r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10583
Expires: Fri, 09 Dec 2022 05:33:25 GMT
Date: Fri, 09 Dec 2022 02:37:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12312
Expires: Fri, 09 Dec 2022 06:02:14 GMT
Date: Fri, 09 Dec 2022 02:37:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9666
Expires: Fri, 09 Dec 2022 05:18:08 GMT
Date: Fri, 09 Dec 2022 02:37:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 02:08:16 GMT
content-type: application/json
age: 1726
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NxZA9Rp3HflhZQS6r98zZIDapIfo3/dDJYzrC12aI5h7JdAoohezwwFbzbBcNaurrqMXZDvrKcM=
x-amz-request-id: MS7QRSQT4RTV08KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 01:48:08 GMT
age: 2934
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 02:07:55 GMT
age: 1747
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1a7935e8bdd2c2b1bbc3e3221425339b
a62270fc483c408064882e7d7cafcc7162aa73be
e24cd496af4ecb84ec8a1e9bc575c514615a0d81351839a3ed8f9166b2e30d85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E24CD496AF4ECB84EC8A1E9BC575C514615A0D81351839A3ED8F9166B2E30D85"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8434
Expires: Fri, 09 Dec 2022 04:57:36 GMT
Date: Fri, 09 Dec 2022 02:37:02 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5659
Cache-Control: max-age=115448
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:02 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:41:10 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.148.77.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.77.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +BCxkm/8dAveWgYFIG314g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7G0IqhJ9MgNoXOTtOiiV/MS5SAI=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b7c3f8d673fab011e127106a1f600e6
5135e44e1ebc965efdac37542d93ade2e7590fb1
9e4b1299127dc1d3f3ac05c557d991df586812d3ed2c18ea265b32978c3f462d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E4B1299127DC1D3F3AC05C557D991DF586812D3ED2C18EA265B32978C3F462D"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2431
Expires: Fri, 09 Dec 2022 03:17:34 GMT
Date: Fri, 09 Dec 2022 02:37:03 GMT
Connection: keep-alive
ad.sitemaji.com/ysm_reurl.js
35.186.215.140200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP 35.186.215.140:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding,Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Thu, 08 Dec 2022 08:49:00 GMT
expires: Fri, 09 Dec 2022 08:49:00 GMT
cache-control: max-age=86400,public
age: 64083
last-modified: Thu, 20 Jun 2019 08:48:16 GMT
etag: W/"5d0b4850-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
151.101.193.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP 151.101.193.229:0
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:37:03 GMT
age: 7519605
x-served-by: cache-fra19141-FRA, cache-bma1622-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
151.101.193.229200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP 151.101.193.229:0
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:37:03 GMT
age: 4219609
x-served-by: cache-fra-eddf8230099-FRA, cache-bma1622-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b7c3f8d673fab011e127106a1f600e6
5135e44e1ebc965efdac37542d93ade2e7590fb1
9e4b1299127dc1d3f3ac05c557d991df586812d3ed2c18ea265b32978c3f462d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E4B1299127DC1D3F3AC05C557D991DF586812D3ED2C18EA265B32978C3F462D"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2431
Expires: Fri, 09 Dec 2022 03:17:34 GMT
Date: Fri, 09 Dec 2022 02:37:03 GMT
Connection: keep-alive
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
151.101.66.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 151.101.66.133:0
Hash 299d45ebdf8b6c3ba6d709f106916c02
95b21c19086ebc1f11289d799ce27d2addeb0f80
5e96a8de02b8b90ca82510064cd8ddb6cceca853af2ced52aee1008953531fe6
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "6C69385DBF5C97B18404E675A5B2B5BDC59069C5"
Expires: Fri, 09 Dec 2022 13:00:00 UTC
Last-Modified: Fri, 09 Dec 2022 01:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 02:37:03 GMT
Via: 1.1 varnish
Age: 2398
X-Served-By: cache-bma1681-BMA
X-Cache: HIT
X-Cache-Hits: 6
X-Timer: S1670553423.111495,VS0,VE0
www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
142.250.74.168200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-N394QBRGC0
IP 142.250.74.168:0
File type ASCII text, with very long lines (26337)
Hash 47d94c4274c56b2ad1547ad149c7e8d8
5983aa2acf516b4abb22abe871269a2dfa6369d1
5f34309759a259c9f033efdd5a7edb48ce4636ac902437a47976907b163979ec
GET /gtag/js?id=G-N394QBRGC0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 02:37:03 GMT
expires: Fri, 09 Dec 2022 02:37:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78997
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 0ca1f38a21373582ef332ceccda90d9e
4a511ab930643118edf1a2745b640bb1c8e3a6ed
e9f4bb1089566fb8b10bf6e6729f78dcda3416ddeda8c365d2737a3b1d1af3ab
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 02:37:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Dec 2022 21:05:47 GMT
Expires: Fri, 09 Dec 2022 21:05:47 GMT
ETag: "4a511ab930643118edf1a2745b640bb1c8e3a6ed"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.holmesmind.com/js/init.js
54.230.111.38200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OS_lfgOMbUfEoQb3FjJYSJg_EQEZAXAqGbkB5mkthDoCG233c79s4w==
age: 2
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/capmapping.htm
54.230.111.38200 OK 4.7 kB URL HTTP/2 cdn.holmesmind.com/js/capmapping.htm
IP 54.230.111.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (437), with CRLF line terminators
Hash c36f5eb091d6195fe8b68f3b263f999b
43c4760cb0bb957ffed4fb754c4eaaa247b734c5
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
GET /js/capmapping.htm HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4730
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _z8VhlOAUS__CCVr9Q7ikKCo35uxHztv53V8-JSJ_V99hZiYWhYO5g==
age: 4
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3368
Cache-Control: max-age=139451
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:03 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:21:14 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
cdn.holmesmind.com/js/edmp_init.js
54.230.111.38200 OK 662 B URL HTTP/2 cdn.holmesmind.com/js/edmp_init.js
IP 54.230.111.38:0
File type ASCII text, with very long lines (662), with no line terminators
Hash f58f8a90686f8ffb3325107e8a788b71
d85d37486b87503e0631ff0ee83d95316783cf09
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
GET /js/edmp_init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 662
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FuHJ7oxe0YS1fkIZfMGvAxBwHYwMaH3QxWYWlS2_xhJVDgLUS3Tr2Q==
age: 51
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
54.230.111.38200 OK 9.7 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP 54.230.111.38:0
File type C source, ASCII text, with CRLF line terminators
Hash f4ecb431f211c53bc51427e18143e0c6
acbb444f864e8754e5a180a5914427b7f73eefd5
3045f705805167d3706eb0054924d90ccb21adefdca4bcbdf5038bb0f1b7ae82
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9734
last-modified: Tue, 06 Dec 2022 02:57:32 GMT
x-amz-version-id: HJNF7r9of2_sOm9z1QjDORpVt24wOljW
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "f4ecb431f211c53bc51427e18143e0c6"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QWiXln32ck4xYzqGnHmp1q3IpegNm6yIu6gWiyTfy3_O22NJSX8sxg==
age: 59
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
IP 142.250.74.131:0
Hash d90440377b9bad230e2b379b1f59a546
d99a7c57d1bc02562287ed685a9f3e42e58be95c
fb8fcb5f38c666e8eb308efaf9725abee2976ea586343fe437c5718ef3ef9faf
POST /s/gts1d4/WnnVaKpG-Cc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:03 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3368
Cache-Control: max-age=139451
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:03 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:21:14 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,cross/jfhkzk0jci3.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 5.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,cross/jfhkzk0jci3.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4431)
Hash 0d5c092c6b11d59ef4cca6da9c288e67
1e1109590bec09b0c84b31dead5d04a221630143
dd829a562de3cff3683e66e7c4323cba6bf39bac959088788d354d6b087d5aca
GET /rsrc.php/v3/y1/l/0,cross/jfhkzk0jci3.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 16:03:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: DVwJLGsR1Z70zKbanCiOZw==
x-fb-debug: 389s1Q0jV1kfVfp+5ofqe1p4Wboooon02N+xLT1dkxN6QhxcXNJlg6PjCudlkmYdmD7peEKeKG3VgQUqHmP9sg==
priority: u=3,i
content-length: 5015
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 1.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (1984)
Hash 3eec5e9a11ba7da3a0f8cd0af8b4bdcb
462922ace2e24121fb02f42966abb8004b24c98c
92e829ebf854a5a759b0f718ea0f31b4870e1dbbd7f09e8c2e1cac0b21e6d69c
GET /rsrc.php/v3/yH/r/att8vh4fKZW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 16:10:58 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: PuxemhG6faOg+M0K+LS9yw==
x-fb-debug: TcjEsQTRTFYDX8vKzAd2DsyQtOWOyApwB7jIMVirGVV2qvg8raSDpsv52sRJEeO20ZyQv6gYKOuOrwYoCFbkcA==
content-length: 1847
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/rtbhouseV2.js
54.230.111.38200 OK 2.8 kB URL HTTP/2 cdn.holmesmind.com/js/rtbhouseV2.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash 6a605eea47197fa280f27aaf1fa1521d
98323891b349b333d5aef521c4d33e1b8455e4fb
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
GET /js/rtbhouseV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2773
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0VzB22HXu4CfyGd5PFny9FwjyPXeMP5ufylU_fqUMudxFRzw0DHTUQ==
age: 55
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6b8313f9e33695225653527e2d423cd7
f93d3c7e748b85edc6f0209e73813f13e5bf2070
9fbcb6376f48faf9fab6fada8876197456bb8c5c1c0b5c34b25dcfe323e18354
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3452
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:03 GMT
Last-Modified: Fri, 09 Dec 2022 01:39:31 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 293 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (327)
Hash 2f913d812811ef7e6fca30334c5972e2
d17caaa167443dc08696c672380f237e0db3fb02
ee8918a2f5d163099104b70f79065abc8fd309e69add57170546f2706956eef8
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 25 Nov 2023 05:06:59 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: UNKDg3pOtoZiLNC9ZFdPEC0IzcyYd4pN9+ozvo95ytG4xEKwG4njnmILj6IxSuOs16T8qV80Tosyqodep0u7Og==
content-length: 293
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/criteoV2.js
54.230.111.38200 OK 2.4 kB URL HTTP/2 cdn.holmesmind.com/js/criteoV2.js
IP 54.230.111.38:0
File type HTML document, ASCII text, with CRLF line terminators
Hash e8f33fcb581483ced4a09b3c8e7550e4
278fdeb6bf2871b7a3a3ca9becef10582e8e87e0
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
GET /js/criteoV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2443
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vnwiNO7PzaN6V02bXv2dExyj69X_rXyw3FbURCwSQB59eI-1mvCCmQ==
age: 55
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appier_mainV3.js
54.230.111.38200 OK 6.7 kB URL HTTP/2 cdn.holmesmind.com/js/appier_mainV3.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash dfd6bf39aeff48b2d3414a18a5a4d36e
1507814cdb7f990254873371a6fe7d3734c00d03
7d1b32ac68941e60bacfe0ab1c5eab749868a0278495eaf50a17da2c95b8f3e1
GET /js/appier_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 6650
last-modified: Mon, 05 Dec 2022 08:02:01 GMT
x-amz-version-id: OsKd1EEmixEwNImqE_Ez2qHyKZ95G9Ob
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "dfd6bf39aeff48b2d3414a18a5a4d36e"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: X1-Sv6wvT9YbYp6vAAB5Vg3qAahp7QxaUqBdl6IBk_v_jbGOl-Et8A==
age: 19
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yW/r/vw4xTPlv-KJ.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 8.9 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yW/r/vw4xTPlv-KJ.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (9898)
Hash 212c06499e4e3b0b2b6953086efeb1a6
f701bb8922107165411047e2a7e2b0f3fffedeb7
c28d18da71e8e044eb809bea1981e78147ffa87c81cf4fd4df860ef7bd3509ed
GET /rsrc.php/v3/yW/r/vw4xTPlv-KJ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 20:58:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ISwGSZ5OOwsraVMIbv6xpg==
x-fb-debug: H59hBFCLYPIo+58BEjJYGxrI+TiFi/OsTEwngA2cbt0KCDC6auO8HHG9qjPZgHV8+W9pGBjMVCqEmYqvOLz/ew==
priority: u=3,i
content-length: 8890
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 0ca1f38a21373582ef332ceccda90d9e
4a511ab930643118edf1a2745b640bb1c8e3a6ed
e9f4bb1089566fb8b10bf6e6729f78dcda3416ddeda8c365d2737a3b1d1af3ab
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 02:37:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Dec 2022 21:05:47 GMT
Expires: Fri, 09 Dec 2022 21:05:47 GMT
ETag: "4a511ab930643118edf1a2745b640bb1c8e3a6ed"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
reurl.cc/stylesheets/rwd/style.css?v=1
35.185.130.121200 OK 36 kB URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP 35.185.130.121:0
Hash 38ec95425ad38cb13820e9fb4c217a8b
8ffbe6c26cc6685dfc4e705f8b3bd9a52a30420d
0308394a4f167e54a6871553cd55fd91048047d13aaf6c039270bb51f09899c3
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/gvjOLp
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: text/css
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-9f6"
expires: Sat, 09 Dec 2023 02:37:03 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (8741)
Hash c92ef94e30a2dd9473fd9fe533472b73
97049e47de026939c75a885df9e8bb0fb56515ba
f2981c7109e60cf9f5a9e846a25800dbec20a923db028f310b6feb79415650bb
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 27 Nov 2023 08:32:31 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yS75TjCi3ZRz/Z/lM0crcw==
x-fb-debug: eSAmd7x/l92kA0x6IBdJYoQ+aZXS4LsWAIfW4J2A3AuJ53OurDl4WC76ijZh5boQoF4lREdup5onQfgYFtonKg==
priority: u=3,i
content-length: 16232
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4057)
Hash 7cb89797cea2a84b948dfae53d0c90d4
312bdda4ae1efe3ab71fb0aec473ddc725627f5b
9093dc3e084b6a216b34c7a603eae5a93f793dc5b0a606ccb0da051d5aa12cd4
GET /rsrc.php/v3/yY/r/7Nmln25n6YE.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 20:58:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: fLiXl86iqEuUjfrlPQyQ1A==
x-fb-debug: vR7WRHHjTTLk9l2Tdy2r4cjqy7+NJ8qMEVkpEeF7/VD7Q/CgqZLuWqU9uop9eTDc5yRY7zJkdezD5uwYqUjUQA==
priority: u=3,i
content-length: 7199
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.paypalobjects.com/webstatic/icon/favicon.ico
151.101.66.133200 OK 1.4 kB URL HTTP/2 www.paypalobjects.com/webstatic/icon/favicon.ico
IP 151.101.66.133:0
File type MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel\012- data
Hash 455deaddcb9436734b2144429ae53ff7
e173c07062d5ea7d98da48a8973d7dd24969fe61
5c958cea39018dd9f80738db7d3a8c2f28a0d539e5d481b296daafea829897f2
GET /webstatic/icon/favicon.ico HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-type: image/x-icon
etag: W/"5362bc15-1536"
last-modified: Thu, 01 May 2014 21:26:45 GMT
paypal-debug-id: 9b70ceb10a1fc
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:37:03 GMT
x-served-by: cache-sjc10064-SJC, cache-bma1672-BMA
x-cache: HIT, HIT
x-cache-hits: 1428, 3011
x-timer: S1670553424.787412,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET
strict-transport-security: max-age=31557600
content-length: 1431
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yD/l/en_US/BeoRHyqk60y.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yD/l/en_US/BeoRHyqk60y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (41964)
Hash 71d3ec75d3a005a13f282f0d2762b970
a37e118cbf0b28475ea447d0146fefa53e7f04e3
