ouo.io/ZVf2P0
172.67.6.151301 Moved Permanently 0 B IP 172.67.6.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZVf2P0 HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 14:08:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 26 Nov 2022 15:08:00 GMT
Location: https://ouo.io/ZVf2P0
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77033193fcc7b518-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10758
Expires: Sat, 26 Nov 2022 17:07:18 GMT
Date: Sat, 26 Nov 2022 14:08:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4498
Cache-Control: max-age=164286
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:00 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:46:06 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4957
Expires: Sat, 26 Nov 2022 15:30:37 GMT
Date: Sat, 26 Nov 2022 14:08:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 13:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2927
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: IsuMCXYDS/V8a5n2p+J8OgTPT+fyjGZTsofzwikDYVhpHO5t7ZG8o0f+NH2ocrmNbsuYcAfRq70=
x-amz-request-id: N6YJ5FEYJY3VQS2K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 13:44:15 GMT
age: 1425
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e8929dbb02832683ab2331f272baa179
4de2dffe4da967f0750e22db95a8d95af6c3dc68
e1d485739ea8a61614a34e4eb1536a36a3d0ce6c00cd3a17b41588340a3f879e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 675
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:00 GMT
Etag: "63813128-116"
Last-Modified: Sat, 26 Nov 2022 13:56:45 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 278
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 14:08:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ouo.io/ZVf2P0
172.67.6.151302 Found 571 B IP 172.67.6.151:0
Hash ff996b488ab6c32677b1930e20b4770c
a91e432a879320633e6869bafcfcdd61f84dd18e
f9a9c97c6a9fc015750c51c020940d1e3613a0b427770aefcafe9d4004a1a505
GET /ZVf2P0 HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: language=eyJpdiI6IjVvRzNLczFKeGJPMTN4VkVrMjM1NUZ1RUwxSmxCVk15UGVBQnkzamZBVjg9IiwidmFsdWUiOiJyN3dMS0hDMTg5YWx6aVwvbnpjSDd4WGJ5XC8xbXFFVmEwNWFIeCtOc01Qck09IiwibWFjIjoiYjViOTAwNDJmNTIxNTI4MGY4YWEyYzg3NzAwMGFmNGJjM2MxY2M2NDBhNThmNTI1YTA4Mzc3NDk3NTExYjNkZCJ9; cf58ae6f7a97f863b1864d8d47f935c38ea35ae7=eyJpdiI6Im9VU0lubzN4VGwyU1owajJUTEdCWkFyRllRRytWXC9qOWdEajVMN3JNTTdJPSIsInZhbHVlIjoibDlEVkZ1RkNqbXB6RGVSdjhvRlRKTmRTOXRZaFhZUkpzNm9RRmYrTmppdXBaeFwvZnRLc0RTaW5ZcE5ndDJTQmljcmNiNjBiWDVYV2JiTTJOWllMcU9KMWJOZFkrdnFYdHQwYk1ISktKK3l0V1J2THlzaHAxRlFSc2k2SUxZcW93dDUxd2pZcGtwK1J2bXR3NThzVnBIc0ttTVlGUHRGRTNMb3Mya0M5cTZSNXpiN2NBSFRVMFY3aEUyTjFsTnBqb284RXdnM0IrOTV3bUxZbXpZZUxWZUFRbGFlXC95XC9VdFwvb3VvVnRxRGtGcWFpM3FwSkJ1aVdYXC80dnVhVW5cLzJPZnNTajIyYnlxMTBXTmcyUW56YkVmYWFmMm9NNkdiY1BTWnBKMXExUlRGK25qeTFIYjg3dzZuMU5GZUtmbGEzb3dRM1huUlhINlNRdFcxSmJ2R1wveUdland2R1NTcEpHU3BBOUFvNzVNcUhkTGNCNVwvb3lIT24xbWZSYk1aVGR6eVgiLCJtYWMiOiI1NTE1NzAyNWZiMWRjMzUwNTQ4N2JiYjJkYjNiZWY0MzBmM2E3MTU4YTg4NjlhMGNjNWJkMTI3MWU4ZDY5MDc5In0%3D; a=ZVmFPKKwvMlRbOcWXESvl4XZ8VrzfkSD; _ga=GA1.2.695983097.1669471468; _gid=GA1.2.989384790.1669471468; token_QgRnAAAAAAAAKxZ0bn0DRfSKVyfY6I4BGDWg_mk=BAYAY4Ic7AFjghzsgAGBAcAAIIiyjG2aBstCy79pN4pTnq9eaHoNUdur1wC69PSJBj6nwQAgPTWnhYGOnZMDryJ4oYS3s9QB_8GX2MXfA7UHuWGBlEI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/ZVf2P0
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6Ilg4Z2U2VmxnUE4wTGc1V3dJREJKK1BIUkxmWDlOc09JZjBVSFYwbTRrcUU9IiwidmFsdWUiOiJ6K2RMTnhsSnBRaXA4bjdFaFQ0MVR5dVp6c3M3XC9MaGJkczg5RHRHR2cwVzBTN2JGV1lUQ01lZ01mV1pscVRzUFFrSXBpNjRqd2tYWlFWTmpJc0RRUEE9PSIsIm1hYyI6ImE2NTVkMmI0YzI2ODAyZjIyNDE4NjM0NTUyZTQ1MzVlMTliODMxMDEzNTAzOWM1Mjg0YmFmMGNlNDg2NjAyMzgifQ%3D%3D; path=/; httponly
language=eyJpdiI6IittTkJcL2FxdE4zZ0YzVFB0VU43a1ZabUtGUGJwK0V3OUcyVGY2T1lnMXpnPSIsInZhbHVlIjoiR3VHRTczOUxNcVYwaWJNOEt3VnVxcGwyMmZCZUtxOHFLVUVIeWN1MFhwOD0iLCJtYWMiOiI0YjYxNDgyMjI5MGY2N2ZkZTRjMDk2M2NjZGQyZmRmOGZjNGQyMjZkZTY4NmI3ZDJhMmQ0ZTJhMDZjZWUyNTlkIn0%3D; expires=Thu, 25-Nov-2027 14:08:00 GMT; Max-Age=157680000; path=/; httponly
68ae8f88980934a6bc2899da5b6c7882f483f7e7=eyJpdiI6Ik9oZm9BeWEzWjR5MTZjN0hYaTJwUVY5QTI2WjkwME1wMmxyamY1NlNrUDg9IiwidmFsdWUiOiJKcG5GV3gwVm4rNlFYMEZ3dDFXTnNkQlpweHFQc1FDV1BlNyt5Uk5lK0lJTnBUMkMxRFpuS0t2NlQ1TllyR2lkY254VmVrYmY2WUh3RHc5akN4XC9LVUV6bWxVVUM1UStKdXZDRUw1eWxyeGNVWkRZc2IrVEkydzl5bldMeUR5MVA1bTZxczd3OGhjVnJZY3pva3BoOTl3M3NoMndISE1OcVRzSXpcL01JNDFRRFJjeU9NM0JFb0plXC9DdXJFVU9Dd3UzRmI5c2xcL1wvbGJDWHF6a2s4ckFJWDB3bjFiWStUbHA5SFhQdEJrZGxVMTNcL0lYQWtMRXlmNnhKTzZTYUxYTnMxRlh1KzN5ZUozYVpyOWduWDZicVp1MFlMOERIVE1tVkl3MVB2bjdwcVBKRGV0Z3V5NzJYSm5LZWVBYTZDYU56S0FYenliclFsZFV3MHdIVWpSQWFWNkE9PSIsIm1hYyI6IjA3ZWIwYTU3OTY3MjMwMDQ1YWUwYWRhZGNhNjdkOWFiNTI1MWUwNDUwZWQ5ZWExOTk1OTU4N2FkZDc4ZDYyYTEifQ%3D%3D; expires=Sat, 26-Nov-2022 16:08:00 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 770331958deeb512-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 13:08:54 GMT
cache-control: public,max-age=3600
age: 3547
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2592
Cache-Control: max-age=157322
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 09:50:03 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ouo.press/images/world.png
172.67.22.15200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP 172.67.22.15:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/ZVf2P0
Cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; 7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; __cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Sat, 03 Dec 2022 22:33:44 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1956857
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7703319a0c54b4f4-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f6fba5266281b44a90149a255158598d
fca36cb5d5ceed074516ac7b7e60e8a0f5ec5700
cb0b42ffbf51270fcb48b3d43a6d698b95df528737b4f969a3e3409741371bcf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3191
Cache-Control: max-age=141726
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Etag: "638197e8-117"
Expires: Mon, 28 Nov 2022 05:30:07 GMT
Last-Modified: Sat, 26 Nov 2022 04:36:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ab38abeb6e1559c84c3f7cb970c3a459
0281c6e31490fea00bdf63660d7402075316eaff
37250f3edc6a0f677d242f1c251608dd67b663acc4f0e9e5df15369bd127ef5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3063
Cache-Control: max-age=131525
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Etag: "6381708f-117"
Expires: Mon, 28 Nov 2022 02:40:06 GMT
Last-Modified: Sat, 26 Nov 2022 01:49:03 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 30f833b25d6e5af2229d9584c6f6cf97
ee79c3fa994d53c1d0687ca61353d63cce459e25
1bc091991c4663dbc86ae735e47ddc3e887a24661050ad9f24b8d458bfd11a6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.164200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 729acee2a72aedc9406dba71bf4c1d00
e7f1dea037aaa2df1c1e5b884dc5d73b7bc35e82
7e9b8e953f317a7a47db6df1d1ac8be5c78e9a9524a0a07755c748c2198f816a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 26 Nov 2022 14:08:01 GMT
date: Sat, 26 Nov 2022 14:08:01 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f6fba5266281b44a90149a255158598d
fca36cb5d5ceed074516ac7b7e60e8a0f5ec5700
cb0b42ffbf51270fcb48b3d43a6d698b95df528737b4f969a3e3409741371bcf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4095
Cache-Control: max-age=142630
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Etag: "638197e8-117"
Expires: Mon, 28 Nov 2022 05:45:11 GMT
Last-Modified: Sat, 26 Nov 2022 04:36:56 GMT
Server: ECS (amb/6BAB)
X-Cache: HIT
Content-Length: 279
ecdn.analysis.fi/static/js/fab.js
54.230.111.87200 OK 4.2 kB URL HTTP/2 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.87:0
File type ASCII text, with very long lines (574)
Hash 28a0bef1ecb63168106f97b637ab3414
e577575dd115f6a95aea8c2ae87d2c30c8464728
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 4240
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
accept-ranges: bytes
date: Sat, 26 Nov 2022 13:23:10 GMT
expires: Sat, 26 Nov 2022 14:23:10 GMT
cache-control: max-age=3600
etag: "61b8b8ab-1090"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -3VgoTGTgxXGfRR8Uz6NiFkUaAB8cxh-dCduO3UfunRRsyk8pIjHJw==
age: 2691
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee4bf8bd71a474b3ad8cc57a379875ba
75039be3b014522ee817569a4691f623ea05a8d3
0befdda21223bfa0b374a74dbdea65fc262e46724575390a9184a36c1c2ca7c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0BEFDDA21223BFA0B374A74DBDEA65FC262E46724575390A9184A36C1C2CA7C7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10470
Expires: Sat, 26 Nov 2022 17:02:31 GMT
Date: Sat, 26 Nov 2022 14:08:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ab38abeb6e1559c84c3f7cb970c3a459
0281c6e31490fea00bdf63660d7402075316eaff
37250f3edc6a0f677d242f1c251608dd67b663acc4f0e9e5df15369bd127ef5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 877
Cache-Control: max-age=129339
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Etag: "6381708f-117"
Expires: Mon, 28 Nov 2022 02:03:40 GMT
Last-Modified: Sat, 26 Nov 2022 01:49:03 GMT
Server: ECS (amb/6B71)
X-Cache: HIT
Content-Length: 279
fonts.googleapis.com/css?family=Questrial
142.250.74.10200 OK 860 B URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.10:0
Hash b840b5dc729bfdbb98afab5b258fb290
be66c50d9764265ae457897b96db702a3f0c68e3
ead9e78e7605ae9afb572f76c147862a6afeafafb2ebd1b1cf4d99a7c857f886
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 14:08:01 GMT
date: Sat, 26 Nov 2022 14:08:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tv.gourdycortes.com/1clkn/48786
172.255.6.38200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/48786
IP 172.255.6.38:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/48786 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 14:08:01 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sun, 27-Nov-2022 14:08:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sun, 27-Nov-2022 14:08:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TJTQjnbZ9TCO32lOuWmOOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wwlpzzN12xo0orn08TUlAG226bE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c2f8b92af3e2a055c4030ff0d3f7d765
4eee57303b7aaa6be86c513ed10c0aa08b02e613
41afc2e894172231c7760e209a17222bfd01eb769c345b1987302f735986e6b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41AFC2E894172231C7760E209A17222BFD01EB769C345B1987302F735986E6B1"
Last-Modified: Thu, 24 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6473
Expires: Sat, 26 Nov 2022 15:55:55 GMT
Date: Sat, 26 Nov 2022 14:08:02 GMT
Connection: keep-alive
c.amazon-adsystem.com/aax2/apstag.js
54.230.111.210301 Moved Permanently 167 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 54.230.111.210:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 167
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
server: CloudFront
date: Fri, 25 Nov 2022 22:27:14 GMT
via: 1.1 142ded88048f806cc40a5a225130cc8a.cloudfront.net (CloudFront), 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-P1
x-amz-cf-id: LsjFTm08GKTDuAcfwtyZYQB4xkDGe2MRmvQj45tYUXELbncFfKLsWA==
age: 56448
X-Firefox-Spdy: h2
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37180), with no line terminators
Hash a188bcf1a5d9960c43edeba1dfa153ed
ff9546f081c8ae52ef795d6080ceb593b6b596f0
76da5bc0e06be976e5a920d66b48953c63f496b5a09736c21df37ae456c8a325
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sat, 26 Nov 2022 14:08:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8978ffa4b8f19d7568d828d7fd39b41
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
