, 02 Jan 2023 17:38:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ba832c8c32f7be7172d278301f3eb05d
fd4b2471fb92e698bf6d0e7d7d9c2a7c47d0d208
cafd862790f0d6e440163eb6f66574cd255ecffb2641985bacba1f68f1e76b55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CAFD862790F0D6E440163EB6F66574CD255ECFFB2641985BACBA1F68F1E76B55"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7006
Expires: Mon, 02 Jan 2023 20:22:35 GMT
Date: Mon, 02 Jan 2023 18:25:49 GMT
Connection: keep-alive
token.rubiconproject.com/token?pid=2974&pt=n&a=1
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
id5-sync.com/i/175/9.gif
162.19.138.120200 43 B IP 162.19.138.120:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/175/9.gif HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Mon, 02-Jan-2023 18:30:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Mon, 02 Jan 2023 18:25:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
token.rubiconproject.com/token?pid=27&a=1
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=27&a=1
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=27&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10
token.rubiconproject.com/token?pid=25470
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10
pixel.rubiconproject.com/exchange/sync.php?p=a9us
213.19.162.90204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Content-Type: image/gif
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/rubicon
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/rubicon
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/rubicon HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ib.adnxs.com/getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID
185.89.210.101307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID
IP 185.89.210.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 02 Jan 2023 18:25:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D564534%26nid%3D5466%26put%3D%24UID
AN-X-Request-Uuid: 133eaf5f-88cd-4cbc-a1d7-86a44332a22c
Set-Cookie: uuid2=6089698249465791035; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 02-Apr-2023 18:25:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D564534%26nid%3D5466%26put%3D%24UID
185.89.210.101302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D564534%26nid%3D5466%26put%3D%24UID
IP 185.89.210.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D564534%26nid%3D5466%26put%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Mon, 02 Jan 2023 18:25:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=0
AN-X-Request-Uuid: 18354284-56d3-48f0-bfed-fd32f697da6e
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=0
213.19.162.90422 Unprocessable Entity 91 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=0
IP 213.19.162.90:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f23a66a1c97ac277132e90a14e5c7278
060938e252bdd57700b54a1228afe6ad7691e208
7595357c645b297a5840a6e5b5576cf6199da6f58ec9d8daa311598300fb7c15
GET /tap.php?v=564534&nid=5466&put=0 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 422 Unprocessable Entity
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
content-length: 91
ocsp.sca1b.amazontrust.com/
108.157.217.75200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.157.217.75:0
Hash 7045cfb22fc125247d8f50dbbdd361a5
1ea01cec16e2b862934371bc6712395c5dc58407
9123a7056c79c940bc78df9f5d87c13e3092d101e34b0d724ed5a71b38d91112
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101777
Date: Mon, 02 Jan 2023 18:25:49 GMT
Etag: "63b1f605-1d7"
Expires: Tue, 03 Jan 2023 22:42:06 GMT
Last-Modified: Sun, 01 Jan 2023 21:07:17 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 5e29eae3156522edc7886df59287259c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: 8W-zM86UBmr7vU23lXqvZ0FPxoABhAuPsqqO8zuZ3MNjgXvMIDdbaA==
Age: 5689
ads.aralego.com/sdk
192.96.203.13301 Moved Permanently 0 B IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 10d7ebf6f497ec75f0ec557035fa1894
91ec7f3509a087231d12b39253f5a0623108e8b3
ed4ad638c83746b39876847fcdffaa5fcb4db47e63519b3607fe9cff4fcbd083
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3044
Cache-Control: max-age=144448
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Etag: "63b2a709-118"
Expires: Wed, 04 Jan 2023 10:33:17 GMT
Last-Modified: Mon, 02 Jan 2023 09:42:33 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
cdn.aralego.net/ucfad/sdk/us-east/sdk
104.26.4.103200 OK 46 kB URL HTTP/2 cdn.aralego.net/ucfad/sdk/us-east/sdk
IP 104.26.4.103:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (45472), with no line terminators
Hash fc546e50d8bf628475e5062dd563587e
9c8e8374a55e1db7040f0daf9573c009c513e914
8af4a7b3549631244df52a0d91b22ccfb355b2f10caab9fe9fa0b57a2beff473
GET /ucfad/sdk/us-east/sdk HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: application/octet-stream
content-length: 45472
last-modified: Wed, 21 Dec 2022 06:26:38 GMT
etag: "63a2a71e-b1a0"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 13481
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JBdv9V4hYYpT%2Fhlhgz7ldNCI5mt4A7QLn%2BITMCBl8HA4b2nIVj2hA2g%2FjdObtlxFtcfpjAPvBXe4SKayD5EsGgx4r64GS5uoZr%2F52UMLCSPInWqCugI%2BOaTaSyPWoTlYIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78358a1e482f1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 10d7ebf6f497ec75f0ec557035fa1894