c6836af642ee8e9b7b193fde8f9308ab015253ac212a40510b4f4ac6c736109e
GET /rsrc.php/v3iEpO4/yD/l/en_US/BeoRHyqk60y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 06 Dec 2023 23:04:08 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: cdPsddOgBaE/KC8NJ2K5cA==
x-fb-debug: kwJ/ASd+CqYyOX6Z/p2z5q9DSxaC98AT4Bsb7q0v6V/R6LebXICoEL5XMrpqV0sAYJeGu8wY8exqd5h0LQUkZQ==
content-length: 23340
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y5/r/Phl-HUfEGSW.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 232 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y5/r/Phl-HUfEGSW.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
Hash 9e9f7c79f2773bb18cf6ce4cdfa368ef
670d1cdcbdea9485d6a19b67e12f247a19cab3ec
bf3e32d807092fa60d6a1cecb6b4d80ce20f1ce7b715a34707184bd31016e189
GET /rsrc.php/v3/y5/r/Phl-HUfEGSW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: np98efJ3O7GM9s5M36No7w==
expires: Sat, 02 Dec 2023 18:24:21 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-debug: KM1aYgE7oApF3gVWjVL+R4Iv0HUVXEMikjF9k6+UNIdgUVz0TLCYiQ/TJ9Orat83r0RzqJLW1I7soUaIwcujHQ==
priority: u=3,i
content-length: 232
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3i59j4/y5/l/en_US/_gtNKENNpoU.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 43 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3i59j4/y5/l/en_US/_gtNKENNpoU.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (10798)
Hash acf9c6eac6ceca5ba3a81841f8d1e626
84e3612ccb1de82ab62e33f4d3a53a6ed6981924
30ca0cc895318116cd8fbab9313c6227d0c2846fb996cb8cc63bc6cfaae2b4af
GET /rsrc.php/v3i59j4/y5/l/en_US/_gtNKENNpoU.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 29 Nov 2023 18:30:32 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: rPnG6sbOylujqBhB+NHmJg==
x-fb-debug: cAwwZmRTWhu47la9kmsYv1PgYkvRC54IgAuURL1+0/72CNhai8W2pJVDQmgSPz1VBlSH3LyonyMpB1XdgxL0TQ==
content-length: 42688
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yf/r/bByMZq44y2U.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 647 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yf/r/bByMZq44y2U.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (704)
Hash 5b69f25e07653cf3fe7e3c2f27018cbe
1dc660322bfc7389ac985495e6b722fb0e249646
aaaacf832fc17811f9e05c06a4b7b0cf42fb902231772d3142f59c1c210adbdb
GET /rsrc.php/v3/yf/r/bByMZq44y2U.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 15:51:43 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: W2nyXgdlPPP+fjwvJwGMvg==
x-fb-debug: 0TDiTUSZuyFeJaDxpyvRhUDzKAouKBscwIeJi64uNinS7AjTp/FApr2N4TpmqXLv3G33onCH0bJevOn9s003kQ==
priority: u=3,i
content-length: 647
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.221.16200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: +LPXt+5fm5s7V3CQq0Xnne/HV20lDPvuBJlGdCh7BzNBGibzLspEo4gyr/+tBlb6/HA6wNTifZFr/8yU576kkw==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 16:46:09 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: laSioG4RYPLo0KE2cuMVLYVJ8dt4zfxDd86TybTbDIRS4lVwxGAfkAed+W883QQBkc5CI6AawlcC8avE9t2izA==
content-length: 830
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7zY2CRG7XJ_.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 3.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7zY2CRG7XJ_.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4200)
Hash b5caaf6332d298cc7e098a074ed4ae73
ad3f41b2265c33b596da9dbcb9aa539464651c79
04e8f43d84e0400ca93cd84b5e7402c5f3164bc1a21a6953703eb8ba34958c74
GET /rsrc.php/v3/yx/l/0,cross/7zY2CRG7XJ_.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 02 Dec 2023 18:43:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: tcqvYzLSmMx+CYoHTtSucw==
x-fb-debug: uUVmYliYC9cfJfRkflfELQbn7MSTGpGSPa5V/EOUc6zBD27AMo4ApZfKxOgUCOGgSEUUHwSfXn0XK71vRk62aw==
priority: u=3,i
content-length: 3255
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y-/r/oOEvy0vWOy0.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 5.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y-/r/oOEvy0vWOy0.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4488)
Hash 41a0e9c4f0a6e32bf32aa95fd4108197
e1ec46613a050d9e5545233e0144fae023a1e6a2
974d57ed297fdc198a6c422c0ebd6884b76f9586fde36fba453e69cd538e992f
GET /rsrc.php/v3/y-/r/oOEvy0vWOy0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 15:45:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: QaDpxPCm4yvzKqlf1BCBlw==
x-fb-debug: ki1YUTZ0sKjCu8QGX8lxoCPFiMGjhcwdomGGJG7ADd4kPqZzFV/6VJnMw+A+my+OPZTj3QojTluG7LggIWRETg==
priority: u=3,i
content-length: 5712
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yq/r/6pd4iTcqYl_.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 5.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yq/r/6pd4iTcqYl_.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (10494)
Hash 8d2072d6624b51be56303ac9b3ff2e32
dcdfacb3375e65e9e8fb2e6888820b9a777b6e61
24aee0833249ea9efc50731ab81924cea2a1f6798698b7f2e294067bbdc3a0a3
GET /rsrc.php/v3/yq/r/6pd4iTcqYl_.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 16:16:23 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: jSBy1mJLUb5WMDrJs/8uMg==
x-fb-debug: BqzfIE5Vse6OtQu13/PK63ViEdqShW4aJUmlpVYC1aeC+MJILZiCx44YBf8EeduMIxFkzNA3KuIEPnZI7WxRbA==
priority: u=3,i
content-length: 4980
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/oJm7DIspwU3.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 7.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/oJm7DIspwU3.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (4643)
Hash f462569d14f6001bd4f1c6816b28c69c
13720aa278a61d24a321f3ba82f00a8146a7efbc
6f81aea1eb8b4d0751abb8bb89bd7f4e308b75b75d5b4a5ef728f5d076c5e27f
GET /rsrc.php/v3/yF/r/oJm7DIspwU3.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 07 Dec 2023 17:59:47 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 9GJWnRT2ABvU8caBayjGnA==
x-fb-debug: mpDfnsn/B/O134g5HVS7j33vdrNFt8eVL3oef5oOTQ5vVkO+SFKJeIbsQddiHsoYH79VZYxseh5QzeyCpVMH+Q==
content-length: 7778
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/NJiNNgzn9FZ.css?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yW/l/0,cross/NJiNNgzn9FZ.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (8976)
Hash f18f13f03eb9d52cf83c0aded64079c1
179fdcc3bd0003cfcce42e26e8660556a6dc7c8d
eb3454aa82bab984d96df0c169a4d2fcc20b98d50f2b96eef42452aa1f139d54
GET /rsrc.php/v3/yW/l/0,cross/NJiNNgzn9FZ.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 15:11:14 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 8Y8T8D651Sz4PAre1kB5wQ==
x-fb-debug: JdMEXBdkSvP98Yva3F+4xKDjTvIsNQuaq6Oa8qNct5riHMNdkK2e0lo1wHj14MzfmWNMAW+/VCPrkOVMu2NgCA==
priority: u=2
content-length: 6445
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (5542)
Hash 1ad15afc034f310427c81b0759603a2b
e5efd1d029dccf5fa8128c84aadb6544a4ab60e0
fedf63f655f9eef24c517c3d6762fb07b142213ba623d4a0b06614fb5d9754bd
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Dec 2023 17:56:48 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: GtFa/ANPMQQnyBsHWWA6Kw==
x-fb-debug: b7x+jeNOtVmAEj8UB8L+5Yus9aOwUMT0oWoondBNAkiXVI53tFqPvc5E77uoms2RENAqLERsSm5GqO4Czs+FIg==
priority: u=3,i
content-length: 12334
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.scupio.com/js/config/17253.json?v=1.0.3839
143.204.55.37200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17253.json?v=1.0.3839
IP 143.204.55.37:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash e6d2e6cd158cf424b6d89d96cdc0850a
a4da708d37ab2bbeb362004051efa7ab77ddb6eb
ae7728e6e73d7c4e2357f47184e5cbd3079f0590d52e7293c59bd5c10a98dc2a
GET /js/config/17253.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
date: Fri, 09 Dec 2022 02:32:21 GMT
last-modified: Fri, 09 Dec 2022 02:20:41 GMT
etag: "63929b79-1cd"
expires: Fri, 09 Dec 2022 05:32:21 GMT
cache-control: max-age=10800
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Kbqsz_YK_9OaNvQ7SFZYgryi13FxCdoqo_S3_jH1d0nTav59BHc7Nw==
age: 281
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yS/r/6YDcW8EHjbp.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 19 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yS/r/6YDcW8EHjbp.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (8606)
Hash eab4d9652bb152973a26936fc85f09f5
756a00cb73057d7aebf869b203663a635de8e74a
01cf1611e7f1431f2532cea3c2377f5b56ce369beb6ab0fdf7c0cb22d8a8fa3d
GET /rsrc.php/v3/yS/r/6YDcW8EHjbp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 29 Nov 2023 09:04:03 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 6rTZZSuxUpc6JpNvyF8J9Q==
x-fb-debug: oQojTSf5dEVYDsFR7fgzt4ArC3lzrzCPVI3dAGO0KaxrRctPdaRY579oKOo4fqyN9myOOSDG0X31yM6Xqqyedg==
priority: u=3,i
content-length: 19088
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 7.3 kB URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
Hash 55f14c254858969fb7a13be412bfb10d
7e8eb49079d7f5a89f25f9547a62207d06700c37
30e579021cbab09988951e70e36a3032531f65d69966b40d4e653730f6e21900
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/gvjOLp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-1ad"
expires: Sat, 09 Dec 2023 02:37:03 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ye/r/jOndqenRnJo.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ye/r/jOndqenRnJo.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type C source, ASCII text, with very long lines (5068)
Hash c8897f335c1b9bb5f35b61d43a8b8e29
b777c227f93d2093545b49e23715d715049c195b
665a5b99324d87f1f6441ecdace6cffd0eda5bebe0477ff896693eb4b356eb4f
GET /rsrc.php/v3/ye/r/jOndqenRnJo.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 07 Dec 2023 23:01:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yIl/M1wbm7XzW2HUOouOKQ==
x-fb-debug: IOEcOmCqSwco16IlPTHHya3E/7lPuu/lWFNneyn2oEBFWVEXNZkIgjQ2R5Rda5cpjcCQa56Q4X3QZPkP8dnGew==
priority: u=3,i
content-length: 48007
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
img.scupio.com/js/config/17229.json?v=1.0.3839
143.204.55.37200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17229.json?v=1.0.3839
IP 143.204.55.37:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash e18c124cb509ae5e96978f3a02f61303
648556d01bf3eccd69d3189c691243001932243e
58d372dd1a0a3f79f88bc4e3ec811860d6b223692e3f4115ec571f06639f280d
GET /js/config/17229.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
date: Fri, 09 Dec 2022 02:32:21 GMT
last-modified: Fri, 09 Dec 2022 02:20:40 GMT
expires: Fri, 09 Dec 2022 05:32:21 GMT
cache-control: max-age=10800
accept-ranges: bytes
etag: "63929b78-1cd"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A_mvWd62yOrHDF0s3o84nM6Wr_SwJHyUcwVSljlKWmvAhxZvZ0VYSA==
age: 282
access-control-allow-origin: *
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y2/r/1Uq8e-LKgSD.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 85 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y2/r/1Uq8e-LKgSD.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
File type ASCII text, with very long lines (18622)
Hash f6e57a27dda31c2b2023e265cb1535c5
32684012a51bc854810a077eb6a0e65e3053d683
bbbd04dcbcae5be2e305b8f0edb6b0c30c14fd208067d5da60e964c1431ce38d
GET /rsrc.php/v3/y2/r/1Uq8e-LKgSD.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Dec 2023 21:12:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 9uV6J92jHCsgI+JlyxU1xQ==
x-fb-debug: zAYMi7t+BAXI9/ld4Wu/2DYTWP1Pc8Yky8LNal/852X7Bl64yX1IQOS2tS/16AN8uZDBfYaaDtl1MlpjJOnd+w==
priority: u=3,i
content-length: 85066
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
IP 142.250.74.131:0
Hash d90440377b9bad230e2b379b1f59a546
d99a7c57d1bc02562287ed685a9f3e42e58be95c
fb8fcb5f38c666e8eb308efaf9725abee2976ea586343fe437c5718ef3ef9faf
POST /s/gts1d4/WnnVaKpG-Cc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5d96adb682ef39ebb33466026108edf9
88871a7bb3dd6956d63c9b91a9a33870ab4873f2
287f9f6b795e0f0415abf458171d03772bd2c7ceb842816c0dffa4bc04d7a695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "287F9F6B795E0F0415ABF458171D03772BD2C7CEB842816C0DFFA4BC04D7A695"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12716
Expires: Fri, 09 Dec 2022 06:09:00 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
216.58.211.10200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 216.58.211.10:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 16:26:50 GMT
expires: Tue, 05 Dec 2023 16:26:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 295814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=1380886622&cid=573891734.1670553423&ul=en-us&sr=1280x1024&_s=1&sid=1670553422&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FgvjOLp&dt=Send%20Money%2C%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20-%20PayPal&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=1380886622&cid=573891734.1670553423&ul=en-us&sr=1280x1024&_s=1&sid=1670553422&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FgvjOLp&dt=Send%20Money%2C%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20-%20PayPal&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-N394QBRGC0>m=2oebu0&_p=1380886622&cid=573891734.1670553423&ul=en-us&sr=1280x1024&_s=1&sid=1670553422&sct=1&seg=0&dl=https%3A%2F%2Freurl.cc%2FgvjOLp&dt=Send%20Money%2C%20Pay%20Online%20or%20Set%20Up%20a%20Merchant%20Account%20-%20PayPal&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://reurl.cc
date: Fri, 09 Dec 2022 02:37:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 03da22be376222d03828aac28a2febcc
05a94d327b1c3a25654c4c264f7e3471dad41b84
27357db6722dbc8f411f0f735d92eb129eb074c13d96fefbf4862eb84fc72f51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27357DB6722DBC8F411F0F735D92EB129EB074C13D96FEFBF4862EB84FC72F51"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14130
Expires: Fri, 09 Dec 2022 06:32:34 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 03da22be376222d03828aac28a2febcc
05a94d327b1c3a25654c4c264f7e3471dad41b84
27357db6722dbc8f411f0f735d92eb129eb074c13d96fefbf4862eb84fc72f51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27357DB6722DBC8F411F0F735D92EB129EB074C13D96FEFBF4862EB84FC72F51"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15676
Expires: Fri, 09 Dec 2022 06:58:20 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5d96adb682ef39ebb33466026108edf9
88871a7bb3dd6956d63c9b91a9a33870ab4873f2
287f9f6b795e0f0415abf458171d03772bd2c7ceb842816c0dffa4bc04d7a695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "287F9F6B795E0F0415ABF458171D03772BD2C7CEB842816C0DFFA4BC04D7A695"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12698
Expires: Fri, 09 Dec 2022 06:08:42 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13435
Expires: Fri, 09 Dec 2022 06:20:59 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
adcdn.holmesmind.com/adserver/Preset.js?z=13856
143.204.55.65200 OK 789 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13856
IP 143.204.55.65:0
Hash 189c7a33d04b6720ea38f1398a593497
6b8fdbc88b327aaac495eb6200d72a4052313156
882144ffab91378298bb83c645ae71a73564fa3220949e0b28e683d2a14060f0
GET /adserver/Preset.js?z=13856 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 02:32:37 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: juExLQTdUOOPtqeU0_Bf2xYd2mOoawNHoM1RftuENpBJaSFrzbPpjw==
age: 266
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a22fc7807fb3337f0af5e546c7ad366a
0d5969394b370a5c77c53ed58f55e5f8a45da3ab
98b4f4fd27dc036697fb0328083bce6e691b7493428f3a54991087d9d1165d97
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5530
x-amzn-requestid: adecbb8c-cec3-46a0-b32c-0026b8421fe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4d8Fg6IAMF61g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903abf-4bcb385f27cb438c36a2cd5e;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UDD0v-1I1sFVMsJl64nQDe_hHExMrSLXPrbou_J79YEQf3YwS2oklA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:48:13 GMT
age: 67731
etag: "0d5969394b370a5c77c53ed58f55e5f8a45da3ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 34560
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:42:37 GMT
