ouo.press/1LISgCW
172.67.22.15403 Forbidden 3.8 kB IP 172.67.22.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (836)
Hash 2ee0ba565544ea3af0b6b9741d5e8dc1
7f6eb17b9edd29a3a3e96a797660a3e129b339a6
f4780a0d2a255ca08683aa9d24d8fe3e834134ceabf3ec0e1845c309dc082181
GET /1LISgCW HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Date: Sun, 27 Nov 2022 07:48:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Referrer-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: __cf_bm=ipQuqFlADhJKrZGEtQ.lAnBGTqXxuOqtSvbZ7zbov.k-1669535304-0-ARe0xDm11NQYj/0qVjmf93im3ssqqAOVVZXyPPEtvBWwk+JuH12PHPJLgtOj319T+ro+XS5YerXOzxS3vXzWyK0=; path=/; expires=Sun, 27-Nov-22 08:18:24 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942e76ae40b65-OSL
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8365
Expires: Sun, 27 Nov 2022 10:07:50 GMT
Date: Sun, 27 Nov 2022 07:48:25 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2111
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:25 GMT
Last-Modified: Sun, 27 Nov 2022 07:13:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11457
Expires: Sun, 27 Nov 2022 10:59:22 GMT
Date: Sun, 27 Nov 2022 07:48:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 07:17:37 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1848
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TaaAQ/DggdcYuzaNhKY9uLSYWC/rbE8wvKxWppfJC/hcepFYWYTAxElAgOjeET+CiEF4k7dBMdA=
x-amz-request-id: RBCQEHBEFV2GDE54
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 07:41:33 GMT
age: 412
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/styles/challenges.css
172.67.22.15200 OK 2.6 kB URL HTTP/1.1 ouo.press/cdn-cgi/styles/challenges.css
IP 172.67.22.15:0
File type ASCII text, with very long lines (6294), with no line terminators
Hash ba2d8534d208d2a5b158507e004d7150
ab81307634698ea304a68783fa38937f562009a2
63b366fdbfea7cbec639f9a5f24714a831e171570625def9462d724b5c8fdc59
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:34:50 GMT
ETag: W/"637ccffa-1896"
Server: cloudflare
CF-RAY: 770942e9ad4fb527-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 27 Nov 2022 09:48:25 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
ouo.press/favicon.ico
172.67.22.15200 OK 0 B IP 172.67.22.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:25 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Sat, 14 Feb 2015 06:41:24 GMT
ETag: "54deee14-0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 4787
Accept-Ranges: bytes
Set-Cookie: __cf_bm=6Rkbz_9YoRlAr9fYhlefuJR4HncmNN083tmsrvciDdY-1669535305-0-AapuMQVJEoWIsrNpxhMgt6rOaSfWE+9XJcxGxQbIsznOJsMcTTeptEvzjbhD5vJuEhpcpE54VSt1aBTRLqzaZ9g=; path=/; expires=Sun, 27-Nov-22 08:18:25 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942e9db31b505-OSL
ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=770942e76ae40b65
172.67.22.15200 OK 42 B URL HTTP/1.1 ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=770942e76ae40b65
IP 172.67.22.15:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=770942e76ae40b65 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:25 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:34:50 GMT
ETag: "637ccffa-2a"
Server: cloudflare
CF-RAY: 770942ea4e5eb527-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 27 Nov 2022 09:48:25 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770942e76ae40b65
172.67.22.15200 OK 24 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770942e76ae40b65
IP 172.67.22.15:0
File type ASCII text, with very long lines (54421), with no line terminators
Hash 508f352badfb178097ec7ee8d7c946ab
3238ea804e059301cdc7b0b4b986df140f6996a7
9ccf2038c419d9af526fe8e5dcdf21409f8f154d5ca45117f27dd720c1c77037
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770942e76ae40b65 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW?__cf_chl_rt_tk=kBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:25 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Set-Cookie: __cf_bm=IC8qem_2FOLC3lnQq2Wit9f5aM.4_8hK84mpn80DtIU-1669535305-0-AQD/LEUFJ6x8NKNmwvC6qmbqiFo3OcuBV52kQbXczxHpuAuU+qj+gHluiFBkMiC1tu6p+yhmvpTG1vTiEd+KO/U=; path=/; expires=Sun, 27-Nov-22 08:18:25 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770942ea4b8ab505-OSL
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 07:48:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9ff2965bfb74237d53e4809ffc97aa59
6e7b5d0fc191140e56bc4ca0f1f223153f8d70df
387f6f0000771501e870857a71413c6ef449cd11debb25ebdcb50646c15be718
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2043
Cache-Control: max-age=98934
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:25 GMT
Etag: "6381edc4-117"
Expires: Mon, 28 Nov 2022 11:17:19 GMT
Last-Modified: Sat, 26 Nov 2022 10:43:16 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
104.18.19.132200 OK 133 kB URL HTTP/2 cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP 104.18.19.132:0
File type Unicode text, UTF-8 text, with very long lines (57362)
Size 133 kB (132939 bytes)
Hash 3bad08e6e9a3b0e2868eba6936dc3c6e
93e1982581c277740e5c3e09bda59c082bbc8526
600cd3d62863915de6d85c492c1ebc0cda58d31610ba4cd10c7bab8f3aa158a4
GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:25 GMT
content-type: application/javascript
cf-ray: 770942eb2cc4b50f-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"4a87133d7cfb9f9797187d43ffdd5417"
last-modified: Fri, 25 Nov 2022 11:46:32 GMT
strict-transport-security: max-age=0
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-id: e-vtjjiTuJNWqympaO3s7V_aWlOK4yXOIyZWB7ZnvSo2w49xVfwmGQ==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/challenge-platform/h/b/img/770942e76ae40b65/1669535305524/EoGROaKE07bj_5Q
172.67.22.15200 OK 61 B URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/img/770942e76ae40b65/1669535305524/EoGROaKE07bj_5Q
IP 172.67.22.15:0
File type PNG image data, 21 x 24, 8-bit/color RGB, non-interlaced\012- data
Hash 34ef4af31f12c1e3a30414d0130ba6ad
2aea4016db573797dab30c4c7b0cae5dffdbce7e
9bce50ba2135e0d76a48174501db2b561abe91d3875aa47a4eaf517539e47708
GET /cdn-cgi/challenge-platform/h/b/img/770942e76ae40b65/1669535305524/EoGROaKE07bj_5Q HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:25 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=3IeNn7047d3y7gxs5d3DyGKYNfpKGt7CRFv9nXrZt68-1669535305-0-AS5icMb0xJ1297nTnqfLSBPCiUDbSEcdK6ZoBZ9uauqbhfTUTWPBpp1Ap9cc5ONbyB262VRnH+LCICAOKb8dh5M=; path=/; expires=Sun, 27-Nov-22 08:18:25 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770942ec1d03b505-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 07:11:12 GMT
cache-control: public,max-age=3600
age: 2233
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:25 GMT
Last-Modified: Sun, 27 Nov 2022 06:18:57 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149
172.67.22.15200 OK 3.8 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149
IP 172.67.22.15:0
File type ASCII text, with very long lines (5036), with no line terminators
Hash a0f021884627df85b9ee327338b7b493
1204aa067633623200bbf8c9b662c16f5ef3d78b
6ccd317abc6de0f4446b9ef078b2c1a0a78e01006770e6f5c8463323f66b49b7
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Content-type: application/x-www-form-urlencoded
CF-Challenge: 612983ef4258149
Content-Length: 15081
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:26 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: ERrHXrKl2aseY38b7maJVnz1luucrunJjZvX2ek7fCo=$agwe5NLc7dvxhqNaG1/yRQ==
Set-Cookie: __cf_bm=QLhTYGog55n6IXGOt1etOdDcBuoQRFDmjuAjv1i_QZE-1669535306-0-AVQeKdJrhos8OLeD21niFMO1vt8WN2Rx4OWBEPsk6dcq7u3lMilwujC29RVk0DiVr+ksXCt8izOYgQKvDplx0Z4=; path=/; expires=Sun, 27-Nov-22 08:18:26 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770942eeef6bb505-OSL
Content-Encoding: gzip
challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.7.185302 Found 0 B URL HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.7.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 27 Nov 2022 07:48:26 GMT
content-length: 0
location: /turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
cache-control: max-age: 300
vary: Accept-Encoding
server: cloudflare
cf-ray: 770942ef4fbe0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.36.24.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.36.24.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n9YTY1x3BiIEcPRTT/zcTw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PiwhF2e2odieAXwacjuZLD8csMM=
r3.o.lencr.org/
23.36.77.32200 OK 7.9 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 64dc663e4bf55e7df4db2a5fb13cc57c
474458aa615f4aba02bdc66d4e7f4840cefd647d
b6f3d9ac8f59148a356227e2a3a600ca31a94c0363484e966eb37c03636567f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Sun, 27 Nov 2022 11:05:25 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Sun, 27 Nov 2022 11:05:25 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Sun, 27 Nov 2022 11:05:25 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Sun, 27 Nov 2022 11:05:25 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Sun, 27 Nov 2022 11:05:25 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 35806
