r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43ad67f241ee3692a9c9c1da080dae58
6a024f7d71eeee257edc91ba9273416f634aaae5
636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16577
Expires: Sun, 11 Dec 2022 14:10:29 GMT
Date: Sun, 11 Dec 2022 09:34:12 GMT
Connection: keep-alive
doterra.is/4l9h2q
34.239.22.13200 OK 3.3 kB IP 34.239.22.13:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (380)
Hash 0dc1f89a053ce7af2ab5edc8c8f510b3
1bf854112424a00fe194f8e63e81055d489b3352
501c4355b2c3022ef3293ecf44cfb24e06cd76ee7526fac3f64398c794a56ff4
Analyzer Verdict Alert fortinet Phishing
GET /4l9h2q HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:44:26 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: 4l9h2q=1; expires=Tue, 10-Jan-2023 09:44:26 GMT; Max-Age=2592000; path=/4l9h2q; domain=doterra.is
/4l9h2q=1; expires=Tue, 10-Jan-2023 09:44:26 GMT; Max-Age=2592000; path=/4l9h2q; domain=doterra.is
lang=en-us; path=/
lang=en-us; path=/; domain=*.picsee.co
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3279
Connection: close
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 430f1651125c14bfa4924aa1f1a392e9
304141c5fe7ac8b370a67912b2592f9622de9600
315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10347
Expires: Sun, 11 Dec 2022 12:26:39 GMT
Date: Sun, 11 Dec 2022 09:34:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12809
Expires: Sun, 11 Dec 2022 13:07:41 GMT
Date: Sun, 11 Dec 2022 09:34:12 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 09:08:30 GMT
content-type: application/json
age: 1542
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XYF2uZWp1myzCvCNJer9WQDzijEBR5ifH/YZBJzIc4S1k+LTHciabFUO4mV1t/tpYbpbgKNF0XQ=
x-amz-request-id: PFQDWBK0Z4XM73PG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 08:51:01 GMT
age: 2591
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 09:34:12 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2cae2070bb9150b3133d0096cbc0d2ad
f213a505828354b57cc5334d8b9063045f1dc4f9
6194f5b1d16f6746bce736b1b4b37d35d7005751c73112569794cbd92f9d68e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5004
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:12 GMT
Last-Modified: Sun, 11 Dec 2022 08:10:49 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 2cae2070bb9150b3133d0096cbc0d2ad
f213a505828354b57cc5334d8b9063045f1dc4f9
6194f5b1d16f6746bce736b1b4b37d35d7005751c73112569794cbd92f9d68e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5079
Cache-Control: max-age=168711
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:12 GMT
Etag: "63958044-116"
Expires: Tue, 13 Dec 2022 08:26:03 GMT
Last-Modified: Sun, 11 Dec 2022 07:01:24 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278
tenmax-static.cacafly.net/ssp/adsbytenmax.js
172.67.23.85200 OK 41 kB URL HTTP/1.1 tenmax-static.cacafly.net/ssp/adsbytenmax.js
IP 172.67.23.85:0
File type ASCII text, with very long lines (65450)
Hash 963b61257e36a22fd81735cf5645e13c
0142d9349467ccb45a29f2b4732b7349c18ecc39
0e113472d35787dad8e141771ff9ba5565d54c7bdb8438630fe4825b3ce0faf5
GET /ssp/adsbytenmax.js HTTP/1.1
Host: tenmax-static.cacafly.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:34:12 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Content-MD5: a3zgBAY7Qdk86tqkeBGCSw==
Last-Modified: Thu, 24 Nov 2022 08:27:57 GMT
ETag: 0x8DACDF5CAA30C5E
X-Cache: TCP_MISS
x-ms-request-id: 651b768f-b01e-007c-33e5-ff7fc2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
Access-Control-Allow-Origin: *
X-Azure-Ref-OriginShield: 0ATd/YwAAAAB3gkw5IIFkS7DN27dMvqCvQU1TMDRFREdFMTgxNABiMTIxZTIxYy03YzI4LTQwOGItYmQwZi05M2NiNGU3ZGZlZGU=
X-Azure-Ref: 0ATd/YwAAAABQ/hP+677uSogjsXxHNaqcT1NMMjMxMDUwMjA1MDE3AGIxMjFlMjFjLTdjMjgtNDA4Yi1iZDBmLTkzY2I0ZTdkZmVkZQ==
Cache-Control: max-age=1800
CF-Cache-Status: HIT
Age: 737
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777d3920bbfbb4ff-OSL
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.10.207200 OK 7.3 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.10.207:0
File type ASCII text, with very long lines (30837)
Hash bae4b10b2fa355ca10c55893e5b5b675
3396af7a7b600ca402f833715fb148bf75d2fbdb
99fc1311bd1e10bc3f373bfae95197c91dfa716273189690fe35066004f7668f
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 09:34:12 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 722, 617
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 2021-03-10 20:26:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 121d365db7a9aba3915641185d93b963
cdn-cache: HIT
cf-cache-status: HIT
age: 20062059
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 777d3920dae70b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
doterra.is/js/picsee.css
34.239.22.13200 OK 1.8 kB IP 34.239.22.13:0
File type Unicode text, UTF-8 text, with very long lines (1238)
Hash fa055b221d2ea0d1d7f8f065fec698e2
842c0488028b5a9e56bb05fa8cf6483fd50eb7fb
b5b5620fa585e596c34a43f4280cf22939a3b9fcc9395b05ae75609eeed2bdc4
GET /js/picsee.css HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/4l9h2q
Cookie: lang=en-us
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:44:26 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 03 Aug 2021 03:46:11 GMT
