firefox.settings.services.mozilla.com/v1/
18.164.68.6200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.6:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 12:03:10 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 10941cc38a4a46e6d9b0644cce542a52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 13hfh8QsVNEw-pCKTPedscEAbzWAdAgcfMRAP22Y1t4NorShWBHvHA==
Age: 867
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Sun, 02 Oct 2022 13:35:52 GMT
Date: Sun, 02 Oct 2022 12:17:37 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.102200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.102:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 7fcc9354bd594831abf31608fb6cde60.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: PqmatsOHZJjkvI_IHdusNKJBOKXSHZd17-xCjQmSPILhjoDm2-SuIQ==
age: 31462
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b19d0307b64ff91babd5b538cf829a7d
c27133c3d647662bd631336fe1cbcb29860e627c
d87da6e495a7902989cbc28cb02a030186298bdf99bbd0a68c07d923ca79dba8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D87DA6E495A7902989CBC28CB02A030186298BDF99BBD0A68C07D923CA79DBA8"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14717
Expires: Sun, 02 Oct 2022 16:22:55 GMT
Date: Sun, 02 Oct 2022 12:17:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.6200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.6:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 12:17:15 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 12:31:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f1b5cccb468453b067a2a271f6f316a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 5PcQIMzAD6znIaLTou08ng7XyDux0upp8fOdQ7y4zAqogBrgo7B6jg==
Age: 2685
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6533
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:38 GMT
Last-Modified: Sun, 02 Oct 2022 10:28:45 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
151.101.85.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 02 Oct 2022 12:17:38 GMT
age: 7726461
x-served-by: cache-fra19170-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
151.101.85.229200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 02 Oct 2022 12:17:38 GMT
age: 3500418
x-served-by: cache-fra19182-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c4f84a40712fe9553080f40feeb28bd
5ce83f7e1fd67c38e8c8efed612981cac12c46ae
91bc76e3fd478e646d955d0d05f1ab99670247876eb9d4691b08de0a1121ff56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91BC76E3FD478E646D955D0D05F1AB99670247876EB9D4691B08DE0A1121FF56"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4208
Expires: Sun, 02 Oct 2022 13:27:46 GMT
Date: Sun, 02 Oct 2022 12:17:38 GMT
Connection: keep-alive
ad.sitemaji.com/ysm_reurl.js
35.186.215.140200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP 35.186.215.140:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Sat, 01 Oct 2022 18:34:56 GMT
expires: Sun, 02 Oct 2022 18:34:56 GMT
cache-control: max-age=86400,public
age: 63762
last-modified: Thu, 20 Jun 2019 08:48:16 GMT
etag: W/"5d0b4850-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 807f969c46cb15634b8c5c3512bbedef
943545631c25e1c7706fd8826b007c7da4d2dd72
a7fb27480450f4cac5e123ea93c15a0cb24bf3d113914f8cbdcf6dd31c808eba
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 12:17:38 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9806C5A1A64381E6B89EF20E772600EE8FC6E8DF"
Expires: Sun, 02 Oct 2022 23:00:00 GMT
Last-Modified: Sun, 02 Oct 2022 11:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1531
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753d6049bc91b4ff-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8c4f84a40712fe9553080f40feeb28bd
5ce83f7e1fd67c38e8c8efed612981cac12c46ae
91bc76e3fd478e646d955d0d05f1ab99670247876eb9d4691b08de0a1121ff56
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91BC76E3FD478E646D955D0D05F1AB99670247876EB9D4691B08DE0A1121FF56"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4208
Expires: Sun, 02 Oct 2022 13:27:46 GMT
Date: Sun, 02 Oct 2022 12:17:38 GMT
Connection: keep-alive
cdn.holmesmind.com/js/init.js
108.156.28.65200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP 108.156.28.65:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:15 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: V6khd414jNK0U0nvlNODOXkh4lqBp8wfssWx4YJ00VAyQhTULXHJyA==
age: 25
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.147.190101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.147.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lkC+7zGSE3CFRDQnJ2QGwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kcy+mHs6Ncalvbz2H/a8e6aHQhE=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash afdf50c16ee3edd56884ca2c654e0a20
f6de83540fb91f3fcc2077574e1bfd6ceb308939
39d0a58f97a6f1ede1b50f865af2df4d39055802fe658c4c627294cab300ce60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4472
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Last-Modified: Sun, 02 Oct 2022 11:03:07 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
reurl.cc/javascripts/renews.js
35.185.130.121200 OK 5.6 kB URL HTTP/2 reurl.cc/javascripts/renews.js
IP 35.185.130.121:0
Hash 81d81e3188f1e9ab4ad72b97be2b4586
313ff570a08d9ed50201a5fef0f6667f1d64e7ab
e16ab1896b097d5b15660501c3341c307a1b0687541f6c326e8e07a134f5044b
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/8pa0Yo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-2ba"
expires: Mon, 02 Oct 2023 12:17:38 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/capmapping.htm
108.156.28.65200 OK 4.7 kB URL HTTP/2 cdn.holmesmind.com/js/capmapping.htm
IP 108.156.28.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (437), with CRLF line terminators
Hash c36f5eb091d6195fe8b68f3b263f999b
43c4760cb0bb957ffed4fb754c4eaaa247b734c5
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
GET /js/capmapping.htm HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4730
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:39 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: vRC1hpOJk82pof-xnej5D7PzPDLhSDpbTHR5n6vXxGFKq6hLOIY4CA==
age: 26
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/edmp_init.js
108.156.28.65200 OK 662 B URL HTTP/2 cdn.holmesmind.com/js/edmp_init.js
IP 108.156.28.65:0
File type ASCII text, with very long lines (662), with no line terminators
Hash f58f8a90686f8ffb3325107e8a788b71
d85d37486b87503e0631ff0ee83d95316783cf09
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
GET /js/edmp_init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 662
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:16 GMT
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: RMvT54ahx4AyWGHKLY4H4uYTviIEN2TExnzoPj-rLvQYD3jO6Yvjjw==
age: 26
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
108.156.28.65200 OK 9.5 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP 108.156.28.65:0
File type C source, ASCII text, with CRLF line terminators
Hash ddf163a3d8381378b3e35e39339ad7ab
e6b5dd8946944429e87ac058cd6f025586b812ad
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9530
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:16 GMT
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: RDz_B17dlwZvNXTWWRQJWMGe7knEC101l5vtdMbGl-Q0S-MsCRKD-w==
age: 26
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash 5567421aa670bd7d6de57bd8ae938694
90ce3c50031aa3fee6e7c7b66c39af151b8132c0
a0d1dc8423a6da543991d8628ff0e25ee80c59bfc7533352a83edd666240bc33
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (8976)
Hash 174ff3b8c8b7f00c28c803e59feb7d19
2f4bf1e0b1dd1eb314d815600c464b50234c107e
0b51f9dc7a21b8e5e6c96be8002460525a065998afbff954b038ab0e0e42618d
GET /rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 16:07:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: F0/zuMi38AwoyAPln+t9GQ==
x-fb-debug: 3DX7Myk76746h0ACiqp0FoSV9neOrcz4H5eI50xsvYb7bQDjyVbdm2iJLDLz6b+8NsY67LsUHl9FMTJfM97VnA==
priority: u=2
content-length: 6422
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash afdf50c16ee3edd56884ca2c654e0a20
f6de83540fb91f3fcc2077574e1bfd6ceb308939
39d0a58f97a6f1ede1b50f865af2df4d39055802fe658c4c627294cab300ce60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4472
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Last-Modified: Sun, 02 Oct 2022 11:03:07 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 336 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (325)
Hash f82d8f615a2484f0c5c4e4e0f55e8b5d
c1c8ea5d697e2286b0a2bac7b3515a29b7f4cb28
91041f394721520d4dd5a33b28525d50da16e0fda08e102d971148fef1609dd2
GET /rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Sep 2023 00:52:35 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +C2PYVokhPDFxOTg9V6LXQ==
x-fb-debug: gi6jbaA/3GiSlUZTycGMe/uUIFqOgmZbn8ONFuhfcEzDcxo7x/jAbAto/XyoifSrmi1JHisSRD95dwxr3xrdYg==
content-length: 336
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yL/l/en_US/irCgPB7CJbM.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 8.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yL/l/en_US/irCgPB7CJbM.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (2903)
Hash e38454d74d48882c6d38e85e7be816a4
105acd596d49b1677ab825168f547306d879f533
d69f603fb44e68d655ae98c5db858b15bd0c35357beecb91c3588fc48496f9eb
GET /rsrc.php/v3iLl54/yL/l/en_US/irCgPB7CJbM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 44RU101IiCxtOOhee+gWpA==
x-fb-debug: e/y65sAl9QaXZ08yE+lUjlhgJPC1DkkqdK+X31LeaUi2GiqHaFCGGTJqzcNM8sVwTsBWuQHxkuFGKKQj6Hmjzg==
priority: u=3,i
content-length: 8360
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/r/I-9YqvQlahI.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 9.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/r/I-9YqvQlahI.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (9884)
Hash 2c61f01495b80c895ff017899f3141b8
7152a4037ce883fdeb8b4e7ac9202366b321c0bb
487804d0f5ee08ea0e660b790c1fd359e5cdc5bc8a6e6cd0eaed7b8367aa00ec
GET /rsrc.php/v3/yY/r/I-9YqvQlahI.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: LGHwFJW4DIlf8BeJnzFBuA==
x-fb-debug: o5u8dwJdoPySLbQ0H7JAxMTH9v8xXvWCS6EUmRiY8+3r7UwIU1HAkLBmmlwNDOrl4giJ8+GjMbVbPL7UVI1www==
content-length: 8983
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yU/r/q6VzhXzzuec.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yU/r/q6VzhXzzuec.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (8258)
Hash bed6f1c97375602a8f8498010934286f
7b209330b2ddc87f0818681e7901a0945367c02c
bb35559f9d7e20bd535239de676ef530aece43abf2fa748ed1c9af4220297118
GET /rsrc.php/v3/yU/r/q6VzhXzzuec.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:54 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: vtbxyXN1YCqPhJgBCTQobw==
x-fb-debug: RunM0rhGqQJSUpLsQgYjdGgHmQZlBcIPSIwltGf5FJTsv6jWq7PQoerE5pWHljnWTPp7r2f+j8OEuW0m7D2o0Q==
priority: u=3,i
content-length: 16189
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (1982)
Hash 533ff4519e2c7f77fac72ef04457f8f3
2df2b7ede2f719967e46649159d1068204ba11b3
2a960abb70d73b54902cb06087d6fdb584931d7759a838437560c266191c8cb4
GET /rsrc.php/v3/yi/r/iiDbYMCPtB3.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 29 Sep 2023 07:35:44 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Uz/0UZ4sf3f6xy7wRFf48w==
x-fb-debug: bVOAPYRFSJ5HCe1HBlXPwsh0GqQnl94mRa0d9rfPtKThO6x2cTWmFsW582bOyEuFN/VWqThCC+TQewZierxUGg==
content-length: 1657
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y_/l/en_US/YJojGYumZIr.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/y_/l/en_US/YJojGYumZIr.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (41975)
Hash 0c19e750b743b01557db76b5e80be3a5
2f7426e2d36c01e8beadc8c7c47e67f6be0dc8b1
6d6d4c22857d8ef42ddbe9160e9c50be59655d70e7a155aa2e9e3e3446cd8de1
GET /rsrc.php/v3iEpO4/y_/l/en_US/YJojGYumZIr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: DBnnULdDsBVX23a16AvjpQ==