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a2bb7d-e57c-4751-a56f-0802ae9eaee6.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a2bb7d-e57c-4751-a56f-0802ae9eaee6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e615cdc2e330b5cf76435abce9aa631a
71f737c3cee7766494157cd6491ce247a785c09e
853f68bf79a553b9fbf0e10391424faf0a3c071370d05d369563f7824d1bda84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a2bb7d-e57c-4751-a56f-0802ae9eaee6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9063
x-amzn-requestid: f00ac8bd-6466-4c92-9b99-0e71b4b2345c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8Jr4ENtoAMFzvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2318-0e3a57932987e29521388dd7;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:04:56 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: ntfumip5IjOlyoe6ASlwJ1PjPLN1yZHkK_iiDDKfmMCyI__PrrGVMA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 11:33:57 GMT
age: 72870
etag: "71f737c3cee7766494157cd6491ce247a785c09e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GT3Futv4Ztnl2Og2TQFk5311m92Mv_jfvkIZYJXpjJMdkxSB6MI06g==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 06:42:16 GMT
age: 3971
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 35810
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 35899
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f80a9a9b55da31c98663e157dde74a19
26b8dd82140c0db021048e11bff65a391dc6b444
680c39e4ea1d784db9831958942a64f3e83618dc443c8bcaa34223d85bb5b926
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe38fd9-0497-4ec8-8f57-1ba100e73fcc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6859
x-amzn-requestid: 4a1b13ad-9455-401d-a914-c1ada2191977
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTHRroAMFR8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-4e5d630b23cdeb2e4b6d75d1;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D24B6xoLZ2nu1NdlMU5TgJSc-DfzD6vrMzgU3s6tAiAsUuzBb_t89Q==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 08:23:04 GMT
age: 84323
etag: "26b8dd82140c0db021048e11bff65a391dc6b444"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149
172.67.22.15200 OK 2.1 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149
IP 172.67.22.15:0
File type ASCII text, with very long lines (2660), with no line terminators
Hash 49681f6078bcbebe167f55a650c1da70
d1977a268eecbe757729698b0076a0291dfa9648
aa5db1c3d0b342f52867e92dcc7ca5d21dc4f2182075710f8b8605cd273c3321
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.22172344362372193:1669533856:4gPEQJsXUvO3why57MVI8ZTLg_zp8K4pyIdbYtzNXCI/770942e76ae40b65/612983ef4258149 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW
Content-type: application/x-www-form-urlencoded
CF-Challenge: 612983ef4258149
Content-Length: 15771
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_out: Cs0EpC4U4oeNRi4tqvcVSe8CdakORjIPlAq/EvHqTIsJ/h7ncYSf+mFGCIx2vMvxJZxHfkCcYmdg+485q/TInQ==$QaRzFxeaA8kr/kACPSpTFA==
cf_chl_out_s: ucGrDEmE8boJWXRtLQ1CAAphAloV59RFKNm/N7chAw7N8g2aSDBOPG8THPXyg2MykOuQaHH8R94Om0eBBNpgBtwmOH+Fj3z0JXp8IzbPBGYBWGHr+ADSSGqBWx7SvMsH4iST1f54BdihDP4biCPc0xzUlm9FqM6s5k0yO4AqvP0YaBBY6QgZiB+1K/Cob0um$+9kksIVlmqfFt/FgeouI+w==
set-cookie: cf_chl_rc_m=;Expires=Sat, 26 Nov 2022 07:48:27 GMT;SameSite=Strict
__cf_bm=WOHG5E2kQd7rmxdWEn7fqxbA5g_Cmb3zig4by04R2Sg-1669535307-0-AQbQStEIs0xZswaUKHwh9+nvgyijrwU10kvdabxVQ/d6iT80Jtj+pYC0PS/PfvhKBfAFzx4NXZzBLwP9/f2Mboc=; path=/; expires=Sun, 27-Nov-22 08:18:27 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770942f73e4cb505-OSL
Content-Encoding: gzip
ouo.press/1LISgCW
172.67.22.15200 OK 3.8 kB IP 172.67.22.15:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1938)
Hash 55d650f8adca65fece1080fa0694c442
4d046085b3e7c07595bcdb997cf717b880541937
e632ce203ea635b5dd73c209ba76bed724cb62cd6157f056415653ebfae93831
POST /1LISgCW HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/1LISgCW?__cf_chl_tk=kBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1754
Origin: http://ouo.press
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Set-Cookie: cf_clearance=QFhLAfTn_z54OWxbYYx3ovZ54ftA8ymemmxjXGmkbLI-1669535307-0-250; path=/; expires=Mon, 27-Nov-23 07:48:27 GMT; domain=.ouo.press; HttpOnly
ouoio_session=eyJpdiI6IkhVQlJEcXc3c1BvbkV4eEszZGV4NmZcLzZtVXB2eTFHWHVWTE9zTHBaZlVNPSIsInZhbHVlIjoieFBBYkJIc3ZYRGoxMkxJejBLb2Jkanp2NUx0dWlic09RTlwvY2tycFwveG5XZGFVOHhnZGsxSDlnOE1Ld0hCU2JQV0loT01FYWxXektQZWgzOEpBd0g3QT09IiwibWFjIjoiYzFhNTM3Y2Q4NDQ2ODBjNWMyMGU4MTczZGQ0MjZkN2IzYWQ2ZmZhZTc3ZjY3ZWIwZGJjZWZjNWJlNTc3MTJmMiJ9; path=/; httponly
language=eyJpdiI6IjFNVHcwc2QzWnBGUnJzXC9mXC9tK2grKzNFOWRocUpvaGZ6Um02OXFSS1R0UT0iLCJ2YWx1ZSI6ImZORlV3N1wvaHU1bWdhdzRDVXNhSEFWbUtDVGJkdVBhak5LZXRQWjNzR2c4PSIsIm1hYyI6ImVhMWVlNzZkYTViMWQ2YmJhZDQzMWNjYTJiNGYzMzY4MDcwYmM2ZGVmMzFiMDg2NTliM2I4MzdjYzNlNjZkMjUifQ%3D%3D; expires=Fri, 26-Nov-2027 07:48:27 GMT; Max-Age=157680000; path=/; httponly
23442255a367e504b1df799cd8f2425604727aa7=eyJpdiI6ImdsSjhxNHhDQVp3QUZoMEdYWjhhUU9LM21kaXJxVHR0ZEx2NXdoc2d4OHc9IiwidmFsdWUiOiJoWDRcL09sYld2cjBDQ2d5bTh2UUNOUmlETjdUa01tTVJmRGVMS0hWdE1UQlhnR1R0NXdUbFdFYUNyMU8rT3FtZ3dVWXRYTmxTYlNtSUc4bkVveHZqQ0F6VXJvNGF1T1I4WHorY1lzcnk5RHp0a1Y1SGxOekJ0NDhIUjVOVjBGalR6XC9aUzNNYkcrc2ROKzR3ZGpxTit1dStOWktHYUpScEFURGJDSytKMTZvR0xCR3JxTHlIVGlxcnZGVnp6SGZad0kxWFFKRWk1a1d4Q2c0NXJBYytaXC8zQjY2R3BLazdmSk1sS1FnQm9rYSthbzdaUlwvZjAwSW1uTzEzK1B0U3VHblkxTVdEbFN4SGNwSG1HM09DdEpZeFVYNDFWWFZNWFQ4TGZwb2swek94czhzeXRVSjAyKzM5bGp0cDFwTk9kR2wwYXJWbHNKeGFIZTBXQW9YT2YzenZ6Y3JTdWY4UlpKK2lrYnVCUnB5UFVoYUg2NUZFamtzZU9SUlwvTWNQTytQQiIsIm1hYyI6IjRlYjg2Yjc1MmYyMjg3Njc5YjcyNWEzMjg0YjlmNjJlNmRiNWM4YjM2NmI2MDEyMGI5YmZlOTI2YTk5MmE2MDgifQ%3D%3D; expires=Sun, 27-Nov-2022 09:48:27 GMT; Max-Age=7200; path=/; httponly
__cf_bm=CEhhFGXmU4gNFOcgwOa3arnjvmAaE5FcBCNBAtV5_9E-1669535307-0-AeKL/vpl2jkP4/P7sv78MFvOfdcqnp8rrd0bk3F0fVHuaozmhcKlxFQv8acVGQTuS/p6WfcHIfh01dKGL+QozwI=; path=/; expires=Sun, 27-Nov-22 08:18:27 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770942f82ef7b505-OSL
Content-Encoding: gzip
ouo.press/css/link-safe.css
172.67.22.15200 OK 1.8 kB URL HTTP/1.1 ouo.press/css/link-safe.css
IP 172.67.22.15:0
Hash d91a45478adaa488ef4f1733dfa3c44c
3686ea901ce8ca85bb82f42bf0a8d39095ebf73d
4bb66b15dd5791ec4c9867c3a89ee2ef9bdb5f0bbd0d442a1fbfe2c34e9bc86b
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/1LISgCW
Cookie: cf_clearance=QFhLAfTn_z54OWxbYYx3ovZ54ftA8ymemmxjXGmkbLI-1669535307-0-250; ouoio_session=eyJpdiI6IkhVQlJEcXc3c1BvbkV4eEszZGV4NmZcLzZtVXB2eTFHWHVWTE9zTHBaZlVNPSIsInZhbHVlIjoieFBBYkJIc3ZYRGoxMkxJejBLb2Jkanp2NUx0dWlic09RTlwvY2tycFwveG5XZGFVOHhnZGsxSDlnOE1Ld0hCU2JQV0loT01FYWxXektQZWgzOEpBd0g3QT09IiwibWFjIjoiYzFhNTM3Y2Q4NDQ2ODBjNWMyMGU4MTczZGQ0MjZkN2IzYWQ2ZmZhZTc3ZjY3ZWIwZGJjZWZjNWJlNTc3MTJmMiJ9; language=eyJpdiI6IjFNVHcwc2QzWnBGUnJzXC9mXC9tK2grKzNFOWRocUpvaGZ6Um02OXFSS1R0UT0iLCJ2YWx1ZSI6ImZORlV3N1wvaHU1bWdhdzRDVXNhSEFWbUtDVGJkdVBhak5LZXRQWjNzR2c4PSIsIm1hYyI6ImVhMWVlNzZkYTViMWQ2YmJhZDQzMWNjYTJiNGYzMzY4MDcwYmM2ZGVmMzFiMDg2NTliM2I4MzdjYzNlNjZkMjUifQ%3D%3D; 23442255a367e504b1df799cd8f2425604727aa7=eyJpdiI6ImdsSjhxNHhDQVp3QUZoMEdYWjhhUU9LM21kaXJxVHR0ZEx2NXdoc2d4OHc9IiwidmFsdWUiOiJoWDRcL09sYld2cjBDQ2d5bTh2UUNOUmlETjdUa01tTVJmRGVMS0hWdE1UQlhnR1R0NXdUbFdFYUNyMU8rT3FtZ3dVWXRYTmxTYlNtSUc4bkVveHZqQ0F6VXJvNGF1T1I4WHorY1lzcnk5RHp0a1Y1SGxOekJ0NDhIUjVOVjBGalR6XC9aUzNNYkcrc2ROKzR3ZGpxTit1dStOWktHYUpScEFURGJDSytKMTZvR0xCR3JxTHlIVGlxcnZGVnp6SGZad0kxWFFKRWk1a1d4Q2c0NXJBYytaXC8zQjY2R3BLazdmSk1sS1FnQm9rYSthbzdaUlwvZjAwSW1uTzEzK1B0U3VHblkxTVdEbFN4SGNwSG1HM09DdEpZeFVYNDFWWFZNWFQ4TGZwb2swek94czhzeXRVSjAyKzM5bGp0cDFwTk9kR2wwYXJWbHNKeGFIZTBXQW9YT2YzenZ6Y3JTdWY4UlpKK2lrYnVCUnB5UFVoYUg2NUZFamtzZU9SUlwvTWNQTytQQiIsIm1hYyI6IjRlYjg2Yjc1MmYyMjg3Njc5YjcyNWEzMjg0YjlmNjJlNmRiNWM4YjM2NmI2MDEyMGI5YmZlOTI2YTk5MmE2MDgifQ%3D%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:27 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: status=cannot_optimize
ETag: W/"5d951ace-1830"
Expires: Sun, 27 Nov 2022 13:22:51 GMT
Last-Modified: Wed, 02 Oct 2019 21:46:54 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 23136
Set-Cookie: __cf_bm=RTGOooKGWC0kGJkzA7t_DqSsa5GxbwaNIXBIBySXvC8-1669535307-0-AQzeivu7sx7iymxfjNcOwxm5cq7I4JyskdK8pfZiMhRi89dfeHBVNyjY/CfeYlGrU/8uG6d34C/Pjvw76ZdJI/8=; path=/; expires=Sun, 27-Nov-22 08:18:27 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fac909b527-OSL
Content-Encoding: gzip
ouo.press/css/bootstrap.css
172.67.22.15200 OK 18 kB URL HTTP/1.1 ouo.press/css/bootstrap.css
IP 172.67.22.15:0
File type ASCII text, with very long lines (65452)
Hash ecd7a3b8fdf856cece681f760bad623c
3c16d8b0523e3c6de3b20f7c7f9de2ae48a2949a
40f5215bfeb4c595389b7d02127c47c94e173dbca21022c9f67eca101d03ab92
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/1LISgCW