age: 82467
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8d1605154a552a8c3165c1358ea2e185
2e677da1f57c112d984180ead80481e8797ff2e8
12b075ad3e786dc68ab3fab1e4ce9d6f7810bdebc7bdafd993e19bc5bc7c0abc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11027
x-amzn-requestid: e0d56100-13aa-44e5-ae80-bedfeece87db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwV19EUOIAMFjcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900359-5a5402381d61db921a00404d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:07:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7ET6kgGgWAKa4_CFCgSwnN8m7FnplxP7zOp8lEyodxn5lmlIIHD4vQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 04:37:30 GMT
age: 79174
etag: "2e677da1f57c112d984180ead80481e8797ff2e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c.holmesmind.com/cm
35.201.76.93302 Found 503 B IP 35.201.76.93:0
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
GET /cm HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx/1.10.3 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: test_cookie=CheckForPermission;Expires=Friday, 09-Dec-2022 18:38:03 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
location: https://c.holmesmind.com/cm?tc=getIn&
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=14210
143.204.55.65200 OK 20 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=14210
IP 143.204.55.65:0
Hash aa175ea47063f2bf9d9606f883a23bdd
ed1ff2fd099caa506f80d38db560069d48b7ade4
a177b440810c1109cd81ebd058b10ce6f8f36757c47e79f7402a25feba1e09d1
GET /adserver/Preset.js?z=14210 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 02:32:37 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VxF5eILNuvI3cMMJ90TmMugP6es3cRJzZPA2SUPqLvNd-PG4bjnBhQ==
age: 266
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13435
Expires: Fri, 09 Dec 2022 06:20:59 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 733f13edbe174e94eab812ebc06d857c
aa58fec1016a3761976bbe2c50d17247dba494ba
df4f66c561361cae276bb4b1595f32bfc647bdd0b38c36a5133968ee7aa40b60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4183
Cache-Control: max-age=89141
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "6391482e-1d7"
Expires: Sat, 10 Dec 2022 03:22:45 GMT
Last-Modified: Thu, 08 Dec 2022 02:13:02 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f04d1dc05d36822d7368cdb4d19316c9
5c611ceaf8d4c79edfe37a6201d40917cebeda28
a9336a736295e694564259c4806ed96a00d20844f78f2688ed28251e62a71ceb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: e8dc7a72-f5b3-48cd-a82d-353bace3ed7f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F8GIAMFojw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-4c62a5ea0572081c44fd601c;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iiVTNich5HpqlSgfEWIjQ60wOiemqVrn8OyjLle_xLj8WP0yPsU-dQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 04:16:45 GMT
age: 80419
etag: "5c611ceaf8d4c79edfe37a6201d40917cebeda28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c.holmesmind.com/cm?tc=getIn&
35.201.76.93200 OK 7.2 kB URL HTTP/2 c.holmesmind.com/cm?tc=getIn&
IP 35.201.76.93:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /cm?tc=getIn& HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4;Expires=Monday, 06-Dec-2032 18:37:03 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
test_cookie=;Expires=Thursday, 01-Jan-1970 08:00:00 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59;Expires=Friday, 23-Dec-2022 18:37:03 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
C=null;Expires=Friday, 23-Dec-2022 18:37:03 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
RK=null;Expires=Sunday, 19-Mar-2023 18:37:03 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 733f13edbe174e94eab812ebc06d857c
aa58fec1016a3761976bbe2c50d17247dba494ba
df4f66c561361cae276bb4b1595f32bfc647bdd0b38c36a5133968ee7aa40b60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4183
Cache-Control: max-age=89141
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "6391482e-1d7"
Expires: Sat, 10 Dec 2022 03:22:45 GMT
Last-Modified: Thu, 08 Dec 2022 02:13:02 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 733f13edbe174e94eab812ebc06d857c
aa58fec1016a3761976bbe2c50d17247dba494ba
df4f66c561361cae276bb4b1595f32bfc647bdd0b38c36a5133968ee7aa40b60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4183
Cache-Control: max-age=89141
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "6391482e-1d7"
Expires: Sat, 10 Dec 2022 03:22:45 GMT
Last-Modified: Thu, 08 Dec 2022 02:13:02 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
i0.wp.com/golike.tw/wp-content/uploads/2022/09/LINE_ALBUM_%E4%BE%86%E5%8E%BB%E6%A1%83%E5%9C%92%E4%B8%80%E6%97%A5%E9%81%8A_220902_97.jpg?fit=1478%2C1108&ssl=1
192.0.77.2200 OK 211 kB URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/09/LINE_ALBUM_%E4%BE%86%E5%8E%BB%E6%A1%83%E5%9C%92%E4%B8%80%E6%97%A5%E9%81%8A_220902_97.jpg?fit=1478%2C1108&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1478x1108, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 211 kB (210600 bytes)
Hash 547193ce9a5a7281950af114301d3772
1e899a47997f83b03fc3156c821f40e993929ae1
bf5a90a389a9f8111572c77f7539408846f53aa3d71da0387151ae61b0f706c3
GET /golike.tw/wp-content/uploads/2022/09/LINE_ALBUM_%E4%BE%86%E5%8E%BB%E6%A1%83%E5%9C%92%E4%B8%80%E6%97%A5%E9%81%8A_220902_97.jpg?fit=1478%2C1108&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/webp
content-length: 210600
last-modified: Mon, 05 Dec 2022 09:55:11 GMT
expires: Wed, 04 Dec 2024 21:55:11 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/09/LINE_ALBUM_%E4%BE%86%E5%8E%BB%E6%A1%83%E5%9C%92%E4%B8%80%E6%97%A5%E9%81%8A_220902_97.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "123998cbdc33effb"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
img.scupio.com/js/config/currency.json
143.204.55.37200 OK 108 B URL HTTP/2 img.scupio.com/js/config/currency.json
IP 143.204.55.37:0
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash be50d0faf9c81248cfc882392c520740
34eca29d4accc150f08373869a550d28d05f6481
3aca153e6cf75049b4ce3bd9496cf0d6760236df5560f8720e5b7192d32bccbc
GET /js/config/currency.json HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 108
server: nginx/1.12.1
last-modified: Thu, 08 Dec 2022 19:15:04 GMT
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:34:56 GMT
expires: Fri, 09 Dec 2022 05:34:13 GMT
cache-control: max-age=10800
etag: "639237b8-6c"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gZSS1cCc88G0uVa-6bjYCPqnagGS-xUyIAX_5PH7DGhe3aM_veay4w==
age: 171
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4b715511e526fb70461e5f4e3008d75b
d23c60c5f373b6c3baf1150fc76537c383139b17
cbc81bf10c57840cebcece1de9ee0198d7f8cf0f10d8c0a049a0652c0162c883
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 20:16:28 GMT
Expires: Tue, 13 Dec 2022 20:16:27 GMT
Etag: "d23c60c5f373b6c3baf1150fc76537c383139b17"
Cache-Control: max-age=408562,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776a5b562f26b4fa-OSL
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Fri, 09 Dec 2022 02:37:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
reurl.cc/javascripts/loading.js
35.185.130.121200 OK 1.7 MB URL HTTP/2 reurl.cc/javascripts/loading.js
IP 35.185.130.121:0
Size 1.7 MB (1650054 bytes)
Hash 76f676458c23bb6054a41906d64a3b2e
c81d60fd19a61792942995379e758f65c8817e48
5af19fe707520d8fc7843ee5b1fe10c30af4a4eea9c3d119e6737bdf4a17d4ae
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/gvjOLp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-86"
expires: Sat, 09 Dec 2023 02:37:03 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f6d79d4508681802da4fb17bf59489ae
8c29d5c4150d1600b98654d2b9000827ab35a617
f6fe5f87b2ef4b258ebcd7dd7a416c835b8af93720f6872f99005ce6885673dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6FE5F87B2EF4B258EBCD7DD7A416C835B8AF93720F6872F99005CE6885673DD"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 08:37:04 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Fri, 09 Dec 2022 02:37:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0ec12e912207a0b599ea3ad54ecf6d07
0610ed4ac707aaad421177defe1e6ff9d1cae161
3ca2c232c26d043c7f1f9b77a5e3be8628927b19d9ed9d14dc800e67ca6d4028
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3CA2C232C26D043C7F1F9B77A5E3BE8628927B19D9ED9D14DC800E67CA6D4028"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Fri, 09 Dec 2022 08:37:02 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.37200 OK 22 kB URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (13977)
Hash a9743429e7d4017de0a5fe52bd9ab08e
2168fd77762ffee32028b0b2bb9011e6e7475841
df4ebac78fcc9bd7cf4a38224d71d060fc3f6b61437f5221ccfdad5145c22475
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 01:54:41 GMT
expires: Sun, 08 Jan 2023 01:53:08 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8I6OM5Peit5ybEk0WQMjEcmdD2P3ixcJONjo5jdA2B2WlkWZdsZLyQ==
age: 2635
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Fri, 09 Dec 2022 02:37:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 272
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5d96adb682ef39ebb33466026108edf9
88871a7bb3dd6956d63c9b91a9a33870ab4873f2
287f9f6b795e0f0415abf458171d03772bd2c7ceb842816c0dffa4bc04d7a695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "287F9F6B795E0F0415ABF458171D03772BD2C7CEB842816C0DFFA4BC04D7A695"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12698
Expires: Fri, 09 Dec 2022 06:08:42 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 437
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 15e3b0c296969f81335cfd2dc136478a
45c617468feb907652356179090be9fc36790b03
0388ea0c98ed3ab0a27735128f347d2c626997fb1406dfe7e54796c3245cf8d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5541
Cache-Control: max-age=122522
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "6391c545-139"
Expires: Sat, 10 Dec 2022 12:39:06 GMT
Last-Modified: Thu, 08 Dec 2022 11:06:45 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 313
img.gbyhn.com.tw/2022/12/1670509392-ff3f059376186324858adbff92d7a767-840x525.png
188.114.97.1200 OK 466 kB URL HTTP/2 img.gbyhn.com.tw/2022/12/1670509392-ff3f059376186324858adbff92d7a767-840x525.png
IP 188.114.97.1:0
File type PNG image data, 840 x 525, 8-bit/color RGBA, non-interlaced\012- data
Size 466 kB (466236 bytes)
Hash 70f7e1dde00e5adc819cd500ff997782
351d99d4b20301398d082245f7505a7191435522
3a7f2b8e4475cac180a13b6fb8791340577f1d88db372cd382c01f5e5f9bffc8
GET /2022/12/1670509392-ff3f059376186324858adbff92d7a767-840x525.png HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/png
content-length: 466236
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 14:23:42 GMT
last-modified: Thu, 08 Dec 2022 14:23:14 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 40649
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCPwDsazhYBTnUB07CifdA2cm6JGuawsHc4%2BrWaNSJGoTksZsP60cK5dJLczoCuwvND1dUARb6YM%2Br2RIVT03Lm%2BqYaidlu2VKq%2BGkA%2B7q%2Fggd2XxZZ15JbquovLQbFCAlva"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776a5b576f8d1c0e-OSL
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4b715511e526fb70461e5f4e3008d75b
d23c60c5f373b6c3baf1150fc76537c383139b17
cbc81bf10c57840cebcece1de9ee0198d7f8cf0f10d8c0a049a0652c0162c883
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 20:16:28 GMT
Expires: Tue, 13 Dec 2022 20:16:27 GMT
Etag: "d23c60c5f373b6c3baf1150fc76537c383139b17"
Cache-Control: max-age=408562,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776a5b574fcdb4fa-OSL
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0ec12e912207a0b599ea3ad54ecf6d07
0610ed4ac707aaad421177defe1e6ff9d1cae161
3ca2c232c26d043c7f1f9b77a5e3be8628927b19d9ed9d14dc800e67ca6d4028
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3CA2C232C26D043C7F1F9B77A5E3BE8628927B19D9ED9D14DC800E67CA6D4028"
Last-Modified: Wed, 07 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Fri, 09 Dec 2022 08:37:02 GMT
Date: Fri, 09 Dec 2022 02:37:04 GMT
Connection: keep-alive
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=31055108336
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=31055108336
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=31055108336 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.rayskyinvest.com/wp-content/uploads/2020/06/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%B9%A3%E5%AE%89%E5%AE%8C%E6%95%B4%E8%A8%BB%E5%86%8A%E9%96%8B%E6%88%B6%E6%95%99%E5%AD%B8-750x375.jpg
35.197.227.153200 OK 62 kB URL HTTP/2 www.rayskyinvest.com/wp-content/uploads/2020/06/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%B9%A3%E5%AE%89%E5%AE%8C%E6%95%B4%E8%A8%BB%E5%86%8A%E9%96%8B%E6%88%B6%E6%95%99%E5%AD%B8-750x375.jpg
IP 35.197.227.153:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 750x375, components 3\012- data
Hash c9177f3332355863b057093ad231cd57
7ac949ad26e1aca11e79bb8fb29f7e06557b6010
d35ab771ece0804e3cb4034595351b1a38e472fc1ccead07dcef54dce1d81363
GET /wp-content/uploads/2020/06/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%B9%A3%E5%AE%89%E5%AE%8C%E6%95%B4%E8%A8%BB%E5%86%8A%E9%96%8B%E6%88%B6%E6%95%99%E5%AD%B8-750x375.jpg HTTP/1.1
Host: www.rayskyinvest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/jpeg
content-length: 62460
last-modified: Thu, 11 Mar 2021 08:26:43 GMT
etag: "6049d443-f3fc"
expires: Thu, 07 Dec 2023 07:49:10 GMT
cache-control: max-age=31536000
x-cdn-c: static
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=98570257238
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=98570257238
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=98570257238 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/bridgewellV3.js
54.230.111.38200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:05 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sW55w5IKXPC_Jf8wtFcMCrJ33kxlS_-8hPMNwZ2vZmCOeZvjSj_gwQ==
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/prebid_mainV3.js
54.230.111.38200 OK 2.9 kB URL HTTP/2 cdn.holmesmind.com/js/prebid_mainV3.js
IP 54.230.111.38:0
File type ASCII text, with CRLF line terminators
Hash 74ebdc32f6914abe676de8f39ed18139
8473a18aa59f435f57e4c45b48243bc5d6a657c4
60c625527519d2f5c9f477679106c665ccf15efd0083a01e42a404f3e70a590a
GET /js/prebid_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2948
last-modified: Thu, 17 Nov 2022 07:33:16 GMT
x-amz-version-id: LtEcKp1i.dyPXOQ0XdBFKyTCWm7W87uY
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:05 GMT
etag: "74ebdc32f6914abe676de8f39ed18139"
x-cache: RefreshHit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tOw3JKf-HJzf5gMP7rQ8CWw2fmkbkJD_wnTy1i33ADMTMONdAMjQrQ==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 4832b1550e87b8313c7d9212600abab5
d83a41812e1fdf5519f678639ff7d7bcfbcb7bac
ccde06d94102bfe1e07ead7089416c15d7d843b0fa533ce6e4094cee28f899b1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 21:44:58 GMT
Expires: Mon, 12 Dec 2022 21:44:57 GMT
Etag: "d83a41812e1fdf5519f678639ff7d7bcfbcb7bac"
Cache-Control: max-age=327472,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776a5b580821b4fa-OSL
creditcards.com.tw/wp-content/uploads/2022/09/%E5%8F%B0%E7%81%A3%E5%A4%A7%E8%BB%8A%E9%9A%8A%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1
192.0.78.135200 OK 48 kB URL HTTP/2 creditcards.com.tw/wp-content/uploads/2022/09/%E5%8F%B0%E7%81%A3%E5%A4%A7%E8%BB%8A%E9%9A%8A%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1
IP 192.0.78.135:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x630, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 330f35998349348d53e1c9dd145ad59d
e373fe97872fd7b5522a6c8b7570c17e59cd5b57
a2497c65ddfce6584c95e71e9b5ce87e502a4ad1f5ae63c593b120d9b216fe38
GET /wp-content/uploads/2022/09/%E5%8F%B0%E7%81%A3%E5%A4%A7%E8%BB%8A%E9%9A%8A%E6%8E%A8%E8%96%A6%E4%BF%A1%E7%94%A8%E5%8D%A1-1080x630.jpg?crop=1 HTTP/1.1
Host: creditcards.com.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/webp