151.101.85.229200 OK 9.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (27677)
Hash be67ba0617660113c8b105b9318d8184
25c33a00dfefa7ba1823017dc3e9c63a17d53459
7a80c6ef8f369f3115b83e5f88aa88e730450fed06466c418a98a5fe2a9988f6
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.14.2
x-jsd-version-type: version
etag: W/"6c5a-5kbBcMwAuv899TsKizV+K03Rtig"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 26 Nov 2022 14:08:02 GMT
age: 27850
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9244
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.22.15200 OK 1.1 kB URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.22.15:0
Hash 4a9f1780e7f518af6b6cefb6da109791
82a7bcfc74cd1c9b42595bc3d5ff3202ccbaa08e
74f03f20cf8119610c71b4ddfe5a2963aa01d91f2e9a53fa97beeb932e6c49a5
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/ZVf2P0
Cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; 7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; __cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 13:35:09 GMT
etag: W/"637cd00d-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 7703319a0c55b4f4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 28 Nov 2022 14:08:01 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FZVf2P0&charset=UTF-8&ch=14&ref=ouo.press&viewerId=null&referer=&_firid=44950301
54.230.111.73200 OK 124 kB URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FZVf2P0&charset=UTF-8&ch=14&ref=ouo.press&viewerId=null&referer=&_firid=44950301
IP 54.230.111.73:0
Size 124 kB (124051 bytes)
Hash 1bb6880cdc2e8772621ce221a956273f
941531702ca821e07ba33e543f1a4822ae7da50a
83a1416339fb03675c40bcd969005e991b4e3f3fa0f6ffce575c130fbfc7bb62
GET /delivery/spc_fi.php?id=7419&url=%2FZVf2P0&charset=UTF-8&ch=14&ref=ouo.press&viewerId=null&referer=&_firid=44950301 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
date: Sat, 26 Nov 2022 14:08:02 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Sun, 26-Nov-2023 14:08:02 GMT; Max-Age=31536000; path=/; secure; SameSite=none
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pB1x3fooNYlCZ7rGvu0aF8rC4_UOyWCAN9cDHwfqLDLu_c_gkR4D6A==
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash c0f4dbf9562ebaa8db41013beb08c50b
13e036230ed5499b6458723b8fcaa14f9c6ba878
4a2d5fdb392a9a61061942285736a4d93dcc1497e713ecff218d84f717c51bf2
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 14:08:02 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "EE4889718662F828D77185DE84794ED153FA1ED8"
Expires: Sun, 27 Nov 2022 01:00:00 GMT
Last-Modified: Sat, 26 Nov 2022 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 245
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7703319f7ec60afa-OSL
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8b0a6ea4a1b52f72d93c9e643b0dd179
02df9611887db2044802892f436f0448eb0e332c
ec8284c369490389342d5a3a33d3501262ecd1498d46153689de13e4356b799c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EC8284C369490389342D5A3A33D3501262ECD1498D46153689DE13E4356B799C"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1682
Expires: Sat, 26 Nov 2022 14:36:04 GMT
Date: Sat, 26 Nov 2022 14:08:02 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
23.38.200.201200 OK 80 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
IP 23.38.200.201:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6a4ce36b0d03543974d71b88fa37145d
a5c1750aab7489f287c98bae25f5afff0ed16ce8
30fb02ff951a4220268d02c95e2dbd16adfad28b179a89e9643d75ade8809aaf
GET /AdServer/js/pwt/155495/4202/pwt.js HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 27 Oct 2021 05:33:12 GMT
etag: "1241a12-3fca8-5cf4eee137dd8"
server: Apache
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: https://ci-va2qa-mgmt.pubmatic.com
x-xss-protection: 1; mode=block
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: application/javascript
content-length: 80538
cache-control: max-age=145691
expires: Mon, 28 Nov 2022 06:36:13 GMT
date: Sat, 26 Nov 2022 14:08:02 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash e691756a7eaad68b37a05d81052d4625
51ae79d1a300529013b576ed5f30fd7eeb93f57d
b4057cce093dbc0c5928df15ca2dfa39a93ae1e9b9c0a2824a4bd09b8c356e75
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=89965
Date: Sat, 26 Nov 2022 14:08:02 GMT
Etag: "6380c395-1d7"
Expires: Sun, 27 Nov 2022 15:07:27 GMT
Last-Modified: Fri, 25 Nov 2022 13:31:01 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HizSa3b-yi35kkGXMFDlDaJ04yb7KFeLz-EHwmKznQVjKJYZ-k6Rig==
Age: 5786
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 5fd1a54792561998d8bd18f5d765ff52
272f34cf51496a0696e8142de6cd8de643cb7da7
14cee3bc0f5b83f9aa4daf4d319c15ffba28b12b3e12560050ff2ac5f435dc2f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; expires=Tue, 23 Nov 2032 14:08:02 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
widgets.outbrain.com/images/widgetIcons/achoice.svg
23.38.201.81200 OK 2.7 kB URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 23.38.201.81:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Hash 9d26fa4e7238ed94f1d0d92afb453b3e
ae18efe7d09337bf2f580b3f5bc912284aad7821
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Mon, 26 Dec 2022 14:08:02 GMT
date: Sat, 26 Nov 2022 14:08:02 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ouo.press/favicon.ico
172.67.22.15200 OK 0 B IP 172.67.22.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/ZVf2P0
Cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; 7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; __cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 1149
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331a09d3fb4f4-OSL
X-Firefox-Spdy: h2
ouo.press/css/link-safe.css
172.67.22.15200 OK 2.2 kB URL HTTP/2 ouo.press/css/link-safe.css
IP 172.67.22.15:0
Hash dcc1b4bed02a57bb9b4ce7ff88a30a35
08a70d91c6888993c6a78731616a7d524dbf8ff3
2eceb6e7394d42c502ac4c18660f35b126302f0ed5431b3e747fb34ba0173380
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/ZVf2P0
Cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; 7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; __cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"5d951ace-1830"
expires: Sun, 27 Nov 2022 01:17:11 GMT
last-modified: Wed, 02 Oct 2019 21:46:54 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3050
vary: Accept-Encoding
server: cloudflare
cf-ray: 77033199fc42b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d438e1af63e2f2b0e0cdf2a74966ab91
37e36842937ddc6abf543f0623894e770cc06118
a5121c332d69fbec0378a247a93432ecc3f00014bd67df9b1ff613bea57af4d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A5121C332D69FBEC0378A247A93432ECC3F00014BD67DF9B1FF613BEA57AF4D1"
Last-Modified: Fri, 25 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15949
Expires: Sat, 26 Nov 2022 18:33:51 GMT
Date: Sat, 26 Nov 2022 14:08:02 GMT
Connection: keep-alive
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.102200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.102:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 11:00:31 GMT
expires: Sun, 27 Nov 2022 11:00:31 GMT
cache-control: public, max-age=86400
age: 11251
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 08:12:22 GMT
expires: Sat, 25 Nov 2023 08:12:22 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 107740
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e221c48ca23d0627cfc0cd7907f5bee1
b3f3af6074a05d3bddf023bd5dbbf88bb8d5686e
b91f260251b5c2f217f96a3b79f7e32ccfe843d5e9919664153e07802f55026a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3383
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Last-Modified: Sat, 26 Nov 2022 13:11:39 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1a05b0b8812c894b56cd8dad83d15702
9256eced3d878a58f6e5cd99eaef24a312e43d5b
7bd6436c53dc22deaedc8fcbb678a619b472c089c1d343dd887811e3088120d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5115
Cache-Control: max-age=161623
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Etag: "6381de1e-1d7"
Expires: Mon, 28 Nov 2022 11:01:45 GMT
Last-Modified: Sat, 26 Nov 2022 09:36:30 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a2f956982b060f795474e0e6a8fa2c19
c7bc0d64700cd7c9a66ced038ec82169225672b8
af04a6290fc8fad38db7165d09f829ce52e0b3e453537a27a7a502ea38fcb9d4
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6230
Cache-Control: max-age=95436
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Etag: "6380d738-1d7"
Expires: Sun, 27 Nov 2022 16:38:38 GMT
Last-Modified: Fri, 25 Nov 2022 14:54:48 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash be0da545931a6e6f06c7eb8395b8a3af
bea09f1e5d361abfe41135f1497b1b469699b912
3428d08f184d29f34d4067e1796ecfa6aa9f9cc6e76006fac23aaf175bdd4eaf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=39293156445&lsavail=0
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=39293156445&lsavail=0
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.12.0-pre&cb=39293156445&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 406
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 14:08:02 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.162.31200 OK 27 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.162.31:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 08fcd003eb4255c080018592e01d7b7d
e23b799bef0962b0288461111b0a402ba9fdbac0
c89a8cb4b913680a30b15f02657cee5dfc1b22a372dfde1025d5dc78a337e867
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 9d35efb88df6ce01c0686080078b4370
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 26 Nov 2022 14:08:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ArhlUS97Fds2YTetVO04RBH4%2BmX81NudtvMryvu1XCye%2FFNdJcYz7MHBu5qIVOO6iaUewF%2FT9O9V4qJw4PxeBwRGF0fzkYvwRp2oFEnw3D0eWkvg%2BiX490ptCKSWmzAw5rYBnVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7703319fcf618868-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=14881785209
178.250.2.131200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=14881785209
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=14881785209 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 487
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
142.250.74.168200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 3a89ab61c77687583fb822b9840c68cb
4334dc1c7c7f6d5bc36eda93bf60fb4af429f8a6
fc95bfe012c25927f15efecc6b3d6788491f5cf39e325b3419ddbbc58a51531b
GET /gtag/js?id=GTM-NPLC9ST HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 14:08:02 GMT
expires: Sat, 26 Nov 2022 14:08:02 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a2f956982b060f795474e0e6a8fa2c19
c7bc0d64700cd7c9a66ced038ec82169225672b8
af04a6290fc8fad38db7165d09f829ce52e0b3e453537a27a7a502ea38fcb9d4
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Last-Modified: Sat, 26 Nov 2022 13:11:29 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c3b1559e45143a4bfc8dedd4d942a507
ef224310756d07d32129868f7814ddcf791f9a12
cc1d795b115837e62145752c56b745a54774a57e856ed5db5e1ae441cc5e658c
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 535
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: b4b629c1-0bf0-467f-80a3-6ab12d404028
Set-Cookie: icu=ChkItZqGARAKGAEgASgBMMK7iJwGOAFAAUgBEMK7iJwGGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 14:08:02 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=6762401079620326123; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 14:08:02 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
54.230.111.73200 OK 492 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 54.230.111.73:0
Hash 80468d264ed65c260815d99b6ef165f9
a5780d32c47bf3ffee66940086e04aa2356ef614
