Overview

URLproxy.quickmail.com/click/1/482312874/3fcb57a48811e2eabc468761f472eebb/bb8e3630ee2a010a0319f87debdcf757/next
IP 54.196.16.164 (United States)
ASN#14618 AMAZON-AES
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-30 14:33:36 UTC
StatusLoading report..
IDS alerts0
Blocklist alert2
urlquery alerts No alerts detected
Tags None

Domain Summary (57)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
a.clickcertain.com (11) 3511 2012-11-04 13:43:29 UTC 2022-11-29 22:24:36 UTC 104.26.9.50
proxy.quickmail.com (2) 0 No data No data 34.201.80.84 Unknown ranking
r3.o.lencr.org (6) 344 No data No data 95.101.11.115
ocsp.digicert.com (16) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.globalsign.com (1) 2075 2012-07-20 17:46:16 UTC 2020-05-02 20:58:10 UTC 104.18.20.226
ocsp.sca1b.amazontrust.com (7) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
api.hubapi.com (2) 4102 2012-06-25 18:13:07 UTC 2022-11-30 04:10:55 UTC 104.17.201.204
js.calltrk.com (3) 32925 2019-10-23 00:59:58 UTC 2022-11-30 06:12:00 UTC 143.204.55.59
cm.g.doubleclick.net (2) 202 2013-05-30 23:19:45 UTC 2022-11-30 06:00:43 UTC 142.250.74.162
js.hsadspixel.net (1) 3795 2018-01-11 01:40:17 UTC 2022-11-30 05:26:14 UTC 104.17.115.176
proxy.quickmail.com (2) 0 No data No data 54.157.4.65 Unknown ranking
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-30 04:53:34 UTC 142.250.74.168
cdnjs.cloudflare.com (2) 235 2015-04-17 20:46:33 UTC 2022-11-30 04:07:56 UTC 104.17.24.14
vars.hotjar.com (1) 1014 2020-11-05 16:23:46 UTC 2022-11-30 04:44:55 UTC 143.204.55.101
tracking.crazyegg.com (1) 3633 2020-03-10 07:15:05 UTC 2022-11-30 04:14:49 UTC 52.211.182.152
js.createsend1.com (1) 27451 2012-07-25 03:51:42 UTC 2020-03-14 12:05:21 UTC 143.204.55.36
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.189.139.67
cdn.jsdelivr.net (1) 439 2012-09-30 00:15:09 UTC 2020-08-10 12:12:39 UTC 151.101.129.229
use.fontawesome.com (1) 942 2018-09-18 10:26:26 UTC 2020-03-18 00:09:30 UTC 172.64.132.15
js.hs-analytics.net (1) 2411 2013-10-01 15:49:45 UTC 2022-11-30 05:26:14 UTC 104.17.67.176
js.hs-banner.com (1) 2426 2020-03-26 17:45:21 UTC 2022-11-30 05:26:14 UTC 104.18.33.171
googleads.g.doubleclick.net (2) 42 2021-02-20 15:43:32 UTC 2022-11-30 05:44:45 UTC 142.250.74.66
a.browserspeed.support (4) 0 No data No data 52.11.204.242 Unknown ranking
script.crazyegg.com (3) 1992 2015-01-07 19:40:26 UTC 2020-02-29 22:05:25 UTC 104.19.148.8
pagestates-tracking.crazyegg.com (1) 3647 2020-10-26 19:42:04 UTC 2022-11-30 04:14:49 UTC 54.230.111.22
ocsp.pki.goog (17) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
unpkg.com (6) 11693 2016-01-07 23:26:01 UTC 2022-11-30 04:08:09 UTC 104.16.122.175
pixel.tapad.com (2) 400 2012-10-01 07:23:01 UTC 2022-11-30 04:19:44 UTC 35.227.248.159
a.remarketstats.com (1) 38181 2012-11-23 02:54:21 UTC 2022-11-30 07:16:01 UTC 172.67.69.73
www.buildinglink.com (2) 265678 2017-02-13 18:45:11 UTC 2022-11-29 15:18:27 UTC 104.18.23.136
js.calltrk.com (3) 32925 2019-10-23 00:59:58 UTC 2022-11-30 06:12:00 UTC 143.204.55.119
secure.adnxs.com (2) 396 2012-05-22 16:37:37 UTC 2020-03-11 07:38:04 UTC 185.89.211.84
assets-tracking.crazyegg.com (1) 3651 2021-10-27 14:05:49 UTC 2022-11-30 04:14:49 UTC 54.230.111.114
www.gstatic.com (4) 0 2016-07-26 09:37:06 UTC 2022-11-30 05:55:04 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
in.hotjar.com (1) 1746 2018-10-22 17:15:59 UTC 2020-11-20 16:45:40 UTC 52.31.187.71
io.v2.customerlabs.co (3) 178787 No data No data 44.207.227.229
fonts.gstatic.com (9) 0 2014-09-09 00:40:21 UTC 2022-11-30 04:54:31 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