content-length: 48210
strict-transport-security: max-age=31536000
last-modified: Thu, 01 Sep 2022 07:31:22 GMT
expires: Sat, 31 Aug 2024 19:31:22 GMT
cache-control: public, max-age=63115200
x-content-type-options: nosniff
etag: "aefd71552d3c2518"
vary: Accept
x-nc: HIT bur 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 437
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d7750457f7e1436e0bdcdcad7f29ac1c
5cb7cd4c3110ac32ea20582b089fd68da9794c74
a85ccc2c74e4be2e8feae8664b2f185a6e3cf715371a1e5c775d44dcc5149051
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104737
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "63919571-117"
Expires: Sat, 10 Dec 2022 07:42:41 GMT
Last-Modified: Thu, 08 Dec 2022 07:42:41 GMT
Server: nginx
Content-Length: 279
img.racingcharger.tw/wp-content/uploads/20221206114545100.jpg
188.114.96.1200 OK 158 kB URL HTTP/2 img.racingcharger.tw/wp-content/uploads/20221206114545100.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 1600x900, components 3\012- data
Size 158 kB (158289 bytes)
Hash b027a1fcf3d2db85c1d51db19bb2959b
9a045565fda3cb62acdafb3d2d8c0d9488bde237
143b228f50158a573732b32e5efd8b9a3bbaf16d04e8efd51a3c3858866a429f
GET /wp-content/uploads/20221206114545100.jpg HTTP/1.1
Host: img.racingcharger.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/jpeg
content-length: 158289
last-modified: Tue, 06 Dec 2022 11:45:53 GMT
cache-control: max-age=28800
cf-cache-status: HIT
age: 18041
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDoiKzkuwMEuXTgW1iiBgi8YTdxtHXhxtNb4n6n0bv6%2Fqjvqr0kOjTY4EMPS5Bl%2BLItAGT4FM6opUNG4r5Sl7nq5hfMjfqC6nvPaE6pgVUcuaATaG8J%2FnW%2Fv5D%2BnxrWrfqxcfCkRxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776a5b592bdcb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.3723892853344921
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.3723892853344921
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17229&cb=0.3723892853344921 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=xsfitqirmn3gcdsulhgjzghc; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=xsfitqirmn3gcdsulhgjzghc; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CFA20221209103704413278; domain=scupio.com; expires=Thu, 09-Dec-2027 02:37:04 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:03 GMT
Content-Length: 0
blog.alphaloan.co/wp-content/uploads/2022/10/%E8%B2%B7%E9%9B%BB%E5%8B%95%E6%B1%BD%E8%BB%8A%E9%81%B8%E4%BF%A1%E8%B2%B8%E9%82%84%E6%98%AF%E8%BB%8A%E8%B2%B8%EF%BC%9F%E7%B4%94%E9%9B%BB%E8%BB%8A%E7%94%A8%E9%9B%BB%E5%8B%95%E8%BB%8A%E8%B2%B8%E6%AC%BE%E5%B0%88%E6%A1%88%E6%9C%80%E5%88%92%E7%AE%97%EF%BC%81-.jpg
192.0.78.236200 OK 127 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/10/%E8%B2%B7%E9%9B%BB%E5%8B%95%E6%B1%BD%E8%BB%8A%E9%81%B8%E4%BF%A1%E8%B2%B8%E9%82%84%E6%98%AF%E8%BB%8A%E8%B2%B8%EF%BC%9F%E7%B4%94%E9%9B%BB%E8%BB%8A%E7%94%A8%E9%9B%BB%E5%8B%95%E8%BB%8A%E8%B2%B8%E6%AC%BE%E5%B0%88%E6%A1%88%E6%9C%80%E5%88%92%E7%AE%97%EF%BC%81-.jpg
IP 192.0.78.236:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, resolutionunit=2], baseline, precision 8, 1640x924, components 3\012- data
Size 127 kB (126583 bytes)
Hash d8d6fe0fd0bf418ec99179cda60bf33d
2e7935638606630f493df4280cd1687da60e7746
8ece289c9fae84acbb22a2544ab116a875968f6656e4fc18bdda40252ca62d04
GET /wp-content/uploads/2022/10/%E8%B2%B7%E9%9B%BB%E5%8B%95%E6%B1%BD%E8%BB%8A%E9%81%B8%E4%BF%A1%E8%B2%B8%E9%82%84%E6%98%AF%E8%BB%8A%E8%B2%B8%EF%BC%9F%E7%B4%94%E9%9B%BB%E8%BB%8A%E7%94%A8%E9%9B%BB%E5%8B%95%E8%BB%8A%E8%B2%B8%E6%AC%BE%E5%B0%88%E6%A1%88%E6%9C%80%E5%88%92%E7%AE%97%EF%BC%81-.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: image/jpeg
content-length: 126583
strict-transport-security: max-age=31536000
last-modified: Mon, 24 Oct 2022 07:38:56 GMT
etag: "63564110-1ee77"
expires: Fri, 16 Dec 2022 02:37:04 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d7750457f7e1436e0bdcdcad7f29ac1c
5cb7cd4c3110ac32ea20582b089fd68da9794c74
a85ccc2c74e4be2e8feae8664b2f185a6e3cf715371a1e5c775d44dcc5149051
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104737
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:04 GMT
Etag: "63919571-117"
Expires: Sat, 10 Dec 2022 07:42:41 GMT
Last-Modified: Thu, 08 Dec 2022 07:42:41 GMT
Server: nginx
Content-Length: 279
bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.7068189362571269
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.7068189362571269
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17253&cb=0.7068189362571269 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=dr0hgksiz5f1jikuqsw3suob; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=dr0hgksiz5f1jikuqsw3suob; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CRA2022120910370450461; domain=scupio.com; expires=Thu, 09-Dec-2027 02:37:04 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:04 GMT
Content-Length: 0
t.ssp.hinet.net/
203.75.214.136200 OK 4.0 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash b62c548100d9ee36f26d6afb226dfd6f
cc50a821d33bb6ac80f9be9fac606e72a7b03619
598f403a875ad2ea96148d34fb5e83e3729709134c1a62e1319a78a71a855000
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=fedf9184-a3f5-4a33-bc3a-24148c13bcde; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 1.3 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 57c992f196d97da9427c554d2467f0cd
b0ed37c0a051f2b88937698e2e93710e23a46b8b
3a14470c535f31b1650cdc3c2b0e8dc13a72e428c8b68cf47ce0239798fd595b
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=300&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=300&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=300&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Fri, 09 Dec 2022 02:37:05 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
scontent-lcy1-1.xx.fbcdn.net/v/t45.1600-4/314495817_23852077334250652_5412996356229190293_n.jpg?stp=c0.36.1200.628a_cp0_dst-jpg_q75_s350x350_spS444&_nc_cat=108&ccb=1-7&_nc_sid=67cdda&_nc_ohc=TqRdUYl_1mQAX-E8X5g&_nc_ht=scontent-lcy1-1.xx&oh=00_AfBRuvoorUpbxKyWYb6w34fGfH-VBrZtaqwe9kkwRnx5Gw&oe=6396987A
157.240.240.1200 OK 17 kB URL HTTP/2 scontent-lcy1-1.xx.fbcdn.net/v/t45.1600-4/314495817_23852077334250652_5412996356229190293_n.jpg?stp=c0.36.1200.628a_cp0_dst-jpg_q75_s350x350_spS444&_nc_cat=108&ccb=1-7&_nc_sid=67cdda&_nc_ohc=TqRdUYl_1mQAX-E8X5g&_nc_ht=scontent-lcy1-1.xx&oh=00_AfBRuvoorUpbxKyWYb6w34fGfH-VBrZtaqwe9kkwRnx5Gw&oe=6396987A
IP 157.240.240.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x183, components 3\012- data
Hash 6e07261366fa563d11e29b0c842d7d7a
9f94a04202d054512bc39b48799445d371a138ba
353f921303b8899ce0cc7de3859e604b58181564b9eca13a10a6d12c053704a3
GET /v/t45.1600-4/314495817_23852077334250652_5412996356229190293_n.jpg?stp=c0.36.1200.628a_cp0_dst-jpg_q75_s350x350_spS444&_nc_cat=108&ccb=1-7&_nc_sid=67cdda&_nc_ohc=TqRdUYl_1mQAX-E8X5g&_nc_ht=scontent-lcy1-1.xx&oh=00_AfBRuvoorUpbxKyWYb6w34fGfH-VBrZtaqwe9kkwRnx5Gw&oe=6396987A HTTP/1.1
Host: scontent-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 11 Nov 2022 02:56:36 GMT
x-haystack-needlechecksum: 3507917466
x-needle-checksum: 686899312
content-type: image/jpeg
content-digest: adler32=3461394291
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 16974
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:05 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-lcy1-1.xx.fbcdn.net/v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=1&ccb=1-7&_nc_sid=8024bb&_nc_ohc=4rhVyW3YzOYAX9OaeIl&_nc_ht=scontent-lcy1-1.xx&oh=00_AfCsVu6RF27HycjV-Y9R4KfgWLxZKy27pbS38QvCY7ucrA&oe=6396D5EF
157.240.240.1200 OK 25 kB URL HTTP/2 scontent-lcy1-1.xx.fbcdn.net/v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=1&ccb=1-7&_nc_sid=8024bb&_nc_ohc=4rhVyW3YzOYAX9OaeIl&_nc_ht=scontent-lcy1-1.xx&oh=00_AfCsVu6RF27HycjV-Y9R4KfgWLxZKy27pbS38QvCY7ucrA&oe=6396D5EF
IP 157.240.240.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x350, components 3\012- data
Hash 3b7be0ae88efca6e1768192c0f09118e
16e3b4d79cfd5bd5a6175ff5110db4eb217f96bf
994e77b9ea84983465f70541f9bb11bdb7261e4ff7e7fe2d9b7a071c96f62e5c
GET /v/t39.30808-6/317804177_517451287071776_202408517459447862_n.jpg?stp=dst-jpg_p235x350&_nc_cat=1&ccb=1-7&_nc_sid=8024bb&_nc_ohc=4rhVyW3YzOYAX9OaeIl&_nc_ht=scontent-lcy1-1.xx&oh=00_AfCsVu6RF27HycjV-Y9R4KfgWLxZKy27pbS38QvCY7ucrA&oe=6396D5EF HTTP/1.1
Host: scontent-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 03 Dec 2022 16:57:36 GMT
x-haystack-needlechecksum: 3260002693
x-needle-checksum: 3807705429
content-type: image/jpeg
content-digest: adler32=3857915714
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 24678
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:05 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 10 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 0e5a7997be2318cebc909328a6e3abe0
dee30c23fb3c1372c755fe4ace4f63cf654ff14e
d3fed44a0f21a63ba85497229a0581dea6a2e02cd1e7e8f7f549dc8c3b768e10
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=33ed3207-80a6-4030-9036-26195dcf063a; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 31 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 0339842654319ab474713cc9489db6c8
550c0d7ce786ebfc191f8819bd4a4e3c878e5aee
650a514f6d17bd56a4e5950aa42a710fe2a608f8b9e79676c0215bb4fcc9fc2b
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=aae64491-2556-4ea7-ad8f-7cbb0cdd7ebe; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=970&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=970&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FgvjOLp&host=reurl.cc&xr=0&w=970&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
external-lcy1-1.xx.fbcdn.net/emg1/v/t13/17827665096760657764?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F02%2F2022-JCB-%E6%82%A0%E9%81%8A%E8%81%AF%E5%90%8D%E5%8D%A1%E6%8E%A8%E8%96%A6.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH3ldN41WLR5zBu9ISufEYKZDBwJCmdtzqZGxsQF5z-lw&oe=63944923&_nc_sid=698a6b
157.240.240.1200 OK 30 kB URL HTTP/2 external-lcy1-1.xx.fbcdn.net/emg1/v/t13/17827665096760657764?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F02%2F2022-JCB-%E6%82%A0%E9%81%8A%E8%81%AF%E5%90%8D%E5%8D%A1%E6%8E%A8%E8%96%A6.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH3ldN41WLR5zBu9ISufEYKZDBwJCmdtzqZGxsQF5z-lw&oe=63944923&_nc_sid=698a6b
IP 157.240.240.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 476x249, components 3\012- data
Hash c1a9620b0fc3a38b2ca43afd0ce843aa
0a3ed3eb658213836c66a7205f9b95d84ea7e945
60f5e1ea9d00b69aea6a6948d8d8db73b8c7891043da48a4b95b359897674b33
GET /emg1/v/t13/17827665096760657764?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F02%2F2022-JCB-%E6%82%A0%E9%81%8A%E8%81%AF%E5%90%8D%E5%8D%A1%E6%8E%A8%E8%96%A6.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH3ldN41WLR5zBu9ISufEYKZDBwJCmdtzqZGxsQF5z-lw&oe=63944923&_nc_sid=698a6b HTTP/1.1
Host: external-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 08 Dec 2022 09:15:16 GMT
content-type: image/jpeg
content-digest: adler32=2585493435
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 29735
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:05 GMT
cache-control: max-age=1209600, no-transform
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=3245-XxgUAAiPLUYynjQK1hF8JDyci06ahavs&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e
203.75.214.136200 OK 31 kB URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=3245-XxgUAAiPLUYynjQK1hF8JDyci06ahavs&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 70e1488e1374fbe39c188ac1f30557d3
2c50fcad9a4805da9340032fa902db98a55955da
0556539e828b5c9d181bdd531e66dea81aecfac0a62c49d324f37e92bcc6c7d0
GET /cm?c=50ef57&cid=3245-XxgUAAiPLUYynjQK1hF8JDyci06ahavs&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=c1298d8d-7f19-4f3c-b735-cc5c7baf0a7a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:05 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
external-lcy1-1.xx.fbcdn.net/emg1/v/t13/15286241683216029812?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F11%2F2022-%E7%BE%8E%E5%9C%8B%E9%81%8B%E9%80%9A%E5%9F%BA%E6%9C%AC%E4%BB%8B%E7%B4%B9-%E5%84%AA%E6%83%A0%E5%8C%AF%E6%95%B4.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH62JQXLWACMd69glK8W2Z1lW6H75XLM0QNqm9mCj8PIQ&oe=63940AF6&_nc_sid=698a6b
157.240.240.1200 OK 26 kB URL HTTP/2 external-lcy1-1.xx.fbcdn.net/emg1/v/t13/15286241683216029812?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F11%2F2022-%E7%BE%8E%E5%9C%8B%E9%81%8B%E9%80%9A%E5%9F%BA%E6%9C%AC%E4%BB%8B%E7%B4%B9-%E5%84%AA%E6%83%A0%E5%8C%AF%E6%95%B4.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH62JQXLWACMd69glK8W2Z1lW6H75XLM0QNqm9mCj8PIQ&oe=63940AF6&_nc_sid=698a6b
IP 157.240.240.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 476x249, components 3\012- data
Hash 2fca99520d9bf35955ec5297bd1907a5
053f541c38666c839e585e385c1aae9101b2ab4e
aaa662a592ef4cae1519637923de7d6b5a4e4aa696b24c0506aeb153076b3cf5
GET /emg1/v/t13/15286241683216029812?url=http%3A%2F%2Fcreditcards.com.tw%2Fwp-content%2Fuploads%2F2022%2F11%2F2022-%E7%BE%8E%E5%9C%8B%E9%81%8B%E9%80%9A%E5%9F%BA%E6%9C%AC%E4%BB%8B%E7%B4%B9-%E5%84%AA%E6%83%A0%E5%8C%AF%E6%95%B4.jpg&fb_obo=1&utld=com.tw&stp=c0.5000x0.5000f_dst-emg0_p476x249_q75_u&ccb=13-1&oh=06_AbH62JQXLWACMd69glK8W2Z1lW6H75XLM0QNqm9mCj8PIQ&oe=63940AF6&_nc_sid=698a6b HTTP/1.1
Host: external-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 25 Nov 2022 08:24:13 GMT
content-type: image/jpeg
content-digest: adler32=1490369935
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 25504
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:05 GMT
cache-control: max-age=1209600, no-transform
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-lcy1-1.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=SbTtk5W4ABoAX_ohaNw&_nc_ht=scontent-lcy1-1.xx&oh=00_AfC2jwEGahZnsv1N2hnqL7XX5df5G2idI7IR4ZzvRzvLHA&oe=6397BA55
157.240.240.1200 OK 1.3 kB URL HTTP/2 scontent-lcy1-1.xx.fbcdn.net/v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=SbTtk5W4ABoAX_ohaNw&_nc_ht=scontent-lcy1-1.xx&oh=00_AfC2jwEGahZnsv1N2hnqL7XX5df5G2idI7IR4ZzvRzvLHA&oe=6397BA55
IP 157.240.240.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 2bd9f1e3cdd6f434f665ca96d5447e16
897e849a303184615443c52a6bfdc0846d9dd2d5
4636fb9df5ae103fbad3764c9f98400be1c9384cbe77fdb6951b96adcac788b1
GET /v/t39.30808-1/305964663_450890893727816_1742559653774706626_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=1&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=SbTtk5W4ABoAX_ohaNw&_nc_ht=scontent-lcy1-1.xx&oh=00_AfC2jwEGahZnsv1N2hnqL7XX5df5G2idI7IR4ZzvRzvLHA&oe=6397BA55 HTTP/1.1
Host: scontent-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 08 Sep 2022 19:16:03 GMT
x-haystack-needlechecksum: 760809244
x-needle-checksum: 88386505
content-type: image/jpeg
content-digest: adler32=2540016234
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 1345
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:05 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.8304861672068244
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.8304861672068244
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.8304861672068244 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 457
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:05 GMT
6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net/pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=a546ca&referrer=%25%25%20referrer%20%25%25
203.75.214.136200 OK 0 B URL HTTP/2 6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net/pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=a546ca&referrer=%25%25%20referrer%20%25%25
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=a546ca&referrer=%25%25%20referrer%20%25%25 HTTP/1.1
Host: 6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=c1298d8d-7f19-4f3c-b735-cc5c7baf0a7a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net/pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=50ef57&referrer=