91ec7f3509a087231d12b39253f5a0623108e8b3
ed4ad638c83746b39876847fcdffaa5fcb4db47e63519b3607fe9cff4fcbd083
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1016
Cache-Control: max-age=142420
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 18:25:49 GMT
Etag: "63b2a709-118"
Expires: Wed, 04 Jan 2023 09:59:29 GMT
Last-Modified: Mon, 02 Jan 2023 09:42:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
um2.eqads.com/um/rc
52.0.74.68302 Found 41 B IP 52.0.74.68:0
File type HTML document, ASCII text
Hash 35da0475e9e65a74daebc3cac6184121
febc72e58fa17b96de9aa3a949ce5c3183d492c6
72afbcab808546c6e31a434b250a74e47085054ee1ba016bc2f55a2985d9148f
GET /um/rc HTTP/1.1
Host: um2.eqads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/rc&eq_cc=1
set-cookie: EQUser=UID=a5e6a942-8ea7-4925-9218-f8457a0517fe; Path=/; Domain=eqads.com; Expires=Sun, 02 Apr 2023 18:25:49 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
cdn.aralego.net/css/dev/ucfad-formats.css
104.26.4.103200 OK 259 B URL HTTP/2 cdn.aralego.net/css/dev/ucfad-formats.css
IP 104.26.4.103:0
File type ASCII text, with very long lines (975), with no line terminators
Hash 919ff41eac5a35158023890e71ea3fc5
fc61c1e28414e9549e4d512df3882dc164fafef8
d4fae0dde6541d76abd01afb6e7cf2d4873fd36215517202672c557241f4adb1
GET /css/dev/ucfad-formats.css HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: text/css
access-control-allow-credentials: true
cf-bgj: minify
cf-polished: origSize=1191
etag: W/"5aab7012-4a7"
last-modified: Fri, 16 Mar 2018 07:19:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 14382
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjRQcx8HwGtoU0bbYwyciehRNTKw%2FMm8WOqwsTQRZEUxGsRdwCUuyan0pGu2W9YnKLds7I5kMBAChXDi82qM46zHUGjaSuXkPeVprq3jLL3GDwa0hqZNsImwrg5y1xR2yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78358a1e78561c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13857
143.204.55.102200 OK 459 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13857
IP 143.204.55.102:0
File type ASCII text, with very long lines (1168), with no line terminators
Hash 07b6f88b172fa6e7c1c7450dfb07fefe
34749ff3b68676de0b0d508444531691b701449a
58d6869a518f76109463224345a092443de58ac377d3bf332da161bef37632a6
GET /adserver/Preset.js?z=13857 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 18:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ipKzThIvoi4pgfx2W4X3D7Be84LktMwCdDQzJPbq8EgftrXyFMTBYw==
age: 476
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 422 B IP 178.250.0.157:0
Hash e8b2919b73ad58cb40e3969c73895c28
3a0f7de7c17cff0dd70273e5e5d76419e1b0fdd5
44d1be39b5688cc84bca6e1f805835546a61faac56c8e041efaa2a00bfa4c611
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=FiI0YV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czBqdiUyQlFFM3p3bmFsODVMZnZwdFVLZWQ5Wmh4Tms2bGVDNEJ6SW1pQ0djdA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=j_cXwV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czBqdiUyQlFFM3p3bmFsODVMZnZwdFVLZjBhN0QzU1BzNHY5MUk2WWFUQ0xnNg; expires=Sat, 27 Jan 2024 18:25:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 274877
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 Jan 2023 18:25:49 GMT
Content-Length: 0
m.holmesmind.com/ml/google?cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_error=3
35.227.249.156200 OK 0 B URL HTTP/2 m.holmesmind.com/ml/google?cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_error=3
IP 35.227.249.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ml/google?cf_uid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&uu_m=undefined&google_error=3 HTTP/1.1
Host: m.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtRwO23DLk9rD8uhak9XxgSVdZgaejhQXnHdpB01ew9CTKWJnkJPcEj-Cg7ge-yVp9vLVTakbNq9-ECgB1eR3VebtulfKUY
expires: Mon, 02 Jan 2023 19:25:50 GMT
date: Mon, 02 Jan 2023 18:25:50 GMT
cache-control: public, max-age=3600
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 0
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-storage-class: REGIONAL
accept-ranges: bytes
content-length: 0
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
142.250.74.162200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 142.250.74.162:0
Hash 28844461fb87955ff3aeec813a421a50
50ce9db09f85a457687d7191917f0098afb11330
e30d2fa1089d3342696ef4cf1e38e78b839b002e0a482e512a40943288e7c390
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27666
date: Mon, 02 Jan 2023 18:25:50 GMT
expires: Mon, 02 Jan 2023 18:25:50 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1439 / 519 of 1000 / last-modified: 1670587582"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
69.173.158.64204 No Content 0 B URL HTTP/1.1 pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
IP 69.173.158.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=xapi-bridgewell HTTP/1.1
Host: pixel-apac.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 0d2bd05215470efb17ae41aff76c3f98
Content-Type: image/gif
ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=761&o=1&d=1&b=3&ts=1&ii=2&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