4dccfcddc2410f4a4320c2e062406e9d296e26fe4b6ba43510a4c66b2929317c
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 26 Nov 2022 14:08:02 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1hP2Ldh_vWtyDamVpza8nxaZs1dC2mjToIIJRD4qyWQFzl_vAId1yA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e388353a642bc503beff27c23339e2b5
7849301df8cbfa3f9c019b1d4033b66e0f44c4bd
5e595e9ce96c6147c3ff79ebba0068ddb0d997237a671936cb05d9575c59a424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c
IP 142.250.74.168:0
File type ASCII text, with very long lines (19102)
Hash ab298e0f76fbbc55f8330c64f0df2984
d76a07c2f4b4b5826a212c888a89f3258220d2a7
8c3960845d3abfaab3c3e723d1832723adaba2a3ca3235e0e99bbe3330094f77
GET /gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 14:08:02 GMT
expires: Sat, 26 Nov 2022 14:08:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 10 kB URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20201), with no line terminators
Hash e158d8a9e6c8193bd48f9c4f0d5c952a
c4541dbed44c0e6234be4401fee3be981cdbcc91
60d747b30e69c28a7b1b6de138eb4c7a4e132bbc393ed6d90092d3cc176983ee
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 562
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: c5d0ec8a-4101-4a32-8944-2644bbf2457c
Set-Cookie: icu=ChgIw6tREAoYASABKAEww7uInAY4AUABSAEQw7uInAYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 14:08:03 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=1543594501267047110; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 14:08:03 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Encoding: gzip
ib.adnxs.com/ut/v3/prebid
37.252.171.84200 OK 10 kB URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.84:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20243), with no line terminators
Hash 1a818c5c7b276e3677569d755f0aebb0
6e5fd14907d60c653e87e0a782152825a8cd92e1
4844fd41e57e2d2821be745376d655f8441d6810fea692a906605642aaa938f9
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 681
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: fcebeee8-db06-4046-98f3-c414c7bd84e0
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13571
Expires: Sat, 26 Nov 2022 17:54:14 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13571
Expires: Sat, 26 Nov 2022 17:54:14 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13571
Expires: Sat, 26 Nov 2022 17:54:14 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13571
Expires: Sat, 26 Nov 2022 17:54:14 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f59a591b222397ff0f01c22a0786e660
6a8504212141af411a18ce58960c8bb52e8116ac
624847cfdfcd770d2dee8a2b85f3c7c480cda58ba2aef1135184f3dffc30d1f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d60bb22-4a30-4570-8561-eb3a2833a058.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8277
x-amzn-requestid: e84a5668-cd91-42af-b6de-5eb694ea56e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-KFtmIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38d-64513fb257d83b9847c82929;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O4PtH20kVWgH-Jf_TivPqMqjnwrZB_8XvZAkDDzLLFPXVjqzkz1YJw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:18:10 GMT
age: 56993
etag: "6a8504212141af411a18ce58960c8bb52e8116ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 12:41:08 GMT
expires: Sat, 26 Nov 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 5215
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ea101f7e711eb66ba76f9e395ce3b919
5be1c6a23b5e6059f4d882148c84eb941c7068ec
0f874cf2a25b7f913badd906ae5deb8429f8eb135973275ed5314162b37c7b31
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 13:55:55 GMT
Expires: Sat, 03 Dec 2022 13:55:54 GMT
Etag: "5be1c6a23b5e6059f4d882148c84eb941c7068ec"
Cache-Control: max-age=603470,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770331a21a7eb50b-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 24877
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 926df9839ec3d924b563b55d8bccace8
c47a3884465fc02b5c57faa5ffbd986ba29c64c2
a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -6kE-HDfLIQMtzuaOuArCjtxgpQUgxMrpjcT7pDIdY7CDlJNK1GZWA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:24 GMT
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
content-type: image/jpeg
age: 58899
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HgiyaodE2vJx5JL8QfOiTersSAgAwq74gtsPkpHUhnQ3In2vZ-3rbQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:09 GMT
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
age: 56094
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OJZkZ18TlSgdBWsmSroQPIcYIvBFvz5-7hu9_GravTcz6zqxKXHZrg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:43:36 GMT
age: 59067
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b1c6878914466cfece680fa7cb73502
47fac81a2dd809df5c42ca1362f71d553572d2b1
6458883dfa2bdfd483e92e5f847a229508ef00ce1dbd11f49eec369d0bd3160a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f5318cc-4728-4160-afd1-9d20b79b7de9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9914
x-amzn-requestid: 4db4ed29-20b4-4ca7-8835-2463d0989d5b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVFHQYIAMFc4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135b9-613da006118724124e345b29;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7cJmhEGkKqLUQUMqGuYtWBeu_1nlEUAxgTMy4ABekPJYrJP95wE6Jg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:59:05 GMT
age: 58138
etag: "47fac81a2dd809df5c42ca1362f71d553572d2b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.43204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 617
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 26 Nov 2022 14:08:03 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f9e8fc96b0342e221815b9c2865bd5d4
f7c688e5c010e44dfbab9f7476d2c45f0ca0cd0c
3a9ff869dd03896ce576d7d0c5c0b96a08e08ef7b9ef19681cba734671926b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5724
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Last-Modified: Sat, 26 Nov 2022 12:32:39 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
54.230.111.210204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 54.230.111.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Sat, 26 Nov 2022 08:25:33 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Fk5XxZuq77Y113tffBy08ux8H1hCHifsXHWI_qZ-memNkQCrV1dk1w==
age: 20548
X-Firefox-Spdy: h2
jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
172.64.151.192200 OK 921 B URL HTTP/2 jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
IP 172.64.151.192:0
File type ASCII text, with very long lines (2361)
Hash dc406d72b5d7cb505ff0f720a76f333c
e848a1e516384718b9319acc891ff2f7d5d707b6
e92fc567697445a7896a332abf07536107c7b96112d287748ef9234292c80c58
GET /a/d/adtrue.ouo.press.991771.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: text/javascript
content-length: 921
x-amz-id-2: feXPNfpFaacSm8lt6RhzCbec1+gHhzZ+DriZQVNyKgZogPAFPtddKynKrrt3LGH5NtYxJR+TKjM=
x-amz-request-id: BSY1ZH442MF2G462
last-modified: Wed, 23 Nov 2022 08:34:07 GMT
etag: "dc406d72b5d7cb505ff0f720a76f333c"
content-encoding: gzip
x-amz-version-id: Nv3tnKsQJJFloLFD8ccmmePhVOX9ZV_J
cf-cache-status: HIT
expires: Sat, 26 Nov 2022 18:08:03 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331a3efb9b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f9e8fc96b0342e221815b9c2865bd5d4
f7c688e5c010e44dfbab9f7476d2c45f0ca0cd0c
3a9ff869dd03896ce576d7d0c5c0b96a08e08ef7b9ef19681cba734671926b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5156
Cache-Control: max-age=144758
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Etag: "63819c15-118"
Expires: Mon, 28 Nov 2022 06:20:41 GMT
Last-Modified: Sat, 26 Nov 2022 04:54:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FZVf2P0&pid=sclmzBoHtivym&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
143.204.52.189200 OK 165 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FZVf2P0&pid=sclmzBoHtivym&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 143.204.52.189:0
File type ASCII text, with no line terminators
Hash 524702d9c4ac8c61e27c3d850412f10f
199d4d5b602799e1a01577115d249b9707dbf37a
7e4302335da0ce23c817a82d8d34836aef6ef7fb136f731d4ba29a7e4d762a7b
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FZVf2P0&pid=sclmzBoHtivym&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 165
server: Server
date: Sat, 26 Nov 2022 14:08:03 GMT
x-amz-rid: ZQR9CT6S494NFDX7FNE3
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tR1Hml8ChsVrg-zCWZJEC-FaYo5AwMqNKC90vFdSC1pAAS7mhUj4sg==
X-Firefox-Spdy: h2
cdn.firstimpression.io/tracking/habit/v1?b=1
54.230.111.73200 OK 2 B URL HTTP/2 cdn.firstimpression.io/tracking/habit/v1?b=1
IP 54.230.111.73:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /tracking/habit/v1?b=1 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 614
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
date: Sat, 26 Nov 2022 14:08:03 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-request-method: *
access-control-allow-methods: OPTIONS, GET, POST
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LZzMaKVr10ZBZQUUdT5eUq7WNKOaP9hXTCwXqXGx4REBYYEx4m_rsw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.es6.js
172.64.151.192200 OK 77 kB URL HTTP/2 jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.es6.js
IP 172.64.151.192:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (33528)
Hash 685f1f92759cc00748247886fb65f456
415e063c765193a8144631d233cd65b19b385c01
6921a9a9cae5cb537f07548e9d5ef79f7b319786beda6c59a02978f8cd1d8d2e
GET /a/d/adtrue.ouo.press.991771.es6.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: text/javascript
content-length: 77357
x-amz-id-2: SdLATQQUj9V5MUL8GJ1mTs1+1df/fMAy3HfVNeruF7ESTW9dZob57qxzjdeDGW+pl5U+kkPACRY=
x-amz-request-id: SQNX5CVNZKKQ3B6M
last-modified: Wed, 23 Nov 2022 11:42:34 GMT
etag: "685f1f92759cc00748247886fb65f456"
content-encoding: gzip
x-amz-version-id: dd1Oy8DoTdUVgoS4j2prex4kOlpjN63N
cf-cache-status: HIT
expires: Sat, 26 Nov 2022 18:08:03 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331a5396ab4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/xbbe/pixel?d=CN_NExDlxxMYspKy2gEwAQ&v=APEucNUddPWOOyDxfOAmRRydJ-h7B94CzsdoE_oc0m2hvAVhkoHISJms5GfsPJS8bh98THxgN9iBNG_debIKLpwP3AsdqSCunzh1QtQmDoNzzMRfl1hLkZVFCB2TYDDr6MDe15WnArVeOgLmra8Gm8MJvrQ1yAad1H3b7TjXk1HpSV5z5tWfL5EvtkKhAsTvROpekgW49g__UxwAkwoJ5k68Yx4SobFTc_0Uu_KN9Opu7bA56ElV-Eg
142.250.74.66200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/xbbe/pixel?d=CN_NExDlxxMYspKy2gEwAQ&v=APEucNUddPWOOyDxfOAmRRydJ-h7B94CzsdoE_oc0m2hvAVhkoHISJms5GfsPJS8bh98THxgN9iBNG_debIKLpwP3AsdqSCunzh1QtQmDoNzzMRfl1hLkZVFCB2TYDDr6MDe15WnArVeOgLmra8Gm8MJvrQ1yAad1H3b7TjXk1HpSV5z5tWfL5EvtkKhAsTvROpekgW49g__UxwAkwoJ5k68Yx4SobFTc_0Uu_KN9Opu7bA56ElV-Eg
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /xbbe/pixel?d=CN_NExDlxxMYspKy2gEwAQ&v=APEucNUddPWOOyDxfOAmRRydJ-h7B94CzsdoE_oc0m2hvAVhkoHISJms5GfsPJS8bh98THxgN9iBNG_debIKLpwP3AsdqSCunzh1QtQmDoNzzMRfl1hLkZVFCB2TYDDr6MDe15WnArVeOgLmra8Gm8MJvrQ1yAad1H3b7TjXk1HpSV5z5tWfL5EvtkKhAsTvROpekgW49g__UxwAkwoJ5k68Yx4SobFTc_0Uu_KN9Opu7bA56ElV-Eg HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 14:08:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 14:23:03 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Nov 2022 14:08:03 GMT
cache-control: private
X-Firefox-Spdy: h2
cdn.adnxs-simple.com/v/s/230/trk.js
23.38.200.189200 OK 28 kB URL HTTP/1.1 cdn.adnxs-simple.com/v/s/230/trk.js
IP 23.38.200.189:0
File type ASCII text, with very long lines (3368)
Hash d6cca4318d24a46a3a20cc60706521af
e748a8f0c4ce7c0911b0acd9786e5729b3ab70af
c4a4dbfc96b6233179e3822d414ae12d27b8077810124f4faf502efde66c1e4f