Cookie: cf_clearance=QFhLAfTn_z54OWxbYYx3ovZ54ftA8ymemmxjXGmkbLI-1669535307-0-250; ouoio_session=eyJpdiI6IkhVQlJEcXc3c1BvbkV4eEszZGV4NmZcLzZtVXB2eTFHWHVWTE9zTHBaZlVNPSIsInZhbHVlIjoieFBBYkJIc3ZYRGoxMkxJejBLb2Jkanp2NUx0dWlic09RTlwvY2tycFwveG5XZGFVOHhnZGsxSDlnOE1Ld0hCU2JQV0loT01FYWxXektQZWgzOEpBd0g3QT09IiwibWFjIjoiYzFhNTM3Y2Q4NDQ2ODBjNWMyMGU4MTczZGQ0MjZkN2IzYWQ2ZmZhZTc3ZjY3ZWIwZGJjZWZjNWJlNTc3MTJmMiJ9; language=eyJpdiI6IjFNVHcwc2QzWnBGUnJzXC9mXC9tK2grKzNFOWRocUpvaGZ6Um02OXFSS1R0UT0iLCJ2YWx1ZSI6ImZORlV3N1wvaHU1bWdhdzRDVXNhSEFWbUtDVGJkdVBhak5LZXRQWjNzR2c4PSIsIm1hYyI6ImVhMWVlNzZkYTViMWQ2YmJhZDQzMWNjYTJiNGYzMzY4MDcwYmM2ZGVmMzFiMDg2NTliM2I4MzdjYzNlNjZkMjUifQ%3D%3D; 23442255a367e504b1df799cd8f2425604727aa7=eyJpdiI6ImdsSjhxNHhDQVp3QUZoMEdYWjhhUU9LM21kaXJxVHR0ZEx2NXdoc2d4OHc9IiwidmFsdWUiOiJoWDRcL09sYld2cjBDQ2d5bTh2UUNOUmlETjdUa01tTVJmRGVMS0hWdE1UQlhnR1R0NXdUbFdFYUNyMU8rT3FtZ3dVWXRYTmxTYlNtSUc4bkVveHZqQ0F6VXJvNGF1T1I4WHorY1lzcnk5RHp0a1Y1SGxOekJ0NDhIUjVOVjBGalR6XC9aUzNNYkcrc2ROKzR3ZGpxTit1dStOWktHYUpScEFURGJDSytKMTZvR0xCR3JxTHlIVGlxcnZGVnp6SGZad0kxWFFKRWk1a1d4Q2c0NXJBYytaXC8zQjY2R3BLazdmSk1sS1FnQm9rYSthbzdaUlwvZjAwSW1uTzEzK1B0U3VHblkxTVdEbFN4SGNwSG1HM09DdEpZeFVYNDFWWFZNWFQ4TGZwb2swek94czhzeXRVSjAyKzM5bGp0cDFwTk9kR2wwYXJWbHNKeGFIZTBXQW9YT2YzenZ6Y3JTdWY4UlpKK2lrYnVCUnB5UFVoYUg2NUZFamtzZU9SUlwvTWNQTytQQiIsIm1hYyI6IjRlYjg2Yjc1MmYyMjg3Njc5YjcyNWEzMjg0YjlmNjJlNmRiNWM4YjM2NmI2MDEyMGI5YmZlOTI2YTk5MmE2MDgifQ%3D%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:27 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=109522
ETag: W/"54def1fc-1abd2"
Expires: Sun, 27 Nov 2022 10:39:42 GMT
Last-Modified: Sat, 14 Feb 2015 06:58:04 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 32925
Set-Cookie: __cf_bm=UdsZ0vVtD1xXsDQnyuyXwgEls5j3C5SzsqHxUlupDVg-1669535307-0-ATuXlOY6XsUXPWcDe9xI/gnzFiUEHNJz/bpdzf7j4eunyErO9ccRKK6AVsfz2mYo9NZ+SMhqD1XKTK8P/6vdj4k=; path=/; expires=Sun, 27-Nov-22 08:18:27 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fac8f3b505-OSL
Content-Encoding: gzip
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.22.15200 OK 655 B URL HTTP/1.1 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.22.15:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/1LISgCW
Cookie: cf_clearance=QFhLAfTn_z54OWxbYYx3ovZ54ftA8ymemmxjXGmkbLI-1669535307-0-250; ouoio_session=eyJpdiI6IkhVQlJEcXc3c1BvbkV4eEszZGV4NmZcLzZtVXB2eTFHWHVWTE9zTHBaZlVNPSIsInZhbHVlIjoieFBBYkJIc3ZYRGoxMkxJejBLb2Jkanp2NUx0dWlic09RTlwvY2tycFwveG5XZGFVOHhnZGsxSDlnOE1Ld0hCU2JQV0loT01FYWxXektQZWgzOEpBd0g3QT09IiwibWFjIjoiYzFhNTM3Y2Q4NDQ2ODBjNWMyMGU4MTczZGQ0MjZkN2IzYWQ2ZmZhZTc3ZjY3ZWIwZGJjZWZjNWJlNTc3MTJmMiJ9; language=eyJpdiI6IjFNVHcwc2QzWnBGUnJzXC9mXC9tK2grKzNFOWRocUpvaGZ6Um02OXFSS1R0UT0iLCJ2YWx1ZSI6ImZORlV3N1wvaHU1bWdhdzRDVXNhSEFWbUtDVGJkdVBhak5LZXRQWjNzR2c4PSIsIm1hYyI6ImVhMWVlNzZkYTViMWQ2YmJhZDQzMWNjYTJiNGYzMzY4MDcwYmM2ZGVmMzFiMDg2NTliM2I4MzdjYzNlNjZkMjUifQ%3D%3D; 23442255a367e504b1df799cd8f2425604727aa7=eyJpdiI6ImdsSjhxNHhDQVp3QUZoMEdYWjhhUU9LM21kaXJxVHR0ZEx2NXdoc2d4OHc9IiwidmFsdWUiOiJoWDRcL09sYld2cjBDQ2d5bTh2UUNOUmlETjdUa01tTVJmRGVMS0hWdE1UQlhnR1R0NXdUbFdFYUNyMU8rT3FtZ3dVWXRYTmxTYlNtSUc4bkVveHZqQ0F6VXJvNGF1T1I4WHorY1lzcnk5RHp0a1Y1SGxOekJ0NDhIUjVOVjBGalR6XC9aUzNNYkcrc2ROKzR3ZGpxTit1dStOWktHYUpScEFURGJDSytKMTZvR0xCR3JxTHlIVGlxcnZGVnp6SGZad0kxWFFKRWk1a1d4Q2c0NXJBYytaXC8zQjY2R3BLazdmSk1sS1FnQm9rYSthbzdaUlwvZjAwSW1uTzEzK1B0U3VHblkxTVdEbFN4SGNwSG1HM09DdEpZeFVYNDFWWFZNWFQ4TGZwb2swek94czhzeXRVSjAyKzM5bGp0cDFwTk9kR2wwYXJWbHNKeGFIZTBXQW9YT2YzenZ6Y3JTdWY4UlpKK2lrYnVCUnB5UFVoYUg2NUZFamtzZU9SUlwvTWNQTytQQiIsIm1hYyI6IjRlYjg2Yjc1MmYyMjg3Njc5YjcyNWEzMjg0YjlmNjJlNmRiNWM4YjM2NmI2MDEyMGI5YmZlOTI2YTk5MmE2MDgifQ%3D%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:35:09 GMT
ETag: W/"637cd00d-4d7"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fad925b527-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 29 Nov 2022 07:48:27 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
fonts.googleapis.com/css?family=Questrial
142.250.74.10200 OK 387 B URL HTTP/1.1 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.10:0
Hash 7b73b3eed6a43db40b0640388112329f
ad4bb62a66f1f95c0a252f83345b40d40dcd5bb4
1776d3903d4f6fb36773bac4ccb4b86c0658838f29674d1fb506859506a41bc3
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 07:48:27 GMT
Date: Sun, 27 Nov 2022 07:48:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
hhklc.com/c.js
104.21.70.122301 Moved Permanently 0 B IP 104.21.70.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 07:48:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 27 Nov 2022 08:48:27 GMT
Location: https://hhklc.com/c.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XAfmOqLnrMpQ6K%2FzOQIp5yjSKuCEAtc4GlJFkK0lbO5rIdUDH72B6QKRS%2Bh0C2nZSTTuR2pSGjY%2BWex%2Br11i8ztaOu8TQFilGvyvmkOPdZgduAsjO66Fp3wpFk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fadeafb523-OSL
alt-svc: h2=":443"; ma=60
ecdn.analysis.fi/static/js/fab.js
54.230.111.81200 OK 4.2 kB URL HTTP/1.1 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.81:0
File type ASCII text, with very long lines (574)
Hash 28a0bef1ecb63168106f97b637ab3414
e577575dd115f6a95aea8c2ae87d2c30c8464728
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4240
Connection: keep-alive
Server: nginx/1.20.0
Last-Modified: Tue, 14 Dec 2021 15:30:51 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Date: Sun, 27 Nov 2022 07:23:13 GMT
Expires: Sun, 27 Nov 2022 08:23:10 GMT
Cache-Control: max-age=3600
ETag: "61b8b8ab-1090"
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ABzo3IIMf6lWS8tNsWZzqZz6vE0yM3FbZ_K_Oyjdz4SLGovg2YTFvA==
Age: 1518
ecdn.firstimpression.io/fi_client.js
54.230.111.99200 OK 100 kB URL HTTP/1.1 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.99:0
File type ASCII text, with very long lines (618)
Size 100 kB (100155 bytes)
Hash dc28b507a7da98c64d824f5ec27806de
c64c026e3be0827b8bedbd0bb5c48352cec99e08
da0a5c895621b1205cddda7ad3849a2cf8ac4b3f566bb62df8d7c788d9bc479d
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 27 Nov 2022 07:11:48 GMT
Server: nginx/1.20.0
X-Powered-By: PHP/8.0.14
X-XSS-Protection: 0
Last-Modified: Sun, 27 Nov 2022 07:11:48 UTC
ETag: W/"de80dbf84a6c7dd017a05f9f421c8761"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GoJE3bFZ1nLL1qCgb-c9q1V7iBgZUTENOrLh0FVvG7GLRkq2IIbjIg==
Age: 2200
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.runative-syndicate.com/sdk/v1/n.js
8.247.219.121200 OK 5.2 kB URL HTTP/1.1 cdn.runative-syndicate.com/sdk/v1/n.js
IP 8.247.219.121:0
File type ASCII text, with very long lines (591)
Hash e6b953ae4edfbe129269f196fe87eee9
eb99511c1d23000bc72b2c640bbcd5792eb431f2
eb6d42f0cdeddc023b69947db248be42bc66aa2da8c59178b7f22b528c4dd60f
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Fri, 12 Aug 2022 08:59:19 GMT
Content-Type: application/javascript
Content-Length: 5220
Connection: keep-alive
Last-Modified: Wed, 23 Mar 2022 15:25:35 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"623b3bef-3202"
Age: 9240549
Accept-Ranges: bytes
tv.gourdycortes.com/1clkn/16562
172.255.6.233200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 172.255.6.233:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 07:48:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 28-Nov-2022 07:48:28 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 28-Nov-2022 07:48:28 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.164200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 729acee2a72aedc9406dba71bf4c1d00
e7f1dea037aaa2df1c1e5b884dc5d73b7bc35e82
7e9b8e953f317a7a47db6df1d1ac8be5c78e9a9524a0a07755c748c2198f816a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 27 Nov 2022 07:48:28 GMT
date: Sun, 27 Nov 2022 07:48:28 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ouo.press/images/world.png
172.67.22.15200 OK 5.7 kB URL HTTP/1.1 ouo.press/images/world.png
IP 172.67.22.15:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/1LISgCW
Cookie: cf_clearance=QFhLAfTn_z54OWxbYYx3ovZ54ftA8ymemmxjXGmkbLI-1669535307-0-250; ouoio_session=eyJpdiI6IkhVQlJEcXc3c1BvbkV4eEszZGV4NmZcLzZtVXB2eTFHWHVWTE9zTHBaZlVNPSIsInZhbHVlIjoieFBBYkJIc3ZYRGoxMkxJejBLb2Jkanp2NUx0dWlic09RTlwvY2tycFwveG5XZGFVOHhnZGsxSDlnOE1Ld0hCU2JQV0loT01FYWxXektQZWgzOEpBd0g3QT09IiwibWFjIjoiYzFhNTM3Y2Q4NDQ2ODBjNWMyMGU4MTczZGQ0MjZkN2IzYWQ2ZmZhZTc3ZjY3ZWIwZGJjZWZjNWJlNTc3MTJmMiJ9; language=eyJpdiI6IjFNVHcwc2QzWnBGUnJzXC9mXC9tK2grKzNFOWRocUpvaGZ6Um02OXFSS1R0UT0iLCJ2YWx1ZSI6ImZORlV3N1wvaHU1bWdhdzRDVXNhSEFWbUtDVGJkdVBhak5LZXRQWjNzR2c4PSIsIm1hYyI6ImVhMWVlNzZkYTViMWQ2YmJhZDQzMWNjYTJiNGYzMzY4MDcwYmM2ZGVmMzFiMDg2NTliM2I4MzdjYzNlNjZkMjUifQ%3D%3D; 23442255a367e504b1df799cd8f2425604727aa7=eyJpdiI6ImdsSjhxNHhDQVp3QUZoMEdYWjhhUU9LM21kaXJxVHR0ZEx2NXdoc2d4OHc9IiwidmFsdWUiOiJoWDRcL09sYld2cjBDQ2d5bTh2UUNOUmlETjdUa01tTVJmRGVMS0hWdE1UQlhnR1R0NXdUbFdFYUNyMU8rT3FtZ3dVWXRYTmxTYlNtSUc4bkVveHZqQ0F6VXJvNGF1T1I4WHorY1lzcnk5RHp0a1Y1SGxOekJ0NDhIUjVOVjBGalR6XC9aUzNNYkcrc2ROKzR3ZGpxTit1dStOWktHYUpScEFURGJDSytKMTZvR0xCR3JxTHlIVGlxcnZGVnp6SGZad0kxWFFKRWk1a1d4Q2c0NXJBYytaXC8zQjY2R3BLazdmSk1sS1FnQm9rYSthbzdaUlwvZjAwSW1uTzEzK1B0U3VHblkxTVdEbFN4SGNwSG1HM09DdEpZeFVYNDFWWFZNWFQ4TGZwb2swek94czhzeXRVSjAyKzM5bGp0cDFwTk9kR2wwYXJWbHNKeGFIZTBXQW9YT2YzenZ6Y3JTdWY4UlpKK2lrYnVCUnB5UFVoYUg2NUZFamtzZU9SUlwvTWNQTytQQiIsIm1hYyI6IjRlYjg2Yjc1MmYyMjg3Njc5YjcyNWEzMjg0YjlmNjJlNmRiNWM4YjM2NmI2MDEyMGI5YmZlOTI2YTk5MmE2MDgifQ%3D%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:28 GMT