x-fb-debug: FSihrWWB21n32yPVWG7kW0+7VoJABfGOsZ27AdNFRrCj9H0aAdwmzKlNmYeXLqItDkzc9i6pm14J5UVLGk8h6g==
priority: u=3,i
content-length: 23298
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yV/r/1lYRIUv3fB9.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/1lYRIUv3fB9.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4059)
Hash e4f221c6642e6c519ca2462027a15712
6a7225c3221331d35773a252b6dbfb87f214b834
7eafaf8c19afe0e16ea9b18ee23cf0c7b391cfc4dd0fa2d52dd81f0f32348ada
GET /rsrc.php/v3/yV/r/1lYRIUv3fB9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Sep 2023 11:03:46 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 5PIhxmQubFGcokYgJ6FXEg==
x-fb-debug: /H18NRvDSAOIWITxYpMwyIWxWZ3OYz8IFMem7Gh9QSTTbnhIF6iP9SbzzfUBoTRbCTZi3WjFQH4que6dkU5lmg==
content-length: 7237
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
157.240.221.35200 OK 45 kB URL HTTP/2 www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
IP 157.240.221.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (25913)
Hash 1dd2a0696ce23364f84a3aa788ea7b99
c41e254eb2201e8539c254f972d5bb32b9ba5885
672e08382a7f63a3cff957f31cc2fa79bc27bece58f9e4f495d529646371b31b
GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: PT+MWyk890Llmv9/jvg/9awEDMdAiTNgt3Ea4Id5roUVxOAXSjbnNmY8SK+TuOWU8XWsDLgxSja6CjsuhRAV7A==
date: Sun, 02 Oct 2022 12:17:39 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ihjLACFC70L.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 5.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yr/r/ihjLACFC70L.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (4649)
Hash 00c248acec266cf739382aabd2a635ad
f2931dc851591701f382f59770a2769d23b49921
34dca338bd8a8cf12558e3b69db4b9c111489d854f3babaaa8a913c812d08b55
GET /rsrc.php/v3/yr/r/ihjLACFC70L.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:56 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: AMJIrOwmbPc5OCqr0qY1rQ==
x-fb-debug: h/R9R8hnQ98DGLQuzhTSHbK+sfbZkHCCNzbPQ1UkoLty2V3JUpm4by2FHjr+a+XAObzH3qdiDRd4uLmck3EFYw==
priority: u=3,i
content-length: 5516
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/UWsdBIKSBcK.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 4.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/UWsdBIKSBcK.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type assembler source, ASCII text, with very long lines (2642)
Hash 6129c1970714487ee08a6dc8f42a9c53
b2d946d53a2da8713b326188f9b5228ef22bc6e4
5063846d4875cf4b569e244a03d855c8688b93adcf28e0242320f0e034821537
GET /rsrc.php/v3/yy/l/0,cross/UWsdBIKSBcK.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 15:27:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: YSnBlwcUSH7gim3I9CqcUw==
x-fb-debug: eTizQz6pW5IFYQPUz3t0PB2YArdUAmAjnKtioiQy81JWY68RmnkfTaPAXkki4deRUqrW06tKEeqUmLWh+dn/Vg==
content-length: 4586
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yx/r/QGvJRcC4XIv.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yx/r/QGvJRcC4XIv.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (10492)
Hash 41804df4ad37501966ab3d1589445720
9e3dad47e3d85de8cd0207a746e2a8a32192d0c8
111397b1c9a3d10cc86053045bc17279f6b951bd5a98d639f016f86b31df8800
GET /rsrc.php/v3/yx/r/QGvJRcC4XIv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 01 Oct 2023 17:40:08 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: QYBN9K03UBlmqz0ViURXIA==
x-fb-debug: vUUJdj7Dv0iajdHmTyC/UFCmzeHt6m0F1/Odg1g61D9fdzbfuToFMXVrkGNef8gOybfH7YooKuifc9GqpCEe3w==
priority: u=3,i
content-length: 11813
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 15 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (56532)
Hash 9b3b2deac2716528af0a007a816ea130
11d2c9cca6fd78678588f10685d1431873d09d32
321c5f978ae91c5744944ea8dd9acd554398109f09bde07c7d308fb2b604cc9a
GET /rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Sep 2023 03:58:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: mzst6sJxZSivCgB6gW6hMA==
x-fb-debug: SWsei/cBipFtXVL+2+teDfBhOsktaGKONG5Hnyn8r5v8gNMNarLCaNqRcan6y8MZmGSC8DO1cGkk16K0FJ6C2g==
priority: u=3,i
content-length: 15208
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 28 Sep 2023 03:48:33 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: 0/3lLyqo9Bq6Wc+FQDavqQW4/MJibhSgihFMokAP1eWRjekyXDbUNeIRTF/GBV6Juz5QH1v2vt/XQ5czWDNGDA==
content-length: 827
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/KU3Iz8BafL7.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 5.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/KU3Iz8BafL7.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4093)
Hash a87430d22ffcff3ae929ca7c0d993280
ad83623cea846a530dfa77294e37f1622828a6a9
d44b011e7e79f272382f7e636f364c9ab4635ea88e7c9e78450544bbaf534c7e
GET /rsrc.php/v3/yZ/l/0,cross/KU3Iz8BafL7.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 01 Oct 2023 17:55:46 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: qHQw0i/8/zrpKcp8DZkygA==
x-fb-debug: lrjD5LgzfiyPeDcmIESnrOnxtc5UPvAaegF4cPJItlJ5oyRrgBLu36Qkhy6YoTLsttn2e4V0x1jlWQ7GGXD8Bg==
content-length: 5047
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yD/r/i4S5wFcPmKS.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yD/r/i4S5wFcPmKS.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (5540)
Hash a50ee1fe005a513231cd2b5200a643bd
ab39e4090be9b787af2e37e664274ec6e64c2328
6fbe7346fe35130ffae2929c91271af9c3f3c63de6f570d635cae431ef9afc51
GET /rsrc.php/v3/yD/r/i4S5wFcPmKS.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:54 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: pQ7h/gBaUTIxzStSAKZDvQ==
x-fb-debug: lmSCsbf1LiQTq3a5sNeJpJbilobSHONM2uEmmzC3yZ5TzgEICuIi24g8qaxY7O7B5JS3UDrITO7+aESIs09dZQ==
content-length: 12265
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3izWV4/yH/l/en_US/PSu_oQteh80.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 42 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3izWV4/yH/l/en_US/PSu_oQteh80.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (10796)
Hash 4a147690e317073e260a3e4bfab2586d
3c01a3f22376420b8e3752d40f65b82a22767a5b
7deda8b874215240c8229581aed9f057f9cd69902f18ed5fd21fc672dbe4bd90
GET /rsrc.php/v3izWV4/yH/l/en_US/PSu_oQteh80.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ShR2kOMXBz4mCj5L+rJYbQ==
x-fb-debug: z6JtB5d7PNgofklXNwRdKxbKNds153z5NHjJu7IvO9RbNr3dJY7ZbFZ+T7QJmHWY9M8iYRB2rPD9E13H6lgarQ==
content-length: 42060
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yQ/r/urinFwKapiT.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yQ/r/urinFwKapiT.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (5066)
Hash 6f8d98ff8d85ae3793caa648fc67138c
a950ebe1d1fdcdb89ad8e7710c49bb5a4712d2ab
429b60c7ad7ae77794077fbc94b15ef20411f72a153bdda1e42e01b45842abba
GET /rsrc.php/v3/yQ/r/urinFwKapiT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 02:35:56 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: b42Y/42FrjeTyqZI/GcTjA==
x-fb-debug: TggB8s3jD82xzMv0y3lfSzacz2ED5CpFc+ABR6bHtf7n/m8Og1r7iElwOR7WZRMCVq1FYk3gul/sB4gs3MgMTw==
priority: u=3,i
content-length: 47894
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.34.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.34.178:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 02 Oct 2022 10:34:43 GMT
expires: Sun, 02 Oct 2022 12:34:43 GMT
cache-control: public, max-age=7200
age: 6176
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y1/r/0fUlelVJzb0.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y1/r/0fUlelVJzb0.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (18608)
Hash 42af5d090c6ba39f7761508b43ae64f3
343d3bce6a64b3feeb271acd42cccd9766e02416
72790ccd3fe154c0b2c4694d80020585273a24fe409d1482648bda7f487812e8
GET /rsrc.php/v3/y1/r/0fUlelVJzb0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 30 Sep 2023 19:12:28 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Qq9dCQxro593YVCLQ65k8w==
x-fb-debug: IS6UrIdv3MgOhwctJ5OKTpKHleBpbJ8WUoEJJPSjlbPcAWfTufLSt6m0fVe4Hg7DHw0leFRH18ilRNO4lUJpkw==
content-length: 91069
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash ac0667435d83b108515156723cc2d3b3
334bc03eb47f3c037e914ea82f03f2ec628100a7
d985e717026660f52d793d4d54a30821f82825f5b4c5e45b9352b45fc3cc28c4
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 02 Oct 2022 12:17:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 01 Oct 2022 22:14:01 GMT
Expires: Sun, 02 Oct 2022 22:14:01 GMT
ETag: "334bc03eb47f3c037e914ea82f03f2ec628100a7"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
s.yimg.com/dy/ads/native.js
188.125.94.206200 OK 30 kB URL HTTP/2 s.yimg.com/dy/ads/native.js
IP 188.125.94.206:0
File type Unicode text, UTF-8 text, with very long lines (62317), with no line terminators
Hash aae660d86e59d2b86369d2037dc02c2c
996e90375bc9f774379f4d509f603f9dce9624ce
976e1d77055c5f8ad390638d5ff3716216841a9cf55b98ff14080e3ea8e7827e
GET /dy/ads/native.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jGu+a0RIirKPgvKe5lApRIjDNrY7Gp0OO4O+pDRWOJ24IaNuVit5zzRZH3nETpnzru5Z0gLFSGE=
x-amz-request-id: RHS7BHGPVNB8VKHN
date: Sun, 02 Oct 2022 12:11:37 GMT
last-modified: Tue, 08 Feb 2022 12:02:57 GMT
etag: "7e002e241fddeeb8dd76383206c47a3d-df"
x-amz-server-side-encryption: AES256
cache-control: max-age=600
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 363
content-length: 29888
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash 5567421aa670bd7d6de57bd8ae938694
90ce3c50031aa3fee6e7c7b66c39af151b8132c0
a0d1dc8423a6da543991d8628ff0e25ee80c59bfc7533352a83edd666240bc33
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mma.prnasia.com/media2/1721228/Lambda_Test_Logo.jpg?p=medium600
104.16.252.4200 OK 17 kB URL HTTP/2 mma.prnasia.com/media2/1721228/Lambda_Test_Logo.jpg?p=medium600
IP 104.16.252.4:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 597x103, components 3\012- data
Hash a4b88e5f660d3edf7f4c74075e537000
4b21a4c6323001ca6d90afad884d640795a50f78
3092421c32e68347f5522f1e81218a6bf77970df7cd954585971e950d35f66ef
GET /media2/1721228/Lambda_Test_Logo.jpg?p=medium600 HTTP/1.1
Host: mma.prnasia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:39 GMT
content-type: image/jpeg
content-length: 17248
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=1
cf-bgj: h2pri
expires: Sat, 01 Oct 2022 15:45:55 GMT
last-modified: Sat, 01 Oct 2022 15:45:54 GMT
server-timing: intid;desc=1a941f5150486213
vary: *, Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: HIT
age: 62769
accept-ranges: bytes
set-cookie: __cf_bm=v1pVenrEsTIfrbofOfLntEhSb2INZZIiqJrShRZSGAY-1664713059-0-ARIh8N9duWd7YkS/l4R27dTFoEom+IEi2/456XjAVcUS4NiHxPVsdpAgndefCEEJrWCjxXFZMegUMsLiAhActPM=; path=/; expires=Sun, 02-Oct-22 12:47:39 GMT; domain=.prnasia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 753d604f9b80b518-OSL
X-Firefox-Spdy: h2
i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_8698-4-scaled.jpg?fit=2560%2C1920&ssl=1
192.0.77.2200 OK 644 kB URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_8698-4-scaled.jpg?fit=2560%2C1920&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 644 kB (644098 bytes)
Hash 0760558e47450be952b0b4f535183852
8a1a97c78c407452554d06f1123f6b0362e23f43
8cbe283a4a2759623dfe872f4b4f745ca81511f57abe0a88c816fcd569f7dff4
GET /golike.tw/wp-content/uploads/2022/09/img_8698-4-scaled.jpg?fit=2560%2C1920&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:39 GMT
content-type: image/webp
content-length: 644098
last-modified: Fri, 30 Sep 2022 09:34:21 GMT
expires: Sun, 29 Sep 2024 21:34:21 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/09/img_8698-4-scaled.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "4564e011dfcadd7b"
vary: Accept
x-nc: HIT arn 5
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/rtbhouseV2.js
108.156.28.65200 OK 2.8 kB URL HTTP/2 cdn.holmesmind.com/js/rtbhouseV2.js
IP 108.156.28.65:0
File type ASCII text, with CRLF line terminators