region1.analytics.google.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-30 04:06:05 UTC 216.239.32.36 Domain (google.com) ranked at: 1
ocsp.r2m02.amazontrust.com (1) 0 2022-10-12 14:01:39 UTC 2022-11-30 04:11:07 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
js.hscollectedforms.net (1) 5697 2018-01-10 15:37:15 UTC 2022-11-30 04:18:21 UTC 104.17.129.171
www.bugherd.com (1) 17668 2018-07-02 22:12:51 UTC 2020-03-10 14:23:15 UTC 54.237.133.81
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-30 04:06:17 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-30 04:06:04 UTC 34.117.237.239
nam02.safelinks.protection.outlook.com (1) 15463 2017-02-08 17:20:23 UTC 2022-11-30 04:11:03 UTC 104.47.57.28
static.hotjar.com (1) 641 2014-11-01 05:14:27 UTC 2020-04-26 08:32:02 UTC 143.204.55.37
fonts.googleapis.com (3) 8877 2013-06-10 20:14:26 UTC 2022-11-30 05:55:22 UTC 142.250.74.106
i.liadm.com (1) 511 2018-06-14 11:13:17 UTC 2020-03-22 02:35:53 UTC 54.174.64.137
x.bidswitch.net (2) 286 2017-08-28 15:21:00 UTC 2021-09-28 10:50:41 UTC 3.122.202.119
www.google.no (2) 25607 2016-04-05 19:50:59 UTC 2022-11-30 05:08:52 UTC 142.250.74.163
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
js.hs-scripts.com (1) 2571 2018-01-31 16:47:28 UTC 2022-11-30 04:10:54 UTC 104.17.210.204
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-30 05:00:30 UTC 74.125.131.155
cdn.js.customerlabs.co (1) 147110 2018-09-23 07:23:21 UTC 2020-04-15 11:44:37 UTC 143.204.42.24
script.hotjar.com (1) 887 2020-11-05 16:23:46 UTC 2022-11-30 06:12:24 UTC 143.204.55.46
ocsp.pki.goog (17) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-30 2 a.browserspeed.support/ Phishing
2022-11-30 2 a.browserspeed.support/ Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 54.196.16.164
Date UQ / IDS / BL URL IP
2023-01-24 18:24:06 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/539735882/beb99b5 (...) 54.196.16.164
2023-01-24 18:00:56 +0000 0 - 0 - 1 proxy.quickmail.com/click/1/526647348/954c049 (...) 54.196.16.164
2023-01-24 18:00:44 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/532902859/3bfe23a (...) 54.196.16.164
2023-01-24 18:00:38 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/526647348/552c56f (...) 54.196.16.164
2023-01-24 16:58:57 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/539567888/cdc78b5 (...) 54.196.16.164


Last 5 reports on ASN: AMAZON-AES
Date UQ / IDS / BL URL IP
2023-01-27 14:39:43 +0000 0 - 1 - 0 shopgala.api.twyne.io/lout/rdirect/80/852/163 (...) 52.71.127.56
2023-01-27 14:32:49 +0000 0 - 0 - 58 ui.fraudfree.net/api/r/i/63ae5075a9cd46fb16509925 54.237.163.208
2023-01-27 14:32:09 +0000 0 - 0 - 6 primerewardz.com/go/to/f388f2/key/43e0d9b59fc (...) 107.23.100.94
2023-01-27 14:32:04 +0000 0 - 0 - 6 smoothreward.com/go/to/1c1b97/key/b669f07ad98 (...) 107.23.100.94
2023-01-27 14:31:57 +0000 0 - 0 - 6 primerewardz.com/go/to/48fc30/key/c28a84399e5 (...) 3.212.250.95


Last 5 reports on domain: quickmail.com
Date UQ / IDS / BL URL IP
2023-01-26 23:56:13 +0000 0 - 4 - 0 proxy.quickmail.com/click/1/542141252/a42d8dd (...) 54.91.6.89
2023-01-24 22:32:14 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/539963403/cdc78b5 (...) 54.91.6.89
2023-01-24 20:46:06 +0000 0 - 0 - 2 proxy.quickmail.com/unsubscribe/1/122171327/5 (...) 34.201.80.84
2023-01-24 20:21:07 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/539869108/05380d9 (...) 54.157.4.65
2023-01-24 18:24:06 +0000 0 - 0 - 2 proxy.quickmail.com/click/1/539735882/beb99b5 (...) 54.196.16.164


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-23 18:22:11 +0000 0 - 0 - 2 www.buildinglink.com/ 104.18.22.136