Content-Type: image/png
Content-Length: 5692
Connection: keep-alive
Cache-Control: max-age=2592000
Cf-Bgj: imgq:85,h2pri
Cf-Polished: status=not_needed
ETag: "5549a07c-163c"
Expires: Sat, 03 Dec 2022 22:33:44 GMT
Last-Modified: Wed, 06 May 2015 05:02:52 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 2020484
Accept-Ranges: bytes
Set-Cookie: __cf_bm=yuewbPlddkl.Tl836NlCcfM2jXjj1pw7Ii0CENULWeo-1669535308-0-AQ5FxfTxXndWsq+SMPCBawjEX6xtcIHODha5zSoICCfhjnkxnoSBhdsp8WW6JrvnSAnU64xHrAtsOijtyhfG4S8=; path=/; expires=Sun, 27-Nov-22 08:18:28 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fb698db505-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37198), with no line terminators
Hash 36444a045ddd4c4a19baad7234144888
f8fa02c4faaa7175fe9b0ff64ae517203648d5f3
74ae82ee7e279446f39afc8e7fa2a714d3bccdd7eb00b8fd974df9936c9acb85
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96bb35917131055ed3618d33ea4fda7b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.run-syndicate.com/sdk/v1/n.css
8.247.219.121200 OK 8.3 kB URL HTTP/1.1 cdn.run-syndicate.com/sdk/v1/n.css
IP 8.247.219.121:0
File type ASCII text, with very long lines (8277), with no line terminators
Hash 37ebbc4b85fb5383d08547f5fe9d8d9f
99dac34980b1fd00028f76e782444bdf948724c5
24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Thu, 03 Mar 2022 22:40:12 GMT
Content-Type: text/css
Content-Length: 8277
Connection: keep-alive
ETag: "6114dd75-2055"
Last-Modified: Thu, 12 Aug 2021 08:36:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 23188096
Accept-Ranges: bytes
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
216.58.207.195200 OK 19 kB URL HTTP/1.1 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19292
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 24 Nov 2022 15:53:57 GMT
Expires: Fri, 24 Nov 2023 15:53:57 GMT
Cache-Control: public, max-age=31536000
Age: 230071
Last-Modified: Wed, 27 Apr 2022 16:12:54 GMT
Content-Type: font/woff2
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 48b259962c7e6b4898847b232e802bb3
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 27 Nov 2022 07:48:28 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q53zClaf2ZU3rDccFrcbZfy%2FiYNGIfvDAzqx%2F3NDfshXeQwnVT%2FFRqa2%2FYP%2B%2FrBWNmpE6VVKVwevSy0Euu4JbC%2BZqh9IYyyxoxZ00l%2FrI6be9oJ8mVV8BUUtHThHR7muAKaZOQ4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770942fe7f3e718a-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 4af47334194a0d10c2bfd52f16eb91ac
8ea04d240499dea43f26c738c8428df118dd622d
6741505308b8f473e68a567b74e6cd099b7a624b3711cc0acab45b2add675f74
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 07:48:28 GMT
Last-Modified: Sun, 27 Nov 2022 06:01:05 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aEUahuJEvV6wf3gmSo3t8NUKIeG3Tmto-NA4dHn5aw0fndEXnECumw==
Age: 6443
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 495bbb7732095eb1b1d3c9ecd1f24b41
1be28b5c0ec5fbe2050b01903e7404a6a97681b7
3e8fbe6d716d7d0cea6789bce164eff75078357f4e71e1caba7164ee46fd2bd0
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=6437a6c1-ae41-436c-bed6-40f5c2aadc63:3:1; expires=Wed, 24 Nov 2032 07:48:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,LISgCW&adtype=label-under&callback=callback_075CX
136.243.81.150200 OK 4.6 kB URL HTTP/1.1 run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,LISgCW&adtype=label-under&callback=callback_075CX
IP 136.243.81.150:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (9026), with no line terminators
Hash e2e759cb5d77723078deea36d8f7ae33
052118ec2c12a77f4af89fbaf42305243f3e6750
bb9d43a39a58ea2031d74db00e70d4020f606097f34a279a76fb68f26ee633c8
GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,LISgCW&adtype=label-under&callback=callback_075CX HTTP/1.1
Host: run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 07:48:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
X-Request-Id: 7a92b84af1da5f31
Set-Cookie: ts_uid=81a32be2-cd80-430c-86e8-182b89760528; expires=Sat, 27 May 2023 07:48:28 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
widgets.outbrain.com/images/widgetIcons/achoice.svg
23.38.201.81200 OK 2.7 kB URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 23.38.201.81:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Hash 9d26fa4e7238ed94f1d0d92afb453b3e
ae18efe7d09337bf2f580b3f5bc912284aad7821
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Tue, 27 Dec 2022 07:48:28 GMT
date: Sun, 27 Nov 2022 07:48:28 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9cff2c2ad4207e09e07c017987177850
833082ded91a1983a1367c48c8076949e079ce95
82b03e92d004f116875ba023a7e8782d3c124a1c499a6328f29cff70f397a6cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.102200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.102:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 11:00:31 GMT
expires: Sun, 27 Nov 2022 11:00:31 GMT
cache-control: public, max-age=86400
age: 74877
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:26:04 GMT
expires: Sun, 26 Nov 2023 21:26:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 37344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=547079,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770943011aeb0b65-OSL
lcdn.tsyndicate.com/images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp
8.247.219.121200 OK 4.6 kB URL HTTP/2 lcdn.tsyndicate.com/images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp
IP 8.247.219.121:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 28ab8bc86a12a46387751f0d0d3f8d76
752bb87d55026c563d91b60214abd39fe39ce5c8
b50b777891dc9f3c65918d24eabce9e83aed2f6c78da8d8ca784f173955b1ab8
GET /images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:29 GMT
content-type: image/webp
content-length: 4579
last-modified: Thu, 10 Nov 2022 11:53:00 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"636ce61c-11cc"
age: 1363316
accept-ranges: bytes
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.99200 OK 60 kB URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.99:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ba7b84587eb3e7425bf1ff2641250d56
041549a105862eac93c8ce3d388a0df597dee104
b04b1746bc8a48137457f383c31cc9039fb562a853e8c093db1c15a58ab9e7c1
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sun, 27 Nov 2022 07:29:59 GMT
expires: Sun, 27 Nov 2022 08:29:57 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LbQOO9QlgIgN95Wwwk2xBXvUOKsycfVuye9WRjWTk_hPMplsX1Fk8w==
age: 1112
X-Firefox-Spdy: h2
c.amazon-adsystem.com/aax2/apstag.js
143.204.46.73301 Moved Permanently 167 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 143.204.46.73:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 167
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
server: CloudFront
date: Sun, 27 Nov 2022 00:09:35 GMT
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront), 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-C1
x-amz-cf-id: CNr26bhfSpKPA8hxCcWh3liH2WJHjOUIj3QhrzpkqnDsajlVC-IaOA==
age: 27534
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.7.185200 OK 13 kB URL HTTP/2 challenges.cloudflare.com/turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.7.185:0
File type ASCII text, with very long lines (9399)
Hash fa8d1d0a9d1411008f741658f242867c
43a0933b7ae6b8ab27e0d5ee8df24ba2cbebb1d5
58af77f0968d4fe01e850c3a923498ce7aa685711dfe0c65d269fa7d5a9587a1
GET /turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:26 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 770942ef8fe80b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 41 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 86ca4959c60745d329b63cf5e9175732
87a48a60461a67c971b12f01d4f4be006b7b111a
8cf0cbd914da11bf70089d4863d464334303c293529b96e99830a8f92952d349
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C4E22605CE36B639E31136E46315B13268D9163B"
Expires: Sun, 27 Nov 2022 18:00:00 GMT
Last-Modified: Sun, 27 Nov 2022 06:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2528
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77094301decbb521-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=547078,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7709430119810b61-OSL
lcdn.tsyndicate.com/images/a/d/03d7b5c2d567cc6406d8f127e020875cb4eb3e/300x250.webp
8.247.219.121200 OK 5.1 kB URL HTTP/2 lcdn.tsyndicate.com/images/a/d/03d7b5c2d567cc6406d8f127e020875cb4eb3e/300x250.webp
IP 8.247.219.121:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f57b114ba45b2c271385442ec59a443f
fcf79e45bcc922fc2463db284ff39283658981ad
8724bb91fdb568f4b15893c544f289a7c5d1113b741f37eb1a2f8009eae4b13d
GET /images/a/d/03d7b5c2d567cc6406d8f127e020875cb4eb3e/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:29 GMT
content-type: image/webp
content-length: 5125
last-modified: Thu, 10 Nov 2022 11:52:59 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"636ce61b-13ee"
age: 1363326
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f39102a6340bb2fd8c961680d4058687
ddb18aa541e869773f4b396894bcaa17a302c1b7