Hash 6a605eea47197fa280f27aaf1fa1521d
98323891b349b333d5aef521c4d33e1b8455e4fb
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
GET /js/rtbhouseV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2773
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:16 GMT
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: m_e5fGby0G-jq9rkrCt8MJ-yQdXVY-Iap1xbzEYp1XSKqQG0x1j7cQ==
age: 24
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13856
108.156.28.83200 OK 2.7 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13856
IP 108.156.28.83:0
Hash 792da27a36934a8aaa7c5949170daf8c
de2235a00d436681790e98dcfb57f14dd40fb564
15f2629102766d8a44ef0040722c2afdaa6db5386ec218433ade278cb678f880
GET /adserver/Preset.js?z=13856 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:17:39 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: -JCEVR7tImXFR88Qfy1qLpm2sSlZwdKnAa536DPjCVolbADribN6eA==
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
108.156.28.65200 OK 3.2 kB URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP 108.156.28.65:0
File type ASCII text, with very long lines (3177), with no line terminators
Hash 548ed610a8571343fb3022f543174735
2e9d891cd6e9345ab1b6489030b4a1ccff1c4e54
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:16 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: NtG7idpx_qrNYw9GZE9cqWwPyRJZjt8rzBlKXKDqIqrcRMynia-zQA==
age: 24
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77dffeb53b66e1a7e72fb1048073f49f
241406d54432be77a081905e81af6ca111a5afd1
04e252fbafd246b9398a389aeb8474ef9c815cd73fe3a7a3212faa79292d8737
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "04E252FBAFD246B9398A389AEB8474EF9C815CD73FE3A7A3212FAA79292D8737"
Last-Modified: Fri, 30 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 02 Oct 2022 18:17:39 GMT
Date: Sun, 02 Oct 2022 12:17:39 GMT
Connection: keep-alive
adcdn.holmesmind.com/adserver/Preset.js?z=13847
108.156.28.83200 OK 804 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP 108.156.28.83:0
Hash 125ec0a003f4eaa337a582d96ddad2b1
4db138fcd405b6c618edf70063ffae297da278be
b65302c761b21167c0ea8959fada2d8467ceb33368939c00da367bdfacf1b79e
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:17:39 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: nn6lHVyaRioLo_C4sz7YJTWubRm0fIxZ9cehN3CcPssuY6nY_svuYg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 56db2fd5874f3f5931fca2a4f5b6a778
80e2ed8d26bf1685836010319b100a6e595ead91
49098dba7b71985b8acb51d512458ecb3170095ba2a5f65d0283cb66be8b3fa8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:39 GMT
Server: ECS (amb/6B84)
Content-Length: 280
img.gbyhn.com.tw/2022/10/1664613263-9f51552b11f9d48d1aa47638aceefcfb-840x525.jpg
104.21.96.9200 OK 161 kB URL HTTP/2 img.gbyhn.com.tw/2022/10/1664613263-9f51552b11f9d48d1aa47638aceefcfb-840x525.jpg
IP 104.21.96.9:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.3 (Windows), datetime=2022:09:30 19:12:00], baseline, precision 8, 840x525, components 3\012- data
Size 161 kB (161444 bytes)
Hash 9da05c5a9ef683100e274f4d3e85312f
70b5a1bdcfcc58835282cedadb13c6bb9876eaf7
c9eaef9e6fc7dd39d3b21bbce53b5fc96fff5f3646eee96c01fc978ae3203613
GET /2022/10/1664613263-9f51552b11f9d48d1aa47638aceefcfb-840x525.jpg HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:39 GMT
content-type: image/jpeg
content-length: 161444
cache-control: public, max-age=604800
expires: Sat, 08 Oct 2022 08:34:58 GMT
last-modified: Sat, 01 Oct 2022 08:34:24 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 73904
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnGl5zVmRHS9%2FKBkZ%2Bi%2B6wBEeobhWDAkUGTfdDBpJMNIyFW5flfp3tB2URVBTT3%2FHaMK1vq%2F3TDqBALltiJ0VUFgz87X07lAhrQGmyPFaVM4Hm1otJWSuj4to9bkC7d1qklc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753d6050ccabb4fa-OSL
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 386a2e9e4b4c7c3d55cebb2a6c679189
c317c46e6c06d6e6e19b6f3e5189039010271558
3214ca99f5352b04b1963cc594fcfd54f6b0bd9b65851dfac22a37149aedb85d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 12:17:39 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 22:33:44 GMT
Expires: Sat, 08 Oct 2022 22:33:43 GMT
Etag: "c317c46e6c06d6e6e19b6f3e5189039010271558"
Cache-Control: max-age=554763,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753d604fba970b59-OSL
img.scupio.com/js/ad.js
108.138.217.8200 OK 153 kB IP 108.138.217.8:0
Size 153 kB (153208 bytes)
Hash b91da81c095b769d49b90523b11ab9d8
2d9733ab3c363bb32ad3e8a8427cf89ee83e740c
9c60efd85bf37d129b712ff0538deaf1d6cb0fdeca895bc1bb2195e90576257d
GET /js/ad.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:55 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 12:15:51 GMT
expires: Sun, 02 Oct 2022 12:30:51 GMT
cache-control: max-age=900
etag: W/"6327d117-12f95"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: LpCt75OlER_AsjuYqzoP9DrQ7MCVIDJJEPELxo9en5_PH7dTKoT7Ow==
age: 108
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77dffeb53b66e1a7e72fb1048073f49f
241406d54432be77a081905e81af6ca111a5afd1
04e252fbafd246b9398a389aeb8474ef9c815cd73fe3a7a3212faa79292d8737
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "04E252FBAFD246B9398A389AEB8474EF9C815CD73FE3A7A3212FAA79292D8737"
Last-Modified: Fri, 30 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Sun, 02 Oct 2022 18:17:39 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
geo.yahoo.com/b?t=xhkd7&9sdk8454
188.125.72.139200 OK 43 B URL HTTP/2 geo.yahoo.com/b?t=xhkd7&9sdk8454
IP 188.125.72.139:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /b?t=xhkd7&9sdk8454 HTTP/1.1
Host: geo.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:39 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
pragma: no-cache
content-length: 43
content-type: image/gif
x-envoy-upstream-service-time: 1
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
static.wixstatic.com/media/8d2acb_a70e33dbf569492da4ee50aad95882a8~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
34.102.176.152200 OK 1.0 MB URL HTTP/2 static.wixstatic.com/media/8d2acb_a70e33dbf569492da4ee50aad95882a8~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png
IP 34.102.176.152:0
File type PNG image data, 1000 x 562, 8-bit/color RGB, non-interlaced\012- data
Size 1.0 MB (1001218 bytes)
Hash 78b46c2a494a61e59c23b96c7bb04845
7ec11c8dff8a55c30b4abce0b9c4a21569fbc728
62b1f0416c870a765b275a92d20b350ba2697d40004df32d8684d0ecbee11cad
GET /media/8d2acb_a70e33dbf569492da4ee50aad95882a8~mv2.jpg/v1/fit/w_1000,h_720,al_c,q_80/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.21.4.1
content-length: 1001218
access-control-allow-origin: *
wix-tracer: 2FTW7S4h8Lq4dGfsCmvKdiJAuq6
x-seen-by: image-manipulator-5cdc794f79-m9fg2
timing-allow-origin: *
via: 1.1 google
date: Fri, 30 Sep 2022 05:39:46 GMT
cache-control: public, max-age=2592000, immutable
content-type: image/png
age: 196674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f48c214932e2e911f1e686f43a06c7f
c84757f53d01acc982b7f0f11901547239e06405
a14d5ac46dcc41dcf64048de1c1538777c11fb467335217d53c0f145a054f324
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A14D5AC46DCC41DCF64048DE1C1538777C11FB467335217D53C0F145A054F324"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Sun, 02 Oct 2022 13:11:06 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f48c214932e2e911f1e686f43a06c7f
c84757f53d01acc982b7f0f11901547239e06405
a14d5ac46dcc41dcf64048de1c1538777c11fb467335217d53c0f145a054f324
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A14D5AC46DCC41DCF64048DE1C1538777C11FB467335217D53C0F145A054F324"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Sun, 02 Oct 2022 13:11:06 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2F8pa0Yo&caps=16&cb=jsonpCallback0
212.82.100.146200 OK 13 kB URL HTTP/2 ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2F8pa0Yo&caps=16&cb=jsonpCallback0
IP 212.82.100.146:0
ASN #34010 Yahoo! UK Services Limited
Hash 0bed7e72da9907220fb4c54c205af7ea
5d2328f721c94103e6c6cc47374686d820efc46f
bbcd5232d07eee5099f33b9cf7626b6f2440c9491c34f5ff5487376b801f5d6b
GET /nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2F8pa0Yo&caps=16&cb=jsonpCallback0 HTTP/1.1
Host: ads.yap.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding, User-Agent
content-encoding: gzip
date: Sun, 02 Oct 2022 12:17:40 GMT
age: 1
strict-transport-security: max-age=31536000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 83f9407574c75ca600c57af0637cb200
4ebabbc1900b8f575e90186e2024e48097b0c8d2
1e166ac737e5c3c015e0dc0c68115ebc5eeb53958682a9b77928ddb647137ac1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3122
Expires: Sun, 02 Oct 2022 13:09:42 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3122
Expires: Sun, 02 Oct 2022 13:09:42 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f5e503471cc78b95c0a3e75785615e5f
145b1e4d850c145a78577b5d7d4fadae9658d7a4
61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3122
Expires: Sun, 02 Oct 2022 13:09:42 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.74200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:16:52 GMT
expires: Sun, 01 Oct 2023 03:16:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 118848
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 51845
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63464d04-a2f9-451b-a399-53362af292c5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63464d04-a2f9-451b-a399-53362af292c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d99550eb468960005df780c03ab6ecfc
03111ce2048e8bc5be100ff3a746da2e664f8aab
9dcd18e02621fa95d846be7c951e7353f24aa68a282ee0b693e7e5da38c3cfcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63464d04-a2f9-451b-a399-53362af292c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10679
x-amzn-requestid: fae3b86e-6f85-485f-81e4-22b7b17f30f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWRkYF2tIAMF-OQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338c94f-486c76da111696471e3905f2;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:12:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CU4YQ3XmxAexkl1rn7BOCSyqyIB12Ff9gMMXqVta5JgIIwQZmUCVMg==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 08:04:33 GMT
age: 15187
etag: "03111ce2048e8bc5be100ff3a746da2e664f8aab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 27361
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94d82ad8d70761f6ee1384b4183335f3
5d3389a965cfa45dab2202d89b40264368674e8a
ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:38 GMT
age: 51842
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 52217
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
age: 51845
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 83f9407574c75ca600c57af0637cb200
4ebabbc1900b8f575e90186e2024e48097b0c8d2
1e166ac737e5c3c015e0dc0c68115ebc5eeb53958682a9b77928ddb647137ac1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 386a2e9e4b4c7c3d55cebb2a6c679189
c317c46e6c06d6e6e19b6f3e5189039010271558
3214ca99f5352b04b1963cc594fcfd54f6b0bd9b65851dfac22a37149aedb85d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 12:17:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 22:33:44 GMT
Expires: Sat, 08 Oct 2022 22:33:43 GMT
Etag: "c317c46e6c06d6e6e19b6f3e5189039010271558"
Cache-Control: max-age=554762,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753d6051fd370b59-OSL
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 56db2fd5874f3f5931fca2a4f5b6a778
80e2ed8d26bf1685836010319b100a6e595ead91
49098dba7b71985b8acb51d512458ecb3170095ba2a5f65d0283cb66be8b3fa8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:40 GMT
Server: ECS (amb/6BA3)
Content-Length: 280
www.pubgmobile.com/common/images/icon_logo.jpg
23.36.76.227200 OK 982 kB URL HTTP/2 www.pubgmobile.com/common/images/icon_logo.jpg
IP 23.36.76.227:0
ASN #20940 Akamai International B.V.