203.75.214.136200 OK 0 B URL HTTP/2 6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net/pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e&t=50ef57&referrer= HTTP/1.1
Host: 6bb7d3cf-e931-4d7d-a9c9-0234a48f315e.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=c1298d8d-7f19-4f3c-b735-cc5c7baf0a7a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/edmpVL.js
54.230.111.38200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/edmpVL.js
IP 54.230.111.38:0
File type C source, Unicode text, UTF-8 text, with CRLF line terminators
Hash bb1f54e9cb2e7c9c3e3c1b5adae79ccb
ed10616cb0b3952cd5caacccef973a65d57381b3
8d805e1c2cfc4d461ac38a234fdc8c26f767952c75301b21644940dbb3374a5f
GET /js/edmpVL.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10022
last-modified: Tue, 27 Jun 2017 10:23:08 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:36:10 GMT
etag: "bb1f54e9cb2e7c9c3e3c1b5adae79ccb"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bzoEXuOqWo1tVZLwtiSHm8MOk_KI-f1Rk5J5Xiv7WMVMyyrzAIpFuw==
age: 56
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=872&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
35.75.34.66200 OK 39 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=872&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
IP 35.75.34.66:0
Hash 36664254e37e9a17565ce2c8129f2b58
636aaadceef6f5a730271cbfc76a618d60696d7d
6c7d8a49b00cb3ae7a48bcc9530ad3baa7fda1d01366eaf44233d4cc48162d78
GET /adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=872&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/ad.js
143.204.55.37200 OK 28 kB IP 143.204.55.37:0
Hash 73a026bd72679bb94622857b455681ad
8c66fcf0c6b30f32a4167ab6de33ea5c19d554e4
d878698e432dcffed5d8bdb48e716c756f51d9d104801730a83da8648a3285d9
GET /js/ad.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:55 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 02:37:03 GMT
expires: Fri, 09 Dec 2022 02:52:00 GMT
cache-control: max-age=900
etag: W/"6327d117-12f95"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zsnuk0ZTZcu_TVyAK2HRbl787TVCxyPSxXBvGJwmMgrN1CIRh4jeKw==
age: 3
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 181252df23fb34db3997a1e483f6ed59
ea36a6b9625ebe8f4d5d81c217b9118aa8dd5354
962b3d5361da7726a380b729dcd0f827f56bdb4d0cc85372122e5f30e4e1205d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "962B3D5361DA7726A380B729DCD0F827F56BDB4D0CC85372122E5F30E4E1205D"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6458
Expires: Fri, 09 Dec 2022 04:24:43 GMT
Date: Fri, 09 Dec 2022 02:37:05 GMT
Connection: keep-alive
cdn.holmesmind.com/js/modle/ade/ade-tracker.js
54.230.111.38200 OK 1.6 kB URL HTTP/2 cdn.holmesmind.com/js/modle/ade/ade-tracker.js
IP 54.230.111.38:0
Hash cc88de770769cdecaa524a5801120c78
5f25d39f00d22df5f4feb3059d9bc51805dade4d
72e9ecb7db91e5a334caa4e36a70071de2851fe7c5a6e4b1028cc80c5be0fa84
GET /js/modle/ade/ade-tracker.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 1646
last-modified: Wed, 20 Apr 2022 09:24:31 GMT
x-amz-version-id: NaKVz_HCicjxM9ESQPttcJqfpSisoaZU
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:36:11 GMT
etag: "cc88de770769cdecaa524a5801120c78"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Z-ZzFvxsawRFi0v-etqhQodGa7HtCo2f7_HSMbIyYUvspSOFMu402A==
age: 55
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/modle/v/v_sdk.js
54.230.111.38200 OK 192 B URL HTTP/2 cdn.holmesmind.com/js/modle/v/v_sdk.js
IP 54.230.111.38:0
File type ASCII text, with no line terminators
Hash 8644272abfaa44219b2ed3d118b43dbc
a4f4ac8d9323e3ddc5d4579bb08345530f63e38d
7490c495bc701b5f3c822f76f18d9f9842e4c3578b4c8e74937ce49a1ca75546
GET /js/modle/v/v_sdk.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 192
last-modified: Tue, 29 Mar 2022 07:13:07 GMT
x-amz-version-id: XbcfHlCv0YU6yVSgKouNneQhxA5kNsN1
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:36:11 GMT
etag: "8644272abfaa44219b2ed3d118b43dbc"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zFD2G_TBryfz0SIWDtDH62VpryPnM-gGmEZVlTHeVMFBRy9t4s1bQQ==
age: 55
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4188cdc21a8632a1a1bcfb1f7e48723b
c1a44e0f6b6d9a03b5fc5e5d690c49f1d138459a
203e5bbb729ab1311c2d16e09fe98ba544d298aa19ac634b1008369dc226f444
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "203E5BBB729AB1311C2D16E09FE98BA544D298AA19AC634B1008369DC226F444"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 08:37:05 GMT
Date: Fri, 09 Dec 2022 02:37:05 GMT
Connection: keep-alive
cdn.holmesmind.com/image/14355/e1c83b3a9f9016afce9892009e345898.jpg
54.230.111.38200 OK 100 kB URL HTTP/2 cdn.holmesmind.com/image/14355/e1c83b3a9f9016afce9892009e345898.jpg
IP 54.230.111.38:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Size 100 kB (100401 bytes)
Hash 07b4a3871a1e4d499e115d0006138122
d974c9c6d9c1c53a57de6a90a734046d3826ff7e
f635f7f1ef51e84105ef163f7096a4b1a3b535736238487b81577e8a0cc4cdb7
GET /image/14355/e1c83b3a9f9016afce9892009e345898.jpg HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 100401
date: Fri, 09 Dec 2022 02:22:59 GMT
last-modified: Fri, 09 Dec 2022 01:06:38 GMT
etag: "07b4a3871a1e4d499e115d0006138122"
x-amz-version-id: nJpvtdjabtlKEWeYqLqaXipKX_uV9Yjb
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5oGIrahgTGE8FFkqDxEGjR5bIeMyI1CQO81ZmAwbfaDfJewkDVQ0XA==
age: 847
X-Firefox-Spdy: h2
cdn.holmesmind.com/image/14355/e1c83b3a9f9016afce9892009e345898.jpg
54.230.111.38304 Not Modified 0 B URL HTTP/2 cdn.holmesmind.com/image/14355/e1c83b3a9f9016afce9892009e345898.jpg
IP 54.230.111.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /image/14355/e1c83b3a9f9016afce9892009e345898.jpg HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Fri, 09 Dec 2022 01:06:38 GMT
If-None-Match: "07b4a3871a1e4d499e115d0006138122"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 09 Dec 2022 02:22:59 GMT
last-modified: Fri, 09 Dec 2022 01:06:38 GMT
etag: "07b4a3871a1e4d499e115d0006138122"
x-amz-version-id: nJpvtdjabtlKEWeYqLqaXipKX_uV9Yjb
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: L3ybspS1i8AW2WUdIcya4OR5Tscm7Jyv4wqXEdcXpuBXE-ENYqfDzQ==
age: 847
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.12333737018623103
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.12333737018623103
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.12333737018623103 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 457
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:05 GMT
prebid.scupio.com/recweb/prebid.aspx?cb=0.6572811123097783
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.6572811123097783
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6572811123097783 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:05 GMT
prebid.scupio.com/recweb/prebid.aspx?cb=0.8522013960162442
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.8522013960162442
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.8522013960162442 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:05 GMT
prebid.scupio.com/recweb/prebid.aspx?cb=0.5932616338908295
210.59.219.181204 No Content 0 B URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.5932616338908295
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.5932616338908295 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:05 GMT
static.xx.fbcdn.net/rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz
157.240.221.16200 OK 88 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.221.16:0
Hash 779cc28a35c7a8047e6af135fdf0d766
e0f8c5f5a5f1552c056c779b7a6cbf84df364808
ac8658ca1e26f87d355dc0b1d8dfbf972b2f753fb528c20733ec6d370300dba4
GET /rsrc.php/v3/yG/r/h8ulkmpky8f.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 30 Nov 2023 10:50:05 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lbhbphR1BNPxW6RqDJiiow==
x-fb-debug: uHL412O7Rk+HFmsqFfVmlQDld3+xyf6ra5jE1O6eoiul/yVns1Om5SrABoQ5NBv03Yh3h3JE/owXpKx9AR1LqA==
priority: u=3,i
content-length: 15174
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:37:03 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.40.113307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.40.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=JdQId9-bCviLiO-BUZ-SYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=JdQId9-bCviLiO-BUZ-SYw; Path=/; Domain=c.appier.net; Expires=Sat, 09 Dec 2023 02:37:05 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.40.113307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.40.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=42iXW6vZC3OTrokeUZ-SYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=42iXW6vZC3OTrokeUZ-SYw; Path=/; Domain=c.appier.net; Expires=Sat, 09 Dec 2023 02:37:05 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.40.113307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.40.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=VrSSiuPdDuuYKWP-UZ-SYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=VrSSiuPdDuuYKWP-UZ-SYw; Path=/; Domain=c.appier.net; Expires=Sat, 09 Dec 2023 02:37:05 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.40.113307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.40.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 09 Dec 2022 02:37:05 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=ZnMXgHxuDESeLZgGUZ-SYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=ZnMXgHxuDESeLZgGUZ-SYw; Path=/; Domain=c.appier.net; Expires=Sat, 09 Dec 2023 02:37:05 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
img.scupio.com/img/2011_gym/970x250.png
143.204.55.37200 OK 88 kB URL HTTP/2 img.scupio.com/img/2011_gym/970x250.png
IP 143.204.55.37:0
File type PNG image data, 970 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 631554deae2879a2037e0edf55de2f82
56f44bfa0e33195c2ecf0524cbf985a8e23295d1
5c4e555f2cdb1d2c4bc4bd48cf25afb9944c1faed58be0725a8222e9fe2dd67e
GET /img/2011_gym/970x250.png HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 87751
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:31:40 GMT
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:00:58 GMT
expires: Sat, 09 Dec 2023 02:00:58 GMT
cache-control: max-age=31536000
etag: "607cf99c-156c7"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4pdVJ-ipCRfT-UGykNuSYMwvzwVfUR3C9MIUy4Ktx6tHSfbmLqG6kA==
age: 2168
vary: Origin
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1670553423516&hb=1&ver=1.21
35.75.34.66200 OK 1.2 kB URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1670553423516&hb=1&ver=1.21
IP 35.75.34.66:0
Hash c5da937dde533029d403104e4882ca70
69a2be93d587f9a34aca0baa112d6f5c0f0bca6a
db0d68c8310ad3ad44dbd60b3a770372cadd8d04751f072970691fbf38a3d1dd
POST /adserver/prebid.json?cb=1670553423516&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 41
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash b72f41850a992518935d45c068afe7ba
ad358dd2389a6e3ae2b093090bf213f93a4041ee
f283d76ffa5aa35b13ec1610964ef9e8766c4700710f94256a9e9be79761495d
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:00 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash b72f41850a992518935d45c068afe7ba
ad358dd2389a6e3ae2b093090bf213f93a4041ee
f283d76ffa5aa35b13ec1610964ef9e8766c4700710f94256a9e9be79761495d
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:00 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash b72f41850a992518935d45c068afe7ba
ad358dd2389a6e3ae2b093090bf213f93a4041ee
f283d76ffa5aa35b13ec1610964ef9e8766c4700710f94256a9e9be79761495d
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:00 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
t.ssp.hinet.net/utag.js
203.75.214.136200 OK 4.2 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 1dd7fcbae9be36befb77c9f871fdb2b6
bc10a71c2a7355cc694869a7a5537f5b633ee8f8
28e0e6c425cbdfa1009f71ee8faae8c3228b4533e0f6bbe08a89f4325480efc4
GET /utag.js HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: application/javascript
last-modified: Wed, 16 Nov 2022 03:58:03 GMT
vary: Accept-Encoding
etag: W/"63745fcb-142e"
expires: Fri, 09 Dec 2022 02:47:04 GMT
cache-control: max-age=600
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.publicca.hinet.net/OCSP/ocspG2
210.71.154.18200 OK 1.8 kB URL HTTP/1.1 ocsp.publicca.hinet.net/OCSP/ocspG2
IP 210.71.154.18:0
ASN #3462 Data Communication Business Group
Hash b72f41850a992518935d45c068afe7ba
ad358dd2389a6e3ae2b093090bf213f93a4041ee
f283d76ffa5aa35b13ec1610964ef9e8766c4700710f94256a9e9be79761495d
POST /OCSP/ocspG2 HTTP/1.1
Host: ocsp.publicca.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:37:00 GMT
Content-Length: 1773
Content-Type: application/ocsp-response
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 32e23db68e6459cedb27f9a1b43182b5
4bf54accce9d81647a83046153f16f328b171d1a
52f39bb67168ff0cab603f7e6c719708da5ca2db7e307b4751099865ddad4380
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5401
Cache-Control: max-age=160538
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:06 GMT
Etag: "63925a53-138"
Expires: Sat, 10 Dec 2022 23:12:44 GMT
Last-Modified: Thu, 08 Dec 2022 21:42:43 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 312
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/show_ads.js
172.217.21.162200 OK 34 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP 172.217.21.162:0
File type ASCII text, with very long lines (3583)
Hash cfec7a5830840ff4fec9559a3d7280e6
daf4d81b07a14b336ff6005d383c392307567889
0941cce29135df31c4827b0a5d835ff0fbce73014be73f9857c574b989a00b17
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 09 Dec 2022 02:37:06 GMT
expires: Fri, 09 Dec 2022 02:37:06 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 588612896702097000
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 34239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 721 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
Hash 1b7f1ee9e99ac4fdd528ee0674620f9f
8c950fb02a8f1f1762d50e2ea7d3d093807a768f
062c796e3b023877c86b940646abde9893ffd9e251f14edeca839d02a3f3fe57
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 427
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Fri, 09 Dec 2022 02:37:06 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=5db5e1f8-aca9-48ec-85fe-d97580ccf4b0; Max-Age=864000; Path=/; SameSite=lax
uuid=5db5e1f8-aca9-48ec-85fe-d97580ccf4b0; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 428
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Fri, 09 Dec 2022 02:37:06 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=024a0c38-7db9-4e86-89a7-ab2ae8a41e44; Max-Age=864000; Path=/; SameSite=lax
uuid=024a0c38-7db9-4e86-89a7-ab2ae8a41e44; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
prebid.cht.hinet.net/api/v1/request/prebid.json
203.75.213.62200 OK 2 B URL HTTP/1.1 prebid.cht.hinet.net/api/v1/request/prebid.json
IP 203.75.213.62:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
POST /api/v1/request/prebid.json HTTP/1.1
Host: prebid.cht.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 427
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.1
Date: Fri, 09 Dec 2022 02:37:06 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
set-cookie: uuid=317682da-eda6-4b68-ab6b-6fefd0641dcb; Max-Age=864000; Path=/; SameSite=lax
uuid=317682da-eda6-4b68-ab6b-6fefd0641dcb; Domain=hinet.net; Max-Age=864000; Path=/; SameSite=lax
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
vary: Origin
Strict-Transport-Security: max-age=0
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.4764767285061313
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.4764767285061313
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 5921c9de35e056bd3eb538de5b16f895
bbc75f741dce1986c35a10fe61a13a8b29d33150
03dba50067e3289334d195afd4e8c0afcf642c9fff12ec85e29aaa9e381ad936
POST /adpinline/bidinfo.aspx?cb=0.4764767285061313 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1276