GET /v/s/230/trk.js HTTP/1.1
Host: cdn.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "058fa2042959b529aeb940fcab36a18f:1668074208.514848"
Last-Modified: Thu, 10 Nov 2022 09:56:48 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Expires: Sun, 26 Nov 2023 14:08:03 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Length: 27458
Connection: keep-alive
Access-Control-Allow-Origin: *, *
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
142.250.74.66200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js
IP 142.250.74.66:0
File type ASCII text, with very long lines (1549)
Hash 5fcaac58edf786270683ae11ae9417c5
a87cd39eb87ac22814250d88828b9a1872c4f37a
3b9d058ff27f2046aa65d5158d8776a728c35906f599122092421357eea4cadc
GET /pagead/js/r20221110/r20110914/abg_lite.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 11206
x-xss-protection: 0
date: Fri, 25 Nov 2022 15:50:01 GMT
expires: Fri, 09 Dec 2022 15:50:01 GMT
cache-control: public, max-age=1209600
age: 80282
etag: 16690196781007480285
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fra1-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9
37.252.171.149200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9 HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 2c9a2d24-fc62-4899-97c6-6b5fcf8bf0c9
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain
67.220.226.233302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain
IP 67.220.226.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 99YYDM4H476HDW3S7GR0
Set-Cookie: ad-id=A2oAq8nWXUP9rAYG2heuGyY|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 14:08:03 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 075b978d5014c00a9cb96e9971337061
68c7c339233a16b5ab4c2e4814fe479b1b467ebd
8f6a792b948278a69165b1c2108c488cfd8df36b3d21e7b3964f5ca3cc879422
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4920
Cache-Control: max-age=118600
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Etag: "638136d3-138"
Expires: Sun, 27 Nov 2022 23:04:43 GMT
Last-Modified: Fri, 25 Nov 2022 21:42:43 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 312
fra1-ib.adnxs-simple.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhBGwhAgAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG9BcBmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvWlZmMlAwgAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAkSFQGYEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTg5ODk2MDAxNDK6Bw8IBShEIAAwADjlFUAAyAeMxwTSBw0JEUcBRgzaBwYIBQlg4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=35925f785bbdc08ceb440990e6d4813db29f3ee2&bdref=https%3A%2F%2Fouo.press%2FZVf2P0&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0&
37.252.171.149200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhBGwhAgAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG9BcBmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvWlZmMlAwgAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAkSFQGYEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTg5ODk2MDAxNDK6Bw8IBShEIAAwADjlFUAAyAeMxwTSBw0JEUcBRgzaBwYIBQlg4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=35925f785bbdc08ceb440990e6d4813db29f3ee2&bdref=https%3A%2F%2Fouo.press%2FZVf2P0&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0&
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhBGwhAgAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG9BcBmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvWlZmMlAwgAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAkSFQGYEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTg5ODk2MDAxNDK6Bw8IBShEIAAwADjlFUAAyAeMxwTSBw0JEUcBRgzaBwYIBQlg4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=35925f785bbdc08ceb440990e6d4813db29f3ee2&bdref=https%3A%2F%2Fouo.press%2FZVf2P0&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0,https%3A%2F%2Fouo.press%2FZVf2P0& HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 1e541e6e-d1ec-470e-a733-76699fac886c
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
67.220.226.233200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
IP 67.220.226.233:0
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: 3RH5KKYJY5FAMH5VWE93
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
fra1-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9
37.252.171.149200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9 HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 7547ed15-ed1b-4704-acae-d9e17665de00
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=nv&nvt=5&jm=1003&px=271&py=1844&bw=728&bh=90&sid=3209732161283570022&vd=ct~0|rr~0&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
37.252.171.149200 OK 43 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=nv&nvt=5&jm=1003&px=271&py=1844&bw=728&bh=90&sid=3209732161283570022&vd=ct~0|rr~0&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
IP 37.252.171.149:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=nv&nvt=5&jm=1003&px=271&py=1844&bw=728&bh=90&sid=3209732161283570022&vd=ct~0|rr~0&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2 HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 550f606a-7dbe-48de-8f63-bec11614452f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 816d70da869514eb692b661a8226d9c1
a89905476481099656b3461acd454ad11ad5584d
cd03b16cdd0d63deb1336dec06481a119a46359358605c8faca8955f90939a34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/simgad/5381382322296833758
142.250.74.70200 OK 73 kB URL HTTP/2 s0.2mdn.net/simgad/5381382322296833758
IP 142.250.74.70:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 87e43c19e0f2ff1571da2597a61d644d
072135069c83724d6d1195c7cce8c0e0bb4b95f7
b71407218e3c004fa10c0f5452c495659ace58b8460d50d472cba9b3a6c3aea9
GET /simgad/5381382322296833758 HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 72897
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 13:36:27 GMT
expires: Wed, 22 Nov 2023 13:36:27 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 12:07:21 GMT
content-type: image/jpeg
age: 347496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.34200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.34:0
File type ASCII text, with very long lines (3502)
Hash 297e24828abaf97fb29460fd75369140
e9e02d737f1bcf9874a55562edff5f795a1c170c
cdbe4e689ca060e94f00f0aa4c45a89efacddac90df42929ff42a3bff44a9d3e
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 48265
date: Sat, 26 Nov 2022 14:08:03 GMT
expires: Sat, 26 Nov 2022 14:08:03 GMT
cache-control: private, max-age=3000
etag: "1668095300071091"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65f96a268c71dd2240b791911c212326
1c35b60c96efc632a131cb94748ee415a879f3b2
eecc5be54045ae30a37b00d7b96102d40dacc0e1c761a6432425673e04761c3a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EECC5BE54045AE30A37B00D7B96102D40DACC0E1C761A6432425673E04761C3A"
Last-Modified: Wed, 23 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2014
Expires: Sat, 26 Nov 2022 14:41:37 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 14:08:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 14:23:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Nov 2022 14:08:03 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=218&vt=11&dtpt=217&dett=2&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl=
142.250.74.66200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=218&vt=11&dtpt=217&dett=2&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl=
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjss0D-3AuNVtfy9L2j44dFUIhN-1SMc84c3AoQlm9-m4pyAuNMXqSQ-VW5Xrxg9_QxtutZ4vg8e-pd-v72Us21uJmZTM82Fv-dyYC_jDTeVC0faUHR4BdXqkfgGZOfU7GUFD9kQI&sai=AMfl-YRJXmcqqu-q1J78nun8ZCij3mGlqHGNEMlnJ-A9iN9Wr1I7E2hd8tGeKXEzaBdyFPi13M0N9o0nUt21NJcGRA&sig=Cg0ArKJSzLHKq_hWVszDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=218&vt=11&dtpt=217&dett=2&cstd=0&cisv=r20221110.10681&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 26 Nov 2022 14:08:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 14:23:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 26 Nov 2022 14:08:03 GMT
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/Enqz_20U.html
142.250.74.33200 OK 8.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/Enqz_20U.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1572)
Hash 1f9fad7314bb487966fd7a9b78cdb4d3
e91e30f9df2eb23f64dc24adf2a154329d2a5dd4
ca76b66cd7d1e0c949c4e96a1f3307f6ba4238cea55009174ce14505fd77a15f
GET /sodar/Enqz_20U.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 19:16:58 GMT
expires: Wed, 22 Nov 2023 19:16:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 327065
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 87f993caa184d780a3d04fd3eb3eb710
4eb23cdaeb08b516d5f381dc055d99eda48c5c5a
6ddaac3859c56b38bfb4559490676c57235a3372d4d8920894b42e8499417f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6DDAAC3859C56B38BFB4559490676C57235A3372D4D8920894B42E8499417F2D"
Last-Modified: Sat, 26 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7212
Expires: Sat, 26 Nov 2022 16:08:15 GMT
Date: Sat, 26 Nov 2022 14:08:03 GMT
Connection: keep-alive
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 30 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
Hash 83e2743d0275fed87414155eead28dc4
e50626f56a049ca9b27c23e51d610e7d1c7d0113
461d76500d927e99944bf73da1b3a4a5eab6b0a48c96b3ffcb0183fb8d1292e7
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Sun, 27 Nov 2022 14:08:03 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=GxirbV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVM3MWpWaCUyRiUyRkQzQ3d6Y3UlMkJWenZzQ3Q; expires=Thu, 21 Dec 2023 14:08:04 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 164099
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash ff560baeb6bc6d7906a8853513f84137
0972af7b02c7cca877f685229665931cb760d759
872744168a0fbb4c3b4b462fa44bc28d26128efcca87e5b8415dfd5d5dab8123
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5281
Cache-Control: max-age=163258
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:04 GMT
Etag: "6381e3dd-13a"
Expires: Mon, 28 Nov 2022 11:29:02 GMT
Last-Modified: Sat, 26 Nov 2022 10:01:01 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash ff560baeb6bc6d7906a8853513f84137
0972af7b02c7cca877f685229665931cb760d759
872744168a0fbb4c3b4b462fa44bc28d26128efcca87e5b8415dfd5d5dab8123
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5306
Cache-Control: max-age=163283
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 14:08:04 GMT
Etag: "6381e3dd-13a"
Expires: Mon, 28 Nov 2022 11:29:27 GMT
Last-Modified: Sat, 26 Nov 2022 10:01:01 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 314
unseenreport.com/pxf.gif?uuid=3148effe-d5e1-4c52-959f-a399f0943cf9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3148effe-d5e1-4c52-959f-a399f0943cf9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3148effe-d5e1-4c52-959f-a399f0943cf9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 26 Nov 2022 14:08:04 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23f406777190f77e25bf0e8796ee6daa
Strict-Transport-Security: max-age=0; includeSubdomains
majorityevaluatewiped.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=3148effe-d5e1-4c52-959f-a399f0943cf9%3A3%3A1
173.233.137.52200 OK 4.2 kB URL HTTP/1.1 majorityevaluatewiped.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=3148effe-d5e1-4c52-959f-a399f0943cf9%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5933), with no line terminators
Hash b15e9f9a85711bdb7de2f06bcb7fa5fc
076ffd0042988080c478c3ef0d37515ed1e56be6
ef984625c478648036987b79f089f6f7a829228df06ed6c858087a6fa5fe8da3