ETag: "f6f-5c89f86e0a3b9-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1823
Connection: close
Content-Type: text/css
doterra.is/js/bootstrap.min.js
34.239.22.13200 OK 9.5 kB URL HTTP/1.1 doterra.is/js/bootstrap.min.js
IP 34.239.22.13:0
File type ASCII text, with very long lines (32025)
Hash d65b59b3a97acc0082be953a7167359f
2b4db4293c5d4172837c5f59466e1d86e9228bb9
a337a3b96491d14efe099cde3bdcaeedab0f90b7adfd5e0d5e48f3fe93f7c874
Analyzer Verdict Alert fortinet Phishing
GET /js/bootstrap.min.js HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/4l9h2q
Cookie: lang=en-us
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:35:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 03 Aug 2021 03:46:11 GMT
ETag: "8c6f-5c89f86e09419-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9539
Connection: close
Content-Type: application/javascript
doterra.is/js/utility.js
34.239.22.13200 OK 1.5 kB IP 34.239.22.13:0
File type HTML document, Unicode text, UTF-8 text
Hash ef46c8f217e6adcda55c87ba6746c02e
92e86cd7cc731342f6129516324266c530f150bf
c4266b31c98072dfefb4c8d1dd3889c9a875b65df6219501fd951703458d0ddb
Analyzer Verdict Alert fortinet Phishing
GET /js/utility.js HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/4l9h2q
Cookie: lang=en-us
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:44:26 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 03 Aug 2021 03:46:11 GMT
ETag: "1446-5c89f86e0a3b9-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1521
Connection: close
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 11 Dec 2022 09:07:56 GMT
age: 1576
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 44d4574b46375a2d215ae74bc5eae610
5257ed3edeb56231a9bee921671bb2e0c566000e
923454b28e4fa10085df809768a75c2d9f58f104afa016c06ccca7a26479073b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5502
Cache-Control: max-age=90259
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:13 GMT
Etag: "63944c2a-1d7"
Expires: Mon, 12 Dec 2022 10:38:32 GMT
Last-Modified: Sat, 10 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash dd14fa2d0b2b3d231e91911d90da94c3
64e24ecb5f567ca4a3a9f10166952b30424725a6
3d2790ebe414e4879f7174fa1b2185a4c784b356a795516f403f9e9d5567768a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=127241
Date: Sun, 11 Dec 2022 09:34:13 GMT
Etag: "6394f21e-1d7"
Expires: Mon, 12 Dec 2022 20:54:54 GMT
Last-Modified: Sat, 10 Dec 2022 20:54:54 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GrXB80tMwzypOZRmJPOee651FQ70Kd02RM_MWd0DIsliV65MBYVVoQ==
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gQEldM8qsJ5A0/3mFGZ2Cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ggQVtqp5u0TByyxHhYLmc6Rv7Dw=
picsee.co/js/jquery-1.11.1.min.js
34.197.201.189200 OK 33 kB URL HTTP/1.1 picsee.co/js/jquery-1.11.1.min.js
IP 34.197.201.189:0
File type ASCII text, with very long lines (32086)
Hash 77c96b81bc26956680cd7813d2d4efd9
2f35ac87d37734bb8216c87f56079036109aeaa1
bf48f792ab036db71babef1dbea45dceff0b04212a7278ed08b6c997115352ad
GET /js/jquery-1.11.1.min.js HTTP/1.1
Host: picsee.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Type: application/javascript
Date: Sun, 11 Dec 2022 09:27:12 GMT
ETag: "1762a-53731516dd7dc-gzip"
Last-Modified: Sat, 09 Jul 2016 10:24:02 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: AWSELB=857901F90A8FB9EC38D630240291ED2961407CD978EFFFC0A1C980BC8E147AE63853CF1068E072E56671A06125C5FEEF570259D843CB5952A5678474C4CD39FE60DF2DBEAA;PATH=/;MAX-AGE=500
AWSELBCORS=857901F90A8FB9EC38D630240291ED2961407CD978EFFFC0A1C980BC8E147AE63853CF1068E072E56671A06125C5FEEF570259D843CB5952A5678474C4CD39FE60DF2DBEAA;PATH=/;MAX-AGE=500;SECURE;SAMESITE=None
Vary: Accept-Encoding
Content-Length: 33225
Connection: keep-alive
doterra.is/images/picsee_light_web.png
34.239.22.13200 OK 6.7 kB URL HTTP/1.1 doterra.is/images/picsee_light_web.png
IP 34.239.22.13:0
File type PNG image data, 500 x 104, 8-bit/color RGBA, non-interlaced\012- data
Hash 4d38625cfc6a7758562fecc1631cc379
b6f854200081f1727c2b4e7b4b7fa817c08b0087
60bf970d8a4b5a933e5d401be9a03144ea2f191a90ebe21b21c171fcc6bf07cd
GET /images/picsee_light_web.png HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/4l9h2q
Cookie: lang=en-us
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:44:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 03 Aug 2021 03:46:11 GMT
ETag: "1a03-5c89f86e03659"
Accept-Ranges: bytes
Content-Length: 6659
Connection: close
Content-Type: image/png
connect.facebook.net/zh_TW/sdk.js
31.13.72.12301 Moved Permanently 0 B URL HTTP/1.1 connect.facebook.net/zh_TW/sdk.js
IP 31.13.72.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zh_TW/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/zh_TW/sdk.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Sun, 11 Dec 2022 09:34:13 GMT
Connection: keep-alive
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10da7c40fd218e052cac5276be21d93
723dfdd1320ae0949196715d2d073320c4e4753d
ad3a489d2aa632e337fda00c7851dda9ecfb04798f432b6d5656f976c7ab3f2e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4747