52.196.193.254200 OK 1.2 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=761&o=1&d=1&b=3&ts=1&ii=2&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
IP 52.196.193.254:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1099)
Hash 55ac7d35ed3bf70e744c4198bc70dce9
202512fbfa105aee2bb4aa6e2f63952a0c51ebd5
9cd07f91bc81b8073a88040a21934950d4a1b2af394ed798d466c87b5874d4c7
GET /adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=761&o=1&d=1&b=3&ts=1&ii=2&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp; Vision=20230103-23:59,20230103-05,20230103-05,20230103-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FxgmXr1&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6723610076083792&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
192.96.203.13200 OK 552 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FxgmXr1&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6723610076083792&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 6c953e9565094a7ed7ec437722149c59
e62714301252f34839df79c25079b070211cd6ec
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FxgmXr1&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6723610076083792&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Set-Cookie: sspid=50b69295-108a-35b5-8aa0-5b8acd8e5b9f; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:50 GMT; Secure; SameSite=None
X-Adtype: html
X-Width: 300
X-Height: 250
X-AdStyle: banner
X-AdSource: PSA
Content-Type: text/html; charset=utf-8
Content-Length: 552
Vary: Accept-Encoding
Date: Mon, 02 Jan 2023 18:25:50 GMT
Connection: close
sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
192.96.203.13200 OK 35 B URL HTTP/1.1 sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Set-Cookie: euconsent-v2=; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:50 GMT; Secure; SameSite=None
gdpr=1; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:50 GMT; Secure; SameSite=None
sspid=d46fa354-9b29-31c8-bcbc-9af747ba5c72; Domain=.aralego.com; Path=/; Expires=Tue, 02 Jan 2024 18:25:50 GMT; Secure; SameSite=None
Content-Type: image/gif
Content-Length: 35
Date: Mon, 02 Jan 2023 18:25:50 GMT
Connection: close
ag.gbc.criteo.com/newidsd
185.235.84.225200 OK 3.0 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.225:0
Hash 420bb68e87330641914e07b26344b3c1
6d1f28f2494a0ef526f71132ae3fb89191ff39d8
25d90bb8f8e2f0cd51d0304c48572337fc32b0043251e5a244ad0ceaf2faab91
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 90163
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 299 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5b9250669ab435d744a911e38a48a072
9e4644504e354d67c22cb6dace615a6607a4b559
74eb68de1ee6ec75661f3c853816fe887fe5e2b8952ceb9c90db0a50fdcdd62d
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://img.scupio.com/
Origin: https://img.scupio.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:50 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 440562
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 345 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with very long lines (385), with no line terminators
Hash 66d58af8dcdb23dd71f1dcdaab4ffcde
a7daa4a1960acda3d5b843833e0ed3523556ddbb
e71e17c208b36f0064122b8b348a88048ca7a4a1fc886ca602cf544e4fcc59d9
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 678603
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.225200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.225:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 95352
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
IP 178.250.2.146:0
GET /syncframe?origin=publishertag&topUrl=reurl.cc HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:47 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=212b610a-9f36-43ee-8c93-6cedd43039ab; expires=Sat, 27 Jan 2024 18:25:47 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 618387
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/loading.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/loading.js
IP 35.185.130.121:0
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:44 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-86"
expires: Tue, 02 Jan 2024 18:25:44 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=797&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
52.196.193.254200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=797&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P
IP 52.196.193.254:0
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FxgmXr1&n=797&o=1&d=1&b=3&ts=1&ii=3&FPCK=5032-sWjaoFUvshUEedjrA9adh4r9SPSNGK6U&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.37200 OK 0 B URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.37:0
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Mon, 02 Jan 2023 17:48:59 GMT
expires: Wed, 01 Feb 2023 17:48:55 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RGXkW4oSRa_sk1j09zZXkbYS_NtIqslXFwr-mYjC1TNatONDLQtTrQ==
age: 2210
vary: Origin
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=gnbA6V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmdlektqR0x3TEMyJTJCWG1wTjBFRXk4SQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=4KT8ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmkxJTJGTW9wNjJJSGoyYlZiSGdVV3Y3cg; expires=Sat, 27 Jan 2024 18:25:49 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 370466