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=3148effe-d5e1-4c52-959f-a399f0943cf9%3A3%3A1 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:04 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Sun, 27 Nov 2022 14:08:04 GMT; secure; SameSite=None
uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; expires=Sat, 03 Dec 2022 14:08:04 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 27 Nov 2022 14:08:04 GMT; secure; SameSite=None
uncs=1; expires=Sun, 27 Nov 2022 14:08:04 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 27 Nov 2022 14:08:04 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 27 Nov 2022 14:08:04 GMT; secure; SameSite=None
sleced36014633829dc70a42dccaefdf3f11=[3789941]; expires=Sat, 26 Nov 2022 14:08:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90ab9cc18ea457a9b311c6efbff4586c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
majorityevaluatewiped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onmXYPwbhGgjEJuysB8WB1VfWkTHVXU9U9Pckp7MKyHoTxpDc730k2rC7i4llXJnuRgJBRXIJs%2FAO8CMKeZSYDwXeo91593uH7vlW3d4oT4qKgx6sf6C2pFJ1u1t3a62sy5bq0teUbNc%2Btu1dqazKdCa7UuqPDdN7y3GbdfaP2nmAberrheq7ruV5tQRoR6%2B70mEJm90OvHrr1oFH3mgG65v%2B9LRxY6oB3TsiLkHx4cf2XB5BsgDT5%2FqqwG7nO3nw3KRTNtUGH73%2BYbqS6TJGclbFxEKf7k2loOyTkq3PQ6f5kA%2BjO7mgDRHJInMceonR%2FIhNRZ%2B9UaaQgUkT8OZSdAYQaQNIBmL4FyY8IwDiWV5Amd5e1KenmKaUjOiQXnv4LWQ7JhScvIU2%2Bm1eyW7uuVZFLnVp04wqyO4BsD5AVB8i3HMjyACy%2FCcl%2FJdNPl5AmuytWaUh%2BfNn3gpaIYzHFm8KbClizMRU2w3iK%2BmEYu2HgszgcWyTlADIeQIkeqD2PwjoopIMidlBkDhJ%2BXKPNMHbd2TiKfb8VMMZ8n7Fma4Y3uR%2B0YhcFG%2B3QQ571wFQPzGwjM9vYkD2Y4mfY9QqWO7A5QYdXKAVBaQlKSlBKgjInKDvVHle2Yau7XNki8ia5Mcl%2B1dd5e4fu6bwtUrKTnZAXxsb9%2FfEP2BDHNcH9GdcLZny%2F1Qg5m3Vp0OCMURHz2I89D1ZWkPYcqHWwJY%2Bef4xMHj1TIaIHsOoATL4GWlwCLfuzDRd0vR%2B0XGyl93Sh65kR1oLrCll%2BEfmms6NOyMtjAeHvBQQ7nPvj8pPpV77%2BCcxUyEyFT%2BUjgra607%2BmS7J7TZeWPFjJcpnILTp61es5zcWFb94Xm6U2fPGq7d17m43AqLx%2FQ9h8iaZcpm1Lvp2XnAuzoA0T5MdFuyai1cKuzxcmLbKl1XcWFpOxQKnTAag8%2BuQhmBySZ5Pb4%2F%2F66p%2BfQZoBTFEhKQ7JJCD1AVi2DZsdzn35%2BcpfV%2FhHsJrAqLOZKHNQFlXfNKKzSyUJlDjraVTBijMLInH48J9TtmPvoG0c0PwW0qRCx1ToqApU9WCL8%2F08M4dzv%2FnjQKScfqSMsxspo744tdbK45poxm4s3IaI4jCKZ6nLwzgIIxp6YjZqUg%2B5HbKblx79BwAA%2F%2F8BAAD%2F%2F7iEh8KHBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 majorityevaluatewiped.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onmXYPwbhGgjEJuysB8WB1VfWkTHVXU9U9Pckp7MKyHoTxpDc730k2rC7i4llXJnuRgJBRXIJs%2FAO8CMKeZSYDwXeo91593uH7vlW3d4oT4qKgx6sf6C2pFJ1u1t3a62sy5bq0teUbNc%2Btu1dqazKdCa7UuqPDdN7y3GbdfaP2nmAberrheq7ruV5tQRoR6%2B70mEJm90OvHrr1oFH3mgG65v%2B9LRxY6oB3TsiLkHx4cf2XB5BsgDT5%2FqqwG7nO3nw3KRTNtUGH73%2BYbqS6TJGclbFxEKf7k2loOyTkq3PQ6f5kA%2BjO7mgDRHJInMceonR%2FIhNRZ%2B9UaaQgUkT8OZSdAYQaQNIBmL4FyY8IwDiWV5Amd5e1KenmKaUjOiQXnv4LWQ7JhScvIU2%2Bm1eyW7uuVZFLnVp04wqyO4BsD5AVB8i3HMjyACy%2FCcl%2FJdNPl5AmuytWaUh%2BfNn3gpaIYzHFm8KbClizMRU2w3iK%2BmEYu2HgszgcWyTlADIeQIkeqD2PwjoopIMidlBkDhJ%2BXKPNMHbd2TiKfb8VMMZ8n7Fma4Y3uR%2B0YhcFG%2B3QQ571wFQPzGwjM9vYkD2Y4mfY9QqWO7A5QYdXKAVBaQlKSlBKgjInKDvVHle2Yau7XNki8ia5Mcl%2B1dd5e4fu6bwtUrKTnZAXxsb9%2FfEP2BDHNcH9GdcLZny%2F1Qg5m3Vp0OCMURHz2I89D1ZWkPYcqHWwJY%2Bef4xMHj1TIaIHsOoATL4GWlwCLfuzDRd0vR%2B0XGyl93Sh65kR1oLrCll%2BEfmms6NOyMtjAeHvBQQ7nPvj8pPpV77%2BCcxUyEyFT%2BUjgra607%2BmS7J7TZeWPFjJcpnILTp61es5zcWFb94Xm6U2fPGq7d17m43AqLx%2FQ9h8iaZcpm1Lvp2XnAuzoA0T5MdFuyai1cKuzxcmLbKl1XcWFpOxQKnTAag8%2BuQhmBySZ5Pb4%2F%2F66p%2BfQZoBTFEhKQ7JJCD1AVi2DZsdzn35%2BcpfV%2FhHsJrAqLOZKHNQFlXfNKKzSyUJlDjraVTBijMLInH48J9TtmPvoG0c0PwW0qRCx1ToqApU9WCL8%2F08M4dzv%2FnjQKScfqSMsxspo744tdbK45poxm4s3IaI4jCKZ6nLwzgIIxp6YjZqUg%2B5HbKblx79BwAA%2F%2F8BAAD%2F%2F7iEh8KHBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onmXYPwbhGgjEJuysB8WB1VfWkTHVXU9U9Pckp7MKyHoTxpDc730k2rC7i4llXJnuRgJBRXIJs%2FAO8CMKeZSYDwXeo91593uH7vlW3d4oT4qKgx6sf6C2pFJ1u1t3a62sy5bq0teUbNc%2Btu1dqazKdCa7UuqPDdN7y3GbdfaP2nmAberrheq7ruV5tQRoR6%2B70mEJm90OvHrr1oFH3mgG65v%2B9LRxY6oB3TsiLkHx4cf2XB5BsgDT5%2FqqwG7nO3nw3KRTNtUGH73%2BYbqS6TJGclbFxEKf7k2loOyTkq3PQ6f5kA%2BjO7mgDRHJInMceonR%2FIhNRZ%2B9UaaQgUkT8OZSdAYQaQNIBmL4FyY8IwDiWV5Amd5e1KenmKaUjOiQXnv4LWQ7JhScvIU2%2Bm1eyW7uuVZFLnVp04wqyO4BsD5AVB8i3HMjyACy%2FCcl%2FJdNPl5AmuytWaUh%2BfNn3gpaIYzHFm8KbClizMRU2w3iK%2BmEYu2HgszgcWyTlADIeQIkeqD2PwjoopIMidlBkDhJ%2BXKPNMHbd2TiKfb8VMMZ8n7Fma4Y3uR%2B0YhcFG%2B3QQ571wFQPzGwjM9vYkD2Y4mfY9QqWO7A5QYdXKAVBaQlKSlBKgjInKDvVHle2Yau7XNki8ia5Mcl%2B1dd5e4fu6bwtUrKTnZAXxsb9%2FfEP2BDHNcH9GdcLZny%2F1Qg5m3Vp0OCMURHz2I89D1ZWkPYcqHWwJY%2Bef4xMHj1TIaIHsOoATL4GWlwCLfuzDRd0vR%2B0XGyl93Sh65kR1oLrCll%2BEfmms6NOyMtjAeHvBQQ7nPvj8pPpV77%2BCcxUyEyFT%2BUjgra607%2BmS7J7TZeWPFjJcpnILTp61es5zcWFb94Xm6U2fPGq7d17m43AqLx%2FQ9h8iaZcpm1Lvp2XnAuzoA0T5MdFuyai1cKuzxcmLbKl1XcWFpOxQKnTAag8%2BuQhmBySZ5Pb4%2F%2F66p%2BfQZoBTFEhKQ7JJCD1AVi2DZsdzn35%2BcpfV%2FhHsJrAqLOZKHNQFlXfNKKzSyUJlDjraVTBijMLInH48J9TtmPvoG0c0PwW0qRCx1ToqApU9WCL8%2F08M4dzv%2FnjQKScfqSMsxspo744tdbK45poxm4s3IaI4jCKZ6nLwzgIIxp6YjZqUg%2B5HbKblx79BwAA%2F%2F8BAAD%2F%2F7iEh8KHBAAA HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:04 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba206d753719353e92e44a2add6574fb
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f3a3efe248a599bcccf04881f3d686cb
10e5741399303e7c20f334d8dd72b4b8c968c0d4
cef064183db51cefadcca610b91c5ea86154ae2024029d60e59a152a7a3b1723
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEF064183DB51CEFADCCA610B91C5EA86154AE2024029D60E59A152A7A3B1723"
Last-Modified: Sat, 26 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16684
Expires: Sat, 26 Nov 2022 18:46:08 GMT
Date: Sat, 26 Nov 2022 14:08:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a01ea4b2c4fbc74e37cf85a5c8d0edd5
c3ab62121f7320f1f90a986143a0bcffe7123329
bc4a105f5fa68a51c7e8491c57887903856055727cc5b6fc64afb6c686b84775
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC4A105F5FA68A51C7E8491C57887903856055727CC5B6FC64AFB6C686B84775"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9799
Expires: Sat, 26 Nov 2022 16:51:23 GMT
Date: Sat, 26 Nov 2022 14:08:04 GMT
Connection: keep-alive
dnacdn.net/dna
178.250.0.157200 OK 597 B IP 178.250.0.157:0
Hash 2adf5792e433369cc5fcbaa224a7f3cb
973861078f49e29032ee0367adcfa40c20172375
07148c024dfeb6376a419bd05f825c4ecb8599aa7dd8479414d119a9816ce7b8
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=GxirbV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVM3MWpWaCUyRiUyRkQzQ3d6Y3UlMkJWenZzQ3Q
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=er_nkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFHbVhuMGFXQ1dUVWVCZGRvZTJSbXI; expires=Thu, 21 Dec 2023 14:08:04 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 383066
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
id5-sync.com/g/v2/806.json
141.95.33.111200 216 B URL HTTP/1.1 id5-sync.com/g/v2/806.json
IP 141.95.33.111:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 606435bdf49ede54d2916e292a99eaa4
5468fb044730daf6e9868c9093b1d1c871150f68
e52888177aa2706bccc2077b4b00b5ee80625690f233ac6340b6912c119f5e69
POST /g/v2/806.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 193
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 26 Nov 2022 14:08:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
gem.gbc.criteo.com/newidsd
178.250.6.80200 OK 1.5 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.80:0
Hash cc524087e67d5a2d533c2f0a0bbf592a
e0c6c907f5b2e67203811906784b4066b47bcbb8
25da2e8d59c52c4d9409490617e859fb4a844b93bd727298e0ca3ee0fdaa5a48
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 115612
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=1EUB6F8zZmxSZnhZZGklMkJST3NjMXQyc0pxRWU3eXZ4dWpzb3ZCeXZuVWlVanE4Rlh4TllhTHJtV2UlMkZEQU1GcGVDdEJDN2c0MXFPb2FjUGxmRFZJb2VDbEtaNHZ6dEcyWGdmMGVGWGdacE93a3N4bGZQa1VlOTZMcUxxNHprd1dxYVJaTEk&info=er_nkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFHbVhuMGFXQ1dUVWVCZGRvZTJSbXI&idsd=-1244788209,-13545629&cw=1&lsw=1
178.250.2.146200 OK 337 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=1EUB6F8zZmxSZnhZZGklMkJST3NjMXQyc0pxRWU3eXZ4dWpzb3ZCeXZuVWlVanE4Rlh4TllhTHJtV2UlMkZEQU1GcGVDdEJDN2c0MXFPb2FjUGxmRFZJb2VDbEtaNHZ6dEcyWGdmMGVGWGdacE93a3N4bGZQa1VlOTZMcUxxNHprd1dxYVJaTEk&info=er_nkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFHbVhuMGFXQ1dUVWVCZGRvZTJSbXI&idsd=-1244788209,-13545629&cw=1&lsw=1
IP 178.250.2.146:0
Hash b9d94c44ba2de8a528eeedff5feacb7c
8d1304ea024379f8ba464db7d1df828544aaed6b
3a33afec5468bd27d4dab8e51aa1a596457760312e118800fa216029c5f867e4
GET /sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=1EUB6F8zZmxSZnhZZGklMkJST3NjMXQyc0pxRWU3eXZ4dWpzb3ZCeXZuVWlVanE4Rlh4TllhTHJtV2UlMkZEQU1GcGVDdEJDN2c0MXFPb2FjUGxmRFZJb2VDbEtaNHZ6dEcyWGdmMGVGWGdacE93a3N4bGZQa1VlOTZMcUxxNHprd1dxYVJaTEk&info=er_nkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFHbVhuMGFXQ1dUVWVCZGRvZTJSbXI&idsd=-1244788209,-13545629&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1033475
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 666f0822fa3b2bd37642dc6f1f9b95ea
b082ce304fa32d1afd9eee2c00c4d751d444f730
ea0fd5b59bc464c03f64e107247d245f8b9e65b5ad6593400952e0f978ba5251
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EA0FD5B59BC464C03F64E107247D245F8B9E65B5AD6593400952E0F978BA5251"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1499
Expires: Sat, 26 Nov 2022 14:33:03 GMT
Date: Sat, 26 Nov 2022 14:08:04 GMT
Connection: keep-alive
match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
15.197.193.217200 OK 63 B URL HTTP/2 match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
IP 15.197.193.217:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b89bc715c0ec986bd27f82ce94f66f0e
89a63e720e2c739fc06be051cf7d6e3078cdc30f
48af645a9774105a00be8e01f7a9d9e3e3565a5ad5f759ceae7e89aa59751c33
GET /track/rid?ttd_pid=pubmatic&fmt=json HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: application/json; charset=utf-8
content-length: 63
cache-control: private
expires: Mon, 26 Dec 2022 14:08:04 GMT
vary: Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash bc7e682c4ab4642cc125624b2889b0d7
a8b6a2fb2ae55005a0e7f6e913e66d2d889589e9
81c4332167fe5454a04e2b831b1cf0461119dabd61245e48788e042c12bf095e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 25 Nov 2022 21:40:29 GMT
Expires: Sat, 26 Nov 2022 21:40:29 GMT
ETag: "a8b6a2fb2ae55005a0e7f6e913e66d2d889589e9"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Findex.html&l=1598&fd=399
173.233.137.52200 OK 0 B URL HTTP/1.1 majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Findex.html&l=1598&fd=399
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Findex.html&l=1598&fd=399 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
id.crwdcntrl.net/id
52.19.187.82200 OK 43 B IP 52.19.187.82:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90eeff5111bbbdce769d4130cc3cca3c
d62886c1a85d51814cb7f124761c5e6aca6d8933
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
GET /id HTTP/1.1
Host: id.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: application/json;charset=utf-8
content-length: 43
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.16.14
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.14200 OK 385 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.14:0
Hash 1f236a082b41e11318503daddd403abb
7920fa8463ecdbaba9a51a7f25f9ba07935a55f9
1bb2245f96cabae148c81c5414610ac71acf717f8a247df1f4dcced70c42f6a5
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 56055
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash daf5984226a272d126cf82d057cc5ea2
d097a2b8d014dfc169e1b504174fcce6e28b4921
a929ea0794d0676a470e00383acde6ef02e5bd84e7c22ad18cf30e09c9163cc7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 13:42:55 GMT