File type JPEG image data, baseline, precision 8, 1024x1024, components 3\012- data
Size 982 kB (982437 bytes)
Hash b83d8d3e9beecfac081f4e742d27661c
448330670bef8c2ee17baf6d2410ca974341cb88
5899c82b2f0563679a9c1ee79b5b28f2545864d95c7627c1a70e36a2f034497d
GET /common/images/icon_logo.jpg HTTP/1.1
Host: www.pubgmobile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: image/jpeg
content-length: 982437
last-modified: Mon, 30 Nov 2020 12:10:45 GMT
etag: "5fc4e145-efda5"
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=106
expires: Sun, 02 Oct 2022 12:19:26 GMT
date: Sun, 02 Oct 2022 12:17:40 GMT
X-Firefox-Spdy: h2
creditcards.com.tw/wp-content/uploads/2020/01/%E5%8D%9A%E5%AE%A2%E4%BE%86-%E8%AA%A0%E5%93%81-%E9%87%91%E7%9F%B3%E5%A0%82-%E8%AE%80%E5%86%8A%E5%93%AA%E5%80%8B%E5%A5%BD%EF%BC%9F%E4%BF%A1%E7%94%A8%E5%8D%A1%E5%84%AA%E6%83%A0%E5%86%8D%E6%8A%98-6-1080x630.jpg
192.0.78.135200 OK 123 kB URL HTTP/2 creditcards.com.tw/wp-content/uploads/2020/01/%E5%8D%9A%E5%AE%A2%E4%BE%86-%E8%AA%A0%E5%93%81-%E9%87%91%E7%9F%B3%E5%A0%82-%E8%AE%80%E5%86%8A%E5%93%AA%E5%80%8B%E5%A5%BD%EF%BC%9F%E4%BF%A1%E7%94%A8%E5%8D%A1%E5%84%AA%E6%83%A0%E5%86%8D%E6%8A%98-6-1080x630.jpg
IP 192.0.78.135:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1080x630, components 3\012- data
Size 123 kB (123108 bytes)
Hash 6c395e6156cb48b98808fed0de373c98
9d1dd96fe30df0d82c16afb7ee82451b214e59cb
2dc684fbc1cb5c7a52d5fce501e25f9a1060769f3bd86ca3c9599e3e510378ff
GET /wp-content/uploads/2020/01/%E5%8D%9A%E5%AE%A2%E4%BE%86-%E8%AA%A0%E5%93%81-%E9%87%91%E7%9F%B3%E5%A0%82-%E8%AE%80%E5%86%8A%E5%93%AA%E5%80%8B%E5%A5%BD%EF%BC%9F%E4%BF%A1%E7%94%A8%E5%8D%A1%E5%84%AA%E6%83%A0%E5%86%8D%E6%8A%98-6-1080x630.jpg HTTP/1.1
Host: creditcards.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: image/jpeg
content-length: 123108
strict-transport-security: max-age=31536000
last-modified: Mon, 22 Jun 2020 07:21:37 GMT
etag: "5ef05c01-1e0e4"
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.scupio.com/js/config/17253.json?v=1.0.3839
108.138.217.8200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17253.json?v=1.0.3839
IP 108.138.217.8:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash e606c509efa4cf13e25d422b681296b9
48f3de560abb2291d23116e4973ba280b4a53339
40687c421e81b95352c58e539fc37dc05bf2d93917f51cc96316b847a24543d4
GET /js/config/17253.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Sun, 02 Oct 2022 02:20:46 GMT
accept-ranges: bytes
date: Sun, 02 Oct 2022 12:14:50 GMT
expires: Sun, 02 Oct 2022 15:14:50 GMT
cache-control: max-age=10800
etag: "6338f57e-1cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: bOW7o9X9YluRJEXtw6p7EJTquoHgTbT1Zv8QTsIFIMoT0IcvTsFurA==
age: 170
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3ivrH4/y_/l/en_US/AOlEmwH3ib9.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ivrH4/y_/l/en_US/AOlEmwH3ib9.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rsrc.php/v3ivrH4/y_/l/en_US/AOlEmwH3ib9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 01 Oct 2023 09:41:02 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: G5PFUNXxfLJdpFY8CoXPRQ==
x-fb-debug: gPRo9ergbt5Gjf9dZhmI7Ktg4sOpp3T8T1OwkLEhMF10EeHH5P5o4fWVBNsSPZ+rO9dAnwR5U7phVyWopLP75Q==
content-length: 79813
x-fb-trip-id: 1679558926
date: Sun, 02 Oct 2022 12:17:39 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f48c214932e2e911f1e686f43a06c7f
c84757f53d01acc982b7f0f11901547239e06405
a14d5ac46dcc41dcf64048de1c1538777c11fb467335217d53c0f145a054f324
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A14D5AC46DCC41DCF64048DE1C1538777C11FB467335217D53C0F145A054F324"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Sun, 02 Oct 2022 13:11:06 GMT
Date: Sun, 02 Oct 2022 12:17:40 GMT
Connection: keep-alive
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
192.0.78.187200 OK 154 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
IP 192.0.78.187:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1640x924, components 3\012- data
Size 154 kB (154179 bytes)
Hash db9807c0d70e3de480bf66c921919769
abcdffa17e3454dfc018d989c53409869e6edd40
7ae2f5b5d641c02de5d3222990df1b555a4a41f06b0eedac42b7f5e984454769
GET /wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: image/jpeg
content-length: 154179
strict-transport-security: max-age=31536000
last-modified: Thu, 01 Sep 2022 07:11:29 GMT
etag: "63105b21-25a43"
expires: Sun, 09 Oct 2022 12:17:39 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5d1b928e26b56592b25b078cb1495239
6e009ec0d9526cc300aa65c0724117615bb98201
02b98f3e881456787cfd5444c82822ded7a7aaf88aa74f3aa10197465a22ef70
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4757
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:40 GMT
Last-Modified: Sun, 02 Oct 2022 10:58:23 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5d1b928e26b56592b25b078cb1495239
6e009ec0d9526cc300aa65c0724117615bb98201
02b98f3e881456787cfd5444c82822ded7a7aaf88aa74f3aa10197465a22ef70
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4995
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:40 GMT
Last-Modified: Sun, 02 Oct 2022 10:54:25 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
cdn.holmesmind.com/js/appier_mainV3.js
108.156.28.65200 OK 5.5 kB URL HTTP/2 cdn.holmesmind.com/js/appier_mainV3.js
IP 108.156.28.65:0
File type ASCII text, with CRLF line terminators
Hash 8e1b46b18b195f6e1856d4e020014a8e
7186482e377a73f5d7f0503c7ba2d57fb9c26484
cb559970e468315ee6536be649b06177402e61e08f44baf23dcea086050081a4
GET /js/appier_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 5541
last-modified: Wed, 28 Sep 2022 02:19:17 GMT
x-amz-version-id: MdWeC1SPZeIh9xSqjXjlj3abPqMhnJfk
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:41 GMT
etag: "8e1b46b18b195f6e1856d4e020014a8e"
x-cache: RefreshHit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 1diFcUiA7jODDFag7BPN7eIIB-EjXmcrI2ssWt11hAisJ6AQotL_og==
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/bridgewellV3.js
108.156.28.65200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP 108.156.28.65:0
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:41 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: RefreshHit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: h7J2Gvw6RdIWpS0JffPwoPEgR7k6JJZm-viDYGh70me0aAhteiRUdg==
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 272
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/drawV2.js
108.156.28.65200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/drawV2.js
IP 108.156.28.65:0
File type ASCII text, with very long lines (5112), with CRLF line terminators
Hash 84d8b1a745228113e60f5e62f0eff6d3
10cd995dbb7293ca49d9bdd93145bf12cb89bdac
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
GET /js/drawV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10359
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:15 GMT
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: t3iplkczDA9GxZi7U95WDMXZvml0sbIN0P8aIoxjlx2QdFWelQ-9tg==
age: 27
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 4.4 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 987589af67f864cd02e4f8a70ef70918
e16958c7dc9721e64f7f04b3b4cd5f0dc533852e
15a1fced159ebcfb447aa84fd84b8509b9194a01c5d236db348c4fd5fa691284
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7; expires=Tue, 01-Oct-2024 12:17:40 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
34.117.219.39200 OK 1.3 kB URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
IP 34.117.219.39:0
Hash 84d16dba68824b275499f2190a729bba
ab4d774f2418568e12d129fd1c3268d13de9cda1
de950fd1ccd13a53b64675f46c8205263bafadaf87f7bc9c66007368e1aefc2a
GET /landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=873&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
52.68.234.1200 OK 10 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=873&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
IP 52.68.234.1:0
Hash 9af931d10429283e489a69ac395ba3d8
770e0b48ccd63446693ff66a20a94945b02c00d7
be6e5d9d7aabff8456b1de1770833a30f64013aceb0d93f4ef51c06fe276fdb7
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=873&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c120ef4802f4eb64e93225496ba6944a
cdebb30349fa79f7ddb7d13aac47735565ac0ba2
1bcd7dc722018962f16783f0f888742a7926c0a7e466deef174f0f4fc5eb4a4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&gjid=2056183772&_gid=1314302985.1664713060&_u=IEBAAEAAAAAAAC~&z=1597928667
74.125.131.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&gjid=2056183772&_gid=1314302985.1664713060&_u=IEBAAEAAAAAAAC~&z=1597928667
IP 74.125.131.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&gjid=2056183772&_gid=1314302985.1664713060&_u=IEBAAEAAAAAAAC~&z=1597928667 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 02 Oct 2022 12:17:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c120ef4802f4eb64e93225496ba6944a
cdebb30349fa79f7ddb7d13aac47735565ac0ba2
1bcd7dc722018962f16783f0f888742a7926c0a7e466deef174f0f4fc5eb4a4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.ssp.hinet.net/
203.75.214.136200 OK 602 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash b576ecee9e0b43e775d7f73665462e5d
8831119942996220cbd5e249c6ca1cf829c8ab6f
0eceb66115b21ca33bc1666d63721edd208546f7d655be9487850de11c4f7b6c
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=f021b453-9ac2-4d66-be10-44444cd3cbbb; expires=Tue, 01-Oct-2024 12:17:40 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 30 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 6a374cbc13f22b5d920efb6b49096e96
902119d509388e1118a2d49024ab49278b991f0c
632a1b8935bb60c06865bacf71e4dcc2ae80ca6c951f740c36737d33ddaf3d0e
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=f12cfaec-c41d-443b-aebc-4ca0ae13a779; expires=Tue, 01-Oct-2024 12:17:40 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 167 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Size 167 kB (167036 bytes)
Hash 13f803b1309c09d1ec6103e8c0726253
d9175bc08fc6ff75b190a0034d562535c5877614
5cc3cbe4f9b2e3522f943a4a9d4f0b128efd9a439651f2a5d1387802a13a1931
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=eee3cc6c-2690-48ce-824e-cde3f9c15ec7; expires=Tue, 01-Oct-2024 12:17:40 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d63043be46ecb1a0c3ea4cc24e30266b
0c891467d47db2576a1db1261bc9a58bbf38d463
7c91c293e45f6b351566c4303d9421cf03f32152d64a3318805b425ae97c9684
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C91C293E45F6B351566C4303D9421CF03F32152D64A3318805B425AE97C9684"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14008
Expires: Sun, 02 Oct 2022 16:11:09 GMT
Date: Sun, 02 Oct 2022 12:17:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d63043be46ecb1a0c3ea4cc24e30266b
0c891467d47db2576a1db1261bc9a58bbf38d463
7c91c293e45f6b351566c4303d9421cf03f32152d64a3318805b425ae97c9684
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C91C293E45F6B351566C4303D9421CF03F32152D64A3318805B425AE97C9684"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14008
Expires: Sun, 02 Oct 2022 16:11:09 GMT
Date: Sun, 02 Oct 2022 12:17:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d63043be46ecb1a0c3ea4cc24e30266b
0c891467d47db2576a1db1261bc9a58bbf38d463
7c91c293e45f6b351566c4303d9421cf03f32152d64a3318805b425ae97c9684
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C91C293E45F6B351566C4303D9421CF03F32152D64A3318805B425AE97C9684"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14008
Expires: Sun, 02 Oct 2022 16:11:09 GMT
Date: Sun, 02 Oct 2022 12:17:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d63043be46ecb1a0c3ea4cc24e30266b
0c891467d47db2576a1db1261bc9a58bbf38d463
7c91c293e45f6b351566c4303d9421cf03f32152d64a3318805b425ae97c9684
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C91C293E45F6B351566C4303D9421CF03F32152D64A3318805B425AE97C9684"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14008
Expires: Sun, 02 Oct 2022 16:11:09 GMT
Date: Sun, 02 Oct 2022 12:17:41 GMT
Connection: keep-alive
img.scupio.com/html/ad.html?v=1.0.65
108.138.217.8200 OK 22 kB URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 108.138.217.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13977)
Hash a9743429e7d4017de0a5fe52bd9ab08e
2168fd77762ffee32028b0b2bb9011e6e7475841
df4ebac78fcc9bd7cf4a38224d71d060fc3f6b61437f5221ccfdad5145c22475
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 11:19:53 GMT
expires: Tue, 01 Nov 2022 11:19:53 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: 94o1NsTHfJWwWq4i-KUTSOhJz3Jq2Px_Dg3JilTkHGDRB--tWKc65Q==
age: 3466
vary: Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 472 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash ceb7f2392dd816131e0001a76cb54e19
6416c2a788f016ff94f0a10616e443e47890e97f
517337577ada3f7f9e3da9c42ce722b5a760721d59a0404afdb2810fe252245e
GET /cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4f94a2722366412417efbb65aa368b8
f2942fbd2a6f0326f99c3a271de2dab12c881b15
97805013c570f1c9ad0158d99dfc6f521628bfb4b72a2a5d79526ec7b04df2f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Oct 2022 12:17:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-102456694-1&cid=1160730420.1664713060&jid=1450849702&_u=IEBAAEAAAAAAAC~&z=1991627213 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 02 Oct 2022 12:17:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.5846447362275473