e7b8f4a2903c81045b0795ce1aea1298807b394ea85548f7f97e635e9cf65a2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5962
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:29 GMT
Last-Modified: Sun, 27 Nov 2022 06:09:08 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e221c48ca23d0627cfc0cd7907f5bee1
b3f3af6074a05d3bddf023bd5dbbf88bb8d5686e
b91f260251b5c2f217f96a3b79f7e32ccfe843d5e9919664153e07802f55026a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1121
Cache-Control: max-age=99419
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 07:48:29 GMT
Etag: "6381f347-139"
Expires: Mon, 28 Nov 2022 11:25:28 GMT
Last-Modified: Sat, 26 Nov 2022 11:06:47 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ea101f7e711eb66ba76f9e395ce3b919
5be1c6a23b5e6059f4d882148c84eb941c7068ec
0f874cf2a25b7f913badd906ae5deb8429f8eb135973275ed5314162b37c7b31
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 13:55:55 GMT
Expires: Sat, 03 Dec 2022 13:55:54 GMT
Etag: "5be1c6a23b5e6059f4d882148c84eb941c7068ec"
Cache-Control: max-age=539844,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77094303bcc50b65-OSL
ib.adnxs.com/ut/v3/prebid
185.89.210.244200 OK 138 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.210.244:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c4a2cc47c2e53420f829b4024832605
8da3788799f3d38cbc4731863e738e63fb73c8f1
3ad76a513ec69735d26ada809fcd0d7c763dbb36df4e69da76fddf38353f2d09
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 561
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 138
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://ouo.press
AN-X-Request-Uuid: edb5e566-b840-4ae7-9f18-33e75ac2d46d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=77382117440
178.250.0.165200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=77382117440
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=77382117440 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 486
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:29 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: http://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.89.210.244200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.210.244:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b5df39e7562f32cdb0381632113fd851
e5a04215a3b6eb5ad54559157435a7c84e3a82e7
1e0ef501150f5777d782b624cd230d8a20934f9e0d965b273157455caecef8ab
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 682
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 27 Nov 2022 07:48:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://ouo.press
AN-X-Request-Uuid: 9a8a366e-d580-4848-b784-e4026485316b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=http%3A%2F%2Fouo.press%2F1LISgCW&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.page=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=ab04e3e1-bf86-431d-bfa5-3b2a54487672&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49436689376994436
213.19.162.21200 OK 348 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=http%3A%2F%2Fouo.press%2F1LISgCW&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.page=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=ab04e3e1-bf86-431d-bfa5-3b2a54487672&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49436689376994436
IP 213.19.162.21:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash b4341a4c7af04da6efd4c9159db78cf1
de10b8a0b144a253295d6e4bbaca4de98d86b04c
1bc832921d46967b3fb86a39b6e7db090dc5a290af7fc32d9509c77cc06bbba3
GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=http%3A%2F%2Fouo.press%2F1LISgCW&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.page=http%3A%2F%2Fouo.press%2F1LISgCW&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=ab04e3e1-bf86-431d-bfa5-3b2a54487672&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.49436689376994436 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Sun, 27 Nov 2022 07:48:29 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://ouo.press
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LAZ27TD7-12-AOJJ; Domain=.rubiconproject.com; Path=/; Expires=Mon, 27-Nov-2023 07:48:29 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrRjk2f3YtE/u9DtVM30fCgsc7/zDE2e/j99sLIrJxTV5ZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Mon, 27-Nov-2023 07:48:29 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 348
X-Firefox-Spdy: h2
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.43204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 617
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 27 Nov 2022 07:48:29 GMT
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XckEGmBo4ZOci0sAHDYwsaNmiEaREmhpkcLcbImBHjRsQaZGzkyCHiYZg6YzKWyTHGzAwcNmS0uFEGh5iTMWaYaSGGzNEWMcbMsCGGRgwcMMLIiNETIhk7C2XAgDGDxkM4dcQsnDG2hkOIcOCkrWGD7sM5cCbqAEkyqY2HY9ro1UEDx40cOn2SMbMw6UMxbtzMhXGjsWURbdxg1CGDxk4cb0OPjpGD7WERdeSwmTtjKwwcFWHLyIiGDh04c3S8eIEHD5syalyckROGThozediIJtO8zBwXY960efGjDp02X-a8iT2mTI8cRmHQ4GxjDGStTWlwqbNWho05MXrM4Px4fv37MvTQUGkxeOUfDPbNMYN-kMFg2IEJ1tBDY4_pBGF7bKQxxhpfpEFGD1YgIcUaa9SBhhFwnLHGE3a04cQMVMTwRRZXHCGEEVaQcYYVQVyhxBJxmPFFDmugkQUeUGQxBhRLrAEHEkq0UcMROCARRRxGfMXGEC3YkYUdbMSBhx5aBKEEFnW0QUMUWuTwxo41ECHGGWrkcYYTWSRZRxptDPGFGlfoEQYTeTARxRdnVJEEEVJUkcaFauQXA6Q5CFgWGdplNN4bLsAhh3UKIdbcQlt41cVbcgQ1WBktOHgZZTrA4AIMuY0BB3ieqiprfW6JIIcdi6n1UBm2trHQrmw9VMeeGeEWBl1ilKHUGGSAddJ-Y7SAVFNY4SCDGDjkcANJNciAQ1lpLCZCDjG40JoLNMjgQkM0lCVHh-qy666s8c5bQ73KhpFRE2_okQYbbITxQg2zgoDCFWm4gekdc4DgBBUgxLDrDiBA7EZKHOMBMgi_MlTSrCmAcASxa7zxgloa00orCEak8akZb-DxgsYMw1DWGKqK4MQTZb1xL9AZDV0WG0EX4cSlZdjxxaezMVTDDTd8ZANYMDwkxxmakebRDQ8dJLUYciyEA2oimP1FG2-QkRZSuZEhxxtzPfSGQoyhmnMeC_V6M2--wSHcC5t2-ukcc7xQ1h0ZxWCuzw-hETmCAIswx68Z3U1Hc0a3UIcbadAxkg0ukDGG5JcGfdAXqrNukbEM2aBTDTPgftvsu9V-e-77OSaDDJJNbR0cX4zqew6468521MkfJwcdfG_R1qkQiSFY22WY8RMbE73FNEWI3So1c87hHSu8MdT02hirydCHAgEB&r=1&s=394d19cab3e82e391a22a154c7282dd586c8d616ff744cb0e2ad38c6c53be2481669535308&w=t&ir=245x208
94.130.141.49200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XckEGmBo4ZOci0sAHDYwsaNmiEaREmhpkcLcbImBHjRsQaZGzkyCHiYZg6YzKWyTHGzAwcNmS0uFEGh5iTMWaYaSGGzNEWMcbMsCGGRgwcMMLIiNETIhk7C2XAgDGDxkM4dcQsnDG2hkOIcOCkrWGD7sM5cCbqAEkyqY2HY9ro1UEDx40cOn2SMbMw6UMxbtzMhXGjsWURbdxg1CGDxk4cb0OPjpGD7WERdeSwmTtjKwwcFWHLyIiGDh04c3S8eIEHD5syalyckROGThozediIJtO8zBwXY960efGjDp02X-a8iT2mTI8cRmHQ4GxjDGStTWlwqbNWho05MXrM4Px4fv37MvTQUGkxeOUfDPbNMYN-kMFg2IEJ1tBDY4_pBGF7bKQxxhpfpEFGD1YgIcUaa9SBhhFwnLHGE3a04cQMVMTwRRZXHCGEEVaQcYYVQVyhxBJxmPFFDmugkQUeUGQxBhRLrAEHEkq0UcMROCARRRxGfMXGEC3YkYUdbMSBhx5aBKEEFnW0QUMUWuTwxo41ECHGGWrkcYYTWSRZRxptDPGFGlfoEQYTeTARxRdnVJEEEVJUkcaFauQXA6Q5CFgWGdplNN4bLsAhh3UKIdbcQlt41cVbcgQ1WBktOHgZZTrA4AIMuY0BB3ieqiprfW6JIIcdi6n1UBm2trHQrmw9VMeeGeEWBl1ilKHUGGSAddJ-Y7SAVFNY4SCDGDjkcANJNciAQ1lpLCZCDjG40JoLNMjgQkM0lCVHh-qy666s8c5bQ73KhpFRE2_okQYbbITxQg2zgoDCFWm4gekdc4DgBBUgxLDrDiBA7EZKHOMBMgi_MlTSrCmAcASxa7zxgloa00orCEak8akZb-DxgsYMw1DWGKqK4MQTZb1xL9AZDV0WG0EX4cSlZdjxxaezMVTDDTd8ZANYMDwkxxmakebRDQ8dJLUYciyEA2oimP1FG2-QkRZSuZEhxxtzPfSGQoyhmnMeC_V6M2--wSHcC5t2-ukcc7xQ1h0ZxWCuzw-hETmCAIswx68Z3U1Hc0a3UIcbadAxkg0ukDGG5JcGfdAXqrNukbEM2aBTDTPgftvsu9V-e-77OSaDDJJNbR0cX4zqew6468521MkfJwcdfG_R1qkQiSFY22WY8RMbE73FNEWI3So1c87hHSu8MdT02hirydCHAgEB&r=1&s=394d19cab3e82e391a22a154c7282dd586c8d616ff744cb0e2ad38c6c53be2481669535308&w=t&ir=245x208
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XckEGmBo4ZOci0sAHDYwsaNmiEaREmhpkcLcbImBHjRsQaZGzkyCHiYZg6YzKWyTHGzAwcNmS0uFEGh5iTMWaYaSGGzNEWMcbMsCGGRgwcMMLIiNETIhk7C2XAgDGDxkM4dcQsnDG2hkOIcOCkrWGD7sM5cCbqAEkyqY2HY9ro1UEDx40cOn2SMbMw6UMxbtzMhXGjsWURbdxg1CGDxk4cb0OPjpGD7WERdeSwmTtjKwwcFWHLyIiGDh04c3S8eIEHD5syalyckROGThozediIJtO8zBwXY960efGjDp02X-a8iT2mTI8cRmHQ4GxjDGStTWlwqbNWho05MXrM4Px4fv37MvTQUGkxeOUfDPbNMYN-kMFg2IEJ1tBDY4_pBGF7bKQxxhpfpEFGD1YgIcUaa9SBhhFwnLHGE3a04cQMVMTwRRZXHCGEEVaQcYYVQVyhxBJxmPFFDmugkQUeUGQxBhRLrAEHEkq0UcMROCARRRxGfMXGEC3YkYUdbMSBhx5aBKEEFnW0QUMUWuTwxo41ECHGGWrkcYYTWSRZRxptDPGFGlfoEQYTeTARxRdnVJEEEVJUkcaFauQXA6Q5CFgWGdplNN4bLsAhh3UKIdbcQlt41cVbcgQ1WBktOHgZZTrA4AIMuY0BB3ieqiprfW6JIIcdi6n1UBm2trHQrmw9VMeeGeEWBl1ilKHUGGSAddJ-Y7SAVFNY4SCDGDjkcANJNciAQ1lpLCZCDjG40JoLNMjgQkM0lCVHh-qy666s8c5bQ73KhpFRE2_okQYbbITxQg2zgoDCFWm4gekdc4DgBBUgxLDrDiBA7EZKHOMBMgi_MlTSrCmAcASxa7zxgloa00orCEak8akZb-DxgsYMw1DWGKqK4MQTZb1xL9AZDV0WG0EX4cSlZdjxxaezMVTDDTd8ZANYMDwkxxmakebRDQ8dJLUYciyEA2oimP1FG2-QkRZSuZEhxxtzPfSGQoyhmnMeC_V6M2--wSHcC5t2-ukcc7xQ1h0ZxWCuzw-hETmCAIswx68Z3U1Hc0a3UIcbadAxkg0ukDGG5JcGfdAXqrNukbEM2aBTDTPgftvsu9V-e-77OSaDDJJNbR0cX4zqew6468521MkfJwcdfG_R1qkQiSFY22WY8RMbE73FNEWI3So1c87hHSu8MdT02hirydCHAgEB&r=1&s=394d19cab3e82e391a22a154c7282dd586c8d616ff744cb0e2ad38c6c53be2481669535308&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 07:48:29 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIySHGTI2NMlrAgCFmTAsaMnLcaCEGxgyTN8yEoYGDhpkYY2iUESPiYZg6YzKWyTHGzAwcNkLeKINDzMkYM8ywJHO0Bc4ZNsTQiIEDRhgZMXpCJGNnoYyRM2g8hFOHp44ZYGs4hAgHjtkaNuA-nANn4tscNmAktfFwTBu7OmjeAJzDJxkzC5M-FOPGzcIZMG7QtKFWRBs3GHXIoJEjB461n0PHyOGSsIg6cthcnoEVBo4ZD-vIyIiGDh04c3S8eIEHD5syalyckROGThozediAJtO8zBwXY960efGjDp02X-a8gT2mTI8cRmHQyGxjDOAxM5jS4FJnpAwbc2L0wHxjMX37-MnQQ0OjxbDVfzDcN8cM-wEm2H0IKlhDD4oxFmF7bKQxxhpfpEFGD2-YcQMTVsTBhhhTfNHCG2ucgUcYU6BRQxUzkPEdDG9IcQQTVESBBQxLPDGHFVIoAQUWQ4whxxRl0IHEEGsQ8cQZU8iRRRA1RGGGGeE9oQcUcNgxxxJx4MDRGzRYocUZLeSRRB5ZqKHFFDC0gUYRddDARhZnoKFHHGPAcEQVUaRxxhdnVJEEEVJUkcaFaugXA6Q5DCgWGdplNN4bLsAhh3UKFdbcQlts1cVacgT1VhkiudbRQjC4AENFIowBB3ieqhqrfZ3JYQdiZz1Uhq1twCqrS7nVkUZGOMQQBlxilBHSGGR0dRJmJiHFlFU4yCCGmTcEVoMMOIiVBmIi5BCDC6y5gJILDdEglhwdoqsuu7G-G69YdYSRURNv6JEGG2yE8UINsoKAwhVpuIHpHXOA4AQVIMSw6w4gMOwGZxjjwTEIvjIEA8IwpADCEcOu8cYLZ1k866wgGJHGp2a8gccLFpMs1hiqiuDEE2K9QS_PGf0sFhs9F-HEpWXY8cWnsjFUQ3-32dAVDA_JcYZlotWAww0PHeS0GHIshMNpIoj9RRtvkGEWUrSSIccblz30hkKJoWpzHgv1WgZkOgzkGxzCvbBpp5_OMccLYt2RUQzkwiAWGo8nKO9evmY0Nx3NCd1CHW6kQUcLNtjgAhljQH5pzwd9gbrqFhXLUOk51DCD7bbFvtvsNtR-O2Zfg-XY09bB8cWovPuOO9pNH3-cHHTgvUVap0Ikhl9p__0TGxOthTSshd3qNHPO0a1DvjKkBHatqsnQhwIBAQ%3D%3D&r=1&s=9f8fdf3a49886f82a29ae2d006413656aa866a36d0dd3d4d783cf24d7399e4211669535308&w=t&ir=245x208