JavaScript

Executed Scripts (69)

Executed Evals (8)
#1 JavaScript::Eval (size: 15705) - SHA256: ffc056b1e873049c9b8f1851d0dc36ef4e65299450ca36d0003c01571b8310aa
(function() {
    var y, nv = function(n, E, I, e) {
            for (e = (I = a(E), 0); 0 < n; n--) e = e << 8 | z(E);
            Z(I, E, e)
        },
        c = function(n, E, I, e, X, L) {
            if (n.N.length) {
                (n.R = (n.R && 0(), true), n).rY = E;
                try {
                    e = n.Z(), n.G = e, n.I = 0, n.Y = e, L = Ia(E, n), X = n.Z() - n.Y, n.D += X, X < (I ? 0 : 10) || 0 >= n.l-- || (X = Math.floor(X), n.F.push(254 >= X ? X : 254))
                } finally {
                    n.R = false
                }
                return L
            }
        },
        iN = function(n, E, I) {
            if ((I = typeof n, "object") == I)
                if (n) {
                    if (n instanceof Array) return "array";
                    if (n instanceof Object) return I;
                    if ((E = Object.prototype.toString.call(n), "[object Window]") == E) return "object";
                    if ("[object Array]" == E || "number" == typeof n.length && "undefined" != typeof n.splice && "undefined" != typeof n.propertyIsEnumerable && !n.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == E || "undefined" != typeof n.call && "undefined" != typeof n.propertyIsEnumerable && !n.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == I && "undefined" == typeof n.call) return "object";
            return I
        },
        m = function(n, E) {
            n.N.splice(0, 0, E)
        },
        Lv = function(n, E) {
            return (n = n.create().shift(), E.S).create().length || E.v.create().length || (E.v = void 0, E.S = void 0), n
        },
        P = function(n, E, I, e, X, L) {
            if (!E.U) {
                if (3 < (I = (0 == ((L = void 0, I && I[0] === r) && (n = I[1], L = I[2], I = void 0), X = Q(19, E), X).length && (e = Q(117, E) >> 3, X.push(n, e >> 8 & 255, e & 255), void 0 != L && X.push(L & 255)), n = "", I && (I.message && (n += I.message), I.stack && (n += ":" + I.stack)), Q(504, E)), I)) {
                    E.L = (L = (n = (I -= (n = n.slice(0, (I | 0) - 3), n.length | 0) + 3, EK(n)), E.L), E);
                    try {
                        G(E, 446, f(2, n.length).concat(n), 9)
                    } finally {
                        E.L = L
                    }
                }
                Z(504, E, I)
            }
        },
        b = function(n, E, I) {
            n[Z(I, E, n), ev] = 2796
        },
        Tl = function(n, E) {
            (E.push(n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3]), E.push(n[4] << 24 | n[5] << 16 | n[6] << 8 | n[7]), E).push(n[8] << 24 | n[9] << 16 | n[10] << 8 | n[11])
        },
        gN = function(n, E, I, e) {
            G(n, (I = (e = a(n), a(n)), I), f(E, Q(e, n)))
        },
        Xn = function(n, E) {
            if (E = (n = q.trustedTypes, null), !n || !n.createPolicy) return E;
            try {
                E = n.createPolicy("bg", {
                    createHTML: x0,
                    createScript: x0,
                    createScriptURL: x0
                })
            } catch (I) {
                q.console && q.console.error(I.message)
            }
            return E
        },
        aa = function(n, E, I, e) {
            return (e = O[n.substring(0, 3) + "_"]) ? e(n.substring(3), E, I) : wN(E, n)
        },
        DU = function(n, E, I, e) {
            try {
                e = n[((E | 0) + 2) % 3], n[E] = (n[E] | 0) - (n[((E | 0) + 1) % 3] | 0) - (e | 0) ^ (1 == E ? e << I : e >>> I)