Cache-Control: max-age=137758
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:13 GMT
Etag: "639508a8-1d7"
Expires: Mon, 12 Dec 2022 23:50:11 GMT
Last-Modified: Sat, 10 Dec 2022 22:31:04 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/zh_TW/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/zh_TW/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1957)
Hash fda05c27979a7982a51924c4cd695146
77b34604d9a3f73a5fddc435c723a090e125a2b3
d6c06ba6bab9dfb0c8e43eb463f70306798817184788336cc440d0010f1473bc
GET /zh_TW/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://doterra.is/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 635b7b5abb6fb4d3e0c5dd0ecf350189
etag: "cc85c8e329ed4ef61eb8b83b1d17884c"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 11 Dec 2022 09:47:14 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: /aBcJ5eaeYKlGSTEzWlRRg==
x-fb-debug: V0dhaCnnUTJxeSMHk1+K1qOEEvLsNE+ISG1ty4+bTWNbg6gsJHI6orKYK0luF0jkkwBzvPKMogaZqdFQLw+Ncw==
content-length: 1687
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:13 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10da7c40fd218e052cac5276be21d93
723dfdd1320ae0949196715d2d073320c4e4753d
ad3a489d2aa632e337fda00c7851dda9ecfb04798f432b6d5656f976c7ab3f2e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4747
Cache-Control: max-age=137758
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:13 GMT
Etag: "639508a8-1d7"
Expires: Mon, 12 Dec 2022 23:50:11 GMT
Last-Modified: Sat, 10 Dec 2022 22:31:04 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
doterra.is/favicon.ico
34.239.22.13200 OK 420 B IP 34.239.22.13:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 545dafd58438b6e8323d8181005289da
9ce5394cddd0bdd0572d570c2e33eb9775de33d0
9aa98a8cc54ec2f096e6697d04c8400ee43f774208621f6a4a36cb6be6268f99
GET /favicon.ico HTTP/1.1
Host: doterra.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/4l9h2q
Cookie: lang=en-us
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:44:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 03 Aug 2021 03:46:10 GMT
ETag: "1a4-5c89f86d0f419"
Accept-Ranges: bytes
Content-Length: 420
Connection: close
Content-Type: image/vnd.microsoft.icon
connect.facebook.net/zh_TW/sdk.js?hash=eae93b8111e00136a2eb653629280da0
31.13.72.12200 OK 89 kB URL HTTP/2 connect.facebook.net/zh_TW/sdk.js?hash=eae93b8111e00136a2eb653629280da0
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash a4a15e544f79ceac0ae669f903964cc3
c5cdaa6416aa7b6fc805971c80d3e260effba98b
3334bf9f781f164b4e3b9aacb7e21d71b871eea74b1b3909d000f27aa303a715
GET /zh_TW/sdk.js?hash=eae93b8111e00136a2eb653629280da0 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: c715290e99aad7ffd6adb9ddf236771b
etag: "6fc2ccecddea756714d9ac36cab03936"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 11 Dec 2023 09:27:23 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: pKFeVE95zqwK5mn5A5ZMww==
x-fb-debug: TK0iteCUotOUAgbG2GNIGxWWxQjEjVSqPPhU6cxNt4K/5sKfr0MqfoxbqGjSBaCbb2sBqBYQnyngQPFSkK9fcw==
priority: u=3,i
content-length: 88635
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:14 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20728
Expires: Sun, 11 Dec 2022 15:19:42 GMT
Date: Sun, 11 Dec 2022 09:34:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20728
Expires: Sun, 11 Dec 2022 15:19:42 GMT
Date: Sun, 11 Dec 2022 09:34:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d35fcd5d7e74c530535b18d57ed5f587
3b9bf9e02593b63108515f4df7cae57ce62145e7
4bdb744a2d9ac6d051f5192dbf3e00ba1b18208930655e6752fd6ccd118faff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BDB744A2D9AC6D051F5192DBF3E00BA1B18208930655E6752FD6CCD118FAFF0"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20728
Expires: Sun, 11 Dec 2022 15:19:42 GMT
Date: Sun, 11 Dec 2022 09:34:14 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45e0c1638ad919bde19731f7987ab064
1e492807c665e6e6b24ec6ce19035fdfc6f23b92
f0d3738ec8406958470c8fd152a02a123d7654c30f974c1df5c4977a380c2d62
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10205
x-amzn-requestid: daca166e-fa82-4491-9065-a4629141fd11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c4OQAGLyoAMFQgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63932a66-0551e77243e4a6472b377f9d;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 12:30:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: miR7RxPy5ldYudl8lYXWkth-_liryMFY7aZsvNC4mDVtf13qJg0NZA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 00:46:21 GMT
age: 31673
etag: "1e492807c665e6e6b24ec6ce19035fdfc6f23b92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2020df3404a4b7c3e142af4a1330b848
2fe69b52fe03128e86550bf08474ecac82682384
37a52c158d5cfdf3589e19163cf446c02ce1466f444656080b02da82d2bcefae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6bca12a-103c-4b98-a218-27a61f8d6951.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6311