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ceditb1jmxmdz1khxjjwwq2e; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=ceditb1jmxmdz1khxjjwwq2e; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CDA20221209103706975364; domain=scupio.com; expires=Thu, 09-Dec-2027 02:37:06 GMT; path=/; secure; SameSite=None
gx=H4sIANIPk2MA%2fxNmYGDg4uY4dPvpns5na6wFWIVYOOwFmADoJTTIFwAAAA%3d%3d; domain=scupio.com; expires=Sat, 09-Dec-2023 02:37:06 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Fri, 16-Dec-2022 02:37:06 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:06 GMT
Content-Length: 1481
bidder.criteo.com/cdb?ptv=132&profileId=184&cb=19424101079
178.250.2.131200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=184&cb=19424101079
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 925e57e32899887232274469d27db86e
856e4bf1fb3537f1b88fdb1fdbbc5eaca9793020
2bce86b77484acf49584354168daf3bd14fd1a6f710a2a9defa5a122b7fbdeee
POST /cdb?ptv=132&profileId=184&cb=19424101079 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=184&cb=40803773676
178.250.2.131200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=184&cb=40803773676
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ee879b828264dfa59583546e6a6013f9
7a510f2ca20a1fe7892a7b785fe6059f8683ec2b
1ad991883a525f12c48c23ae4b1f98b31d39e0c15c31540c250f9d32ebab6dbc
POST /cdb?ptv=132&profileId=184&cb=40803773676 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=184&cb=35770553287
178.250.2.131200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=184&cb=35770553287
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ecb5ac8de2c8088b48708be6258aae71
e407c1b7a0a3d83110787510de4086ba51a78922
7b094e020ec4e939ae0dfa1f70d07c90ebd6e47967f4a38b68a86bac9ba2ec0d
POST /cdb?ptv=132&profileId=184&cb=35770553287 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.5028751015404518
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.5028751015404518
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash b57feee5299b9bfbb76dd1bf07cf01b1
22ae9c20d573ae7fa0c2d0a3879d14885e8467d3
b5a4f1033ca0d6d749920798fe8b22b6ba893a9ad01123de2b9613a8dbb3d2ed
POST /adpinline/bidinfo.aspx?cb=0.5028751015404518 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 920
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=v5flit45tvdppxoxyai5bbz1; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=v5flit45tvdppxoxyai5bbz1; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CYA20221209103706912942; domain=scupio.com; expires=Thu, 09-Dec-2027 02:37:06 GMT; path=/; secure; SameSite=None
gx=H4sIANIPk2MA%2fxNmYGDg4ua4sHj2vs5na6wFWIVYOOwFmACwe84hFwAAAA%3d%3d; domain=scupio.com; expires=Sat, 09-Dec-2023 02:37:06 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Fri, 16-Dec-2022 02:37:06 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:06 GMT
Content-Length: 1479
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
104.85.187.217301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
IP 104.85.187.217:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
date: Fri, 09 Dec 2022 02:37:07 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0RBMjAyMjEyMDkxMDM3MDY5NzUzNjQ%3d&layout=js
216.58.207.226302 Found 368 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0RBMjAyMjEyMDkxMDM3MDY5NzUzNjQ%3d&layout=js
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash a8d0e85a59ffa5e997af645b4a678368
ffabeb1aed99da6cb5a1a01a38f5b3e2abb79017
7c1117dc08e314f98374cf2bea73fdef23cc011d569b6065299d95e86a3b5eea
GET /pixel?google_nid=bw_cookie&google_cm&google_ula=3918219&google_hm=Q0RBMjAyMjEyMDkxMDM3MDY5NzUzNjQ%3d&layout=js HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=bw_cookie&google_cm=&google_ula=3918219&google_hm=Q0RBMjAyMjEyMDkxMDM3MDY5NzUzNjQ%3D&layout=js&google_tc=
date: Fri, 09 Dec 2022 02:37:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 368
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:52:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Dec 2022 02:37:07 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
wp.re-news.tw/wp-content/uploads/2022/11/pic2.png
35.185.136.122200 OK 685 kB URL HTTP/2 wp.re-news.tw/wp-content/uploads/2022/11/pic2.png
IP 35.185.136.122:0
File type PNG image data, 1584 x 779, 8-bit/color RGBA, non-interlaced\012- data
Size 685 kB (685184 bytes)
Hash 36b2f4ec5641aa56d729cf76c0f3c59b
9b9b31e1b1b52e11dd09f9a7a6b12cd08c15d895
e25d59657b08bb4df9cbc2b13536bb5825c12e92e3c9bbd3b346390acdf0de4e
GET /wp-content/uploads/2022/11/pic2.png HTTP/1.1
Host: wp.re-news.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: image/png
content-length: 685184
last-modified: Sat, 05 Nov 2022 05:13:12 GMT
etag: "a7480-5ecb23f3cd354"
accept-ranges: bytes
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CDA20221209103706975364
192.96.203.13302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CDA20221209103706975364
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CDA20221209103706975364 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=d46fa354-9b29-31c8-bcbc-9af747ba5c72; Domain=.aralego.com; Path=/; Expires=Sat, 09 Dec 2023 02:37:07 GMT; Secure; SameSite=None
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 111
Date: Fri, 09 Dec 2022 02:37:07 GMT
Connection: close
video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2
157.240.240.2200 OK 1.5 kB URL HTTP/2 video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2
IP 157.240.240.2:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 00085408f70acc372b60da2f13146fe3
3165381f3ad4db8d10b15f56bad1a1df3245b6e4
9b48a36b254347c2282f04868a44b0e7672fbcb7e781f253ee967e0e198277bb
GET /hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2 HTTP/1.1
Host: video-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
etag: e73b7c7dccd195b33d6ec60c1947a066
x-fb-content-creation-ts: 1670553427
content-type: application/dash+xml
x-fb-latest-segment-ts: 1324106
content-encoding: gzip
content-length: 1481
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fb-origin-hit: 1
cache-control: max-age=1
access-control-expose-headers: Date, x-fb-video-replica, proxy-status, X-FB-ONE, X-FB-ONE-VARIANT, x-fb-dynamic-state, x-fb-dynamic-live-heads, x-fb-dynamic-bitrates, x-fb-dynamic-latest-segment-id, x-fb-segment-pts-start, x-fb-next-valid-segment-id, x-fb-dynamic-quality-backup, x-fb-dynamic-predictive-response-chunk-size, X-FB-Video-Broadcast-Ended, x-fb-fna-hit, x-fb-edge-hit, x-fb-origin-hit, X-FB-Connection-Quality, x-fb-response-time-ms, x-fb-dynamic-latest-segment-id, x-bwe-mean, x-bwe-std-dev, x-fb-dynamic-status, x-mrtt-ms, x-fb-dynamic-client-wallclock-ms, x-fb-dynamic-client-wallclock-offset-ms, x-fb-dynamic-server-wallclock-ms, x-fb-dynamic-response-wallclock-ms, x-fb-dynamic-rtt-ms, x-fb-ull-ssbwe-v1
x-fb-trip-id: 207616858
date: Fri, 09 Dec 2022 02:37:07 GMT
x-fb-edge-hit: 0
x-fb-edge-debug: 5h3XfN8oMSir6vKYYZ5i4ie87vvRArAGWLMWPodR_oqSkicYiZbrOSLOI47K54EwCWmUt0Y4unXyUUMWM-EFpMRNxc9ACj17iKrPFYSved8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: https://www.facebook.com
vary: Origin, Origin
X-Firefox-Spdy: h2
video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2
157.240.240.2200 OK 1.5 kB URL HTTP/2 video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2
IP 157.240.240.2:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 00085408f70acc372b60da2f13146fe3
3165381f3ad4db8d10b15f56bad1a1df3245b6e4
9b48a36b254347c2282f04868a44b0e7672fbcb7e781f253ee967e0e198277bb
GET /hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-abr-ibr-audio/200963182457341.mpd?ccb=2-4&ms=m_CTPA&sc_t=1&oh=00_AfBFbgnZ9OK2TyZijkxaNJkPedAoRAE12nJVGb28Eq_4Rw&oe=639411A2 HTTP/1.1
Host: video-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
etag: e73b7c7dccd195b33d6ec60c1947a066
x-fb-content-creation-ts: 1670553427
content-type: application/dash+xml
x-fb-latest-segment-ts: 1324106
content-encoding: gzip
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fb-origin-hit: 1
cache-control: max-age=1
access-control-expose-headers: Date, x-fb-video-replica, proxy-status, X-FB-ONE, X-FB-ONE-VARIANT, x-fb-dynamic-state, x-fb-dynamic-live-heads, x-fb-dynamic-bitrates, x-fb-dynamic-latest-segment-id, x-fb-segment-pts-start, x-fb-next-valid-segment-id, x-fb-dynamic-quality-backup, x-fb-dynamic-predictive-response-chunk-size, X-FB-Video-Broadcast-Ended, x-fb-fna-hit, x-fb-edge-hit, x-fb-origin-hit, X-FB-Connection-Quality, x-fb-response-time-ms, x-fb-dynamic-latest-segment-id, x-bwe-mean, x-bwe-std-dev, x-fb-dynamic-status, x-mrtt-ms, x-fb-dynamic-client-wallclock-ms, x-fb-dynamic-client-wallclock-offset-ms, x-fb-dynamic-server-wallclock-ms, x-fb-dynamic-response-wallclock-ms, x-fb-dynamic-rtt-ms, x-fb-ull-ssbwe-v1
content-length: 1481
x-fb-trip-id: 207616858
date: Fri, 09 Dec 2022 02:37:07 GMT
x-fb-edge-hit: 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: https://www.facebook.com
vary: Origin, Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=reurl.cc
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 09 Dec 2022 02:37:07 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/av?p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355&type=0
35.75.34.66200 OK 24 kB URL HTTP/2 ad.holmesmind.com/adserver/av?p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355&type=0
IP 35.75.34.66:0
Hash b4b70a09147762ea1cca0230081c423b
9c82a9a94b663c3da3001f0b810de434fa2a7a51
d3e74b96016d25ebe999345b3777631711b04991f98eaa7b31b9af4e7adc8d3e
GET /adserver/av?p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355&type=0 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
216.58.207.194200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Fri, 09 Dec 2022 02:37:07 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 266
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:06 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 322 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 13325355c6bbf507645da0e73d07536f
cfd074f35f6da5922c4bae7d3a10ee0c8e133c5e
3a174fad0ab885d6531fbddf5f2c23ab3007a642bf6df12cd94503fe553d6d4c
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=c1298d8d-7f19-4f3c-b735-cc5c7baf0a7a; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18728)
Hash 8deb7dbc8b2c345210076315246d243e
48da2b0f96ae0319416cd069c090acef1217dd08
792653092209c4e0ac57fbffab14833a2d9c4cbf4e7d37ff12aa82aa57efc152
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 08 Dec 2022 23:42:39 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=75915
Expires: Fri, 09 Dec 2022 23:42:22 GMT
Date: Fri, 09 Dec 2022 02:37:07 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 61774d39caf6116c5f631a66e57630f4
5e26a41cc5e6409e441b1a40a150e70e331fe58a
a98d67df9ebfa7282ceec988489abadc2737b5e029e1f1cc514612681ec0ca80
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5322
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Last-Modified: Fri, 09 Dec 2022 01:08:25 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 313
img.scupio.com/html/ls.html
143.204.55.37200 OK 1.2 kB URL HTTP/2 img.scupio.com/html/ls.html
IP 143.204.55.37:0
Hash d15c9f1d36d39ec76bb513234e3be9e3
7d24901a2aff0584bce520fd9252400c96b82f80
4eed2cf3b171a6be77deaddccc8cccfecd03c8599347f3672401deb1c941da63
GET /html/ls.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 01:55:00 GMT
expires: Fri, 16 Dec 2022 01:53:59 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RsQd4PkDfJXKKQgqRkix1J8rve7KC_Vy5UgFyBD9kwxCHkVsNvkdNA==
age: 2587
vary: Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=ZQJj7180M0RITmhlJTJCZkMwOUJGQlhaMUN2czdjWW5VTnJ6d1NQdXg4eW9ObWZxS1VIMXcxYzNTMkJUJTJGaEdzUW5BMmJ4cw; expires=Wed, 03 Jan 2024 02:37:07 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 297866
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
151.101.66.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 151.101.66.133:0
Hash 3cf813a44cc02d608dc11481d656f79f
a1241d7aadaa567a01d71929c10d70730e5f1d3a
4afefc47ddcc96c43ecf7f30075c57bbfc8c6863366d80007511cd15ad721f2f
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1414
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 13 Dec 2022 02:08:39 GMT
ETag: "a1241d7aadaa567a01d71929c10d70730e5f1d3a"
Last-Modified: Fri, 09 Dec 2022 02:08:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 02:37:07 GMT
Age: 1707
X-Served-By: cache-qpg1235-QPG, cache-bma1681-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 24, 3
X-Timer: S1670553428.781772,VS0,VE0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 18cc322e73c8b494d8f43b0922588f04
e328ef83b8b4735aa93cd68ab1eb850f16c10c81
4f8f8fa8fd32fb03501eedd8474a922a448744d0464844314923ba1672c995bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=2d2tZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSzZxN1dzNHZ0Y2M2V2s0eVBYJTJGbzc1; expires=Wed, 03 Jan 2024 02:37:07 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 289587
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
35.71.131.137200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 35.71.131.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b9fca58b89602b3894ef9642bc27ea3a
e6e8e93b2e314a95eedf178e69c20c4e4a2c55b8
ec626f763a90a8ffcd5979a3a862b6f36a2ae70c17c3e48d9d6b439e2997d943
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5561
Cache-Control: max-age=118593
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Etag: "6391b5db-139"
Expires: Sat, 10 Dec 2022 11:33:40 GMT
Last-Modified: Thu, 08 Dec 2022 10:00:59 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b9fca58b89602b3894ef9642bc27ea3a
e6e8e93b2e314a95eedf178e69c20c4e4a2c55b8
ec626f763a90a8ffcd5979a3a862b6f36a2ae70c17c3e48d9d6b439e2997d943
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5560
Cache-Control: max-age=118592
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:07 GMT
Etag: "6391b5db-139"
Expires: Sat, 10 Dec 2022 11:33:39 GMT
Last-Modified: Thu, 08 Dec 2022 10:00:59 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F14210&adk=2180255949&adf=3653020618&pi=t.ma~as.2784%2F14210&w=300&url=https%3A%2F%2Freurl.cc%2FgvjOLp&ea=0&wgl=1&dt=1670553425898&bpp=15&bdt=M&idt=856&shv=r20221206&mjsv=m202212060101&ptt=5&saldr=sa&correlator=3804882616186&frm=23&ife=1&pv=2&ga_vid=573891734.1670553423&ga_sid=1670553427&ga_hid=567915816&ga_fc=1&nhd=2&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=484&ady=108&biw=1268&bih=939&isw=300&ish=250&ifk=1900172581&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777877%2C44777506%2C31071250&oid=2&pvsid=1104544433664311&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.e7wpsoup1w8c&fsb=1&dtd=986
142.250.74.162200 OK 24 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F14210&adk=2180255949&adf=3653020618&pi=t.ma~as.2784%2F14210&w=300&url=https%3A%2F%2Freurl.cc%2FgvjOLp&ea=0&wgl=1&dt=1670553425898&bpp=15&bdt=M&idt=856&shv=r20221206&mjsv=m202212060101&ptt=5&saldr=sa&correlator=3804882616186&frm=23&ife=1&pv=2&ga_vid=573891734.1670553423&ga_sid=1670553427&ga_hid=567915816&ga_fc=1&nhd=2&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=484&ady=108&biw=1268&bih=939&isw=300&ish=250&ifk=1900172581&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777877%2C44777506%2C31071250&oid=2&pvsid=1104544433664311&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.e7wpsoup1w8c&fsb=1&dtd=986
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (57933), with no line terminators
Hash 97f34fd2f3bd795b4c0facb539a25c89
daef67d4cfb64161c8066fc81ff22e13fd51e09f
ab7cb7d2670d52c061cec86721b09d26e6806f763166b9633a44ceb82d061429
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F14210&adk=2180255949&adf=3653020618&pi=t.ma~as.2784%2F14210&w=300&url=https%3A%2F%2Freurl.cc%2FgvjOLp&ea=0&wgl=1&dt=1670553425898&bpp=15&bdt=M&idt=856&shv=r20221206&mjsv=m202212060101&ptt=5&saldr=sa&correlator=3804882616186&frm=23&ife=1&pv=2&ga_vid=573891734.1670553423&ga_sid=1670553427&ga_hid=567915816&ga_fc=1&nhd=2&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=484&ady=108&biw=1268&bih=939&isw=300&ish=250&ifk=1900172581&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777877%2C44777506%2C31071250&oid=2&pvsid=1104544433664311&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.e7wpsoup1w8c&fsb=1&dtd=986 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Dec 2022 02:37:07 GMT