Expires: Wed, 30 Nov 2022 13:42:54 GMT
Etag: "d097a2b8d014dfc169e1b504174fcce6e28b4921"
Cache-Control: max-age=343488,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770331ae58ffb50b-OSL
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png
172.64.108.13200 OK 1.4 MB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png
IP 172.64.108.13:0
File type PNG image data, 1316 x 1848, 8-bit/color RGBA, non-interlaced\012- data
Size 1.4 MB (1445587 bytes)
Hash 950cbc4a86f9305f9cab1899d35cee25
75a126fbee600ceee47a696bfe7cd76de1b6d1cc
16b688a8183ee40269af3fde1f59635b6c16bbc538d9dd6261d4f6dec42f8c65
GET /sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: image/png
content-length: 1445587
last-modified: Fri, 19 Aug 2022 09:15:12 GMT
etag: "62ff54a0-160ed3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 951283
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CENcQx%2BhjKNlpqKTVLL37XiYU4PzjU7LUGrIoGH5ZQEt%2Ba3wMA05WuFk9y%2Fylw0FrsiaMj2tS5eKrBAwvwEqPgQc6Lo3kHRUL7M%2BgOmicIn4hF5Scy5PFB8B5gZ58jFa3hKMyoNNenSY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331aeca3872bb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fimages%2Flanding%2Fcss%2Fstyles.css&l=3801&fd=252
173.233.137.52200 OK 0 B URL HTTP/1.1 majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fimages%2Flanding%2Fcss%2Fstyles.css&l=3801&fd=252
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fimages%2Flanding%2Fcss%2Fstyles.css&l=3801&fd=252 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/jquery.min.js
172.64.108.13200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (32049)
Hash 5039fe1d8346a66116829df0b62ad8e5
85be5ba01c4624f5594265fdfc514597f4c88651
d4a7e9864db26ddc48b3516db4111f7ba4994f422d006b0b7765b9bd353cef9f
GET /sb/notifications/games/nutaku/multi/4/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: application/javascript
last-modified: Fri, 19 Aug 2022 09:15:15 GMT
etag: W/"62ff54a3-149b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 951283
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E2028RjzssGtY1jWIfm7L04dkBWNO3yAS7kyNzPjVOVZHQ%2BDECrvpw%2F4KtLQFM51QGHVIfapNXPvs9A%2BuuG5w5nXD62ot3IQ4vcIg1d0OLJyy0eAGcwwTwe%2BBn8GFUOLwnn9UZP1Fj10"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331aeca3c72bb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.80200 OK 80 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.80:0
Hash 5bb5b08de2066cdb19a50f446e78abf8
08e987f83fc33e110d74a17bc2592cf0e0bd33ab
9ff45d59cfac969eda6a392c85a2ef0f6a25662857366e05ff566e5dfa7d482b
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 129819
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=276
173.233.137.52200 OK 0 B URL HTTP/1.1 majorityevaluatewiped.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=276
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=276 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~5&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2
37.252.171.149200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~5&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~5&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2 HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 8a234ca6-68e0-4328-a5ca-922115b927db
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 239637
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
majorityevaluatewiped.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 majorityevaluatewiped.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
majorityevaluatewiped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onM%2B0eFtc1EoxJ2F0JiAerq6onZaq7mqru6UlOYReW9SCMJ73Z%2BU6yYXURF8%2B6MtmLBISM4hJk4x%2FgRRD2LDMZCL5Dvffq8w7f9626vV0cExcFPVr5QG9Kpehss%2B7WXl%2BVKdelrS3dqHlu3b1UW5XpXHCp1hsfpvuW5zbr7hu19wRb17MN13Ndz%2FVq89KIWPdmJxQyux969dCtB4261wzQM%2F%2FvbeHAUge8e0xehOSj82u%2FPIBkQ6TJ91eFXc919ua7SaForg26fO%2FDdD3VZYrktIyNgzjdm05D2xEhX52BTvemG0B3d8YbIJIj4jz2EKV7U5mIursnSiMFkSLiz6HsDiHUEJIOwfQtSH5IAMaxtIw0ubukTUk3Tigd0xE59%2FRfyHJEzj15CWny3RUle7XrWhW51KlFL64ge0PIzhBZsY9804Es98Hym5D8VzL7dBFpsrNslYbkRxd9L2iLOBYzvCm8mYA1GzNhM4xnqB%2BGsRsGPovDiUVSDiHjIZTog9qzKKyDQjooYgdF5iDhRzXaDGPXbcVR7PvtgDHm%2B4w123O8yf2gHbso2HiHPvKsD6b6YGYLmdnCuuzDFD%2FDrlWw3IHNCbq8QikISktQUoJSEpQ5QdmtdrmyDVvd5coWkTfNjWn2q4HOO9t0V%2BcdkZLt7Ji8MDHu749%2FwLo4qgnuz7leMOf77UbIWculQYMzRkXMYz%2F2PFhZQdozoNbBpjx8%2FjEyefhMhYjuw6p9MPkaaHEBtBy0Gi7o2iBou9hM7%2BlC1zMjrAXXFbL8PPINZ1sdk5cnAsLfCwh2cPmPi09mX%2Fn6JzBTITMVPpWPCDrqzuCaLsnONV1a8mA5y2UiN%2Bn4Va%2FnNBfnvnlfbJTa8IWrtn%2FvbTYG4%2FL%2BDWHzRZpymXYs%2BfaK5FyYeW2YID8u2FURrRR27Uph0iJbXHlnfiGZCJQ6HYLKw08egskReTa5Pfmvr%2F75GaQZwhQVkuKATANS74NlW7DZweUvP1%2F%2B6xL%2FCFYTGHU6E2UOyqIamEZ0eqkkgRKnPY0qWHFqQSQOHv5zwrbtHXSMA5rfQppU6JoKXVWBqj5scXaQZ%2Bbg8m%2F%2BJBApZxAp4%2BxEyqgvTqy18qjW9ALRjtotxnkkGPdaDb%2Ftu26D86AVCi9Ebkfs5oVH%2FwEAAP%2F%2FAQAA%2F%2F%2BsjAkkhwQAAA%3D%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 majorityevaluatewiped.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onM%2B0eFtc1EoxJ2F0JiAerq6onZaq7mqru6UlOYReW9SCMJ73Z%2BU6yYXURF8%2B6MtmLBISM4hJk4x%2FgRRD2LDMZCL5Dvffq8w7f9626vV0cExcFPVr5QG9Kpehss%2B7WXl%2BVKdelrS3dqHlu3b1UW5XpXHCp1hsfpvuW5zbr7hu19wRb17MN13Ndz%2FVq89KIWPdmJxQyux969dCtB4261wzQM%2F%2FvbeHAUge8e0xehOSj82u%2FPIBkQ6TJ91eFXc919ua7SaForg26fO%2FDdD3VZYrktIyNgzjdm05D2xEhX52BTvemG0B3d8YbIJIj4jz2EKV7U5mIursnSiMFkSLiz6HsDiHUEJIOwfQtSH5IAMaxtIw0ubukTUk3Tigd0xE59%2FRfyHJEzj15CWny3RUle7XrWhW51KlFL64ge0PIzhBZsY9804Es98Hym5D8VzL7dBFpsrNslYbkRxd9L2iLOBYzvCm8mYA1GzNhM4xnqB%2BGsRsGPovDiUVSDiHjIZTog9qzKKyDQjooYgdF5iDhRzXaDGPXbcVR7PvtgDHm%2B4w123O8yf2gHbso2HiHPvKsD6b6YGYLmdnCuuzDFD%2FDrlWw3IHNCbq8QikISktQUoJSEpQ5QdmtdrmyDVvd5coWkTfNjWn2q4HOO9t0V%2BcdkZLt7Ji8MDHu749%2FwLo4qgnuz7leMOf77UbIWculQYMzRkXMYz%2F2PFhZQdozoNbBpjx8%2FjEyefhMhYjuw6p9MPkaaHEBtBy0Gi7o2iBou9hM7%2BlC1zMjrAXXFbL8PPINZ1sdk5cnAsLfCwh2cPmPi09mX%2Fn6JzBTITMVPpWPCDrqzuCaLsnONV1a8mA5y2UiN%2Bn4Va%2FnNBfnvnlfbJTa8IWrtn%2FvbTYG4%2FL%2BDWHzRZpymXYs%2BfaK5FyYeW2YID8u2FURrRR27Uph0iJbXHlnfiGZCJQ6HYLKw08egskReTa5Pfmvr%2F75GaQZwhQVkuKATANS74NlW7DZweUvP1%2F%2B6xL%2FCFYTGHU6E2UOyqIamEZ0eqkkgRKnPY0qWHFqQSQOHv5zwrbtHXSMA5rfQppU6JoKXVWBqj5scXaQZ%2Bbg8m%2F%2BJBApZxAp4%2BxEyqgvTqy18qjW9ALRjtotxnkkGPdaDb%2Ftu26D86AVCi9Ebkfs5oVH%2FwEAAP%2F%2FAQAA%2F%2F%2BsjAkkhwQAAA%3D%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skRRTHq%2FfHQQVB8aKwMsgeFMyke7onM%2B0eFtc1EoxJ2F0JiAerq6onZaq7mqru6UlOYReW9SCMJ73Z%2BU6yYXURF8%2B6MtmLBISM4hJk4x%2FgRRD2LDMZCL5Dvffq8w7f9626vV0cExcFPVr5QG9Kpehss%2B7WXl%2BVKdelrS3dqHlu3b1UW5XpXHCp1hsfpvuW5zbr7hu19wRb17MN13Ndz%2FVq89KIWPdmJxQyux969dCtB4261wzQM%2F%2FvbeHAUge8e0xehOSj82u%2FPIBkQ6TJ91eFXc919ua7SaForg26fO%2FDdD3VZYrktIyNgzjdm05D2xEhX52BTvemG0B3d8YbIJIj4jz2EKV7U5mIursnSiMFkSLiz6HsDiHUEJIOwfQtSH5IAMaxtIw0ubukTUk3Tigd0xE59%2FRfyHJEzj15CWny3RUle7XrWhW51KlFL64ge0PIzhBZsY9804Es98Hym5D8VzL7dBFpsrNslYbkRxd9L2iLOBYzvCm8mYA1GzNhM4xnqB%2BGsRsGPovDiUVSDiHjIZTog9qzKKyDQjooYgdF5iDhRzXaDGPXbcVR7PvtgDHm%2B4w123O8yf2gHbso2HiHPvKsD6b6YGYLmdnCuuzDFD%2FDrlWw3IHNCbq8QikISktQUoJSEpQ5QdmtdrmyDVvd5coWkTfNjWn2q4HOO9t0V%2BcdkZLt7Ji8MDHu749%2FwLo4qgnuz7leMOf77UbIWculQYMzRkXMYz%2F2PFhZQdozoNbBpjx8%2FjEyefhMhYjuw6p9MPkaaHEBtBy0Gi7o2iBou9hM7%2BlC1zMjrAXXFbL8PPINZ1sdk5cnAsLfCwh2cPmPi09mX%2Fn6JzBTITMVPpWPCDrqzuCaLsnONV1a8mA5y2UiN%2Bn4Va%2FnNBfnvnlfbJTa8IWrtn%2FvbTYG4%2FL%2BDWHzRZpymXYs%2BfaK5FyYeW2YID8u2FURrRR27Uph0iJbXHlnfiGZCJQ6HYLKw08egskReTa5Pfmvr%2F75GaQZwhQVkuKATANS74NlW7DZweUvP1%2F%2B6xL%2FCFYTGHU6E2UOyqIamEZ0eqkkgRKnPY0qWHFqQSQOHv5zwrbtHXSMA5rfQppU6JoKXVWBqj5scXaQZ%2Bbg8m%2F%2BJBApZxAp4%2BxEyqgvTqy18qjW9ALRjtotxnkkGPdaDb%2Ftu26D86AVCi9Ebkfs5oVH%2FwEAAP%2F%2FAQAA%2F%2F%2BsjAkkhwQAAA%3D%3D HTTP/1.1
Host: majorityevaluatewiped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=3148effe-d5e1-4c52-959f-a399f0943cf9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Nov 2022 14:08:05 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bec9c57b7686d8f28879546afd8ddd3e
Strict-Transport-Security: max-age=0; includeSubdomains
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=155495 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=162475
expires: Mon, 28 Nov 2022 11:16:01 GMT
date: Sat, 26 Nov 2022 14:08:06 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
185.64.189.115200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 185.64.189.115:0
File type ASCII text, with no line terminators
Hash e23925042a124fd3960c072c4e65c2c0
a8b247a1991a9f23f61dd308f0b5d1491b0eb998
f07ab0bd956f4bc71a61191fd6c9d913872caa34d668ce423cd544ad2725b705
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Fri, 24 Feb 2023 05:35:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sat, 26 Nov 2022 14:08:05 GMT
content-length: 60
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html
2.23.134.137200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP 2.23.134.137:0
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Nov 2022 14:08:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/animate.css
172.64.108.13200 OK 22 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/animate.css
IP 172.64.108.13:0
File type ASCII text, with very long lines (60365)
Hash 27141274b74a510906687e2e5271e574
de2f422be1ddfb36bd0059cfae084b9e5d1fd577
ab0400f9784acab512417bc0a95436eba5421abbd4b2e1850522b7da0afbd1ae
GET /sb/notifications/games/nutaku/multi/4/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: text/css
last-modified: Fri, 19 Aug 2022 09:15:04 GMT
etag: W/"62ff5498-ec8b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 951283
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTFLCw8t7vF8dYaZij9nW3lZ9ZDYxZOj2wxrgd%2FXQlhueWdeyMlJMbdnrD9cfv4bvX8rckTmddk89CpcoYl%2BsE3d6UWIalLDvEjIKixqLFAw4yAj2ZICcGGkkQR7JWzR75gq7RpWombA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331ae99e772bb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
2.23.134.137200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 2.23.134.137:0
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (18728)
Hash 330bdc73010236bba6245ce715c2f339
94646c40322927f39812588ada1873e65f719b77
d77ccd1c463f18559ad6374a1edb1ce014a1eb15ffa43a7fa849099cc4ab0983
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Sat, 26 Nov 2022 08:52:50 GMT
Content-Encoding: gzip
Content-Length: 10065
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=67520
Expires: Sun, 27 Nov 2022 08:53:26 GMT
Date: Sat, 26 Nov 2022 14:08:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3DB27796D0-05AD-4DD9-8E29-67995C8BC703%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
23.38.200.201200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3DB27796D0-05AD-4DD9-8E29-67995C8BC703%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3DB27796D0-05AD-4DD9-8E29-67995C8BC703%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=91036
expires: Sun, 27 Nov 2022 15:25:22 GMT
date: Sat, 26 Nov 2022 14:08:06 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
178.250.2.146200 OK 874 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with very long lines (592)
Hash 86dfc8cfa24e37a77443c4d5b455f356
229a2c0781aeb30bc0fa8b754665bdfd7245158f
0c1b6dda2438c726e8f365ce81e88271bc2d091cab67d04167a2fdb49831c21c
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:06 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 911634
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: ceeeb180-e095-4932-9bc5-6b1eac16817f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 24a42cdd-8c18-418c-b402-049c0b8f5877
Set-Cookie: uuid2=388180486609223407; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 24-Feb-2023 14:08:07 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: d5f4ed81-95dc-416a-a4ce-235c6479617c