x-amzn-requestid: 46ccaee0-bde8-4be6-9dc8-46e3ae356dc8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c8xUYH10oAMF8Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394fc1b-2440251f06cb950a57489555;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SG-8rL_rUN3MpXHhkAaHmIqKf7mSHtv0kEAkBOAIPcqq755Qh-mc3Q==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:52:26 GMT
age: 42108
etag: "2fe69b52fe03128e86550bf08474ecac82682384"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa890f071-ec5c-4223-9724-f63b2c9a73f3.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa890f071-ec5c-4223-9724-f63b2c9a73f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash afb336b3180aa4e95a887d41561bf2b6
f26da3ddd126b938bf330e9f1a0f4adfd991fb99
d540eea94d006728d68801a8914490e636fc96ec104fe5bdfa0833aa51e3488f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa890f071-ec5c-4223-9724-f63b2c9a73f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4565
x-amzn-requestid: cf7eba9f-35f6-456e-b4ea-1d667a006291
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZgeHeuIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2cf-58c886a627064bb4346cbd3f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P-x8SX5tC03rmpXqfIdOXJWc06Jg_Kd7ve955Z0P8eMwct_beLDXOQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 03:14:05 GMT
age: 22809
etag: "f26da3ddd126b938bf330e9f1a0f4adfd991fb99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd82bbb32-4d9c-4fdc-a2ed-c03be88389d2.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd82bbb32-4d9c-4fdc-a2ed-c03be88389d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c29ee50a64024d33b8236682d984db7
e1732ef3a4c0fac4725ce5ecc2296ecda82591d2
1282a97a2b2895720b8c5d9bb221bf203c4b2b3f9ec5c3e6ef0eae6609e0de80
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd82bbb32-4d9c-4fdc-a2ed-c03be88389d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11818
x-amzn-requestid: 16af3bef-9690-4221-840d-30c4d1052905
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAn0ESoIAMFa1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c47cb-74666fc935af8d3764ece0c1;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:10:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: q6Uzp0ji0xoTZ8hOsmsgbyeGfyeNizymrClnc5rbLo8a1MfjIhcj-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 13:20:37 GMT
age: 72817
etag: "e1732ef3a4c0fac4725ce5ecc2296ecda82591d2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe639b598-228d-4b74-8dab-25ae9f33b0b6.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe639b598-228d-4b74-8dab-25ae9f33b0b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2a89767acaa7b09e7cf2d0d5e833644
0f796dfeb88f997c3b7640d79983110795b64f41
fde35b6974b53a3a5d452af68614ee559152ed76e492c9ebaa16b1a9e487aa4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe639b598-228d-4b74-8dab-25ae9f33b0b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5953
x-amzn-requestid: e878d66a-0fe4-4411-a0b4-816facb42707
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2dgiEAAoAMFquQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63927603-71491d8613419cc708f3396e;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 23:40:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _VSA7qRooH64GG6Gwx6rYZaSZpxhTNPDCQY31AVzZGmQVTGcqqklRg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 21:55:56 GMT
age: 41898
etag: "0f796dfeb88f997c3b7640d79983110795b64f41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9913dfb5912ba8645570743465175301
8c69bb951e84f8b342f8cd5dd7d916e0feb5583d
20f1f8a3dad6ce611a1730d99e68866c7dc145762d9fe756dfa49e72c7da31e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05402c6b-a411-4f42-ad2f-5d62ae0b06b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5865
x-amzn-requestid: 7aef38ce-9363-47cb-b00f-76d4de43d925
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6Rq3HfoIAMFlkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393fcab-3e0d60145a96b182213b8d71;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 03:27:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y9GsiH7TNiLsKbs-JVrJ7EcPrpKN9V0YJVN5shDe9k0F-1HfYmleEQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Dec 2022 10:54:21 GMT
age: 81593
etag: "8c69bb951e84f8b342f8cd5dd7d916e0feb5583d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ssp.tenmax.io/supply/v3/universal/spaceSetting?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=94f4dd8d-8834-4a3e-8645-5730ddbf4347
211.21.190.218200 OK 117 B URL HTTP/1.1 ssp.tenmax.io/supply/v3/universal/spaceSetting?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=94f4dd8d-8834-4a3e-8645-5730ddbf4347
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash ba88074f003a0cf83e146305c44b8e6a
9d6bc5221f4eae727a27cec97b2087d8dac51035
dde62bd39efec70fac8c8d17a4fd1151608f0d08d09d3985abd7b1be9dfbbba6
GET /supply/v3/universal/spaceSetting?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=94f4dd8d-8834-4a3e-8645-5730ddbf4347 HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 09:34:16 GMT
Content-Type: application/json
Content-Length: 117
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
Access-Control-Allow-Origin: http://doterra.is
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="CUR ADM OUR NOR STA NID"