server: cafe
content-length: 24321
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:52:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Dec 2022 02:37:07 GMT
cache-control: private
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
178.250.2.146200 OK 84 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
IP 178.250.2.146:0
Hash 7b85f34dce130ee971e21117bcdf974e
9ee3c64bf8d00d3cece7c4aa3317951c8f2b320b
d3634ff851a0bda8d77dc2548da14e5114e915688c8747a7ea784346b94646e8
GET /syncframe?origin=publishertag&topUrl=reurl.cc HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=a3cbb7f8-bd03-4561-b121-2c2763e27294; expires=Wed, 03 Jan 2024 02:37:06 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 675383
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.4189874881359349
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.4189874881359349
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash dede670e27a5bdde04e5ff234d456fef
563f497be2d0f5cc7f805048d0c2595db3fe0875
cad52cb23d0f73f0692cbc88dd45d8a2e526658435eee138e869da10a6d76b66
GET /ssp/initid.aspx?mode=L&cb=0.4189874881359349 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=wvpojbvkcvprh3ondqkthu2o; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:07 GMT
Content-Length: 160
adcdn.holmesmind.com/adserver/Preset.js?z=13847
143.204.55.65200 OK 936 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP 143.204.55.65:0
Hash 403f805abcc2b5f8a720f07f86183530
4c0ebd944fe82e76c9f6d9c219beee01d7a6fe72
ce4e111561254583936add56848c93406985c21581dae2b43f62d73ace1d5ca3
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 02:32:37 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 568aNF04ZWLWMqOl1D-gCvj2SB4WmOMLztfnXNwkDb7crb0ZC137rw==
age: 266
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.165200 OK 304 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.165:0
Hash 9563645d0a8c3578fc96556619d2a773
c3f9c6589a7c0b4b37f18befdca747df2011a464
85764105ba24ae182d4a3bc15bddc7132f746a70177cf0354251c1059aafc0db
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 164341
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-init.m4v?ms=m_C&ccb=2-4&sc_t=1
157.240.240.2200 OK 658 B URL HTTP/2 video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-init.m4v?ms=m_C&ccb=2-4&sc_t=1
IP 157.240.240.2:0
File type ISO Media, MP4 Base Media v6 \012- data
Hash 4f780e3ccc5a3010a690f4b899dae687
2261da913eeaa92a81ed1b69ad40700891d2e8da
799da09ca63ed01c599ccd8cb9c4b6972932cf3deb1fdc07947c104a2e52af9c
GET /hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-init.m4v?ms=m_C&ccb=2-4&sc_t=1 HTTP/1.1
Host: video-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: video/mp4
etag: f834e46a332b395a9dbecbc9f8e853f6
x-fb-video-livetrace-encoding: dash-lp-qd
content-length: 658
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fb-origin-hit: 1
cache-control: max-age=900
access-control-expose-headers: Date, x-fb-video-replica, proxy-status, X-FB-ONE, X-FB-ONE-VARIANT, x-fb-dynamic-state, x-fb-dynamic-live-heads, x-fb-dynamic-bitrates, x-fb-dynamic-latest-segment-id, x-fb-segment-pts-start, x-fb-next-valid-segment-id, x-fb-dynamic-quality-backup, x-fb-dynamic-predictive-response-chunk-size, X-FB-Video-LiveTrace-Ids, X-FB-Video-LiveTrace-ParentSource, X-FB-Video-LiveTrace-Encoding, X-FB-Video-LiveTrace-StreamType, x-fb-fna-hit, x-fb-edge-hit, x-fb-origin-hit, X-FB-Connection-Quality, x-fb-response-time-ms, x-fb-dynamic-latest-segment-id, x-bwe-mean, x-bwe-std-dev, x-fb-dynamic-status, x-mrtt-ms, x-fb-dynamic-client-wallclock-ms, x-fb-dynamic-client-wallclock-offset-ms, x-fb-dynamic-server-wallclock-ms, x-fb-dynamic-response-wallclock-ms, x-fb-dynamic-rtt-ms, x-fb-ull-ssbwe-v1
x-fb-trip-id: 207616858
x-fb-response-time-ms: 104
date: Fri, 09 Dec 2022 02:37:08 GMT
x-fb-video-livetrace-parentsource: CDN:elb:M:lcy1c01:dash-lp-qd:8036
x-fb-edge-hit: 0
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-1320106.m4v?ms=m_C&ccb=2-4&sc_t=1
157.240.240.2200 OK 36 kB URL HTTP/2 video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-1320106.m4v?ms=m_C&ccb=2-4&sc_t=1
IP 157.240.240.2:0
Hash 963be7f9c74bfb655fac4c44aff59d38
b493aeb19b9b40f69e8c9c36f9571eb1254bd878
b2d3ac1aed6be86cfa21db7ad97e3e2a153213212c1fb53bfd7f0de8ad553048
GET /hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-v/200963182457341_0-1320106.m4v?ms=m_C&ccb=2-4&sc_t=1 HTTP/1.1
Host: video-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: video/mp4
etag: fffee49b76dbe70376b66fb65576b543
x-fb-video-livetrace-ids: 3071286660:1321240
x-fb-video-livetrace-encoding: dash-lp-qd
content-length: 35692
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fb-origin-hit: 1
cache-control: max-age=900
access-control-expose-headers: Date, x-fb-video-replica, proxy-status, X-FB-ONE, X-FB-ONE-VARIANT, x-fb-dynamic-state, x-fb-dynamic-live-heads, x-fb-dynamic-bitrates, x-fb-dynamic-latest-segment-id, x-fb-segment-pts-start, x-fb-next-valid-segment-id, x-fb-dynamic-quality-backup, x-fb-dynamic-predictive-response-chunk-size, X-FB-Video-LiveTrace-Ids, X-FB-Video-LiveTrace-ParentSource, X-FB-Video-LiveTrace-Encoding, X-FB-Video-LiveTrace-StreamType, x-fb-fna-hit, x-fb-edge-hit, x-fb-origin-hit, X-FB-Connection-Quality, x-fb-response-time-ms, x-fb-dynamic-latest-segment-id, x-bwe-mean, x-bwe-std-dev, x-fb-dynamic-status, x-mrtt-ms, x-fb-dynamic-client-wallclock-ms, x-fb-dynamic-client-wallclock-offset-ms, x-fb-dynamic-server-wallclock-ms, x-fb-dynamic-response-wallclock-ms, x-fb-dynamic-rtt-ms, x-fb-ull-ssbwe-v1
x-fb-trip-id: 207616858
x-fb-response-time-ms: 105
date: Fri, 09 Dec 2022 02:37:08 GMT
x-fb-video-livetrace-parentsource: CDN:elb:M:lcy1c01:dash-lp-qd:8045
x-fb-edge-hit: 0
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-a/200963182457341_0-1320106.m4a?ms=m_C&ccb=2-4&sc_t=1
157.240.240.2200 OK 25 kB URL HTTP/2 video-lcy1-1.xx.fbcdn.net/hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-a/200963182457341_0-1320106.m4a?ms=m_C&ccb=2-4&sc_t=1
IP 157.240.240.2:0
Hash 6f96897bb2d9e73aed6300a7f42c3e41
28a116297a65e39598219130efab37f05fbb3e1c
440b2a3a34c9b808232a2cc05bc36504e71047624e0f4b76520b5bbcb244fcde
GET /hvideo-pnb-vll/_nc_cat-103/_nc_sr_t-4/v/rASdYK9QIU7WjgIAqvBWFcveYwTTpaN1I0Nnq4xrtK5w_2A/_nc_ohc-01b1Xd8FDJEAX9rd0ZE/live-dash/dash-lp-qd-a/200963182457341_0-1320106.m4a?ms=m_C&ccb=2-4&sc_t=1 HTTP/1.1
Host: video-lcy1-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: video/mp4
etag: 7db36a4703a59b3beb9f89d81145610c
x-fb-video-livetrace-encoding: dash-lp-qd
content-length: 24705
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fb-origin-hit: 1
cache-control: max-age=900
access-control-expose-headers: Date, x-fb-video-replica, proxy-status, X-FB-ONE, X-FB-ONE-VARIANT, x-fb-dynamic-state, x-fb-dynamic-live-heads, x-fb-dynamic-bitrates, x-fb-dynamic-latest-segment-id, x-fb-segment-pts-start, x-fb-next-valid-segment-id, x-fb-dynamic-quality-backup, x-fb-dynamic-predictive-response-chunk-size, X-FB-Video-LiveTrace-Ids, X-FB-Video-LiveTrace-ParentSource, X-FB-Video-LiveTrace-Encoding, X-FB-Video-LiveTrace-StreamType, x-fb-fna-hit, x-fb-edge-hit, x-fb-origin-hit, X-FB-Connection-Quality, x-fb-response-time-ms, x-fb-dynamic-latest-segment-id, x-bwe-mean, x-bwe-std-dev, x-fb-dynamic-status, x-mrtt-ms, x-fb-dynamic-client-wallclock-ms, x-fb-dynamic-client-wallclock-offset-ms, x-fb-dynamic-server-wallclock-ms, x-fb-dynamic-response-wallclock-ms, x-fb-dynamic-rtt-ms, x-fb-ull-ssbwe-v1
priority: u=3,i
x-fb-trip-id: 207616858
x-fb-response-time-ms: 108
date: Fri, 09 Dec 2022 02:37:08 GMT
x-fb-video-livetrace-parentsource: CDN:elb:M:lcy1c01:dash-lp-qd:8046
x-fb-edge-hit: 0
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7f699af9ca7843cb9e6a1b7576c2940c
cce981996a863a63f9a8c497fbcebf5eae75607f
1c89b2002df4a7655407dab0a7d4d8bb74a3f8f7ef72d62c649a08a7b6cb64e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7f699af9ca7843cb9e6a1b7576c2940c
cce981996a863a63f9a8c497fbcebf5eae75607f
1c89b2002df4a7655407dab0a7d4d8bb74a3f8f7ef72d62c649a08a7b6cb64e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js
216.58.207.193200 OK 9.4 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221206/r20110914/abg_lite_fy2021.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1592)
Hash 5a5aa8d035ffaad9c0b8653b0a412d2f
f09fe4da7a3d328089a611e314d326aa5cb598f5
de6d29b666b737e039c2de5bedaf81dda437c47a79e17d0d10f188358916187a
GET /pagead/js/r20221206/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9443
x-xss-protection: 0
date: Thu, 08 Dec 2022 18:25:11 GMT
expires: Thu, 22 Dec 2022 18:25:11 GMT
cache-control: public, max-age=1209600
age: 29517
etag: 9828741834572772835
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js
216.58.207.193200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1542)
Hash 6f59900fa87e133bae329372aebefe36
260937d2934233c07b112f3564ec9eca7b529fd7
156c12ec7d6973b5742504716567b70740dd66bee9cc0e1a1608df56e77011fd
GET /pagead/js/r20221206/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7480
x-xss-protection: 0
date: Thu, 08 Dec 2022 18:25:11 GMT
expires: Thu, 22 Dec 2022 18:25:11 GMT
cache-control: public, max-age=1209600
age: 29517
etag: 15631949847000551034
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20221209103706912942
192.96.203.13302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20221209103706912942
IP 192.96.203.13:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20221209103706912942 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=d46fa354-9b29-31c8-bcbc-9af747ba5c72; Domain=.aralego.com; Path=/; Expires=Sat, 09 Dec 2023 02:37:08 GMT; Secure; SameSite=None
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 111
Date: Fri, 09 Dec 2022 02:37:08 GMT
Connection: close
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.6883085775780955
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.6883085775780955
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash f7c9914078c37ec73b2b4bb32f4a7b79
78801c448f0f1a6d0c8bfa2f2f48c0f7e3672a8f
81564f4156dc43418ba68bbd59dda12885bf38561f77b58ed86ba0112dcb3eac
GET /ssp/initid.aspx?mode=L&cb=0.6883085775780955 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=p2ix330xtxghqwefwmazjxbv; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:07 GMT
Content-Length: 160
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 311
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:08 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 02:37:07 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
p4-f2hyhjpf3kzqu-ewnn6utaftsrgvu5-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
142.250.74.131200 OK 202 B URL HTTP/2 p4-f2hyhjpf3kzqu-ewnn6utaftsrgvu5-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
IP 142.250.74.131:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 216983dd5e34757a6ba7e38c8a323ef6
1a42c64deaf6be13bafc24d975c6d3f44222292c
db5757cd3f5b85815c2be92f312427c3d8302b5af1a00d260c759c085b61d339
GET /v6exp3/redir.html HTTP/1.1
Host: p4-f2hyhjpf3kzqu-ewnn6utaftsrgvu5-if-v6exp3-v4.metric.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-9FL1pRnKataI9KnHH0bLHQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 202
date: Fri, 09 Dec 2022 02:37:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.2.146200 OK 199 B IP 178.250.2.146:0
Hash 584524d13ba99a4c06d4f1f0a172c803
9a101ca7eb1d9afdfc74793b1069e0af9a5834d9
8642109a0c30e8fb381055f58cd69d0be1e8d4b8fe2d7d222083bf26149175be
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=2d2tZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSzZxN1dzNHZ0Y2M2V2s0eVBYJTJGbzc1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=b4a_al80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSlQwRHV2U0xFSEpsejFnTUVyNFFyNA; expires=Wed, 03 Jan 2024 02:37:08 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 382415
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/drt/ui
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 02:37:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.148200 OK 515 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.148:0
Hash bc0cd43ceed636a4f2039d83e402681c
f5c063bbff351c71534e8f7e480b65bc14649f4e
468de383eda455306848f10a67187090e602e3c9aead418098a84b318d9d0a44
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 86804
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=b4a_al80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSlQwRHV2U0xFSEpsejFnTUVyNFFyNA&idsd=1590629402,802081309
178.250.2.146200 OK 524 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=b4a_al80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSlQwRHV2U0xFSEpsejFnTUVyNFFyNA&idsd=1590629402,802081309
IP 178.250.2.146:0
Hash 06d162064c97b3b6ac86243f2373d840
64626fffa85eb2c824674be612fa843fd6c145c9
5b9a4705cc0a256c4339b451c0be3dcfbeb860e273173bddc6e6e2ffb9c95c83
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=b4a_al80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSlQwRHV2U0xFSEpsejFnTUVyNFFyNA&idsd=1590629402,802081309 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1299904
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 320 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
Hash 612385f47e81782688a731707cfc9dc0
cd7ece17c6909f51a5af22f94ca986b4ab47d593
b21c4a13aec8192ead567526656068c9e0163abe6ad9bc6ce55c16ff01d28f18
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 1191815
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10ae015a481b29d89da500c7d98243cf
11c12f0aeda31b6da539b9e6022033e29a124307
d654fa17b63be027de9d2554c7dc0c2d83bd57c8b343734e7f5d9d73bd87d8ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5424
Cache-Control: max-age=86413
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Etag: "639138b1-1d7"
Expires: Sat, 10 Dec 2022 02:37:21 GMT
Last-Modified: Thu, 08 Dec 2022 01:06:57 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10ae015a481b29d89da500c7d98243cf
11c12f0aeda31b6da539b9e6022033e29a124307
d654fa17b63be027de9d2554c7dc0c2d83bd57c8b343734e7f5d9d73bd87d8ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5351
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Last-Modified: Fri, 09 Dec 2022 01:07:57 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
token.rubiconproject.com/token?pid=36584
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=36584
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=36584 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 22 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 91d4898f938e4920ac88f87453b33933
1bd4a04303c2501101656075ad8304e1a84eb91e
93ecc6762eafd376cbe2fd18250fa9f12c90f9a86b481430ef29ec40716d8f35
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://img.scupio.com/
Origin: https://img.scupio.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 434491
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dmp.brand-display.com/cm/api/rubicon
34.111.151.213302 Found 121 B URL HTTP/2 dmp.brand-display.com/cm/api/rubicon
IP 34.111.151.213:0
File type HTML document, ASCII text
Hash b06bd98690496e2a7004c4f297978b1d
8c163d4230f49d8c6122951e6308891e07a7565c
7a824ffdd49dc12635d97d0e82919d9e3345c7e60976e994c9d681b66f5f6764
GET /cm/api/rubicon HTTP/1.1
Host: dmp.brand-display.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.22.1
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: text/html; charset=utf-8
content-length: 121
access-control-allow-origin: *
cache-control: max-age=3600
location: https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ed0fc728-606a-18d3-5112c591
p3p: CP='This is not a P3P policy!'