94.130.141.49200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIySHGTI2NMlrAgCFmTAsaMnLcaCEGxgyTN8yEoYGDhpkYY2iUESPiYZg6YzKWyTHGzAwcNkLeKINDzMkYM8ywJHO0Bc4ZNsTQiIEDRhgZMXpCJGNnoYyRM2g8hFOHp44ZYGs4hAgHjtkaNuA-nANn4tscNmAktfFwTBu7OmjeAJzDJxkzC5M-FOPGzcIZMG7QtKFWRBs3GHXIoJEjB461n0PHyOGSsIg6cthcnoEVBo4ZD-vIyIiGDh04c3S8eIEHD5syalyckROGThozediAJtO8zBwXY960efGjDp02X-a8gT2mTI8cRmHQyGxjDOAxM5jS4FJnpAwbc2L0wHxjMX37-MnQQ0OjxbDVfzDcN8cM-wEm2H0IKlhDD4oxFmF7bKQxxhpfpEFGD2-YcQMTVsTBhhhTfNHCG2ucgUcYU6BRQxUzkPEdDG9IcQQTVESBBQxLPDGHFVIoAQUWQ4whxxRl0IHEEGsQ8cQZU8iRRRA1RGGGGeE9oQcUcNgxxxJx4MDRGzRYocUZLeSRRB5ZqKHFFDC0gUYRddDARhZnoKFHHGPAcEQVUaRxxhdnVJEEEVJUkcaFaugXA6Q5DCgWGdplNN4bLsAhh3UKFdbcQlts1cVacgT1VhkiudbRQjC4AENFIowBB3ieqhqrfZ3JYQdiZz1Uhq1twCqrS7nVkUZGOMQQBlxilBHSGGR0dRJmJiHFlFU4yCCGmTcEVoMMOIiVBmIi5BCDC6y5gJILDdEglhwdoqsuu7G-G69YdYSRURNv6JEGG2yE8UINsoKAwhVpuIHpHXOA4AQVIMSw6w4gMOwGZxjjwTEIvjIEA8IwpADCEcOu8cYLZ1k866wgGJHGp2a8gccLFpMs1hiqiuDEE2K9QS_PGf0sFhs9F-HEpWXY8cWnsjFUQ3-32dAVDA_JcYZlotWAww0PHeS0GHIshMNpIoj9RRtvkGEWUrSSIccblz30hkKJoWpzHgv1WgZkOgzkGxzCvbBpp5_OMccLYt2RUQzkwiAWGo8nKO9evmY0Nx3NCd1CHW6kQUcLNtjgAhljQH5pzwd9gbrqFhXLUOk51DCD7bbFvtvsNtR-O2Zfg-XY09bB8cWovPuOO9pNH3-cHHTgvUVap0Ikhl9p__0TGxOthTSshd3qNHPO0a1DvjKkBHatqsnQhwIBAQ%3D%3D&r=1&s=9f8fdf3a49886f82a29ae2d006413656aa866a36d0dd3d4d783cf24d7399e4211669535308&w=t&ir=245x208
IP 94.130.141.49:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WIySHGTI2NMlrAgCFmTAsaMnLcaCEGxgyTN8yEoYGDhpkYY2iUESPiYZg6YzKWyTHGzAwcNkLeKINDzMkYM8ywJHO0Bc4ZNsTQiIEDRhgZMXpCJGNnoYyRM2g8hFOHp44ZYGs4hAgHjtkaNuA-nANn4tscNmAktfFwTBu7OmjeAJzDJxkzC5M-FOPGzcIZMG7QtKFWRBs3GHXIoJEjB461n0PHyOGSsIg6cthcnoEVBo4ZD-vIyIiGDh04c3S8eIEHD5syalyckROGThozediAJtO8zBwXY960efGjDp02X-a8gT2mTI8cRmHQyGxjDOAxM5jS4FJnpAwbc2L0wHxjMX37-MnQQ0OjxbDVfzDcN8cM-wEm2H0IKlhDD4oxFmF7bKQxxhpfpEFGD2-YcQMTVsTBhhhTfNHCG2ucgUcYU6BRQxUzkPEdDG9IcQQTVESBBQxLPDGHFVIoAQUWQ4whxxRl0IHEEGsQ8cQZU8iRRRA1RGGGGeE9oQcUcNgxxxJx4MDRGzRYocUZLeSRRB5ZqKHFFDC0gUYRddDARhZnoKFHHGPAcEQVUaRxxhdnVJEEEVJUkcaFaugXA6Q5DCgWGdplNN4bLsAhh3UKFdbcQlts1cVacgT1VhkiudbRQjC4AENFIowBB3ieqhqrfZ3JYQdiZz1Uhq1twCqrS7nVkUZGOMQQBlxilBHSGGR0dRJmJiHFlFU4yCCGmTcEVoMMOIiVBmIi5BCDC6y5gJILDdEglhwdoqsuu7G-G69YdYSRURNv6JEGG2yE8UINsoKAwhVpuIHpHXOA4AQVIMSw6w4gMOwGZxjjwTEIvjIEA8IwpADCEcOu8cYLZ1k866wgGJHGp2a8gccLFpMs1hiqiuDEE2K9QS_PGf0sFhs9F-HEpWXY8cWnsjFUQ3-32dAVDA_JcYZlotWAww0PHeS0GHIshMNpIoj9RRtvkGEWUrSSIccblz30hkKJoWpzHgv1WgZkOgzkGxzCvbBpp5_OMccLYt2RUQzkwiAWGo8nKO9evmY0Nx3NCd1CHW6kQUcLNtjgAhljQH5pzwd9gbrqFhXLUOk51DCD7bbFvtvsNtR-O2Zfg-XY09bB8cWovPuOO9pNH3-cHHTgvUVap0Ikhl9p__0TGxOthTSshd3qNHPO0a1DvjKkBHatqsnQhwIBAQ%3D%3D&r=1&s=9f8fdf3a49886f82a29ae2d006413656aa866a36d0dd3d4d783cf24d7399e4211669535308&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 07:48:29 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
143.204.46.73200 OK 2.6 kB URL HTTP/1.1 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 143.204.46.73:0
File type ASCII text, with very long lines (6482), with no line terminators
Hash 7c02d92c228e02f2ddfec1a48bdb044d
e4cc88b704d6cf3af8cd4949f5c5eee606a573a3
07f71d82eeb36040c2c3fe12bdc73cb8fe3e7e4890f05981842feb491f24020c
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Last-Modified: Fri, 18 Nov 2022 03:05:15 GMT
x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 27 Nov 2022 07:48:29 GMT
Cache-Control: public, max-age=86400
ETag: W/"a4d296427fc806b21335359e398c025c"
Vary: Accept-Encoding,Origin
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WYCv90BuVHu3a4Y0sfIKA5DLjdppxh5tjB93W9IJlsu7RZMFZY6pxQ==
Age: 1292
c.amazon-adsystem.com/cdn/prod/config?src=600&u=http%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
143.204.46.73204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=http%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 143.204.46.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=http%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Sun, 27 Nov 2022 07:48:29 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CkuMN1m6hnOI_rQpbQohXBxIVB-JfFXzGzoVAUC7NZUHkxOx3NinIQ==
X-Firefox-Spdy: h2
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fouo.press%2F1LISgCW&pr=http%3A%2F%2Fouo.press%2F1LISgCW%3F__cf_chl_tk%3DkBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&pid=mW5EvpboxIIlR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
54.230.241.131200 OK 165 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=http%3A%2F%2Fouo.press%2F1LISgCW&pr=http%3A%2F%2Fouo.press%2F1LISgCW%3F__cf_chl_tk%3DkBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&pid=mW5EvpboxIIlR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 54.230.241.131:0
File type ASCII text, with no line terminators
Hash 524702d9c4ac8c61e27c3d850412f10f
199d4d5b602799e1a01577115d249b9707dbf37a
7e4302335da0ce23c817a82d8d34836aef6ef7fb136f731d4ba29a7e4d762a7b
GET /e/dtb/bid?src=600&u=http%3A%2F%2Fouo.press%2F1LISgCW&pr=http%3A%2F%2Fouo.press%2F1LISgCW%3F__cf_chl_tk%3DkBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&pid=mW5EvpboxIIlR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 165
server: Server
date: Sun, 27 Nov 2022 07:48:29 GMT
x-amz-rid: QVX7WBQG8DTWVPF3CD20
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9F-B5Y-ZVcCsOCsw9z9NT22Atpk8Hmf9yYImuycrpnrLH5qqPU3GRw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0b0e9f608a10b7c905c4a51b890ab2a
607db8d4c0c88c28738d4428efa82a4750828ef1
7fe69b639eb6808e7551b00f33482471296308afd7fa504da3c14ca6f44f57cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FE69B639EB6808E7551B00F33482471296308AFD7FA504DA3C14CA6F44F57CF"
Last-Modified: Thu, 24 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4703
Expires: Sun, 27 Nov 2022 09:06:53 GMT
Date: Sun, 27 Nov 2022 07:48:30 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 27 Nov 2022 07:48:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6fea1f564d8faf436a35103695c4d21
Strict-Transport-Security: max-age=0; includeSubdomains
integrityprinciplesthorough.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63%3A3%3A1
173.233.137.52200 OK 3.4 kB URL HTTP/1.1 integrityprinciplesthorough.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63%3A3%3A1
IP 173.233.137.52:0
File type JSON data\012- , ASCII text, with very long lines (5919), with no line terminators
Hash 8f758b90afc1c9452dc6e992c0902f76
ac8f594d6f2b5ba3f412442b081f98efafa495fb
3c56738841ad256c7df320625cce3444554abb2d7b297fac0bbb8f4d891fa7d1
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=6437a6c1-ae41-436c-bed6-40f5c2aadc63%3A3%3A1 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:30 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://ouo.press
Access-Control-Allow-Origin: http://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Mon, 28 Nov 2022 07:48:30 GMT; secure; SameSite=None
uid_id2=6437a6c1-ae41-436c-bed6-40f5c2aadc63:3:1; expires=Sun, 04 Dec 2022 07:48:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 07:48:30 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 07:48:30 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 28 Nov 2022 07:48:30 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 28 Nov 2022 07:48:30 GMT; secure; SameSite=None
sleced36014633829dc70a42dccaefdf3f11=[3789941]; expires=Sun, 27 Nov 2022 07:48:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d2121282908c14c19c3613947f1d000
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7afa63a2e765a5889feedb036228204
546d048429118d6ff49049b948a6d39c3706b4e1
ce33ebbd5115ffaac9721eacc50f458d369b30dbc875379c5602fe846d078207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4093
Expires: Sun, 27 Nov 2022 08:56:43 GMT
Date: Sun, 27 Nov 2022 07:48:30 GMT
Connection: keep-alive