            } catch (X) {
                throw X;
            }
        },
        Q = function(n, E) {
            if (void 0 === (E = E.K[n], E)) throw [r, 30, n];
            if (E.value) return E.create();
            return E.create(1 * n * n + -43 * n + -56), E.prototype
        },
        ZU = function(n, E, I, e, X, L) {
            for (e = (L = (I = ((X = a((E = n[zl] || {}, n)), E.TW = a(n), E).P = [], n.L == n) ? (z(n) | 0) - 1 : 1, a(n)), 0); e < I; e++) E.P.push(a(n));
            for (E.A = Q(X, n); I--;) E.P[I] = Q(E.P[I], n);
            return E.Kv = Q(L, n), E
        },
        Mi = function(n, E, I, e, X) {
            G(n, (((e = Q((X = a((e = (I = E & 4, E &= 3, a(n)), n)), e), n), I) && (e = EK("" + e)), E) && G(n, X, f(2, e.length)), X), e)
        },
        EK = function(n, E, I, e, X) {
            for (X = E = (n = n.replace(/\r\n/g, "\n"), I = [], 0); X < n.length; X++) e = n.charCodeAt(X), 128 > e ? I[E++] = e : (2048 > e ? I[E++] = e >> 6 | 192 : (55296 == (e & 64512) && X + 1 < n.length && 56320 == (n.charCodeAt(X + 1) & 64512) ? (e = 65536 + ((e & 1023) << 10) + (n.charCodeAt(++X) & 1023), I[E++] = e >> 18 | 240, I[E++] = e >> 12 & 63 | 128) : I[E++] = e >> 12 | 224, I[E++] = e >> 6 & 63 | 128), I[E++] = e & 63 | 128);
            return I
        },
        O, a = function(n, E) {
            if (n.S) return Lv(n.v, n);
            return (E = h(8, n, true), E & 128) && (E ^= 128, n = h(2, n, true), E = (E << 2) + (n | 0)), E
        },
        A = function(n, E) {
            E.T = ((E.T ? E.T + "~" : "E:") + n.message + ":" + n.stack).slice(0, 2048)
        },
        mC = function(n, E, I, e, X) {
            if ((I = n[0], I) == N) E.l = 25, E.u(n);
            else if (I == k) {
                X = n[1];
                try {
                    e = E.T || E.u(n)
                } catch (L) {
                    A(L, E), e = E.T
                }
                X(e)
            } else if (I == uN) E.u(n);
            else if (I == l) E.u(n);
            else if (I == WU) {
                try {
                    for (e = 0; e < E.C.length; e++) try {
                        X = E.C[e], X[0][X[1]](X[2])
                    } catch (L) {}
                } catch (L) {}(0, n[1])(function(L, T) {
                    E.o(L, true, T)
                }, (E.C = [], function(L) {
                    (m(E, (L = !E.N.length, [cU])), L) && c(E, true, false)
                }))
            } else {
                if (I == H) return e = n[2], Z(264, E, n[6]), Z(98, E, e), E.u(n);
                I == cU ? (E.F = [], E.K = null, E.X = []) : I == ev && "loading" === q.document.readyState && (E.h = function(L, T) {
                    function g() {
                        T || (T = true, L())
                    }
                    q.document.addEventListener("DOMContentLoaded", (T = false, g), F), q.addEventListener("load", g, F)
                })
            }
        },
        F = {
            passive: true,
            capture: true
        },
        wN = function(n, E) {
            return n(function(I) {
                I(E)
            }), [function() {
                return E
            }]
        },
        x0 = function(n) {
            return n
        },
        sK = function(n, E) {
            Z(169, n, (n.mu.push(n.K.slice()), n.K[169] = void 0, E))
        },
        v = function(n, E, I, e, X, L, T, g, x) {
            if (I.L = (T = (x = (g = (L = 0 < (E || I.I++, I).W && I.R && I.rY && 1 >= I.B && !I.S && !I.h && (!E || 1 < I.J - e) && 0 == document.hidden, (X = 4 == I.I) || L) ? I.Z() : I.G, g) - I.G, x >> 14), I.H && (I.H ^= T * (x << 2)), I.j += T, T) || I.L, X || L) I.I = 0, I.G = g;