set-cookie: _knxq_=ed0fc728-606a-18d3-5112c591.1670553428.0.1670553428.1670553428; Path=/; Domain=brand-display.com; Max-Age=63072000; Secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
151.101.66.49302 Found 0 B URL HTTP/2 sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
IP 151.101.66.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~Y5KfVAAAAOG-wwAF; Path=/; Domain=.everesttech.net; Expires=Sat, 09-Dec-2023 02:37:08 GMT; Max-Age=31536000
location: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y5KfVAAAAOG-wwAF
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:37:08 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670553429.801796,VS0,VE91
cache-control: no-cache
pragma: no-cache
content-length: 0
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3b8e087d93e0b4ffe8ffa7a57021836
d67158af9f6d348ba8545fa2f6356207f772af11
ae6fc19d694b51b480ba9c8ab193e2d508997a5faf46561b1160c5fb0bfd5ff7
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5166
Cache-Control: max-age=129729
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:08 GMT
Etag: "6391e2e7-1d7"
Expires: Sat, 10 Dec 2022 14:39:17 GMT
Last-Modified: Thu, 08 Dec 2022 13:13:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y5KfVAAAAOG-wwAF
151.101.66.49200 OK 85 B URL HTTP/2 sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y5KfVAAAAOG-wwAF
IP 151.101.66.49:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 5bec6606b8392065f9da9898ca6f7b14
73ac5b01b5e3293fb792179626e7f8369cdb944d
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
GET /ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y5KfVAAAAOG-wwAF HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Fri, 09 Dec 2022 02:37:08 GMT
via: 1.1 varnish
age: 2762
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1493
x-timer: S1670553429.940251,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 85
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:08 GMT
Content-Length: 0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 298e2d6f8c909ed8f8a6c59cd4c27c50
04021c46e4d8093afe21332b9c7c4cdf7688ae30
a153b0f75e17367c5bd92d8ca60979c8db9d3a9d4de729b7810923bdcaab5595
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 773
Cache-Control: max-age=88214
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:37:09 GMT
Etag: "639151e6-1d7"
Expires: Sat, 10 Dec 2022 03:07:23 GMT
Last-Modified: Thu, 08 Dec 2022 02:54:30 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ed0fc728-606a-18d3-5112c591
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ed0fc728-606a-18d3-5112c591
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=538100&nid=5446&put=ed0fc728-606a-18d3-5112c591 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
Content-Type: image/gif
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash d036ef9979a230bde50c1f5780928e16
ecd54b1da8b36f1186ca6247aebbf6a4bbed9722
d6d744daf5be3e512df701479f6c5ffa320100d1597e35357a4a939d79edc7a7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=118858
Date: Fri, 09 Dec 2022 02:37:09 GMT
Etag: "6391b75c-1d7"
Expires: Sat, 10 Dec 2022 11:38:07 GMT
Last-Modified: Thu, 08 Dec 2022 10:07:24 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AcFG1xzh_4KPjcWRvp-7pK_1uN7uJdnIfLxfpq_vGKN7jiU15NkGnA==
Age: 5443
rbp.mxptint.net/sn.ashx
4.78.226.234302 Found 226 B IP 4.78.226.234:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 10afac283033ea97daf5ee53002bd875
9b82fb1ac20d70754dcdd1d1536b791326da61b2
a13dc5725214466172e0c28fcebcf61b463ffceb7aa3579eef4678e9c08901eb
GET /sn.ashx HTTP/1.1
Host: rbp.mxptint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B332_FA9A7EAE_949A8E30&expires=60
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Set-Cookie: mxpim=R1B332_FA9A7EAE_949A8E30.1.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063929F55; domain=mxptint.net; expires=Mon, 09-Dec-2024 02:37:09 GMT; path=/; secure; SameSite=None
Date: Fri, 09 Dec 2022 02:37:08 GMT
Content-Length: 226
Strict-Transport-Security: max-age=-353540229; includeSubDomains
pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B332_FA9A7EAE_949A8E30&expires=60
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B332_FA9A7EAE_949A8E30&expires=60
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=14321&nid=2313&put=R1B332_FA9A7EAE_949A8E30&expires=60 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
Content-Type: image/gif
sync.extend.tv/r.gif?exchange=rubicon
18.210.31.97302 Found 130 B URL HTTP/1.1 sync.extend.tv/r.gif?exchange=rubicon
IP 18.210.31.97:0
File type HTML document, ASCII text
Hash cd949a635efdc526afb6864b9449bfca
45cefcc0ca64f10b001cab1b499ebffd9f556644
55b99b5043b83093275fea213224b50db066414e45b20ab334c5a71b717ef222
GET /r.gif?exchange=rubicon HTTP/1.1
Host: sync.extend.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Dec 2022 02:37:09 GMT
Expires: Tue, 29 May 1984 15:00:00 GMT
Location: https://pixel.rubiconproject.com/tap.php?v=114806&nid=3840&put=77aa125f-7956-4082-a871-086c9fce2a47
Pragma: no-cache
Set-Cookie: extendtv_user_id=77aa125f-7956-4082-a871-086c9fce2a47; Path=/; Domain=extend.tv; Expires=Sun, 08 Dec 2024 02:37:09 GMT
Content-Length: 130
Connection: keep-alive
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Dec 2022 02:37:08 GMT
Content-Length: 0
pixel.rubiconproject.com/tap.php?v=114806&nid=3840&put=77aa125f-7956-4082-a871-086c9fce2a47
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=114806&nid=3840&put=77aa125f-7956-4082-a871-086c9fce2a47
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=114806&nid=3840&put=77aa125f-7956-4082-a871-086c9fce2a47 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
Content-Type: image/gif
pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
69.173.158.64204 No Content 0 B URL HTTP/1.1 pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
IP 69.173.158.64:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=xapi-bridgewell HTTP/1.1
Host: pixel-apac.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: beb52df1a5a4b2f2cb3f37642c514298
Content-Type: image/gif
fcm.holmesmind.com/cm.php
34.95.67.231502 Bad Gateway 332 B URL HTTP/2 fcm.holmesmind.com/cm.php
IP 34.95.67.231:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 47151679e6193060d77a7d92cbe4658c
39f7d591e7b410617149e5275de9cbfef57ebe1f
8128514a9917b6dcdf20f7ee24d6b00a27b2a6aa0f971acb988f358f25ac4005
GET /cm.php HTTP/1.1
Host: fcm.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 502 Bad Gateway
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 332
date: Fri, 09 Dec 2022 02:37:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.165200 OK 39 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ab7912be06d485d233c8f8431468e293
faaba746b23e7300ff50c8ae6537ae302022ec60
625c3d707b100aa5993b73167f25030d3eb6d625d0368984fb374c9ef6107b8d
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 138016
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.148200 OK 8.4 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.148:0
Hash 4536ee2c508ae0cadc801e80179aee80
ffae0373655d21fe79a605e521af1fff5f832cbc
8e1356d857a1e967e1fb0710335126f7f5a3c22e3e0b2d38f1aeadf66091d5dc
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 114960
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
IP 178.250.2.146:0
GET /syncframe?origin=publishertag&topUrl=reurl.cc HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=6c32b781-2a24-45fa-ac13-4bab58e8ba23; expires=Wed, 03 Jan 2024 02:37:06 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 467631
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=834&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=834&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
IP 35.75.34.66:0
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=834&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/i?ut=1670553424&p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/i?ut=1670553424&p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355
IP 35.75.34.66:0
GET /adserver/i?ut=1670553424&p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: image/png
server: nginx/1.14.0 (Ubuntu)
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/i?ut=1670553425&p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/i?ut=1670553425&p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355
IP 35.75.34.66:0
GET /adserver/i?ut=1670553425&p=13534:64025:138987:b51e51974a7fafe7da83634643d23ea8:14355 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: image/png
server: nginx/1.14.0 (Ubuntu)
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1
IP 35.75.34.66:0
GET /adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:05 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=469&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=469&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P
IP 35.75.34.66:0
GET /adserver/ads.js?z=14209&rf=https%3A%2F%2Freurl.cc%2FgvjOLp&n=469&o=1&d=1&b=3&ts=1&ii=3&FPCK=5164-YoXNeE2gwGQzQDgedRhnlkXKM1g0BRpS&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1
IP 35.75.34.66:0
GET /adserver/av?p=13856:64025:138987:13504c21400313e560e126bb8f27151b:14355&type=1 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=2d2tZF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSzZxN1dzNHZ0Y2M2V2s0eVBYJTJGbzc1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=nh6mJV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSWt6QkVmcExFbWd0SVdXdzNBTjl5cQ; expires=Wed, 03 Jan 2024 02:37:08 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 258749
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.148200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.148:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 179862
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
reurl.cc/gvjOLp
35.185.130.121200 OK 0 B IP 35.185.130.121:0
Analyzer Verdict Alert openphish PayPal Inc.
GET /gvjOLp HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://cya.nz/4Fgg
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.165200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.165:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:07 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 110257
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Sat, 10 Dec 2022 02:37:06 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
143.204.55.37200 OK 0 B URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP 143.204.55.37:0
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 02:36:07 GMT
expires: Sun, 08 Jan 2023 02:35:41 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: i74-8HNSEYtKb-BO4jiZj2T_Aa9kJu51PjzWBCllYx8l-uFS03ga4A==
age: 83
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=nh6mJV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSWt6QkVmcExFbWd0SVdXdzNBTjl5cQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=_hVKrV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSW9nRzFNc2cxMlkyTnNReENOYUR5Rg; expires=Wed, 03 Jan 2024 02:37:09 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 297426
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=6bb7d3cf-e931-4d7d-a9c9-0234a48f315e HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=c1298d8d-7f19-4f3c-b735-cc5c7baf0a7a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:05 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1670553423527&hb=1&ver=1.21
35.75.34.66200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1670553423527&hb=1&ver=1.21
IP 35.75.34.66:0
POST /adserver/prebid.json?cb=1670553423527&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 40
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=667963-wz4aGs31AAUOwm1UOB7AQTvh9MrI7en4; Vision=20221209-23:59,20221209-13,20221209-13,20221209-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:04 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.2.146:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 905920
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=_hVKrV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSW9nRzFNc2cxMlkyTnNReENOYUR5Rg&idsd=1590629402,802081309&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=_hVKrV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSW9nRzFNc2cxMlkyTnNReENOYUR5Rg&idsd=1590629402,802081309&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=_hVKrV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSW9nRzFNc2cxMlkyTnNReENOYUR5Rg&idsd=1590629402,802081309&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 929898
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.165200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.165:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:09 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 140929
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Fri, 09 Dec 2022 02:37:04 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=be5fa613-6ab6-4274-a9f8-e2b344ad069b; expires=Sun, 08-Dec-2024 02:37:04 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/adsbyscupio.js?v=1.0.2
143.204.55.37200 OK 0 B URL HTTP/2 img.scupio.com/js/adsbyscupio.js?v=1.0.2
IP 143.204.55.37:0
GET /js/adsbyscupio.js?v=1.0.2 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 02:37:06 GMT
expires: Fri, 09 Dec 2022 05:37:01 GMT
cache-control: max-age=10800
etag: W/"607cf957-11ab"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tdQleqdLd5f-oh5tHj7g9oHaVHnm2U5J5mCWeyZfBBr8n3nCacL1CA==
age: 5
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
img.scupio.com/html/ad.html?v=1.0.65
143.204.55.37200 OK 0 B URL HTTP/2 img.scupio.com/html/ad.html?v=1.0.65
IP 143.204.55.37:0
GET /html/ad.html?v=1.0.65 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Thu, 18 Aug 2022 08:25:22 GMT
content-encoding: gzip
date: Fri, 09 Dec 2022 01:54:41 GMT
expires: Sun, 08 Jan 2023 01:53:08 GMT
cache-control: max-age=2592000
etag: W/"62fdf772-14d93"
x-cache: Hit from cloudfront
via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Bum0ESugvsBvj9mlKQe7QuK5hkueYqbrX_o8MnbTEnrug8tSTaj63g==
age: 2635
vary: Origin
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Sat, 10 Dec 2022 02:37:06 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
54.230.111.38200 OK 0 B URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP 54.230.111.38:0
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 02:37:03 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LtwxzS_Wmn4puGoVKJydS0DzfnyA4ADfGWDLr05vQA4szwPSM9N5ew==
age: 42
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=nh6mJV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSWt6QkVmcExFbWd0SVdXdzNBTjl5cQ&idsd=1590629402,802081309
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=nh6mJV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSWt6QkVmcExFbWd0SVdXdzNBTjl5cQ&idsd=1590629402,802081309
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=nh6mJV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czElMkZjWXF4c3BuVFIyNTRaNkNBeWZrSWt6QkVmcExFbWd0SVdXdzNBTjl5cQ&idsd=1590629402,802081309 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:37:08 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 919628
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.117.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.117.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.117.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/javascript
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
etag: W/"61cc54f6-15c19"
expires: Sat, 10 Dec 2022 02:37:06 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
reurl.cc/javascripts/renews.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/renews.js
IP 35.185.130.121:0
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/gvjOLp
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Fri, 09 Dec 2022 02:37:03 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-19c"
expires: Sat, 09 Dec 2023 02:37:03 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.2.130:0
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:37:06 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Sat, 10 Dec 2022 02:37:06 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2