ocsp.usertrust.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 1fa4b0a657d2763b510b464a802206af
41bd75b66b5cc13575459736a3a3c496ed57831b
b0c3203688ae6d9a2de491a64d911f4967052f5655960c141c379a8fbce3863f
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 11 Dec 2022 09:34:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 09 Dec 2022 17:13:38 GMT
Expires: Fri, 16 Dec 2022 17:13:37 GMT
Etag: "41bd75b66b5cc13575459736a3a3c496ed57831b"
Cache-Control: max-age=603259,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1274
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 777d393be97db523-OSL
ssp.tenmax.io/supply/v3/universal/plan?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=4adb6d2c-a71b-433c-827b-d375dc5a1238
211.21.190.218200 OK 2.0 kB URL HTTP/1.1 ssp.tenmax.io/supply/v3/universal/plan?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=4adb6d2c-a71b-433c-827b-d375dc5a1238
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with very long lines (1964), with no line terminators
Hash 68f5f2bcdf596cd5a4a51c2612e7e337
679dd989faa5c326dee1829d3b68ec86237eda54
0e3db3f7981e4e58802b11bc1aca4bb37ce4f8e597bae452722f6d4031813ac4
GET /supply/v3/universal/plan?rmaxSpaceId=0cf0b05622074fba&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=4adb6d2c-a71b-433c-827b-d375dc5a1238 HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 09:34:17 GMT
Content-Type: application/json
Content-Length: 1964
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
Access-Control-Allow-Origin: http://doterra.is
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="CUR ADM OUR NOR STA NID"
www.googletagservices.com/tag/js/gpt.js
142.250.74.162200 OK 28 kB URL HTTP/1.1 www.googletagservices.com/tag/js/gpt.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (40253)
Hash cd91a1fd2b9bfe67d515cc36b3c34903
7f8286b85da37718308c6c0cd6608df953fbed5d
e6099f220b91443cb5a9123857f74574f2bab9bf5afc00de0bc59e44cb5f42a5
GET /tag/js/gpt.js HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Timing-Allow-Origin: *
Content-Length: 27542
Date: Sun, 11 Dec 2022 09:34:17 GMT
Expires: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
ETag: "1418 / 914 of 1000 / last-modified: 1670587517"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
dmp.tenmax.io/p/b734323b-0532-40a6-8d4e-782e1c96bd3a?random=610489988
211.21.190.218200 57 B URL HTTP/1.1 dmp.tenmax.io/p/b734323b-0532-40a6-8d4e-782e1c96bd3a?random=610489988
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 1 x 1\012- data
Hash fca0966330bf68ccc5e64a84737ebddf
021a452dfc29289f370480e48511fcd66b65aa10
35f6950e16723c469936e0201b62560cfb166d3e8d236415ed501c27776c5185
GET /p/b734323b-0532-40a6-8d4e-782e1c96bd3a?random=610489988 HTTP/1.1
Host: dmp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Sun, 11 Dec 2022 09:34:17 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uid=fb8648f0-7936-11ed-b7c3-0d7c847ac16f; Domain=.tenmax.io; Expires=Sat, 30-Nov-2024 09:34:17 GMT; Path=/; Secure; SameSite=None
wt=1; Domain=.tenmax.io; Expires=Mon, 12-Dec-2022 09:34:17 GMT; Path=/; Secure; SameSite=None
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=doterra.is
142.250.74.130200 OK 36 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=doterra.is
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 234632f6b33431684ef933861b98f024
3ddb9075927a70d365c7e057e14a72a98a53f328
24e20b9d1f5b786c8828fbd47cd7cd5bc4aa681d8b491f7e0993ce40bc8afe39
GET /pagead/ppub_config?ippd=doterra.is HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Sun, 11 Dec 2022 09:34:17 GMT
expires: Sun, 11 Dec 2022 09:34:17 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 36
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 11-Dec-2022 09:49:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
142.250.74.130200 OK 132 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022120501.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (65395)
Size 132 kB (131905 bytes)
Hash dd043e964fadcf7ac04819722a756958
330ad98e60c556f045b619359b867c3277f3e879
20b135b0c6d7fd7779882dca2ed5f3c8b460ed0ed31b506e53a07a8f818d5e81
GET /gpt/pubads_impl_2022120501.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 131905
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Dec 2022 20:48:57 GMT
expires: Sun, 10 Dec 2023 20:48:57 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Mon, 05 Dec 2022 09:36:10 GMT
content-type: text/javascript
age: 45920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 633462c5bc4d631d0f28109676f1c4ef
5e971024687c599a40822616459355ab75a69aa6
464513db00c7735b28f8140ecd0a3a0641fce311481f736a946a1ed8e8e881d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f69c32ac7b9825b1255fed72f425fe77
58e0fb4b9d5c835bb222a73b5fd939af76991485
7e61ce2f34c53d0730f5e88d26fb87651af80f1356ccb9ccc5a6efa2b255195c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=doterra.is
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=doterra.is
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=doterra.is HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 09:34:17 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=doterra.is