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~320|dm~90&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.72&d=5.72&id=5.19&ic=1&d0=5.71&d25=5.2&d50=5.19&d75=5.17&d100=5.14&ft=2
37.252.171.149200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~320|dm~90&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.72&d=5.72&id=5.19&ic=1&d0=5.71&d25=5.2&d50=5.19&d75=5.17&d100=5.14&ft=2
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FZVf2P0&e=wqT_3QKhCmwhBQAAAwDWAAUBCMK7iJwGEM3LhYeElp_ffxj_EQF4ASo2CV4QkZp2McE_EY2Y2ecxyrk_GQAAAGBmZvI_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUC8CUhlUPeRzL4BWPaec2AAaJTXlwF4jMcEgAEBigEDVVNEkgUG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9aVmYyUDCAAwGIAwCQAwCYAxegAwGqA_8FCskFaHR0cAEu9C8EYWR4LmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHZpZXc_YWk9Q3dqay13aDJDWTdPLU9vS2Mtd2FseDdub0NmaXB1OFp0NzZpYXpzOFEtQzRRQVNEbWw5WWxZTU9FZ0lDWUdNZ0JBcWtDVTlNRjlfdTVlVDZvQXdISUE1a0VxZ1MzQVVfUXU1T1JUVEgtbUZnbG41MV9aOThZbWJ2eXNDX1c3Y1RvWGFFNnM3d1dQRlFaVjF2R183LUFnSWg5Y2dldVRLWHBQN2gxclhISkFCT0FFdU1Yd3RzWDEzMVp1cklyQzBSWDJvUlZVMm1yODRXd0FMRS05UDJhSnpxZ1luQnlCQnBrM19NcHlUbzMzd1hEVDZPX2xHSE1BYXJRLVdyT2xXTkxlbWtneGdqT1p2WUcxVWhHX2p6VnNyRk9TdnBLbjJoLVVheGp4LXZUbnpnbFNrYUdWdFFId1h4a1Z2YVU0WWNMaFJiRVFNenVZZThMMzExcDJjQUVsN2IwODVnRTRBUURpQVdPbV9uZVJwSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSHdlZkVONmdIanM0YnFBZVQyQnVvQi02V3NRS29CXzZlc1FLb0I2U2pzUUtvQjlYSkc2Z0hwcjRiMkFjQThnY0tFTEtaQ0JpeWtyTGFBZElJRVFpQTRZQVFFQUVZWHpJQ3FnSTZBb0JBOGdnT1ltbGtaR1Z5TFRRek5qTXhPRG1BQ2dUSUN3R3dFXy11cmhISUU3RDZ2T0VEMEJNQTJCTUsyQlFCMEJVQmdCY0JzaGNJQ2dZSUFCSUFHQUEmc2lnaD1fRVlYZmlwM2NjVSZ1YWNoX209W1VBQ0hdJmNpZD1DQUFTQk9SbzdWMCZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM5MjA0OTMxNzg0ODM2NDc0MzE3IgkzOTk3MDYzNTkqBjMyMTI0NzoJNDU4MDAwNjkwwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAE95HMvgGIBQGYBQCgBdCUl_LR9Jv-TcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBZvAAvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AatbNoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE4OTg5NjAwMTQyugcPCAAQABgAIAAwADjlFUAAyAeMxwTSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAJUIAACAP5gIAQ..&s=3270dee2e31193432d9ef6cce854eb9abace04a9&type=pv&jm=1003&px=271&py=1844&bw=728&bh=90&sf=1&sid=3209732161283570022&vd=ct~0|rr~320|dm~90&sv=230&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.72&d=5.72&id=5.19&ic=1&d0=5.71&d25=5.2&d50=5.19&d75=5.17&d100=5.14&ft=2 HTTP/1.1
Host: fra1-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 26 Nov 2022 14:08:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 6a745ea9-8d2d-4450-add9-632fafc138e8
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs-simple.com
static.criteo.net/js/ld/publishertag.prebid.113.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.113.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.113.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: text/javascript
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
etag: W/"6138b197-1532d"
expires: Sun, 27 Nov 2022 14:08:04 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=er_nkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFHbVhuMGFXQ1dUVWVCZGRvZTJSbXI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=6TcTtF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czc5Z1NtWDJ3MEFrUEtyM3NEemZaMVFMUDFDZ3M1JTJGeWQlMkJpR050TlVOYTFV; expires=Thu, 21 Dec 2023 14:08:04 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 404409
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/UFYwWwmt.js
142.250.74.33200 OK 0 B URL HTTP/2 tpc.googlesyndication.com/sodar/UFYwWwmt.js
IP 142.250.74.33:0
GET /sodar/UFYwWwmt.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 15207
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 18:23:03 GMT
expires: Wed, 22 Nov 2023 18:23:03 GMT
cache-control: public, max-age=31536000
age: 330300
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.2.146:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 408134
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
hhklc.com/c.js
172.67.223.102200 OK 0 B IP 172.67.223.102:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Sat, 26 Nov 2022 14:11:07 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iwl5pEB%2BwSTAWO0EfNuC8TEjBWmWlZ5pdt9fLSYkgttn%2BE3kL%2B1BoNCbVWIc331vRq9YSHXX%2FX6G2lWLOfVUUhbcZn%2BLxNItQHxk%2BbsczVusuUbeY2URBKGEXD0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7703319a5c5a1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.73200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.73:0
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sat, 26 Nov 2022 13:21:57 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Sat, 26 Nov 2022 13:21:57 UTC
etag: W/"99ee72c5acdaf84ae7a174fa7e883507"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bnYzxCKIWWzszp3K0UVnG-NSEkJXdFd-T5l2E8cYKYRc-l0sutMTAg==
age: 2764
X-Firefox-Spdy: h2
d3div1mtym39ic.cloudfront.net/aax2/apstag.js
54.230.245.23200 OK 0 B URL HTTP/2 d3div1mtym39ic.cloudfront.net/aax2/apstag.js
IP 54.230.245.23:0
GET /aax2/apstag.js HTTP/1.1
Host: d3div1mtym39ic.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sat, 26 Nov 2022 14:01:23 GMT
last-modified: Wed, 09 Nov 2022 20:51:49 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: br
etag: W/"fa24fe2b94a2fc864b1ec67f32e8db32"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mcM8TiJq5XC928c4K_7i_IFd3lZdOrrgn1sooIX0VSDPZQGJ3lW9LA==
age: 400
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.73200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.73:0
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 26 Nov 2022 13:30:06 GMT
expires: Sat, 26 Nov 2022 14:29:57 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FbAdXh7sUjnKFJkBD6M71AadgjQ4CZbGdvR5glL6p70aninnhRWp3A==
age: 2285
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.14200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.14:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 82367
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
IP 178.250.2.146:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:05 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 258534
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ouo.press/css/bootstrap.css
172.67.22.15200 OK 0 B URL HTTP/2 ouo.press/css/bootstrap.css
IP 172.67.22.15:0
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/ZVf2P0
Cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; 7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; __cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Sat, 26 Nov 2022 22:34:28 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 12812
vary: Accept-Encoding
server: cloudflare
cf-ray: 77033199fc41b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.adtrue.com/rtb/async.js
104.21.81.154200 OK 0 B URL HTTP/2 cdn.adtrue.com/rtb/async.js
IP 104.21.81.154:0
GET /rtb/async.js HTTP/1.1
Host: cdn.adtrue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: application/javascript
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
etag: W/"5fb1d3ed-1c9f"
expires: Sun, 24 Sep 2023 03:46:20 GMT
cache-control: max-age=31104000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5048501
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XorTWkmoYSDFbujwUt3GGCPt0cXZNeekp1PWIeLnBkjgZFlSbUzYVALz%2BcZo%2FN8WHeOcnF6q3VPN4Mge9KhEVlkpaPhNOj696lf2vdRo6jUXTXuAs5XMdPs7aZyz7VZD9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7703319a4898b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.123.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.123.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.123.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: text/javascript
last-modified: Tue, 03 May 2022 11:21:03 GMT
etag: W/"6271101f-15b58"
expires: Sun, 27 Nov 2022 14:08:03 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/close.svg
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/close.svg
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/4/images/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Aug 2022 09:15:06 GMT
etag: W/"62ff549a-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 951283
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZgAdh4HtSVysN8t2EnVq9IwpomvuIS8QkKaNUiAKXuLDo34WeA9xhKmtlbOpkTFLPJ%2BvKeD3NAGivCM4TYzzq4hBUdcvf5B1oKBaLaYU6OvGGqbOA%2BKMd55vhgM%2FXXnKpAHdohCtmPo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331aeca3172bb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:02 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 935662
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
54.230.111.210200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 54.230.111.210:0
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 18 Nov 2022 03:05:15 GMT
x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
server: AmazonS3
content-encoding: gzip
date: Sat, 26 Nov 2022 03:25:22 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6eaGvNGJs9dqPyMKQRTvG1m4_LGdDja_CGFI9foHBF6Ntd--mNeaCA==
age: 49362
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dilkw7fzDWg70yPABz--47pO53sNf5inStAgO65IHDUrxbakyFIHo5wepUVQEBqZDwDKi8CXoFzzqplTnrs5gBJJ2f2pFsDXebS3CG2AKyKDOE_TpPgCy9GLXBI2Rbr_3k5GTm4OJpLfUd3dJqeDmI0P8EtRXhz8USxZ9CgTO0CLoJAno&cry=1&dbm_d=AKAmf-COfjf0p3o7MO_cbF34B__207h2Va9gxmzEEcM4_huEcB4_eyqC9cpgbYzmCcIUYx4LMbKDPXU2oXXphiLev9UMZa8q-RnNFWcnPOtkz4A5TspxS1LmfRQepUt0i6X72W9CQE8EBP4_U3mxJCwQX02KdcQWQq9fxn7zyzEs-NLTeLSX__5sSnlwunGCgQ1CKt1Ob1ueI-7Oo2kbSevRG7e9SIL4TEEu-BnhZxIaljNCQP0GVfejowp3Gy55q0VjPK12LxVllYgdcf-N_DsNf3YANOYzeiVnyIy9M_HDT1b4pK5hfC8GCUFvqQoaLUSBj3KaRkhtVV-UtOAfQGkW0ffb57dajBnF6tXzrQLSBXFHYm9p1tE3cV3lzqphYNgcsPend3PC_G-ZWSK24kNxAjYhpQuPwUyMgRXIzrAvafB1RTGPNX3pkZkprqoqWbXIhG3i5rHSE7bH9QQfWi9Fk5Dzf7AqBIUx3tZeo2fOGVqpGYZjwWTBy5B4ci4afwdZ2g_8bvXZaaUTPs4WqlSMdnjbM6dEp7VR2RdetgbmY8XKedmE7hpzfsRus4FqG_W1VO0mG9z5qBQuh0_I5D33zdxZAi4ps0Ao9ZJplD-_pSJsa_DFKcv52mev1GxCqE49cdCDOd4YLPuoEHGFuazU3ofVKg33p2YeR0CFyZVrVYX5nrgcdJESWWadMckCa1zolGdnceVAexDbkOHJcjdBkA7hhiyaF6sRSDGTjQBHGeiZAQvkwhveYBsSE0ERrwnBTBY5Oh8m086_-prZhoD8f1qcNRQ2uSUKQm2bGel0k_eMOiOyR_zxv7s9bzS7uRq_pOB6GCEE-VDtHYn2s5nu0JcPWRBKZTNKcHaj4X8nLtWEZf0eInlgnZOV2PeQcSdDp6sGootOAoQqwd2RxR6nLKDd2zOdJIEcnIlnkOfQ7pd_a4MqxA401hmkbQKuwPrkSJkOxTYl_mqouYlCls_VSDFCw7xUibaVzvpoYJ3Ky2G7mT7zqdJ0guM8L_MTRNk70GkCah2QgdEpMqr1Bwf5CZq56Aa0xtFxHUSIDyBrAivR2nyyzk4Ept4dk_hJzpDf6-SpZlO-ELi8IbFfvcsVaN67jzH9pO6NmT313OtosqfUpUw7V8DcrHot8NW6WnLavjck8D5n04s4xPZdVAwft2moeX6tYl7pxwbBs_xDDvfYZEqRFZgKQ-yZ_fG-0Ef5YokpvLw6B8K7rP7Qudeyc3VMJyqABHC-hDxoBkreYdZ8lr74pKi9NIcW6zPJ0mNqoEa42Iaj3mRJUJeYOEiCAdpikQHuCw2ySJ3aNI3uech_2Tf0qeiPLUVNlUdfTnnjvQHb78yx3eYvL6AWpHCAAzRAKcPgLBBSHstEA-364NUBMLoQwxNOH2wD2Tf1eO63JVGCAm-N-fGL4CaYaBq_tTMCxmlRsydKgJ5qIjDd8tZ8hMGHvWp9fBTWwiRhx2iDYrkWvNzfn_oeKGzlcnRlf9HJ2PYQJhW74-IBDM3ZmzWRD4NeHEY0QVwYS3eZ58yzQ2ZO0hJ8259gDYUjaWCD2UtUpUBFMXHoeVjsUcs2WRK5HPEL8FaBvAynGO2N8JBwFOXpUk-jqOoKRpDY8u6k9YGSgMklbza14c73dd3tJWO-tOofAlwAufYEwHfP6nkaBUgNNhrEGS4piL6OwNyTvXctxXKu4XA1RZwhuYgGzheY-rzU33fgvQ4MlmUiloFNmn0woVBUUyuj1fif8B8rfEUAQe8lHng3zEnUVUtZHjZ0Tk_SM5YdySEUrCg6LZl04IZLI7oCGmOz92T-spJNQUax2BKczk4ubc4n7ECdRmVM4TOBWsRe_cSnIZsVA4saJw8X6fZhY3Vx9PyimSpx6_vPLk61PuMw5bPFK9GaZg8KyQnsoWjQBKhXBLnL-qwc4jo-OJm5LsAFLK-82AYZRC-XTDe35j1L1npgO9NIcKiTSCjsiMhFAtiGsZVBOWiwXPQg6M8_TgPn-TnFVZklDZdj6RJdq0ogIzGXZqDX_KhlgXHtr-Fzq_oPJK0Xx3rXaPWtoiS7Ju0W-Q5kUosYa2vM06yvQZgOl9URPwBQp_eQSaDckWs_GeHedeR84UIrbgeW34p1psuVSBkNQ1HuY_RCJYHDQ2RBpNfxxnmLMCO0xlNsqM6Veh-u0cnOz5GW2-OwbJfWbneYZlg5_iTUs83nuQeqe7YGF1jIUBHbOLPRXp9dMpofB8kK89V1vZVDYvLy6ODP27bdOdHu3XA-On9f0-4wbpBLS4jOVTRPV4qtNN-yT-E_94l1JBDQpFRoAfOg8Pvzpk49oME6Ch8cjoyyWvr2-Z8defHpXxzk_IBRNEhBWkFnRLqNiRzBSTKwuOWLTnzI72TtC9UREgjuXF7Da7N7wlmW18hi3Gt1NRKjOrPEDNbAIbfOSs0Viiq5cVnjVaAoIo-3rh26mebSbJAQlZJvYC1rgmAYEycqN1h_or91Qhjgoovynw9TiTuPO2rlxi3qCJhrcOpNebWU-Y_nkFIQqnKNGlXPo01VK2tEjApBJkYRnmlYTYPF7GNHONQAbwgAFKeAKGa-ksJ9oLs_wJZybPmkNOizEjBdT5kE786wZnOVqcn3iOisstfQ5KuDt8S0uxwfQEpZ4Rl_7sUldqxlkCncXLLj7EAqqrNOTyH0rRadqw6zgaKIyqrviHBTMJV6tKPwOCNx-VYVfP_CW9XIf4rE5b7a0LaJuQs2SHwXgib63EpYu_c5toFWBCpgN50Noe6waLvvbLuZ2nr_c8BwO5SHpj5buvbL2L_2wxLCnbQ9wdw_Y8m0GKGxWL-DR8xHS_sghNgRMeGOogeOT_bUE_GLR2c5-ZwrvE6rzUd4vkOxej01KBXHNENBvf8cFtY22VZnDNNoVBCnWfmYqKo7V0zAQM2r4TAcjzmL_DH9HCya_HJds6sNiocVZ-lsDIgX0kh2jqE942wRSUB_2__cUexpzty-lnVjK0OPzEnHZbcDwGqPHcqx8SqRTZXQdfmPFm2po9E2PVcElb6QjSdcgxcKpdVpuDkm7F2MXubgt-nSDiafAb-TQpM9CZw3aOI2MEnAzo_dmXr5Qb3TUwDZcXEfErLI-THw5naTImBs8GbPKUb2VWkPsrQxMAUMvVCGlopTHxsK23eoI-jeVFfdLKeLWuLqWAzSfvesymwnbh8&cid=CAASBORo7V0&rfl=2%2Chttps%253A%252F%252Fouo.press%252FZVf2P0%240