integrityprinciplesthorough.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnpmMOQTjbiQYk7C7EhAPVldVT8pUdzVV3dOTnIKBZT0I40mPPc8kG1YXcfEsu0y8aEDIKC5BjH%2BAF0HYs8xkIPge6n3f%2BryH532q7vTzM%2BIip6fr7%2BkdqRSdrVfdymsbMuG6sJXV2xXPrbrzlQ2ZNIL5Snd8mM6bnluvuq9X3hFsS8%2FWXM91PderLEkjIt2dnVDI9EHLq7bcalCrevUAXfPf3uYOLHXAO2fkGiQfXd388SEkGyKJv70u7Fam0zduxLmimTbo8MP3k61EFwniizIyDqLkcDoNbUeEfHkJOjmcbgDd2R9vgFCOiPPEQ5gcTmUi7BycKw0VRIKQP4OiM4RQQ0g6BNN7kPyEAIxjdQ1JfG9Vm4Jun1M6piNy5ek%2FkMWIXPnjeSTxN4tKdiu3tMozqROLblRCdoeQ7SHS%2FAjZjgNZHIFln0Dyn8ns0xUk8f6aVRqSn77aCPwmbTBvhorAmwn8BpsJBW%2FMBG5UZzVKOWv4E4ukHEJGQyjRA7WXkVsHuXSQRw7y1EHMTyu03opctxmFke%2FPBYwx32esPtfgde4Hc5GLnI136CFLe2CqB2Z2kZpdbMkeTP4YdrOE5Q5sRtDhJQpBUFiCghIUkqDICIpOecCVrdnyHlc2D71prk2zXw501u7TA521RUL66Rl5bmLcXx9%2Bhy1xWhHcb7he0PD9uVqLs6ZLgxpnjIqIR37kebCyhLSXQK2DHXny7BOk8uR%2FJUJ6BKuOwOQroPlLoMWgWXNBNwfBnIud5L7OdTU1wlpwXSLNriLbdvrqjLw4EdD6NYdgxwu%2F3ej%2F9HjvGpgpkZoSH8sfCNrq7uCmLsj%2BTV1Y8nAtzWQsd%2Bj4VW9lNBNXvnpXbBfa8OXrtnf%2FLTYG4%2FLBbWGzFZpwmbQt%2BXpRci7MkjZMkO%2BX7YYI13O7uZibJE9X1t9eWo4nAqVOhqDy5KNHYHJE%2Fh%2FfmfzXl3%2F%2FFNIMYfIScX5MpgGpj8DSXdj0eOGLz9b%2BnOcfwGoCoy5mwtRBkZcDUwsvLpUkUOKip2EJKy4sCMXxo7%2FPWd%2FeRds4oNkekrhEx5ToqBJU9WDzy4MsNccLv%2FiTQKicQaiMsx8qoz4%2Ft9bK04qoR24k3JoIo1YYNanLW1HQCmnLE82wTj1kdsT2Xlj9FwAA%2F%2F8BAAD%2F%2F20RrEaHBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 integrityprinciplesthorough.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnpmMOQTjbiQYk7C7EhAPVldVT8pUdzVV3dOTnIKBZT0I40mPPc8kG1YXcfEsu0y8aEDIKC5BjH%2BAF0HYs8xkIPge6n3f%2BryH532q7vTzM%2BIip6fr7%2BkdqRSdrVfdymsbMuG6sJXV2xXPrbrzlQ2ZNIL5Snd8mM6bnluvuq9X3hFsS8%2FWXM91PderLEkjIt2dnVDI9EHLq7bcalCrevUAXfPf3uYOLHXAO2fkGiQfXd388SEkGyKJv70u7Fam0zduxLmimTbo8MP3k61EFwniizIyDqLkcDoNbUeEfHkJOjmcbgDd2R9vgFCOiPPEQ5gcTmUi7BycKw0VRIKQP4OiM4RQQ0g6BNN7kPyEAIxjdQ1JfG9Vm4Jun1M6piNy5ek%2FkMWIXPnjeSTxN4tKdiu3tMozqROLblRCdoeQ7SHS%2FAjZjgNZHIFln0Dyn8ns0xUk8f6aVRqSn77aCPwmbTBvhorAmwn8BpsJBW%2FMBG5UZzVKOWv4E4ukHEJGQyjRA7WXkVsHuXSQRw7y1EHMTyu03opctxmFke%2FPBYwx32esPtfgde4Hc5GLnI136CFLe2CqB2Z2kZpdbMkeTP4YdrOE5Q5sRtDhJQpBUFiCghIUkqDICIpOecCVrdnyHlc2D71prk2zXw501u7TA521RUL66Rl5bmLcXx9%2Bhy1xWhHcb7he0PD9uVqLs6ZLgxpnjIqIR37kebCyhLSXQK2DHXny7BOk8uR%2FJUJ6BKuOwOQroPlLoMWgWXNBNwfBnIud5L7OdTU1wlpwXSLNriLbdvrqjLw4EdD6NYdgxwu%2F3ej%2F9HjvGpgpkZoSH8sfCNrq7uCmLsj%2BTV1Y8nAtzWQsd%2Bj4VW9lNBNXvnpXbBfa8OXrtnf%2FLTYG4%2FLBbWGzFZpwmbQt%2BXpRci7MkjZMkO%2BX7YYI13O7uZibJE9X1t9eWo4nAqVOhqDy5KNHYHJE%2Fh%2FfmfzXl3%2F%2FFNIMYfIScX5MpgGpj8DSXdj0eOGLz9b%2BnOcfwGoCoy5mwtRBkZcDUwsvLpUkUOKip2EJKy4sCMXxo7%2FPWd%2FeRds4oNkekrhEx5ToqBJU9WDzy4MsNccLv%2FiTQKicQaiMsx8qoz4%2Ft9bK04qoR24k3JoIo1YYNanLW1HQCmnLE82wTj1kdsT2Xlj9FwAA%2F%2F8BAAD%2F%2F20RrEaHBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnpmMOQTjbiQYk7C7EhAPVldVT8pUdzVV3dOTnIKBZT0I40mPPc8kG1YXcfEsu0y8aEDIKC5BjH%2BAF0HYs8xkIPge6n3f%2BryH532q7vTzM%2BIip6fr7%2BkdqRSdrVfdymsbMuG6sJXV2xXPrbrzlQ2ZNIL5Snd8mM6bnluvuq9X3hFsS8%2FWXM91PderLEkjIt2dnVDI9EHLq7bcalCrevUAXfPf3uYOLHXAO2fkGiQfXd388SEkGyKJv70u7Fam0zduxLmimTbo8MP3k61EFwniizIyDqLkcDoNbUeEfHkJOjmcbgDd2R9vgFCOiPPEQ5gcTmUi7BycKw0VRIKQP4OiM4RQQ0g6BNN7kPyEAIxjdQ1JfG9Vm4Jun1M6piNy5ek%2FkMWIXPnjeSTxN4tKdiu3tMozqROLblRCdoeQ7SHS%2FAjZjgNZHIFln0Dyn8ns0xUk8f6aVRqSn77aCPwmbTBvhorAmwn8BpsJBW%2FMBG5UZzVKOWv4E4ukHEJGQyjRA7WXkVsHuXSQRw7y1EHMTyu03opctxmFke%2FPBYwx32esPtfgde4Hc5GLnI136CFLe2CqB2Z2kZpdbMkeTP4YdrOE5Q5sRtDhJQpBUFiCghIUkqDICIpOecCVrdnyHlc2D71prk2zXw501u7TA521RUL66Rl5bmLcXx9%2Bhy1xWhHcb7he0PD9uVqLs6ZLgxpnjIqIR37kebCyhLSXQK2DHXny7BOk8uR%2FJUJ6BKuOwOQroPlLoMWgWXNBNwfBnIud5L7OdTU1wlpwXSLNriLbdvrqjLw4EdD6NYdgxwu%2F3ej%2F9HjvGpgpkZoSH8sfCNrq7uCmLsj%2BTV1Y8nAtzWQsd%2Bj4VW9lNBNXvnpXbBfa8OXrtnf%2FLTYG4%2FLBbWGzFZpwmbQt%2BXpRci7MkjZMkO%2BX7YYI13O7uZibJE9X1t9eWo4nAqVOhqDy5KNHYHJE%2Fh%2FfmfzXl3%2F%2FFNIMYfIScX5MpgGpj8DSXdj0eOGLz9b%2BnOcfwGoCoy5mwtRBkZcDUwsvLpUkUOKip2EJKy4sCMXxo7%2FPWd%2FeRds4oNkekrhEx5ToqBJU9WDzy4MsNccLv%2FiTQKicQaiMsx8qoz4%2Ft9bK04qoR24k3JoIo1YYNanLW1HQCmnLE82wTj1kdsT2Xlj9FwAA%2F%2F8BAAD%2F%2F20RrEaHBAAA HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=6437a6c1-ae41-436c-bed6-40f5c2aadc63:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:30 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf0371c84f7225d533409acce2271bd2
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13335
Expires: Sun, 27 Nov 2022 11:30:45 GMT
Date: Sun, 27 Nov 2022 07:48:30 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13335
Expires: Sun, 27 Nov 2022 11:30:45 GMT
Date: Sun, 27 Nov 2022 07:48:30 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 07:48:30 GMT
Date: Sun, 27 Nov 2022 07:48:30 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/close.svg
172.64.108.13200 OK 921 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/close.svg
IP 172.64.108.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 74efcca5986691a84d35bd8c131b6211
47508c90e01a166627f9bca3ab7077559fefe955
ced11e5fd6f8cd8e582cdeb0a47fb28f6385cf369cd69bbd9e025af23814a00e
GET /sb/notifications/games/nutaku/multi/4/images/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Aug 2022 09:15:06 GMT
etag: W/"62ff549a-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1014909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFIbAi2r4vuShyui%2BToIr8VPPa9XAvN7Em1eAYg6iEWy3TpvaSEvAfsPJ6Q5HLDekm88BjnoyXdZLyBMtmtETPVyqAKi9O%2B%2B4kfsTIE7eeNV3YbMdoKoEuXPXlwz0GwbZazqabBl6lpC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bfc6e72e5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/4/index.html
45.133.44.3200 OK 540 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/4/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text
Hash 917b7d5ef7077a039e27db81bc7c2eb7
a9d05eb9d2a48c9d87887d170fe1a4d188168311
edbd62eca4ec89adfd58e95f9d400df10fa65b63759ff78207a8efa66e67a327
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/4/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Fri, 19 Aug 2022 09:15:02 GMT
etag: W/"62ff5496-63e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 27 Nov 2022 08:48:30 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png
172.64.108.13200 OK 1.4 MB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png
IP 172.64.108.13:0
File type PNG image data, 1316 x 1848, 8-bit/color RGBA, non-interlaced\012- data
Size 1.4 MB (1445587 bytes)
Hash 950cbc4a86f9305f9cab1899d35cee25
75a126fbee600ceee47a696bfe7cd76de1b6d1cc
16b688a8183ee40269af3fde1f59635b6c16bbc538d9dd6261d4f6dec42f8c65
GET /sb/notifications/games/nutaku/multi/4/images/landing/booty-calls/13/bg-removebg-preview.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: image/png
content-length: 1445587
last-modified: Fri, 19 Aug 2022 09:15:12 GMT
etag: "62ff54a0-160ed3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1014909
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82uf%2BOn7lRCWqJZIOfAoM6593lBxEB9nugJqfDDrNEGAhH63Jp4S0KhtafxDNJJVpxHBd4CtPbIIQrh2RqmGF503v1HSMo7TbTXIlZDx%2FeK3NXhVl2kmMHJEm37qqoRasIfrjIuk8bvV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bfc7272e5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/css/styles.css
172.64.108.13200 OK 1.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/images/landing/css/styles.css
IP 172.64.108.13:0
File type ASCII text, with very long lines (3797)
Hash 31a2db84c7b9fe257c5cf7333b1ec6be
1874cb4b3119cfc7e69eadccb0a1c7cca9ee3829
233c86c6865f5528ec391f7cfa860847f647fc618c57127155d96dd8cffc2a3a
GET /sb/notifications/games/nutaku/multi/4/images/landing/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: text/css
last-modified: Fri, 19 Aug 2022 09:15:08 GMT
etag: W/"62ff549c-ed9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dzha2MUBKp%2FuFBvu4A%2B0LWEIbz56MX04Xig%2BB6X97CgONdx9%2BYMWcdsXDq%2FUGy8AALfCjvHRa8Zcx%2B5g6r%2BKxv0S6byuelY9DF9KnSXvU111BRiw3NU25SxqO%2Fejip7ceVuHjB%2FXkHi6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bc9680091-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/jquery.min.js
172.64.108.13200 OK 46 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/jquery.min.js
IP 172.64.108.13:0
File type ASCII text, with very long lines (32049)
Hash c93c182c703cb29b51c76097c4b99f4a
8542863b313dad097c17db07e93dfbc9d204e978
5f31b71259912c33425cd9b6d21d37b4cb2ac27df71f9b13843e9bebe713b854
GET /sb/notifications/games/nutaku/multi/4/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: application/javascript
last-modified: Fri, 19 Aug 2022 09:15:15 GMT
etag: W/"62ff54a3-149b8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1014909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrl0VHpMTv4iqDIbBioAD%2F9cWAApyAIpnfaxk4NCJr2ftRwDApRVDoz5F3Z1jRiE9YErCQk1%2F5zqc08XBWXcxfX45HG1cp3oh4Dyvc7Co2bO6LnDiFmUPIXsQTKSOJRtUPJ53OFoVGNq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bfc7572e5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
integrityprinciplesthorough.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=153
173.233.137.52200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=153
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fjs%2Fscript.js&l=4076&fd=153 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
integrityprinciplesthorough.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fcss%2Fstyle.css&l=8110&fd=367
173.233.137.52200 OK 0 B URL HTTP/1.1 integrityprinciplesthorough.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fcss%2Fstyle.css&l=8110&fd=367
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F4%2Fcss%2Fstyle.css&l=8110&fd=367 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:31 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