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=doterra.is
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=doterra.is HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 11 Dec 2022 09:34:17 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f69c32ac7b9825b1255fed72f425fe77
58e0fb4b9d5c835bb222a73b5fd939af76991485
7e61ce2f34c53d0730f5e88d26fb87651af80f1356ccb9ccc5a6efa2b255195c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7064f6619ec94ac742915441ddf9be63
07864ef6316dfb3bfd38d602d2c38d237da8e61e
501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
92f078e037692eb5dd4500db653e28d2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.97200 OK 2.7 kB URL HTTP/2 92f078e037692eb5dd4500db653e28d2.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.97:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 92f078e037692eb5dd4500db653e28d2.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sun, 11 Dec 2022 09:34:18 GMT
expires: Mon, 11 Dec 2023 09:34:18 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ssp.tenmax.io/supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
211.21.190.218204 No Content 0 B URL HTTP/1.1 ssp.tenmax.io/supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 11 Dec 2022 09:34:18 GMT
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
P3P: CP="CUR ADM OUR NOR STA NID"
ssp.tenmax.io/supply/v3/universal/ad?rmaxSpaceId=0cf0b05622074fba&sessionId=fb596c90-7936-11ed-896d-1729dbaeadb5&ts=1670751257049&id=e43da42c47f0425a&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=3f28168e-a53a-4991-ac8e-29b017fc9205
211.21.190.218200 OK 2 B URL HTTP/1.1 ssp.tenmax.io/supply/v3/universal/ad?rmaxSpaceId=0cf0b05622074fba&sessionId=fb596c90-7936-11ed-896d-1729dbaeadb5&ts=1670751257049&id=e43da42c47f0425a&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=3f28168e-a53a-4991-ac8e-29b017fc9205
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /supply/v3/universal/ad?rmaxSpaceId=0cf0b05622074fba&sessionId=fb596c90-7936-11ed-896d-1729dbaeadb5&ts=1670751257049&id=e43da42c47f0425a&referer=http%3A%2F%2Fdoterra.is%2F4l9h2q&bodyWidth=1280&bodyHeight=1024&cacheBuster=3f28168e-a53a-4991-ac8e-29b017fc9205 HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 09:34:18 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
Access-Control-Allow-Origin: http://doterra.is
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="CUR ADM OUR NOR STA NID"
ssp.tenmax.io/supply/tracking/noFill?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
211.21.190.218204 No Content 0 B URL HTTP/1.1 ssp.tenmax.io/supply/tracking/noFill?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /supply/tracking/noFill?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=a1ebcf323fa54a53&sid=0cf0b05622074fba HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Cookie: uid=fb8648f0-7936-11ed-b7c3-0d7c847ac16f; wt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 11 Dec 2022 09:34:18 GMT
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
P3P: CP="CUR ADM OUR NOR STA NID"
ssp.tenmax.io/supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=e43da42c47f0425a&sid=0cf0b05622074fba
211.21.190.218204 No Content 0 B URL HTTP/1.1 ssp.tenmax.io/supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=e43da42c47f0425a&sid=0cf0b05622074fba
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /supply/tracking/request?bid=fb596c90-7936-11ed-896d-1729dbaeadb5&chid=e43da42c47f0425a&sid=0cf0b05622074fba HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Cookie: uid=fb8648f0-7936-11ed-b7c3-0d7c847ac16f; wt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 11 Dec 2022 09:34:18 GMT
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
P3P: CP="CUR ADM OUR NOR STA NID"
ssp.tenmax.io/supply/tracking/done?bid=fb596c90-7936-11ed-896d-1729dbaeadb5
211.21.190.218204 No Content 0 B URL HTTP/1.1 ssp.tenmax.io/supply/tracking/done?bid=fb596c90-7936-11ed-896d-1729dbaeadb5
IP 211.21.190.218:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /supply/tracking/done?bid=fb596c90-7936-11ed-896d-1729dbaeadb5 HTTP/1.1
Host: ssp.tenmax.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Cookie: uid=fb8648f0-7936-11ed-b7c3-0d7c847ac16f; wt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 11 Dec 2022 09:34:18 GMT
Connection: keep-alive
X-Application-Context: application:prod,aggregator,build-ext:58070
P3P: CP="CUR ADM OUR NOR STA NID"
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env
142.250.74.2200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env
IP 142.250.74.2:0
File type JSON data\012- , ASCII text, with very long lines (14770), with no line terminators
Hash f51aa9c282f7852a2ff0d9592b937f92
ad364bf98ef7d7830160abff2b2a5f6b65d94902
e40604f2c94dfa24d90f05f8c5ba165c92959ffee739ef52bc0da7e04a6aed3c
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022120501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://doterra.is
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sun, 11 Dec 2022 09:34:18 GMT
server: cafe
content-length: 11149