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.5846447362275473
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17253&cb=0.5846447362275473 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=kgb4eut3dvvv4b2bt5flhjce; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=kgb4eut3dvvv4b2bt5flhjce; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CWA20221002201741245015; domain=scupio.com; expires=Sat, 02-Oct-2027 12:17:41 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:40 GMT
Content-Length: 0
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=vd6PGHKMBN6TOSSdZYE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=vd6PGHKMBN6TOSSdZYE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:41 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
34.117.219.39200 OK 20 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
IP 34.117.219.39:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=ONU6gjZmDCqWM3lRZYE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=ONU6gjZmDCqWM3lRZYE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:41 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=wZxZsbh3DQGbFnMiZYE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=wZxZsbh3DQGbFnMiZYE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:41 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ab779588f01243aca896d41395f8bd90
b8ef2d7cdc6366c283db0d608766a126dce37164
5531deca73d8380883740395d82457f4d39761134404876881242e2135b1546a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e4f94a2722366412417efbb65aa368b8
f2942fbd2a6f0326f99c3a271de2dab12c881b15
97805013c570f1c9ad0158d99dfc6f521628bfb4b72a2a5d79526ec7b04df2f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prebid.scupio.com/recweb/prebid.aspx?cb=0.6529935089114736
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.6529935089114736
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6529935089114736 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
prebid.scupio.com/recweb/prebid.aspx?cb=0.9008489137290614
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.9008489137290614
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.9008489137290614 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
img.scupio.com/img/padding/300x250.jpg
108.138.217.8200 OK 58 kB URL HTTP/2 img.scupio.com/img/padding/300x250.jpg
IP 108.138.217.8:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=8, height=0, bps=8, xresolution=110, yresolution=118, resolutionunit=2, width=0], baseline, precision 8, 300x250, components 3\012- data
Hash 2268e9a0adb8ebbdf14028c20e5b473b
6636e41458262bd0de27f805d88793ce836ef390
5e0c4b65a9aa656ce5484dee823c78de192e6b3fd64eab5317713ff31325c89c
GET /img/padding/300x250.jpg HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 57855
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Sun, 02 Oct 2022 11:21:13 GMT
expires: Mon, 02 Oct 2023 11:21:13 GMT
cache-control: max-age=31536000
etag: "607cf99c-e1ff"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: lsTKmcwdX6hUcVJzd8z-rpWbbfNk-UHuhZT3MwZTpvJkkN53IHrCfg==
age: 3388
vary: Origin
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
34.117.219.39200 OK 20 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc
IP 34.117.219.39:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /landing.php?CFFPCKUUIDMAIN=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&CFFPCKUUID=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.33456222696790827
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.33456222696790827
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.33456222696790827 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=4Dzn9_rEDyCpH4yIZYE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=4Dzn9_rEDyCpH4yIZYE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:41 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
img.scupio.com/img/2011_gym/970x250.png
108.138.217.8200 OK 88 kB URL HTTP/2 img.scupio.com/img/2011_gym/970x250.png
IP 108.138.217.8:0
File type PNG image data, 970 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 631554deae2879a2037e0edf55de2f82
56f44bfa0e33195c2ecf0524cbf985a8e23295d1
5c4e555f2cdb1d2c4bc4bd48cf25afb9944c1faed58be0725a8222e9fe2dd67e
GET /img/2011_gym/970x250.png HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 87751
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Sun, 02 Oct 2022 11:28:37 GMT
expires: Mon, 02 Oct 2023 11:28:37 GMT
cache-control: max-age=31536000
etag: "607cf99c-156c7"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: R_6YmY-3UIKt3A70ZEn-w6g4FvVOwgk4VuFUySRmZdHw-Quhr0p5bw==
age: 2945
vary: Origin
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined
172.217.21.162302 Found 357 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4b276658b15ed41b3cd9073baf97a3de
8b80809953f1730c153b15ba391453853bc17adf
ee98a873addb1f84674c8b8f987d4d895090d2ec4f1c3d6f4a5b9417b11d2e40
GET /pixel?google_nid=clickforce_dmp&google_cm&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_tc=
date: Sun, 02 Oct 2022 12:17:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 357
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 02-Oct-2022 12:32:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_tc=
172.217.21.162302 Found 316 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_tc=
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3128252aee6a61bb88d91f6573b67117
8b8178ba6bad4e19d9b8a95baad68bdd86137ab5
92a184d9686d28cd9473eb50c7a6aa452d4b8832132700a12a8c20fba4353d0d
GET /pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://m.holmesmind.com/ml/google?cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_error=3
date: Sun, 02 Oct 2022 12:17:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13857
108.156.28.83200 OK 396 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13857
IP 108.156.28.83:0
File type ASCII text, with very long lines (1120), with no line terminators
Hash c6f7cbb06b457b3e458ee120ca2ddc7b
90cb2e0710707b1062e2cc2dac73650b8a581391
789ed9f6784468a56735b330ebaacfcfc77130b440964b800af813741df63577
GET /adserver/Preset.js?z=13857 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:14:37 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: Xqdw6g6vvoDLYNNqieFd-oH3Dme-F2R_QF8BSDNXES3DWnRfP2aAIw==
age: 184
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.14660123692433924
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.14660123692433924
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.14660123692433924 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=259&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
52.68.234.1200 OK 860 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=259&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
IP 52.68.234.1:0
File type HTML document, ASCII text, with very long lines (893), with CRLF line terminators
Hash 73c0f09870e5d8455383853bae64bf3b
f9749221866858c1821d1245545388f91626c3e4
cf154b5277cee1c028c85f6541b3c8bd3d6f8ed67cac204027cd516d5d29b453
GET /adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=259&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.9308836419711127
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.9308836419711127
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.9308836419711127 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
bw.scupio.com/adpinline/api.aspx?cb=0.8314716581801623
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/api.aspx?cb=0.8314716581801623
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/api.aspx?cb=0.8314716581801623 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 457
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=lvayerphf3vpqxcrawsunpzz; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=lvayerphf3vpqxcrawsunpzz; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CYA20221002201742743126; domain=scupio.com; expires=Sat, 02-Oct-2027 12:17:42 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
Content-Length: 0
bw.scupio.com/adpinline/api.aspx?cb=0.03984554794159789
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/api.aspx?cb=0.03984554794159789
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/api.aspx?cb=0.03984554794159789 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 457
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=qpp31b4bumovanelzu3qwpfu; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=qpp31b4bumovanelzu3qwpfu; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CMA20221002201742118030; domain=scupio.com; expires=Sat, 02-Oct-2027 12:17:42 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:41 GMT
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash dedf6d3b73c7b6d8380a13e3a1ff352e
57d8cc495a16c5af49677a9f71cb215438df25ea
54dff945470a7fc0ea77edafc5da746a76409cd29aa68ec6c5b937374852ae80
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5591
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:42 GMT
Last-Modified: Sun, 02 Oct 2022 10:44:31 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 313
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Nit8L6-tC76RoOY1ZoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=Nit8L6-tC76RoOY1ZoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:42 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=QZoocoLZCMeuar0TZoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=QZoocoLZCMeuar0TZoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:42 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=4zku3GFXC5umlDTgZoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=4zku3GFXC5umlDTgZoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:42 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Zuy08feHB5KAwem5ZoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=Zuy08feHB5KAwem5ZoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:42 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4a77f6158bb6ef630cb568ad6abfa8bd
39628bacdca3114f367678c37c3767cd6525df37
ac50ce0eceab878a31aa59fbdd8c67546abfdd98436164771a25cd57d81ee70a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2180
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:42 GMT
Last-Modified: Sun, 02 Oct 2022 11:41:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4a77f6158bb6ef630cb568ad6abfa8bd
39628bacdca3114f367678c37c3767cd6525df37
ac50ce0eceab878a31aa59fbdd8c67546abfdd98436164771a25cd57d81ee70a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2194
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:42 GMT
Last-Modified: Sun, 02 Oct 2022 11:41:08 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4a77f6158bb6ef630cb568ad6abfa8bd
39628bacdca3114f367678c37c3767cd6525df37
ac50ce0eceab878a31aa59fbdd8c67546abfdd98436164771a25cd57d81ee70a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2180
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:42 GMT
Last-Modified: Sun, 02 Oct 2022 11:41:22 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 4a77f6158bb6ef630cb568ad6abfa8bd
39628bacdca3114f367678c37c3767cd6525df37
ac50ce0eceab878a31aa59fbdd8c67546abfdd98436164771a25cd57d81ee70a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2194
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:42 GMT
Last-Modified: Sun, 02 Oct 2022 11:41:08 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 313
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=57085406853
178.250.2.131200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=57085406853
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f5eecc245d6c6dc98c1ec46ddc3899b3
b1ff7f6b1e87c18c83e17962d2b46368112b6d62
ef165c55388b3eba54268644764fb85624bdbdc60bcf70d8cfad25e0bbd746a7
POST /cdb?ptv=130&profileId=184&cb=57085406853 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 521
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:41 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 217 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 779ceb5c11967dc135f0b16bbc0c4ced
4f37287321b3b9e21d3af66c8c2f297094eb4711
9c3f62a2938c52838737a78d0bb81d52b74fa99e35121a89db3372a092a6d1e0
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7; expires=Tue, 01-Oct-2024 12:17:42 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=27162320187
178.250.2.131200 OK 162 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=27162320187
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2143e3716eae187e4c03697e9a86836f
11f81c0ca054a87879d247415de42ea15e50ee68
dd5c917d0d9f94eaffc444020a9b7cab0041ec30f58cb2cd0b9e8b04d67a935f
POST /cdb?ptv=130&profileId=184&cb=27162320187 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 162
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=50125745883
178.250.2.131200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=50125745883
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2936f2291c58c7ac87e6e266b5c9a2e8
5d7ace54df2688ad555b9e58fc717843ecdb7af6
6c52b0db1f7d6444cd1590250f37f376b4d5f95269442d8e55bbe4759da0fb27
POST /cdb?ptv=130&profileId=184&cb=50125745883 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 52 B URL HTTP/2 t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash c8ac5b094845b0b18fec7081bc0f0c82