142.250.74.66200 OK 0 B URL HTTP/2 googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dilkw7fzDWg70yPABz--47pO53sNf5inStAgO65IHDUrxbakyFIHo5wepUVQEBqZDwDKi8CXoFzzqplTnrs5gBJJ2f2pFsDXebS3CG2AKyKDOE_TpPgCy9GLXBI2Rbr_3k5GTm4OJpLfUd3dJqeDmI0P8EtRXhz8USxZ9CgTO0CLoJAno&cry=1&dbm_d=AKAmf-COfjf0p3o7MO_cbF34B__207h2Va9gxmzEEcM4_huEcB4_eyqC9cpgbYzmCcIUYx4LMbKDPXU2oXXphiLev9UMZa8q-RnNFWcnPOtkz4A5TspxS1LmfRQepUt0i6X72W9CQE8EBP4_U3mxJCwQX02KdcQWQq9fxn7zyzEs-NLTeLSX__5sSnlwunGCgQ1CKt1Ob1ueI-7Oo2kbSevRG7e9SIL4TEEu-BnhZxIaljNCQP0GVfejowp3Gy55q0VjPK12LxVllYgdcf-N_DsNf3YANOYzeiVnyIy9M_HDT1b4pK5hfC8GCUFvqQoaLUSBj3KaRkhtVV-UtOAfQGkW0ffb57dajBnF6tXzrQLSBXFHYm9p1tE3cV3lzqphYNgcsPend3PC_G-ZWSK24kNxAjYhpQuPwUyMgRXIzrAvafB1RTGPNX3pkZkprqoqWbXIhG3i5rHSE7bH9QQfWi9Fk5Dzf7AqBIUx3tZeo2fOGVqpGYZjwWTBy5B4ci4afwdZ2g_8bvXZaaUTPs4WqlSMdnjbM6dEp7VR2RdetgbmY8XKedmE7hpzfsRus4FqG_W1VO0mG9z5qBQuh0_I5D33zdxZAi4ps0Ao9ZJplD-_pSJsa_DFKcv52mev1GxCqE49cdCDOd4YLPuoEHGFuazU3ofVKg33p2YeR0CFyZVrVYX5nrgcdJESWWadMckCa1zolGdnceVAexDbkOHJcjdBkA7hhiyaF6sRSDGTjQBHGeiZAQvkwhveYBsSE0ERrwnBTBY5Oh8m086_-prZhoD8f1qcNRQ2uSUKQm2bGel0k_eMOiOyR_zxv7s9bzS7uRq_pOB6GCEE-VDtHYn2s5nu0JcPWRBKZTNKcHaj4X8nLtWEZf0eInlgnZOV2PeQcSdDp6sGootOAoQqwd2RxR6nLKDd2zOdJIEcnIlnkOfQ7pd_a4MqxA401hmkbQKuwPrkSJkOxTYl_mqouYlCls_VSDFCw7xUibaVzvpoYJ3Ky2G7mT7zqdJ0guM8L_MTRNk70GkCah2QgdEpMqr1Bwf5CZq56Aa0xtFxHUSIDyBrAivR2nyyzk4Ept4dk_hJzpDf6-SpZlO-ELi8IbFfvcsVaN67jzH9pO6NmT313OtosqfUpUw7V8DcrHot8NW6WnLavjck8D5n04s4xPZdVAwft2moeX6tYl7pxwbBs_xDDvfYZEqRFZgKQ-yZ_fG-0Ef5YokpvLw6B8K7rP7Qudeyc3VMJyqABHC-hDxoBkreYdZ8lr74pKi9NIcW6zPJ0mNqoEa42Iaj3mRJUJeYOEiCAdpikQHuCw2ySJ3aNI3uech_2Tf0qeiPLUVNlUdfTnnjvQHb78yx3eYvL6AWpHCAAzRAKcPgLBBSHstEA-364NUBMLoQwxNOH2wD2Tf1eO63JVGCAm-N-fGL4CaYaBq_tTMCxmlRsydKgJ5qIjDd8tZ8hMGHvWp9fBTWwiRhx2iDYrkWvNzfn_oeKGzlcnRlf9HJ2PYQJhW74-IBDM3ZmzWRD4NeHEY0QVwYS3eZ58yzQ2ZO0hJ8259gDYUjaWCD2UtUpUBFMXHoeVjsUcs2WRK5HPEL8FaBvAynGO2N8JBwFOXpUk-jqOoKRpDY8u6k9YGSgMklbza14c73dd3tJWO-tOofAlwAufYEwHfP6nkaBUgNNhrEGS4piL6OwNyTvXctxXKu4XA1RZwhuYgGzheY-rzU33fgvQ4MlmUiloFNmn0woVBUUyuj1fif8B8rfEUAQe8lHng3zEnUVUtZHjZ0Tk_SM5YdySEUrCg6LZl04IZLI7oCGmOz92T-spJNQUax2BKczk4ubc4n7ECdRmVM4TOBWsRe_cSnIZsVA4saJw8X6fZhY3Vx9PyimSpx6_vPLk61PuMw5bPFK9GaZg8KyQnsoWjQBKhXBLnL-qwc4jo-OJm5LsAFLK-82AYZRC-XTDe35j1L1npgO9NIcKiTSCjsiMhFAtiGsZVBOWiwXPQg6M8_TgPn-TnFVZklDZdj6RJdq0ogIzGXZqDX_KhlgXHtr-Fzq_oPJK0Xx3rXaPWtoiS7Ju0W-Q5kUosYa2vM06yvQZgOl9URPwBQp_eQSaDckWs_GeHedeR84UIrbgeW34p1psuVSBkNQ1HuY_RCJYHDQ2RBpNfxxnmLMCO0xlNsqM6Veh-u0cnOz5GW2-OwbJfWbneYZlg5_iTUs83nuQeqe7YGF1jIUBHbOLPRXp9dMpofB8kK89V1vZVDYvLy6ODP27bdOdHu3XA-On9f0-4wbpBLS4jOVTRPV4qtNN-yT-E_94l1JBDQpFRoAfOg8Pvzpk49oME6Ch8cjoyyWvr2-Z8defHpXxzk_IBRNEhBWkFnRLqNiRzBSTKwuOWLTnzI72TtC9UREgjuXF7Da7N7wlmW18hi3Gt1NRKjOrPEDNbAIbfOSs0Viiq5cVnjVaAoIo-3rh26mebSbJAQlZJvYC1rgmAYEycqN1h_or91Qhjgoovynw9TiTuPO2rlxi3qCJhrcOpNebWU-Y_nkFIQqnKNGlXPo01VK2tEjApBJkYRnmlYTYPF7GNHONQAbwgAFKeAKGa-ksJ9oLs_wJZybPmkNOizEjBdT5kE786wZnOVqcn3iOisstfQ5KuDt8S0uxwfQEpZ4Rl_7sUldqxlkCncXLLj7EAqqrNOTyH0rRadqw6zgaKIyqrviHBTMJV6tKPwOCNx-VYVfP_CW9XIf4rE5b7a0LaJuQs2SHwXgib63EpYu_c5toFWBCpgN50Noe6waLvvbLuZ2nr_c8BwO5SHpj5buvbL2L_2wxLCnbQ9wdw_Y8m0GKGxWL-DR8xHS_sghNgRMeGOogeOT_bUE_GLR2c5-ZwrvE6rzUd4vkOxej01KBXHNENBvf8cFtY22VZnDNNoVBCnWfmYqKo7V0zAQM2r4TAcjzmL_DH9HCya_HJds6sNiocVZ-lsDIgX0kh2jqE942wRSUB_2__cUexpzty-lnVjK0OPzEnHZbcDwGqPHcqx8SqRTZXQdfmPFm2po9E2PVcElb6QjSdcgxcKpdVpuDkm7F2MXubgt-nSDiafAb-TQpM9CZw3aOI2MEnAzo_dmXr5Qb3TUwDZcXEfErLI-THw5naTImBs8GbPKUb2VWkPsrQxMAUMvVCGlopTHxsK23eoI-jeVFfdLKeLWuLqWAzSfvesymwnbh8&cid=CAASBORo7V0&rfl=2%2Chttps%253A%252F%252Fouo.press%252FZVf2P0%240
IP 142.250.74.66:0
GET /dbm/ad?dbm_c=AKAmf-Dilkw7fzDWg70yPABz--47pO53sNf5inStAgO65IHDUrxbakyFIHo5wepUVQEBqZDwDKi8CXoFzzqplTnrs5gBJJ2f2pFsDXebS3CG2AKyKDOE_TpPgCy9GLXBI2Rbr_3k5GTm4OJpLfUd3dJqeDmI0P8EtRXhz8USxZ9CgTO0CLoJAno&cry=1&dbm_d=AKAmf-COfjf0p3o7MO_cbF34B__207h2Va9gxmzEEcM4_huEcB4_eyqC9cpgbYzmCcIUYx4LMbKDPXU2oXXphiLev9UMZa8q-RnNFWcnPOtkz4A5TspxS1LmfRQepUt0i6X72W9CQE8EBP4_U3mxJCwQX02KdcQWQq9fxn7zyzEs-NLTeLSX__5sSnlwunGCgQ1CKt1Ob1ueI-7Oo2kbSevRG7e9SIL4TEEu-BnhZxIaljNCQP0GVfejowp3Gy55q0VjPK12LxVllYgdcf-N_DsNf3YANOYzeiVnyIy9M_HDT1b4pK5hfC8GCUFvqQoaLUSBj3KaRkhtVV-UtOAfQGkW0ffb57dajBnF6tXzrQLSBXFHYm9p1tE3cV3lzqphYNgcsPend3PC_G-ZWSK24kNxAjYhpQuPwUyMgRXIzrAvafB1RTGPNX3pkZkprqoqWbXIhG3i5rHSE7bH9QQfWi9Fk5Dzf7AqBIUx3tZeo2fOGVqpGYZjwWTBy5B4ci4afwdZ2g_8bvXZaaUTPs4WqlSMdnjbM6dEp7VR2RdetgbmY8XKedmE7hpzfsRus4FqG_W1VO0mG9z5qBQuh0_I5D33zdxZAi4ps0Ao9ZJplD-_pSJsa_DFKcv52mev1GxCqE49cdCDOd4YLPuoEHGFuazU3ofVKg33p2YeR0CFyZVrVYX5nrgcdJESWWadMckCa1zolGdnceVAexDbkOHJcjdBkA7hhiyaF6sRSDGTjQBHGeiZAQvkwhveYBsSE0ERrwnBTBY5Oh8m086_-prZhoD8f1qcNRQ2uSUKQm2bGel0k_eMOiOyR_zxv7s9bzS7uRq_pOB6GCEE-VDtHYn2s5nu0JcPWRBKZTNKcHaj4X8nLtWEZf0eInlgnZOV2PeQcSdDp6sGootOAoQqwd2RxR6nLKDd2zOdJIEcnIlnkOfQ7pd_a4MqxA401hmkbQKuwPrkSJkOxTYl_mqouYlCls_VSDFCw7xUibaVzvpoYJ3Ky2G7mT7zqdJ0guM8L_MTRNk70GkCah2QgdEpMqr1Bwf5CZq56Aa0xtFxHUSIDyBrAivR2nyyzk4Ept4dk_hJzpDf6-SpZlO-ELi8IbFfvcsVaN67jzH9pO6NmT313OtosqfUpUw7V8DcrHot8NW6WnLavjck8D5n04s4xPZdVAwft2moeX6tYl7pxwbBs_xDDvfYZEqRFZgKQ-yZ_fG-0Ef5YokpvLw6B8K7rP7Qudeyc3VMJyqABHC-hDxoBkreYdZ8lr74pKi9NIcW6zPJ0mNqoEa42Iaj3mRJUJeYOEiCAdpikQHuCw2ySJ3aNI3uech_2Tf0qeiPLUVNlUdfTnnjvQHb78yx3eYvL6AWpHCAAzRAKcPgLBBSHstEA-364NUBMLoQwxNOH2wD2Tf1eO63JVGCAm-N-fGL4CaYaBq_tTMCxmlRsydKgJ5qIjDd8tZ8hMGHvWp9fBTWwiRhx2iDYrkWvNzfn_oeKGzlcnRlf9HJ2PYQJhW74-IBDM3ZmzWRD4NeHEY0QVwYS3eZ58yzQ2ZO0hJ8259gDYUjaWCD2UtUpUBFMXHoeVjsUcs2WRK5HPEL8FaBvAynGO2N8JBwFOXpUk-jqOoKRpDY8u6k9YGSgMklbza14c73dd3tJWO-tOofAlwAufYEwHfP6nkaBUgNNhrEGS4piL6OwNyTvXctxXKu4XA1RZwhuYgGzheY-rzU33fgvQ4MlmUiloFNmn0woVBUUyuj1fif8B8rfEUAQe8lHng3zEnUVUtZHjZ0Tk_SM5YdySEUrCg6LZl04IZLI7oCGmOz92T-spJNQUax2BKczk4ubc4n7ECdRmVM4TOBWsRe_cSnIZsVA4saJw8X6fZhY3Vx9PyimSpx6_vPLk61PuMw5bPFK9GaZg8KyQnsoWjQBKhXBLnL-qwc4jo-OJm5LsAFLK-82AYZRC-XTDe35j1L1npgO9NIcKiTSCjsiMhFAtiGsZVBOWiwXPQg6M8_TgPn-TnFVZklDZdj6RJdq0ogIzGXZqDX_KhlgXHtr-Fzq_oPJK0Xx3rXaPWtoiS7Ju0W-Q5kUosYa2vM06yvQZgOl9URPwBQp_eQSaDckWs_GeHedeR84UIrbgeW34p1psuVSBkNQ1HuY_RCJYHDQ2RBpNfxxnmLMCO0xlNsqM6Veh-u0cnOz5GW2-OwbJfWbneYZlg5_iTUs83nuQeqe7YGF1jIUBHbOLPRXp9dMpofB8kK89V1vZVDYvLy6ODP27bdOdHu3XA-On9f0-4wbpBLS4jOVTRPV4qtNN-yT-E_94l1JBDQpFRoAfOg8Pvzpk49oME6Ch8cjoyyWvr2-Z8defHpXxzk_IBRNEhBWkFnRLqNiRzBSTKwuOWLTnzI72TtC9UREgjuXF7Da7N7wlmW18hi3Gt1NRKjOrPEDNbAIbfOSs0Viiq5cVnjVaAoIo-3rh26mebSbJAQlZJvYC1rgmAYEycqN1h_or91Qhjgoovynw9TiTuPO2rlxi3qCJhrcOpNebWU-Y_nkFIQqnKNGlXPo01VK2tEjApBJkYRnmlYTYPF7GNHONQAbwgAFKeAKGa-ksJ9oLs_wJZybPmkNOizEjBdT5kE786wZnOVqcn3iOisstfQ5KuDt8S0uxwfQEpZ4Rl_7sUldqxlkCncXLLj7EAqqrNOTyH0rRadqw6zgaKIyqrviHBTMJV6tKPwOCNx-VYVfP_CW9XIf4rE5b7a0LaJuQs2SHwXgib63EpYu_c5toFWBCpgN50Noe6waLvvbLuZ2nr_c8BwO5SHpj5buvbL2L_2wxLCnbQ9wdw_Y8m0GKGxWL-DR8xHS_sghNgRMeGOogeOT_bUE_GLR2c5-ZwrvE6rzUd4vkOxej01KBXHNENBvf8cFtY22VZnDNNoVBCnWfmYqKo7V0zAQM2r4TAcjzmL_DH9HCya_HJds6sNiocVZ-lsDIgX0kh2jqE942wRSUB_2__cUexpzty-lnVjK0OPzEnHZbcDwGqPHcqx8SqRTZXQdfmPFm2po9E2PVcElb6QjSdcgxcKpdVpuDkm7F2MXubgt-nSDiafAb-TQpM9CZw3aOI2MEnAzo_dmXr5Qb3TUwDZcXEfErLI-THw5naTImBs8GbPKUb2VWkPsrQxMAUMvVCGlopTHxsK23eoI-jeVFfdLKeLWuLqWAzSfvesymwnbh8&cid=CAASBORo7V0&rfl=2%2Chttps%253A%252F%252Fouo.press%252FZVf2P0%240 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 26 Nov 2022 14:08:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 29826
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 26-Nov-2022 14:23:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
IP 178.250.2.146:0
GET /syncframe?origin=publishertag&topUrl=ouo.press HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:03 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=e233b7bc-d6b1-45c4-bc9f-b2ecf0e704c4; expires=Thu, 21 Dec 2023 14:08:03 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 330502
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/script.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/script.js
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/4/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:05 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:42:11 GMT
etag: W/"632ac053-1160"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsHNoYjlCwsiqv2ckdwBmLFuH2YbcWryzEW1dpjqUr%2BQMover2cdaFU9uRglgDBEfkJIfoObvC355rIKVdCAUW45ij%2FRdV9%2FGHmYoA%2Ff0ep5PN9bmcHLYl31c%2FuG5HAl%2Fwt6XnjcicKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770331af7af67495-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/4/index.html
45.133.44.4200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/4/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/4/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:04 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Aug 2022 09:15:02 GMT
etag: W/"62ff5496-63e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 26 Nov 2022 15:08:04 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
ouo.press/ZVf2P0
172.67.22.15200 OK 0 B IP 172.67.22.15:0
GET /ZVf2P0 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 26 Nov 2022 14:08:01 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6IlJ0NEorTFBGYnRsSGlqTHYzM0d6ekMzd21laVJMMDNlV1FtWmJSYVB3Njg9IiwidmFsdWUiOiJNVEpsWWdQSlExTnRBWUd1STZDTXZ5elRNaU1UM0FZTWJXb0c1NzI0NXVDM0F1TlJZRXU0ZGRubHZNK0VmRHNOVzMyNTJPV0dBOFBcL1g5elZUYmdTaFE9PSIsIm1hYyI6IjIzN2JhNThmNDFiYzZhZTNhYjM1MGYxNTEyMGY1ZDEzNTQzYjg2MzkyNzdmZTdkZjExZThhMmUxNzY5MWE1MmYifQ%3D%3D; path=/; httponly
language=eyJpdiI6InUyUXVXSzJ2VDZ5ejdDdStid2cxd2V2RStwbzIxb1JPazZTbndadVVBZ0U9IiwidmFsdWUiOiJcL1wvbTgyazEySGZXSXhFRTFmSVFPR0tnckZpUklOYXFXaWdwUnVkZXBad009IiwibWFjIjoiMGI3YjVhNDI1Mzk1Njg4Y2EyOGFmOWI4ZDkyN2M2MjVhYjhhZDRjNzc2ODQ1NzBkM2EzNTFmOWVlMTIxNDc2OSJ9; expires=Thu, 25-Nov-2027 14:08:01 GMT; Max-Age=157680000; path=/; httponly
7c4de8a426f66a1405c5dd5096343cb00fa55bac=eyJpdiI6ImVvdHJGbVVha0ZZUW1kXC81ZWtNSVhSVGh0ajVLWUFmdWM0Kyt6ME96TmtNPSIsInZhbHVlIjoiUU9ycTFrNkdCU2piU0RleEtHdjhZdndJUk5td2RNUDVpNnl1UWNcL2V6eWNSc1EyZGdYNGZYUmRQcnMxMWNxaHM2OElRNWtTY0dIVVNTT0xYS0xDMjNQd0ljQlRmK1JCaFN1enVMdXM5aGRKSW96TUEwaFNlQ0luS1FXcFNQK1g3TkEwMXREb2pHWUNQYndxclwvTVdKVW8yVTdLR2psXC9pZ1ZERmhwbStiRWlzV29OZFN1UG5zR0tJNU9cLytBbzM2Sm9mR04zRkg4Tm9kRnlEVWpDNGNhWm8reFlUK1JmSkcrOFJPKzZRaTZkd3d0OGdYanVMMkJlbHlqSTRqdGZDR0VvNmpyczFmWVh0cUJxdnV6TjY2ZThSTE42WStmRVo4TU9RaHhaUk9kejc3V0JuemJaTXRUN0l5MkxEdWkzcHNBVnVVUUwwZUVZVm1GN1ByZXpYZXNcLzcxTUMrSVlkOXVKUCtnZndYdzh5b2pRMU9vdlwvXC9oNkZUVkFSTk05OTQ2USIsIm1hYyI6ImNiYjlkOTI1ZTA5NGUwMjU2M2VjMTIzOTEwZGRiOGYwMmFlYjM2ZjYyNGY4ZmMwZTJjMjdkMGY3YmNmNDk0YjUifQ%3D%3D; expires=Sat, 26-Nov-2022 16:08:01 GMT; Max-Age=7200; path=/; httponly
__cf_bm=SckyPjmiHalh73WoHq_d5UafIS6dQhwZfZjGArJU.vU-1669471681-0-AWXPJgeqiwbauQ3WbSx2850NpnIt41YEGtoKcBDq2Wxtrjqh3SW9tEMel1BxgciV88ezMQEx8ZrDNgD6Atprurg=; path=/; expires=Sat, 26-Nov-22 14:38:01 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 77033197281bb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2