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=kjRCzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmhXM3Q4VWxOS0JYRDlrMW1NZ2R4bEo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=RuWkb180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmppejglMkJxNjZoUWExdmV6a25kWU1EOA; expires=Sat, 27 Jan 2024 18:25:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 345555
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2fdb07ed-8871-4b71-85fb-abbce1a27201; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/xgmXr1
35.185.130.121200 OK 0 B IP 35.185.130.121:0
Analyzer Verdict Alert openphish Regions Financial Corporation
fortinet Phishing
GET /xgmXr1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://wiki.oceanreeflifegame.com/wp-admin/css/colors/sunrise/me/new/
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=CcrVkV9WN3o4amNnM2h6UFM4RDFlWnVwWFclMkJmdFVlNjUyREd5T3lDJTJCWndSWk5LeWl4OEZTOW1NYXc1JTJCOWN4VlZKU0VvYyUyQmM2NmhIeERoeG1DWW9IUmwlMkJvSzJpUlM3V21tcU8lMkJydWpzOFFQb21EZm9aWHBiNjlkSyUyQmw2UTRwV0Rkd3Yw&info=gnbA6V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmdlektqR0x3TEMyJTJCWG1wTjBFRXk4SQ&idsd=-1697680754,-254908688&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=CcrVkV9WN3o4amNnM2h6UFM4RDFlWnVwWFclMkJmdFVlNjUyREd5T3lDJTJCWndSWk5LeWl4OEZTOW1NYXc1JTJCOWN4VlZKU0VvYyUyQmM2NmhIeERoeG1DWW9IUmwlMkJvSzJpUlM3V21tcU8lMkJydWpzOFFQb21EZm9aWHBiNjlkSyUyQmw2UTRwV0Rkd3Yw&info=gnbA6V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmdlektqR0x3TEMyJTJCWG1wTjBFRXk4SQ&idsd=-1697680754,-254908688&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=CcrVkV9WN3o4amNnM2h6UFM4RDFlWnVwWFclMkJmdFVlNjUyREd5T3lDJTJCWndSWk5LeWl4OEZTOW1NYXc1JTJCOWN4VlZKU0VvYyUyQmM2NmhIeERoeG1DWW9IUmwlMkJvSzJpUlM3V21tcU8lMkJydWpzOFFQb21EZm9aWHBiNjlkSyUyQmw2UTRwV0Rkd3Yw&info=gnbA6V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmdlektqR0x3TEMyJTJCWG1wTjBFRXk4SQ&idsd=-1697680754,-254908688&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1136373
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&info=4KT8ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmkxJTJGTW9wNjJJSGoyYlZiSGdVV3Y3cg&idsd=-1697680754,-254908688&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&info=4KT8ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmkxJTJGTW9wNjJJSGoyYlZiSGdVV3Y3cg&idsd=-1697680754,-254908688&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=Vsa8g19mVEdzQWdTclM1Y1UlMkJSR3hvUGcxT3M3QlNKU2l5RXBsSFV3d0pWd3M4TlBtaUxXRGFSWkFHTyUyQkpaYUo5bVF5c0JQZGFwUm4yYlpNJTJGR3BQOVRzbnJFcGx3WXRKMDFkemtQdEZRTmMzYjlJeUQzeWRsb2NBWk9mZXhDMGFQJTJGeGpo&info=4KT8ul80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlMeWdoakUybE5mWGx0STJibmxXMmkxJTJGTW9wNjJJSGoyYlZiSGdVV3Y3cg&idsd=-1697680754,-254908688&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 995545
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/utag.js
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /utag.js HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 18:25:45 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
vary: Accept-Encoding
etag: W/"63745fcb-142e"
expires: Mon, 02 Jan 2023 18:35:45 GMT
cache-control: max-age=600
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/renews.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/renews.js
IP 35.185.130.121:0
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/xgmXr1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 02 Jan 2023 18:25:44 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-19c"
expires: Tue, 02 Jan 2024 18:25:44 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:48 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305; expires=Wed, 01-Jan-2025 18:25:48 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.75200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.75:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 02 Jan 2023 18:25:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 87886
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=8442139e-8147-4da4-8201-7dfe42a47af9; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=92e0c4d6-0663-40f9-b37b-bb05b4f80e2b; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&mp=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&mp=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=cf&cid=863892-zThvf1lJ4Qh3xniZOkFnWPCzPn6HqMWp&mp=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:48 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=5aed62e1-95e2-4fb3-b3b3-454b8f0ae305; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 02 Jan 2023 18:25:46 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=b9582f59-8176-4a7f-b456-793b44699e77; expires=Wed, 01-Jan-2025 18:25:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13847
143.204.55.102200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP 143.204.55.102:0
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 02 Jan 2023 18:15:55 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c_AQcY_nZIvHZ-hANsXa5YkwBh6hRx62nQGSOZ5FqqT0JBuvRApOqg==
age: 590
X-Firefox-Spdy: h2