d03e6d146d8d204fb9960b0aa4b3be27f67b27d9
a1248fdc6c418dffd4f546298556996787584539c9cfbde3f3117c094db0afa9
GET /emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 7d6a0d012f48d36b264d837b94c5909a
1151259bc63c70f383f23f005228c710996bdaa6
b5a1c59034f9d68ea54087710d7536830c8fac09047d47b9a090709ae67c5836
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 12:17:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 08:00:19 GMT
Expires: Thu, 06 Oct 2022 08:00:18 GMT
Etag: "1151259bc63c70f383f23f005228c710996bdaa6"
Cache-Control: max-age=329555,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753d60637adc0b59-OSL
eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net/pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=50ef57&referrer=
203.75.214.136200 OK 12 kB URL HTTP/2 eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net/pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 71e20e87eef9cfea9afeac3cc147564b
532770c7a7ec1679a9ed0d32cba381ce907118a9
efb6685bec132ae78476ca032c35c07514307930fce4457db0782cf73146c04e
GET /pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=50ef57&referrer= HTTP/1.1
Host: eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net/pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=a546ca&referrer=%25%25%20referrer%20%25%25
203.75.214.136200 OK 0 B URL HTTP/2 eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net/pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=a546ca&referrer=%25%25%20referrer%20%25%25
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=eee3cc6c-2690-48ce-824e-cde3f9c15ec7&t=a546ca&referrer=%25%25%20referrer%20%25%25 HTTP/1.1
Host: eee3cc6c-2690-48ce-824e-cde3f9c15ec7.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=130&profileId=184&cb=66385801071
178.250.2.131200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=130&profileId=184&cb=66385801071
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 34c15aa66a5ec287e54e38da903ea532
21f3d00137e729f10c6b92bc1d9735f6698b6b08
dff04edab5d4852b3004fb448b475b4a613263e1527920b1f48601e55d0ee66b
POST /cdb?ptv=130&profileId=184&cb=66385801071 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
m.holmesmind.com/ml/google?cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_error=3
35.227.249.156200 OK 0 B URL HTTP/2 m.holmesmind.com/ml/google?cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_error=3
IP 35.227.249.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ml/google?cf_uid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&uu_m=undefined&google_error=3 HTTP/1.1
Host: m.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsUWOvlRyru2n6v-tSWhuIYMrpVVYjMz1eeK2zLuHGfMJBeFkz5sZT6pH8jn8BZKE-k0h1v6Lq39pMeiLeUulWkStq11CY9
expires: Sun, 02 Oct 2022 13:17:42 GMT
date: Sun, 02 Oct 2022 12:17:42 GMT
cache-control: public, max-age=3600
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 0
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-storage-class: REGIONAL
accept-ranges: bytes
content-length: 0
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.9696489099880519
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.9696489099880519
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash b4300e17b77f6891e5e71ce5aa7be57f
3ebab645b84ef21eca94feb5bb4db63c01a84737
b7270452985aa3c914b4f088d5e5e237d381c0f2f2baff00b0395ae0a26c6944
POST /adpinline/bidinfo.aspx?cb=0.9696489099880519 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 301
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=m5hknggaysrgduuhkzd3tp0c; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=m5hknggaysrgduuhkzd3tp0c; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CJA20221002201742850292; domain=scupio.com; expires=Sat, 02-Oct-2027 12:17:42 GMT; path=/; secure; SameSite=None
gx=H4sIAObxOWMA%2fxNmYGDg4ub4NOnFriPzJlkLsAqxcNgLMAEAvBStDhcAAAA%3d; domain=scupio.com; expires=Mon, 02-Oct-2023 12:17:42 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Sun, 09-Oct-2022 12:17:42 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:42 GMT
Content-Length: 1476
ads.aralego.com/sdk
162.210.196.208301 Moved Permanently 0 B IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
connection: close
t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13849
108.156.28.83200 OK 450 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13849
IP 108.156.28.83:0
File type ASCII text, with very long lines (1156), with no line terminators
Hash 3855d0fb5aa98d00cf442894afa9a453
d54c7ff6058881bf6c5fbd8da29fa58f30a0f983
1cbf0f33c6c4fae6d3be4cc886aaf46fc62679e2ad0152ea40f621a21f1f9f47
GET /adserver/Preset.js?z=13849 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:14:37 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: D287uaF3xba1iRT9mpNdeZPkT48WhFFOddtI3TDG_C7B_GQaSSATCg==
age: 184
X-Firefox-Spdy: h2
105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net/pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=50ef57&referrer=
203.75.214.136200 OK 0 B URL HTTP/2 105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net/pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=50ef57&referrer= HTTP/1.1
Host: 105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:43 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.5432751571752977
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.5432751571752977
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 7fa5549d9b22b07e67c63ed4ef0e813e
2fac80d92d01548a7f7e64b9a19dab4c1109cf45
8c65cf774f4d5daa8daae3c2163dc33b0cff676fb41773f095a223c96656e05e
POST /adpinline/bidinfo.aspx?cb=0.5432751571752977 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 301
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=3eh4ysvucvinobgst22dx14n; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=3eh4ysvucvinobgst22dx14n; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CXA20221002201743549016; domain=scupio.com; expires=Sat, 02-Oct-2027 12:17:43 GMT; path=/; secure; SameSite=None
gx=H4sIAOfxOWMA%2fxNmYGDg4ub49r1zz5F5k6wFWIVYOOwFmADREhIaFwAAAA%3d%3d; domain=scupio.com; expires=Mon, 02-Oct-2023 12:17:43 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Sun, 09-Oct-2022 12:17:43 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:42 GMT
Content-Length: 1478
cdn.aralego.net/ucfad/sdk/us-east/sdk
104.26.5.103200 OK 44 kB URL HTTP/2 cdn.aralego.net/ucfad/sdk/us-east/sdk
IP 104.26.5.103:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (43705), with no line terminators
Hash 0edbdb34f8b86da4290bfd11394f5a36
3452910b1954171c86caec8b08c4301b961e71fd
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a
GET /ucfad/sdk/us-east/sdk HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:43 GMT
content-type: application/octet-stream
content-length: 43705
last-modified: Thu, 22 Sep 2022 10:05:53 GMT
etag: "632c3381-aab9"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 6133
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7G8AgVyGCzwuIxW%2Bh2YtjeH%2FuSqg8ICPY%2F3DRSKm4Ry6SEN%2B4lBoHFtV9OqxKJRoL109LAIQJolBRplUHxqhK1VVvm%2FntQuDR%2BjK1joPjSL3h3kKaAp6nCZalNKmerfRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 753d60650cafb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
2.21.206.244301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
IP 2.21.206.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
date: Sun, 02 Oct 2022 12:17:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 371
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 414
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 414
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2022 12:17:43 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2022 12:17:43 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 9.4 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (17962)
Hash 2a312d66a9a931c16d5fcd4814ff8735
cd907367e52483996f8e21de2c7c6c93dca2a22e
367e4a2c9d6825dc173319212a33327d444f1e25ba2e40b3875753fd52f918dd
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 15 Sep 2022 22:38:47 GMT
Content-Encoding: gzip
Content-Length: 9423
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=42483
Expires: Mon, 03 Oct 2022 00:05:46 GMT
Date: Sun, 02 Oct 2022 12:17:43 GMT
Connection: keep-alive
Vary: Accept-Encoding
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.9619522991930985&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
162.210.196.208200 OK 552 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.9619522991930985&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 6c953e9565094a7ed7ec437722149c59
e62714301252f34839df79c25079b070211cd6ec
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.9619522991930985&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
x-adtype: html
x-width: 300
x-height: 250
x-adstyle: banner
x-adsource: PSA
content-type: text/html; charset=utf-8
content-length: 552
vary: Accept-Encoding
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
img.scupio.com/html/ls.html
108.138.217.8200 OK 837 B URL HTTP/2 img.scupio.com/html/ls.html
IP 108.138.217.8:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1165)
Hash f0bab128f06eb99dca294634f705de11
df2c28f24a66faee6a886094404748f50bf0cb7f
a54b6d5c0810dd48fe46eed15869776e5fcdc4ddf4cd8691dd5c0fb3253ce9c4
GET /html/ls.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 12:13:58 GMT
expires: Sun, 09 Oct 2022 12:13:45 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: RzwPNEbIsfXfdoDi-bNClhRW3caX3eX5bmPxc1jOKOkyIWXw_D5M0w==
age: 238
vary: Origin
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CJA20221002201742850292
162.210.196.208302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CJA20221002201742850292
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CJA20221002201742850292 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
pagead2.googlesyndication.com/pagead/show_ads.js
216.58.211.2200 OK 38 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (2320)
Hash 9b24572b5dc1d9579ecfdf8fd074059f
1d81215f2fc4a2eccfeb2cb5ac8da481f79a0e91
bc23926814fda0a4ebb48510a36c0654c7223686aab01edfde323916594a4eb7
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 02 Oct 2022 12:17:43 GMT
expires: Sun, 02 Oct 2022 12:17:43 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3958403703121749945
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 38077
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
162.210.196.208200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
content-type: text/html; charset=utf-8
content-length: 46
vary: Accept-Encoding
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
162.210.196.208200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
content-type: text/html; charset=utf-8
content-length: 46
vary: Accept-Encoding
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4623600330588574&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
162.210.196.208200 OK 555 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4623600330588574&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash db2b88caa2c34dc0d6153583839218f2
1752062cf41f0778d347bc5e115d1caef1233630
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2F8pa0Yo&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.4623600330588574&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
access-control-expose-headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
x-adtype: html
x-width: 300
x-height: 250
x-adstyle: banner
x-adsource: PSA
content-type: text/html; charset=utf-8
content-length: 555
vary: Accept-Encoding
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.4157080940361111
210.59.219.180200 OK 157 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.4157080940361111
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash ac9ffca5f957f74637cbfe2a90c21330
ebe112f06379a6cc9b279c208db57152b0f9ce54
5b5bb2a3957d59caa876a5e128e15ca38ddb1c1a4c454986f250c865848fb83a
GET /ssp/initid.aspx?mode=L&cb=0.4157080940361111 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=fzslrzvtckto4zk0r0tec21t; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:43 GMT
Content-Length: 157
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash ef5456e11406f2fccf79581f3399ae01
dcd818000a4ab196029014ecfb5f82061494b7f8
2f656576aca1c58531c7c9f36c9f7abca3ce1585d01b0227476d16f3eb8de241
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 12:17:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 06 Oct 2022 10:03:16 GMT
ETag: "dcd818000a4ab196029014ecfb5f82061494b7f8"
Last-Modified: Sun, 02 Oct 2022 10:03:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2709
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753d6067edbcb4ff-OSL
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 02 Oct 2022 12:17:42 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221002201743549016
162.210.196.208302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221002201743549016
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221002201743549016 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
3.33.220.150200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 3.33.220.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:43 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