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9c1cf6fa3c237b3787a10955e0b5af10
c1156ed13ac18a06c363121b6c8254b034a6adc2
bd3a3d063b08b4faecfc485e382883bc3b73ce4a81b98330ee47a01df4e21920
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3/yO/l/1,cross/87nvCtiA_RS.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yO/l/1,cross/87nvCtiA_RS.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4431)
Hash 954e783832b56e4fe0a722d2f3f90db9
ee96e98c0c3e4ccc4f21a01835ffe5e179082e9b
79a7807143926ae3fcf197591a1226bde75b2e4391e16793cca71d1d57b28834
GET /rsrc.php/v3/yO/l/1,cross/87nvCtiA_RS.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Dec 2023 19:58:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lU54ODK1bk/gpyLS8/kNuQ==
x-fb-debug: 7WWK6/GEynlswI4+MuWoMMGbR1RARR7o/X6WN6u7f76z0ljg1EzwQj4WyQMibCG726301ygTQ+teuQyb11PPRw==
content-length: 5091
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y0/l/1,cross/C2kYI_hhVoR.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 4.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y0/l/1,cross/C2kYI_hhVoR.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (3040)
Hash 768c753be67832efc0cc5240129f6072
14f1774288700551e3619157c1792be8197b569d
d8806c797c9881806d811de57d114af6896c9ba2931dda79499dc46de069bf82
GET /rsrc.php/v3/y0/l/1,cross/C2kYI_hhVoR.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Dec 2023 19:58:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dox1O+Z4Mu/AzFJAEp9gcg==
x-fb-debug: ImWJ3SU9LHsJ5mxLBexamT0MLjtJeGjr3u00ZesOIEuOJOatXCnAd7CccvfPjtb1vKi35X216c0kXrtI+B35RQ==
content-length: 4045
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ya/l/1,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ya/l/1,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (724)
Hash defdaf14ea2163687cba86719c7852f0
2f9b3fd31ef94fc6bbf63e8a9a04df898ad022c0
c6f42dd4225da4ca6a126e6f54ad39770d998c2ff6f5f7352245317bd898a0dd
GET /rsrc.php/v3/ya/l/1,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 02 Dec 2023 22:11:09 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 3v2vFOohY2h8uoZxnHhS8A==
x-fb-debug: mB5LXAXTAwlO65zuTHPlrbBZmaSx0PIN2YlyLgMg+ejffVFiU3mtY6G9IPydIHsvB6KHWbq1ISvueRKX7ulsTA==
content-length: 830
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yr/r/DtjqDzTgvAK.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 85 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yr/r/DtjqDzTgvAK.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (18622)
Hash 540a59a278ddb7f4e99e15a89bb44371
79bde10c401947f1aa5fc993eead1fb69e0666e5
513f11e910dc7b9348fbeb86c821c52960bb6a7fbb94441e21b8e67c36a0318a
GET /rsrc.php/v3/yr/r/DtjqDzTgvAK.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 09 Dec 2023 22:07:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: VApZonjdt/TpnhWom7RDcQ==
x-fb-debug: e+olw4z7shGs0y7hX8x0Eow11gDA1wTE5OgbKrd5JMwr3IsmiJQW0cR6NE5loTjfRpdmhj0sDh+GnjwZAmT8Og==
priority: u=3,i
content-length: 84955
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yr/r/zou-1UF9wGe.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 2.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yr/r/zou-1UF9wGe.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (1984)
Hash fbd69c97b4ed3fe6b6be6266f15adfa0
d547fab04b4747bd0bfac5d8b64bd54e7b697ddc
2f4b561cdc03c677a0474cf354592cdc2a18813c696acb4b8559a7f2b853bbad
GET /rsrc.php/v3/yr/r/zou-1UF9wGe.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 09 Dec 2023 17:05:48 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +9acl7TtP+a2vmJm8VrfoA==
x-fb-debug: FB+J22J2oPSeIZWlZMawAHBkGF0QyGajN0/TSG/ED8CFMY8aRwvPHBXYa09reImLMcXjLJqlv7EK8JlX7xkhfg==
content-length: 2000
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
172.217.21.161200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 172.217.21.161:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 11 Dec 2022 09:34:19 GMT
expires: Sun, 11 Dec 2022 09:34:19 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (8741)
Hash c92ef94e30a2dd9473fd9fe533472b73
97049e47de026939c75a885df9e8bb0fb56515ba
f2981c7109e60cf9f5a9e846a25800dbec20a923db028f310b6feb79415650bb
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 16:05:39 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yS75TjCi3ZRz/Z/lM0crcw==
x-fb-debug: wDsTlr8aZiOvVvXv/fhvZPJj0kaU7nWKo2BrLLKLGWDuUT2i+dju7G+ZqG/pXOk6JXxZwN+15wFpLBRmrMErxg==
content-length: 16232
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/v2.6/plugins/page.php?adapt_container_width=true&app_id=150378901782986&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b2d4d633a836%26domain%3Ddoterra.is%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fdoterra.is%252Ff2d14118524322c%26relation%3Dparent.parent&container_width=0&height=300&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fpicsee.co&locale=zh_TW&sdk=joey&show_facepile=false&small_header=true&tabs=messages
31.13.72.36200 OK 24 kB URL HTTP/2 www.facebook.com/v2.6/plugins/page.php?adapt_container_width=true&app_id=150378901782986&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b2d4d633a836%26domain%3Ddoterra.is%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fdoterra.is%252Ff2d14118524322c%26relation%3Dparent.parent&container_width=0&height=300&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fpicsee.co&locale=zh_TW&sdk=joey&show_facepile=false&small_header=true&tabs=messages