integrityprinciplesthorough.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnl%2FuYTHuRoIxCbsrAfFgdVX1pEx1V1PVPT3JKRhY1oMwnvTY80yyYXURF8%2Byy8SLBoSM4hLE%2BAd4EYQ9y0wGgu%2Bh3vetz3t43qfqziA%2FJS5yerL2nt6WStH5etWtvLYuE64LW1m5XfHcqnu1si6TRnC10pscpvum59ar7uuVdwTb1PM113Ndz%2FUqi9KISPfmpxQyfdD2qm23GtSqXj1Az%2Fy3t7kDSx3w7im5AsnHlzd%2BfAjJRkjib68Lu5np9I0bca5opg26%2FOD9ZDPRRYL4vIyMgyg5mE1D2zEhX16ATg5mG0B39yYbIJRj4jzxECYHM5kIu%2FtnSkMFkSDkz6DojiDUCJKOwPQuJD8mAONYWUUS31vRpqBbZ5RO6JhcevoPZDEml%2F54Hkn8zYKSvcotrfJM6sSiF5WQvRFkZ4Q0P0S27UAWh2DZJ5D8ZzL%2FdBlJvLdqlYbkJ682Ar9JG8yboyLw5gK%2FweZCwRtzgRvVWY1Szhr%2B1CIpR5DRCEr0Qe1F5NZBLh3kkYM8dRDzkwqttyPXbUZh5PutgDHm%2B4zVWw1e537QilzkbLJDH1naB1N9MLOD1OxgU%2FZh8sewGyUsd2Azgi4vUQiCwhIUlKCQBEVGUHTLfa5szZb3uLJ56M1ybZb9cqizzoDu66wjEjJIT8lzU%2BP%2B%2BvA7bIqTiuB%2Bw%2FWChu%2B3am3Omi4NapwxKiIe%2BZHnwcoS0l4AtQ625fGzT5DK4%2F%2BVCOkhrDoEk6%2BA5i%2BBFsNmzQXdGAYtF9vJfZ3ramqEteC6RJpdRrblDNQpeXEqoP1rDsGOrv12Y%2FDT490rYKZEakp8LH8g6Ki7w5u6IHs3dWHJw9U0k7HcppNXvZXRTFz66l2xVWjDl67b%2Fv232ARMyge3hc2WacJl0rHk6wXJuTCL2jBBvl%2By6yJcy%2B3GQm6SPF1ee3txKZ4KlDoZgcrjjx6ByTH5f3xn%2Bl9f%2Fv1TSDOCyUvE%2BRGZBaQ%2BBEt3YNOja198tvrnVf4BrCYw6nwmTB0UeTk0tfD8UkkCJc57Gpaw4tyCUBw9%2BvuMDexddIwDmu0iiUt0TYmuKkFVHza%2FOMxSc3TtF38aCJUzDJVx9kJl1Odn1lp5Uql7gWiFrSbjPBSMe82a3%2FJdt8Z50GwLr43MjtnuCyv%2FAgAA%2F%2F8BAAD%2F%2F3kZIqCHBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 integrityprinciplesthorough.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnl%2FuYTHuRoIxCbsrAfFgdVX1pEx1V1PVPT3JKRhY1oMwnvTY80yyYXURF8%2Byy8SLBoSM4hLE%2BAd4EYQ9y0wGgu%2Bh3vetz3t43qfqziA%2FJS5yerL2nt6WStH5etWtvLYuE64LW1m5XfHcqnu1si6TRnC10pscpvum59ar7uuVdwTb1PM113Ndz%2FUqi9KISPfmpxQyfdD2qm23GtSqXj1Az%2Fy3t7kDSx3w7im5AsnHlzd%2BfAjJRkjib68Lu5np9I0bca5opg26%2FOD9ZDPRRYL4vIyMgyg5mE1D2zEhX16ATg5mG0B39yYbIJRj4jzxECYHM5kIu%2FtnSkMFkSDkz6DojiDUCJKOwPQuJD8mAONYWUUS31vRpqBbZ5RO6JhcevoPZDEml%2F54Hkn8zYKSvcotrfJM6sSiF5WQvRFkZ4Q0P0S27UAWh2DZJ5D8ZzL%2FdBlJvLdqlYbkJ682Ar9JG8yboyLw5gK%2FweZCwRtzgRvVWY1Szhr%2B1CIpR5DRCEr0Qe1F5NZBLh3kkYM8dRDzkwqttyPXbUZh5PutgDHm%2B4zVWw1e537QilzkbLJDH1naB1N9MLOD1OxgU%2FZh8sewGyUsd2Azgi4vUQiCwhIUlKCQBEVGUHTLfa5szZb3uLJ56M1ybZb9cqizzoDu66wjEjJIT8lzU%2BP%2B%2BvA7bIqTiuB%2Bw%2FWChu%2B3am3Omi4NapwxKiIe%2BZHnwcoS0l4AtQ625fGzT5DK4%2F%2BVCOkhrDoEk6%2BA5i%2BBFsNmzQXdGAYtF9vJfZ3ramqEteC6RJpdRrblDNQpeXEqoP1rDsGOrv12Y%2FDT490rYKZEakp8LH8g6Ki7w5u6IHs3dWHJw9U0k7HcppNXvZXRTFz66l2xVWjDl67b%2Fv232ARMyge3hc2WacJl0rHk6wXJuTCL2jBBvl%2By6yJcy%2B3GQm6SPF1ee3txKZ4KlDoZgcrjjx6ByTH5f3xn%2Bl9f%2Fv1TSDOCyUvE%2BRGZBaQ%2BBEt3YNOja198tvrnVf4BrCYw6nwmTB0UeTk0tfD8UkkCJc57Gpaw4tyCUBw9%2BvuMDexddIwDmu0iiUt0TYmuKkFVHza%2FOMxSc3TtF38aCJUzDJVx9kJl1Odn1lp5Uql7gWiFrSbjPBSMe82a3%2FJdt8Z50GwLr43MjtnuCyv%2FAgAA%2F%2F8BAAD%2F%2F3kZIqCHBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2skxRvGq%2FfH4fsVBBcRPCiDeFAwk%2B7pnl%2FuYTHuRoIxCbsrAfFgdVX1pEx1V1PVPT3JKRhY1oMwnvTY80yyYXURF8%2Byy8SLBoSM4hLE%2BAd4EYQ9y0wGgu%2Bh3vetz3t43qfqziA%2FJS5yerL2nt6WStH5etWtvLYuE64LW1m5XfHcqnu1si6TRnC10pscpvum59ar7uuVdwTb1PM113Ndz%2FUqi9KISPfmpxQyfdD2qm23GtSqXj1Az%2Fy3t7kDSx3w7im5AsnHlzd%2BfAjJRkjib68Lu5np9I0bca5opg26%2FOD9ZDPRRYL4vIyMgyg5mE1D2zEhX16ATg5mG0B39yYbIJRj4jzxECYHM5kIu%2FtnSkMFkSDkz6DojiDUCJKOwPQuJD8mAONYWUUS31vRpqBbZ5RO6JhcevoPZDEml%2F54Hkn8zYKSvcotrfJM6sSiF5WQvRFkZ4Q0P0S27UAWh2DZJ5D8ZzL%2FdBlJvLdqlYbkJ682Ar9JG8yboyLw5gK%2FweZCwRtzgRvVWY1Szhr%2B1CIpR5DRCEr0Qe1F5NZBLh3kkYM8dRDzkwqttyPXbUZh5PutgDHm%2B4zVWw1e537QilzkbLJDH1naB1N9MLOD1OxgU%2FZh8sewGyUsd2Azgi4vUQiCwhIUlKCQBEVGUHTLfa5szZb3uLJ56M1ybZb9cqizzoDu66wjEjJIT8lzU%2BP%2B%2BvA7bIqTiuB%2Bw%2FWChu%2B3am3Omi4NapwxKiIe%2BZHnwcoS0l4AtQ625fGzT5DK4%2F%2BVCOkhrDoEk6%2BA5i%2BBFsNmzQXdGAYtF9vJfZ3ramqEteC6RJpdRrblDNQpeXEqoP1rDsGOrv12Y%2FDT490rYKZEakp8LH8g6Ki7w5u6IHs3dWHJw9U0k7HcppNXvZXRTFz66l2xVWjDl67b%2Fv232ARMyge3hc2WacJl0rHk6wXJuTCL2jBBvl%2By6yJcy%2B3GQm6SPF1ee3txKZ4KlDoZgcrjjx6ByTH5f3xn%2Bl9f%2Fv1TSDOCyUvE%2BRGZBaQ%2BBEt3YNOja198tvrnVf4BrCYw6nwmTB0UeTk0tfD8UkkCJc57Gpaw4tyCUBw9%2BvuMDexddIwDmu0iiUt0TYmuKkFVHza%2FOMxSc3TtF38aCJUzDJVx9kJl1Odn1lp5Uql7gWiFrSbjPBSMe82a3%2FJdt8Z50GwLr43MjtnuCyv%2FAgAA%2F%2F8BAAD%2F%2F3kZIqCHBAAA HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=6437a6c1-ae41-436c-bed6-40f5c2aadc63:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3789941]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 07:48:31 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fd09d7256ed141579a58757717d61b2f
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/script.js
172.64.108.13200 OK 111 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/js/script.js
IP 172.64.108.13:0
Size 111 kB (110709 bytes)
Hash 92f96c386c0b9731e4c6a1fc6abc40ec
8257ba4d478f9f777246f191a219da9acebb7a8d
bc632c1869c51ce2ced86e98cf5dc5919fd566b633aab9f6f0c16e3667912282
GET /sb/notifications/games/nutaku/multi/4/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:42:11 GMT
etag: W/"632ac053-1160"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aqRHhdsuykAjLiiVciDvd7k5TR5Gb12Qm4KYPE6fImLH5VHTCLUBH62brBZ%2Fq1DkTT73ZkKseBVDMQrWSrTM%2BP%2Breu9K04PF0%2BeCiNPI4%2B4bUjocnTCI9cZxMiijsR4MMEwtWpoFvL7c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430c89af0091-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/style.css
172.64.108.13200 OK 2.1 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/style.css
IP 172.64.108.13:0
File type assembler source, ASCII text
Hash b0f63b6314a613026e86eca13614f55d
5084145cc784ca9e5fec9bdd9a75d6cdf74cf4ef
83ca92902e16185f38988bf0b48578be1f50435a5e9de3e0515ffeb4fdb01107
GET /sb/notifications/games/nutaku/multi/4/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:08:06 GMT
etag: W/"632ac666-1fae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A9L8Lt%2BYY9Rm3lsyB4l3ua6rBAvKM8hI9qfITHZ%2BSiPf5y08UcKgQkmQBPMVT0dLbS2jyVhHj%2F9gD9wGUAPsvQTn7mdQ%2FTINO8hj%2FN7WY54MzohSCjrybRbkj%2BSucqwKN%2FySEzRvp%2FBg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bc9690091-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
54.230.111.99200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP 54.230.111.99:0
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Sun, 27 Nov 2022 07:46:07 GMT
expires: Sun, 27 Nov 2022 08:10:31 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DCpgnsbWJIrTJvelPo2LBGpkmS-GcLxkR8XiRMfOspeGm-6O62_hOw==
age: 2278
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/animate.css
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/4/css/animate.css
IP 172.64.108.13:0
GET /sb/notifications/games/nutaku/multi/4/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:30 GMT
content-type: text/css
last-modified: Fri, 19 Aug 2022 09:15:04 GMT
etag: W/"62ff5498-ec8b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1014909
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ty3Jl0ZGaPUWUy93%2BFZJin3Ziv2RkyYQJpbP3f73%2Bl2rvzRlOVfJq3bPncLGaLL8ascRDnMdMWH4pZxDsCr6KNSp6lAhAmS%2BAEzhrvTenvivsTiJMeOplT%2Fr4ed%2FsobDmye6Fpxef8p2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7709430bcc3a72e5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
54.230.111.99200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 54.230.111.99:0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 27 Nov 2022 07:48:29 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: http://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _RvaDOfc6duyP8bzlx2hT_BgIYfYb2gECuqVYoSJ77_qwBpQTFspCQ==
X-Firefox-Spdy: h2
hhklc.com/c.js
104.21.70.122200 OK 0 B IP 104.21.70.122:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 07:48:28 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Sun, 27 Nov 2022 08:24:18 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 550
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMTG%2FGhIEu2HAfSNVhK8BYUH9NfIXJXOqrctjVyFKLeijpwGoqYDYobUWpeoCspxvHLBCgcwoNg86DXCD%2F3vxUBH%2FPORHJGV%2BQBnIQdzuZsVnLKStR%2BjM2CVF40%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770942fb1fc9b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F1LISgCW&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=http://ouo.press/1LISgCW?__cf_chl_tk=kBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&_firid=57707734
54.230.111.99200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F1LISgCW&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=http://ouo.press/1LISgCW?__cf_chl_tk=kBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&_firid=57707734
IP 54.230.111.99:0
GET /delivery/spc_fi.php?id=7419&url=%2F1LISgCW&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=http://ouo.press/1LISgCW?__cf_chl_tk=kBkES2K8GFl5ijWgLFExZKTGBLWhYEwIRLXVjvHgGkk-1669535304-0-gaNycGzNAv0&_firid=57707734 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
date: Sun, 27 Nov 2022 07:48:28 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Mon, 27-Nov-2023 07:48:28 GMT; Max-Age=31536000; path=/; secure; SameSite=none
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KboKgFfCbtt3NDQZqt5daeoin_kRUyMkjgWnS7WMHwmZJfy6rt2hrQ==
X-Firefox-Spdy: h2