162.210.196.208200 OK 35 B URL HTTP/1.1 sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
set-cookie: euconsent-v2=; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
gdpr=1; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Mon, 02 Oct 2023 12:17:43 GMT; Secure; SameSite=None
content-type: image/gif
content-length: 35
date: Sun, 02 Oct 2022 12:17:43 GMT
connection: close
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ab779588f01243aca896d41395f8bd90
b8ef2d7cdc6366c283db0d608766a126dce37164
5531deca73d8380883740395d82457f4d39761134404876881242e2135b1546a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3959239fe93cc41b701cbce99e546170
1ce0c0d216fd2a4eccd12b87b765b7593ad560dc
b12fecab79eb348a730bf255623a86305606a803b595998a050f0458966e8106
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3959239fe93cc41b701cbce99e546170
1ce0c0d216fd2a4eccd12b87b765b7593ad560dc
b12fecab79eb348a730bf255623a86305606a803b595998a050f0458966e8106
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (45165)
Hash e626c8c301a20e6a75d025ec901f542a
048fd71d153376c4895c90d20964c79061e00be9
0a26bcb71da83bf1463223fcf4fff153dbe746836952f987d01b97896f04b9c3
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27690
date: Sun, 02 Oct 2022 12:17:44 GMT
expires: Sun, 02 Oct 2022 12:17:44 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1351 / 723 of 1000 / last-modified: 1664575501"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
216.58.211.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 216.58.211.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 02 Oct 2022 12:17:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=reurl.cc
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 02 Oct 2022 12:17:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ac3bd9203842561ff6c0efa66a4f0c53
6e4a2cfd9c78b8f74eaed22be5d3a97e0ef4d4e6
d12d2268c2e86892041bc3c4f3a6724afc1ddafcb442d4007f32fd13ec3b9aa9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5731
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Last-Modified: Sun, 02 Oct 2022 10:42:13 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
adservice.google.com/adsid/integrator.js?domain=reurl.cc
216.58.211.2200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 216.58.211.2:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 02 Oct 2022 12:17:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=reurl.cc
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 02 Oct 2022 12:17:44 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 46 B URL HTTP/2 t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 0c80c3a2604d656b7e461160bf5eba0f
d4f5c720a2b94f5f13b2e569035a7b14a513630d
470b81d27902c371ec202ef835ecf76bf54c8e222dab8b77eb8d2fd45652c955
GET /cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:44 GMT
Content-Length: 0
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&ea=0&wgl=1&dt=1664713063670&bpp=23&bdt=356&idt=237&shv=r20220928&mjsv=m202209260101&ptt=5&saldr=sa&cookie=ID%3D1c77099533a44541-22cb213a39ce00a0%3AT%3D1664713063%3ART%3D1664713063%3AS%3DALNI_MaegmZy_yr9PT-EFo8ZtXp_aecT8g&correlator=3276166135190&frm=23&ife=1&pv=2&ga_vid=1160730420.1664713060&ga_sid=1664713064&ga_hid=47402570&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1774740543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531706%2C31069177&oid=2&pvsid=4463044964888263&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.qifi2swyv2lq&fsb=1&dtd=438
142.250.74.130200 OK 24 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&ea=0&wgl=1&dt=1664713063670&bpp=23&bdt=356&idt=237&shv=r20220928&mjsv=m202209260101&ptt=5&saldr=sa&cookie=ID%3D1c77099533a44541-22cb213a39ce00a0%3AT%3D1664713063%3ART%3D1664713063%3AS%3DALNI_MaegmZy_yr9PT-EFo8ZtXp_aecT8g&correlator=3276166135190&frm=23&ife=1&pv=2&ga_vid=1160730420.1664713060&ga_sid=1664713064&ga_hid=47402570&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1774740543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531706%2C31069177&oid=2&pvsid=4463044964888263&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.qifi2swyv2lq&fsb=1&dtd=438
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (55574), with no line terminators
Hash 1db0a26ebe92128684a39a15ab03ef1c
4c425a823e778d77a05bdf6c4dad5facfb21a480
2e21ee736e8144165a72b0a62150636846f7cfb68a66bb704f41b4a5a5ecdf5c
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2F8pa0Yo&ea=0&wgl=1&dt=1664713063670&bpp=23&bdt=356&idt=237&shv=r20220928&mjsv=m202209260101&ptt=5&saldr=sa&cookie=ID%3D1c77099533a44541-22cb213a39ce00a0%3AT%3D1664713063%3ART%3D1664713063%3AS%3DALNI_MaegmZy_yr9PT-EFo8ZtXp_aecT8g&correlator=3276166135190&frm=23&ife=1&pv=2&ga_vid=1160730420.1664713060&ga_sid=1664713064&ga_hid=47402570&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=1774740543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531706%2C31069177&oid=2&pvsid=4463044964888263&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.qifi2swyv2lq&fsb=1&dtd=438 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 02 Oct 2022 12:17:44 GMT
server: cafe
content-length: 23878
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 02-Oct-2022 12:32:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 02 Oct 2022 12:17:44 GMT
cache-control: private
X-Firefox-Spdy: h2
pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
69.173.158.64204 No Content 0 B URL HTTP/1.1 pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
IP 69.173.158.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=xapi-bridgewell HTTP/1.1
Host: pixel-apac.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
Content-Type: image/gif
6b8e7d739297b8f80f4c128a9db5b236.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 6b8e7d739297b8f80f4c128a9db5b236.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: 6b8e7d739297b8f80f4c128a9db5b236.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 02 Oct 2022 12:17:44 GMT
expires: Mon, 02 Oct 2023 12:17:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fba34f0dbfc897ab3e60882b380fa7b0
1a12761b7c0daf4189543d7ca04a2034d6720226
a72242124d90bb1a7aad3c92fa86450516244d5a7b69eb8058aa457c4ec32b3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fba34f0dbfc897ab3e60882b380fa7b0
1a12761b7c0daf4189543d7ca04a2034d6720226
a72242124d90bb1a7aad3c92fa86450516244d5a7b69eb8058aa457c4ec32b3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
7243d510291585a50bfd9fe7ffed2c7f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 7243d510291585a50bfd9fe7ffed2c7f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: 7243d510291585a50bfd9fe7ffed2c7f.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 02 Oct 2022 12:17:44 GMT
expires: Mon, 02 Oct 2023 12:17:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1624)
Hash 133fde8c1ac7b233618384984b980ae7
ff577b7ec2e43c8eaef430b3875dfd59cf82693c
abe394ea4aaeb29c4a08fbd0c0cd3aea525542d7933325db42d7b85bc9598c44
GET /pagead/js/r20220928/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 9561
x-xss-protection: 0
date: Sun, 02 Oct 2022 11:42:47 GMT
expires: Sun, 16 Oct 2022 11:42:47 GMT
cache-control: public, max-age=1209600
etag: 483224313611802536
content-type: text/javascript; charset=UTF-8
age: 2097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
216.58.207.226200 OK 44 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 216.58.207.226:0
File type ASCII text, with very long lines (3498)
Hash edcdf3320c234b0155d06ea7eb3f5356
59ac0953e852dfcb01ae8477b7e56ae1668db2f9
4e5b88ef6f251dbd13697bb6284ec35b1a2ecfbe28d49a78b3cf8633bc277765
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 44530
date: Sun, 02 Oct 2022 12:17:44 GMT
expires: Sun, 02 Oct 2022 12:17:44 GMT
cache-control: private, max-age=3000
etag: "1664365478704152"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1494)
Hash 126f036451fe7f2fc91dd1114d8daef7
9510b9439d0169421dd29b6493bd15fd21816c5e
76548fed45d196bae3076488e40b3fa7347a25f7d076922ba4d53db5263ce9b2
GET /pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 7559
x-xss-protection: 0
date: Sun, 02 Oct 2022 12:06:57 GMT
expires: Sun, 16 Oct 2022 12:06:57 GMT
cache-control: public, max-age=1209600
etag: 15289875785628835784
content-type: text/javascript; charset=UTF-8
age: 647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2022 12:17:43 GMT
Content-Length: 0
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 9aa866affe6d4f81e10945d8061234ea
18f1553105b1f73eb874300034ff96ef964759d8
eac86fce4c46adbfd19bc6b1e9d9820ee8d72daa75a7f4a528543495a80c356e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 02 Oct 2022 12:17:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 02 Oct 2022 02:13:45 GMT
Expires: Mon, 03 Oct 2022 02:13:45 GMT
ETag: "18f1553105b1f73eb874300034ff96ef964759d8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash eb2de1a6c4c76b62bd9b5844ac8f0711
205f8666f86cf5f699ed5c8252c46004492fa88e
d0f5a54640474e3d0383d5302a9899e8060456287379906d2359925c6d36c46b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
p4-e6iibbxbrktec-p6ttsvhqgmvfcdck-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
142.250.74.163200 OK 204 B URL HTTP/2 p4-e6iibbxbrktec-p6ttsvhqgmvfcdck-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
IP 142.250.74.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash afe25ed4055178532428742d71693b85
a4aca9e0577199d8a3a14cdd3bd519e267f692d6
4fa905829add2f184939365a56c86302f4ee0fd0d3766da2cede6766fb3cad36
GET /v6exp3/redir.html HTTP/1.1
Host: p4-e6iibbxbrktec-p6ttsvhqgmvfcdck-if-v6exp3-v4.metric.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-pLz7Tsd7LDnGlhY2K0YT9Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 204
date: Sun, 02 Oct 2022 12:17:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash eb2de1a6c4c76b62bd9b5844ac8f0711
205f8666f86cf5f699ed5c8252c46004492fa88e
d0f5a54640474e3d0383d5302a9899e8060456287379906d2359925c6d36c46b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 12:17:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.doublemax.net/tos_zone/pb_adx/common/451.html
99.86.38.124200 OK 258 B URL HTTP/2 cdn.doublemax.net/tos_zone/pb_adx/common/451.html
IP 99.86.38.124:0
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f37fdd9b131d352b351775ce55bdd908
23e082434020ece26080a9b3abc3bad2bc221e3d
d34f6791093494692bf9603540a25f601f57426d0fcb65612ecde013e2ab25f0
GET /tos_zone/pb_adx/common/451.html HTTP/1.1
Host: cdn.doublemax.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 258
last-modified: Mon, 07 Aug 2017 03:20:35 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:46 GMT
etag: "f37fdd9b131d352b351775ce55bdd908"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront)
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: qmBSJ7H9a6a1W98mXige96pa6yleGUunyNItURRW8mq1MazNeo4q8Q==
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=451
108.156.28.83200 OK 353 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=451
IP 108.156.28.83:0
File type ASCII text, with very long lines (672), with no line terminators
Hash d59c1e9ab5a1ffceb39612317439e993
587257e4d68046ad9d7a5f6b80223c92af8789a6
cdb41a30edc8d64dffd46c38d6fc2dd85d5a8632fb8991d179f940322965f3b4
GET /adserver/Preset.js?z=451 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:08:01 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.doublemax.net
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: cf5U_93MWvvs7di5IH43c50MlN4CvCPfjm6yIwftYzSWukPwy14PqQ==
age: 584
X-Firefox-Spdy: h2
cdn.doublemax.net/js/init.js
99.86.38.124200 OK 2.0 kB URL HTTP/2 cdn.doublemax.net/js/init.js
IP 99.86.38.124:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 52d0206683fa586b3458d7b8e478f654
caa1fe2e2d30ed97270e117cd6b2a5a00254e02f
b82b82e996c313503230d43b35743423f7df7892a3ebf0387988905413dfb333
GET /js/init.js HTTP/1.1
Host: cdn.doublemax.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/tos_zone/pb_adx/common/451.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
server: AmazonS3
content-encoding: gzip
date: Sun, 02 Oct 2022 12:16:57 GMT
etag: W/"439e160b698f1ec2efb45c3b6cd6b265"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront)
x-amz-cf-pop: SEA19-C1
x-amz-cf-id: OoIRtcbLG6ipo6HyMAPlcOA-hSyBjmnEccOqB11jJgr2Sqa3L_1WXQ==
age: 49
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=451&rf=https%3A%2F%2Fcdn.doublemax.net%2Ftos_zone%2Fpb_adx%2Fcommon%2F451.html&n=443&o=4&d=1&b=3&ts=1&ii=3&FPCK=3243-b2FwxdwBV1SvHDtcHjABDUggzPzCXany&initver=210830P
52.68.234.1200 OK 1.1 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=451&rf=https%3A%2F%2Fcdn.doublemax.net%2Ftos_zone%2Fpb_adx%2Fcommon%2F451.html&n=443&o=4&d=1&b=3&ts=1&ii=3&FPCK=3243-b2FwxdwBV1SvHDtcHjABDUggzPzCXany&initver=210830P
IP 52.68.234.1:0
File type ASCII text, with very long lines (1752), with CRLF line terminators
Hash af65a5c2aaa93c070b5ac685c90541ca
127a0654ae79fa9b0619eb6765451675e6ab140f
23aff3b7807d11a51c6a58a27e8207f7b3ef6df6b1e5c94d6800f1b095f1de28
GET /adserver/ads.js?z=451&rf=https%3A%2F%2Fcdn.doublemax.net%2Ftos_zone%2Fpb_adx%2Fcommon%2F451.html&n=443&o=4&d=1&b=3&ts=1&ii=3&FPCK=3243-b2FwxdwBV1SvHDtcHjABDUggzPzCXany&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:45 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.doublemax.net