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18780)
Hash 4bdc0b79c330de124e45e23c0342e6f1
aec1561a97053982b25585ecbca5b8366c4cca3c
6f041916f960eee7f7aff4a9d06c8d44f41d8648d42fd40a9971ff127d6005f5
GET /v2.6/plugins/page.php?adapt_container_width=true&app_id=150378901782986&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b2d4d633a836%26domain%3Ddoterra.is%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fdoterra.is%252Ff2d14118524322c%26relation%3Dparent.parent&container_width=0&height=300&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fpicsee.co&locale=zh_TW&sdk=joey&show_facepile=false&small_header=true&tabs=messages HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v10.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: PVyQAAyJo31NzfOW09XJs1QaqNHv1C/g5qdvciF9dhJ5SSmyEm5q75um33HmzsAtuPpy4ZpAZltoWSd0YVJe0g==
date: Sun, 11 Dec 2022 09:34:19 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/nJt3gY8tj-R.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/nJt3gY8tj-R.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (5828)
Hash 942f3bd9877cc10a44ceb3115c5770f6
9e7c5fe5000d950e3f9a0b4cff53bb14f869590c
4007045878150e970ab1b861843a5d91cd23230b3f7bd7668e3351aa1f5df7a6
GET /rsrc.php/v3/y8/r/nJt3gY8tj-R.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Dec 2023 17:54:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lC872Yd8wQpEzrMRXFdw9g==
x-fb-debug: XYZ2+W+gjK/KIkswC0DPaq53+hsUCwnqQPEHBqvTv4VRRqyl80OMtua1S3TLP+U17jZJurwOBFjK/9S1NL2vMQ==
priority: u=3,i
content-length: 5659
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 293 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (327)
Hash 2f913d812811ef7e6fca30334c5972e2
d17caaa167443dc08696c672380f237e0db3fb02
ee8918a2f5d163099104b70f79065abc8fd309e69add57170546f2706956eef8
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 17:31:14 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: Mi8PL4H5E/9pfqNtwypCFzDPfDwBnFWxcncWkaAIuFBclGJ2QIRIBhpIZpm+YniwdTw6bhOZ0dIuQGY8KeTlVg==
priority: u=3,i
content-length: 293
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
172.217.21.161200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Dec 2022 20:49:05 GMT
expires: Sun, 10 Dec 2023 20:49:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 45914
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4057)
Hash 7cb89797cea2a84b948dfae53d0c90d4
312bdda4ae1efe3ab71fb0aec473ddc725627f5b
9093dc3e084b6a216b34c7a603eae5a93f793dc5b0a606ccb0da051d5aa12cd4
GET /rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 22:28:36 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: fLiXl86iqEuUjfrlPQyQ1A==
x-fb-debug: 3wiHEVGDPfYQASu98xRqP7A5AE0rftaTIbXC3WU+EicjYOGcki9+HZRQabMCI1pgHhllVqh8OuyBhDCc2/AgHg==
priority: u=3,i
content-length: 7199
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iUNC4/yX/l/zh_TW/qSS37rnH1xp.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iUNC4/yX/l/zh_TW/qSS37rnH1xp.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (42237)
Hash c07ce93963a3148b2b6267d8198d81de
6c4a9b2f2c6a84401ec9ac65ac232ff176ff4f29
2adb0c5476bfe5dc953fb69cd8715185ea3723ec7e23861db83344061fcd2468
GET /rsrc.php/v3iUNC4/yX/l/zh_TW/qSS37rnH1xp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 09 Dec 2023 06:53:46 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: wHzpOWOjFIsrYmfYGY2B3g==
x-fb-debug: ztDc2WkjYBCJsv1RsDFWz0QO2EFSL35GYXsw01MfbJPl6EQj3VGRSDVFQXKUGJvsmG6qOf7tuz4BL3uHx5TO8A==
content-length: 23483
x-fb-trip-id: 1904183273
date: Sun, 11 Dec 2022 09:34:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a15de23015872f999e7b4fe1ff3aa1d2
10a51a76a6f0fb1c146077abb1f70b7e208a1751
26ddae77e27f7c29f921edc208816c5f5d2b10621d31bebd7c3fa3bd80e23a5a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 09:34:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.207.228200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 3a9aec0f6e2d8c7d23ec2c79169cf195
d3e0f5a7699e6356beb02f94ff6d4f50afb01481
b352af696bd57d0738affab643af8e74a5d32910d332d63a7214ac19a1177c40
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 11 Dec 2022 09:34:19 GMT
date: Sun, 11 Dec 2022 09:34:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-kqlaH3peQzHhn_Jdzy1GAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
IP 104.18.10.207:0
GET /bootstrap/3.3.4/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://doterra.is/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 11 Dec 2022 09:34:12 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 617, 617
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-cachedat: 2021-06-08 14:01:04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 33fc7f6c64f18e27ebb95ab9e21d92ab
cdn-cache: HIT
cf-cache-status: HIT
age: 16192772
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 777d3920dae60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2