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 572
Origin: null
Referer: https://cdn.doublemax.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Pd6q748OBaCGpxqRaoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=Pd6q748OBaCGpxqRaoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:46 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
172.104.121.22307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 172.104.121.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 572
Origin: null
Referer: https://cdn.doublemax.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sun, 02 Oct 2022 12:17:46 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=4PDgJypcC6imaroBaoE5Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=4PDgJypcC6imaroBaoE5Yw; Path=/; Domain=c.appier.net; Expires=Mon, 02 Oct 2023 12:17:46 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/modle/Live_Streaming.js
108.156.28.65200 OK 38 kB URL HTTP/2 cdn.holmesmind.com/js/modle/Live_Streaming.js
IP 108.156.28.65:0
File type HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash b478631c17ab4e0fca2103e8d324981e
124b13c0f7e6864ebf791ceae590cdcf7abdbd7e
e2ce48828cc513e392a4dbc14b34377b236a57fa1e4eea2862067724bad131a7
GET /js/modle/Live_Streaming.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 38250
last-modified: Mon, 09 May 2022 09:51:16 GMT
x-amz-version-id: H2J3qUoJw1_n4UfcwHjDEW4ajPHxFh.W
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:46 GMT
etag: "b478631c17ab4e0fca2103e8d324981e"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: ExESPJMgLfb8Yd7i0TkNh8WU9Lpk1mqkumJmB7xnWOiavxOvjjKayg==
age: 18
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/modle/ade/ade-tracker.js
108.156.28.65200 OK 1.6 kB URL HTTP/2 cdn.holmesmind.com/js/modle/ade/ade-tracker.js
IP 108.156.28.65:0
Hash cc88de770769cdecaa524a5801120c78
5f25d39f00d22df5f4feb3059d9bc51805dade4d
72e9ecb7db91e5a334caa4e36a70071de2851fe7c5a6e4b1028cc80c5be0fa84
GET /js/modle/ade/ade-tracker.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 1646
last-modified: Wed, 20 Apr 2022 09:24:31 GMT
x-amz-version-id: NaKVz_HCicjxM9ESQPttcJqfpSisoaZU
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:16:55 GMT
etag: "cc88de770769cdecaa524a5801120c78"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: THY-NsnEePlScCaxlOLHjP3_MnZTuHpkiPOiq_ndRu1KbnL98adjMA==
age: 52
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/modle/v/v_sdk.js
108.156.28.65200 OK 192 B URL HTTP/2 cdn.holmesmind.com/js/modle/v/v_sdk.js
IP 108.156.28.65:0
File type ASCII text, with no line terminators
Hash 8644272abfaa44219b2ed3d118b43dbc
a4f4ac8d9323e3ddc5d4579bb08345530f63e38d
7490c495bc701b5f3c822f76f18d9f9842e4c3578b4c8e74937ce49a1ca75546
GET /js/modle/v/v_sdk.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 192
last-modified: Tue, 29 Mar 2022 07:13:07 GMT
x-amz-version-id: XbcfHlCv0YU6yVSgKouNneQhxA5kNsN1
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 12:17:46 GMT
etag: "8644272abfaa44219b2ed3d118b43dbc"
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: xD7f4BX6r4bk0YCEO86er3AKdiaEyfttHfeuarweGLg8mm3xHRYTDw==
age: 16
X-Firefox-Spdy: h2
cdn.holmesmind.com/image/12448/copied_copied_copied_c76d938043289f859a6e2f2f7e48cf6f.jpg
108.156.28.65200 OK 137 kB URL HTTP/2 cdn.holmesmind.com/image/12448/copied_copied_copied_c76d938043289f859a6e2f2f7e48cf6f.jpg
IP 108.156.28.65:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size 137 kB (136854 bytes)
Hash a0424ec40fa451e46368ac9d3b80893d
41b5fb2c56758cd080e3b4af6be333f0672e9a4e
82ae2511a3c80cfa9894ae9bb0aca00b21bcdb48fd7ec1185b10f4cca92a0e22
GET /image/12448/copied_copied_copied_c76d938043289f859a6e2f2f7e48cf6f.jpg HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 136854
date: Sun, 02 Oct 2022 10:37:03 GMT
last-modified: Fri, 30 Sep 2022 06:53:53 GMT
etag: "a0424ec40fa451e46368ac9d3b80893d"
x-amz-version-id: MYMt5XUJjOkJXh.pKDi2ZiAd.Z6kOG..
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 c9e93510e33ab69af0de2f41455fbb80.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: x8tE0OJAsKtFUMKsyjLrP43x0GfuUkng3ri_9pfZHxDpWe2rEJyajg==
age: 6044
X-Firefox-Spdy: h2
105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net/pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=cf&referrer=https%3A%2F%2Fdoublemax.net
203.75.214.136200 OK 0 B URL HTTP/2 105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net/pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=cf&referrer=https%3A%2F%2Fdoublemax.net
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=105fbbfe-d205-499e-a7fe-e345b4cb50d7&t=cf&referrer=https%3A%2F%2Fdoublemax.net HTTP/1.1
Host: 105fbbfe-d205-499e-a7fe-e345b4cb50d7.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:46 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:46 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.2.130:0
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:42 GMT
content-type: text/javascript
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
etag: W/"6326273b-1e2be"
expires: Mon, 03 Oct 2022 12:17:42 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/av?p=451:55939:127788:cb0f07f45cf1d919255c2b75587b3482:12448&type=0
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/av?p=451:55939:127788:cb0f07f45cf1d919255c2b75587b3482:12448&type=0
IP 52.68.234.1:0
GET /adserver/av?p=451:55939:127788:cb0f07f45cf1d919255c2b75587b3482:12448&type=0 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:46 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/utag.js
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /utag.js HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: application/javascript
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
vary: Accept-Encoding
etag: W/"62de3d74-134a"
expires: Sun, 02 Oct 2022 12:27:40 GMT
cache-control: max-age=600
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.doublemax.net
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:46 GMT
access-control-allow-origin: https://cdn.doublemax.net
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
c.holmesmind.com/cm?tc=getIn&
35.201.76.93200 OK 0 B URL HTTP/2 c.holmesmind.com/cm?tc=getIn&
IP 35.201.76.93:0
GET /cm?tc=getIn& HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:39 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE;Expires=Thursday, 30-Sep-2032 04:17:39 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
test_cookie=;Expires=Thursday, 01-Jan-1970 08:00:00 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59;Expires=Monday, 17-Oct-2022 04:17:39 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
C=null;Expires=Monday, 17-Oct-2022 04:17:39 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
RK=null;Expires=Wednesday, 11-Jan-2023 04:17:39 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
108.138.217.8200 OK 0 B URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP 108.138.217.8:0
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 12:16:54 GMT
expires: Tue, 01 Nov 2022 12:16:54 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: Ufzcnl9XseIzBwhFg8EhY4pzw3Ew_kiIAMBdukrj-ZIQ3LaOZn-kxQ==
age: 46
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.doublemax.net
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:46 GMT
access-control-allow-origin: https://cdn.doublemax.net
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7; expires=Tue, 01-Oct-2024 12:17:46 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/ga2.js?v=2
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/ga2.js?v=2
IP 35.185.130.121:0
GET /javascripts/ga2.js?v=2 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/8pa0Yo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-26a"
expires: Mon, 02 Oct 2023 12:17:38 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/adsbyscupio.js?v=1.0.2
108.138.217.8200 OK 0 B URL HTTP/2 img.scupio.com/js/adsbyscupio.js?v=1.0.2
IP 108.138.217.8:0
GET /js/adsbyscupio.js?v=1.0.2 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 12:16:52 GMT
expires: Sun, 02 Oct 2022 15:16:52 GMT
cache-control: max-age=10800
etag: W/"607cf957-11ab"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: ykQ6oRM-Sgc3BmpCJZAaOnOzEfMyqW8JUoP-aZ8Mrg9xLBSPnlvUAw==
age: 49
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
c.holmesmind.com/cm
35.201.76.93302 Found 0 B IP 35.201.76.93:0
GET /cm HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx/1.10.3 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:39 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: test_cookie=CheckForPermission;Expires=Monday, 03-Oct-2022 04:18:39 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=cf&cid=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
reurl.cc/8pa0Yo
35.185.130.121200 OK 0 B IP 35.185.130.121:0
Analyzer Verdict Alert openphish Tencent
GET /8pa0Yo HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://prizerichmax.com
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:42 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7; expires=Tue, 01-Oct-2024 12:17:42 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:40 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=daa5b23a-efba-4bc1-9f4c-6789b59a0803; expires=Tue, 01-Oct-2024 12:17:40 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=883&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=883&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
IP 52.68.234.1:0
GET /adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=883&o=4&d=1&b=3&ts=1&ii=3&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:40 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13848
108.156.28.83200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13848
IP 108.156.28.83:0
GET /adserver/Preset.js?z=13848 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 12:17:39 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 329cb27be8d7871661ed5a94ecaacb28.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: cm8889C0_O2g5FefoWrJs8Bd_kYScHChSnliQX1XypzrUhjMP7t_5A==
X-Firefox-Spdy: h2
img.scupio.com/html/ad.html?v=1.0.65
108.138.217.8200 OK 0 B URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 108.138.217.8:0
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Sun, 02 Oct 2022 11:19:53 GMT
expires: Tue, 01 Nov 2022 11:19:53 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 c26a4c21d05db121c09038b0610c812a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P3
x-amz-cf-id: TQCKDWZnNs_XOqMrLJl__f75g9B4stmXfci4AxkNM6O6o6HKvQ-LGw==
age: 3466
vary: Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
reurl.cc/stylesheets/rwd/style.css?v=1
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP 35.185.130.121:0
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/8pa0Yo
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: text/css
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-9f6"
expires: Mon, 02 Oct 2023 12:17:38 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/8pa0Yo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: application/javascript
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
vary: Accept-Encoding
etag: W/"61100f5a-1d6"
expires: Mon, 02 Oct 2023 12:17:38 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=50ef57&cid=7413-AQWWmptPZBvsOeQnJgNyAPqCtcgLwBeb&mp=eee3cc6c-2690-48ce-824e-cde3f9c15ec7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:41 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:46 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=7851-LMhxWQvZ1crlpnawuzA1tTyGy8YbCRsB&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=7851-LMhxWQvZ1crlpnawuzA1tTyGy8YbCRsB&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=50ef57&cid=7851-LMhxWQvZ1crlpnawuzA1tTyGy8YbCRsB&mp=105fbbfe-d205-499e-a7fe-e345b4cb50d7 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.doublemax.net
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: uuid=105fbbfe-d205-499e-a7fe-e345b4cb50d7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sun, 02 Oct 2022 12:17:46 GMT
access-control-allow-origin: https://cdn.doublemax.net
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=397&o=4&d=1&b=3&ts=1&ii=2&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=397&o=4&d=1&b=3&ts=1&ii=2&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P
IP 52.68.234.1:0
GET /adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2F8pa0Yo&n=397&o=4&d=1&b=3&ts=1&ii=2&FPCK=9060-kVt6CHYyhcAwQSFRjQTIDoPlczh0yCLJ&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=873746-NeONAw9N8hSL2zyWUBcvOwOHPqyDrClE; Vision=20221002-23:59,20221002-23,20221002-23,20221002-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 12:17:41 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/loading.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/loading.js
IP 35.185.130.121:0
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/8pa0Yo
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 02 Oct 2022 12:17:38 GMT
content-type: application/javascript
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
vary: Accept-Encoding
etag: W/"61100f5a-f0"
expires: Mon, 02 Oct 2023 12:17:38 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2