            if (!L || g - I.Y < I.W - (n ? 255 : E ? 5 : 2)) return false;
            return I.h = ((Z((n = Q(E ? 117 : 169, (I.J = e, I)), 169), I, I.O), I).N.push([uN, n, E ? e + 1 : e]), B), true
        },
        Ia = function(n, E, I, e) {
            for (; E.N.length;) {
                e = (E.h = null, E).N.pop();
                try {
                    I = mC(e, E)
                } catch (X) {
                    A(X, E)
                }
                if (n && E.h) {
                    n = E.h, n(function() {
                        c(E, true, true)
                    });
                    break
                }
            }
            return I
        },
        Q6 = function(n, E, I, e) {
            return Q((Z(169, (rN(n, (e = Q(169, n), n.X && e < n.O ? (Z(169, n, n.O), sK(n, E)) : Z(169, n, E), I)), n), e), 98), n)
        },
        bN = function(n, E, I, e, X) {
            for (e = (I.xv = ((I.uV = ((I.aN = I[k], I).zW = V6, tI), I).Lv = Y0({get: function() {
                        return this.concat()
                    }
                }, I.g), J[I.g](I.Lv, {
                    value: {
                        value: {}
                    }
                })), 0), X = []; 128 > e; e++) X[e] = String.fromCharCode(e);
            c(I, true, (m(I, (m(I, (m(I, (Z(6, (b(function(L, T, g, x, w, D) {
                v(false, true, L, T) || (w = ZU(L.L), T = w.P, D = w.A, g = T.length, x = w.Kv, w = w.TW, T = 0 == g ? new x[D] : 1 == g ? new x[D](T[0]) : 2 == g ? new x[D](T[0], T[1]) : 3 == g ? new x[D](T[0], T[1], T[2]) : 4 == g ? new x[D](T[0], T[1], T[2], T[3]) : 2(), Z(w, L, T))
            }, (Z(446, I, R((b(function(L, T, g, x, w, D) {
                if (!v(true, true, L, T)) {
                    if ((D = (w = Q((T = (g = (D = a(L), T = a(L), a(L)), w = a(L), Q)(T, L), w), L), Q(D, L)), L = Q(g, L), "object") == iN(D)) {
                        for (x in g = [], D) g.push(x);
                        D = g
                    }
                    for (x = 0, g = D.length, L = 0 < L ? L : 1; x < g; x += L) T(D.slice(x, (x | 0) + (L | 0)), w)
                }
            }, I, ((b(function(L) {
                nv(4, L)
            }, (b(function(L, T, g, x, w, D, M) {
                for (x = (T = (g = Q((D = a(L), w = dN(L), M = "", 157), L), g.length), 0); w--;) x = ((x | 0) + (dN(L) | 0)) % T, M += X[g[x]];
                Z(D, L, M)
            }, I, (Z(409, (I.cV = (Z(373, I, [160, (b(function(L, T, g, x) {
                Z((x = Q((g = (T = a((g = (x = a(L), a(L)), L)), Q(g, L)), x), L), T), L, x[g])
            }, (b(function(L, T, g, x, w) {
                Z((w = (g = (g = a((x = (T = a(L), a(L)), L)), w = a(L), Q)(g, L), x = Q(x, L), Q(w, L)), T), L, PU(x, w, L, g))
            }, I, (b(function(L, T, g, x, w) {
                for (x = (w = (g = dN((T = a(L), L)), []), 0); x < g; x++) w.push(z(L));
                Z(T, L, w)
            }, I, (b(function(L) {
                gN(L, 1)
            }, (b(function(L, T, g, x) {
                !v(false, true, L, T) && (T = ZU(L), x = T.Kv, g = T.A, L.L == L || g == L.S0 && x == L) && (Z(T.TW, L, g.apply(x, T.P)), L.G = L.Z())
            }, (b(function(L, T, g, x) {
                Z((g = Q((T = a((g = a(L), L)), x = Q(T, L), g), L), T), L, x + g)
            }, (Z(19, I, (b(function(L, T, g) {
                Z((g = (T = a(L), a(L)), T = Q(T, L), T = iN(T), g), L, T)
            }, I, (b(function(L, T, g, x) {
                Z((T = a((x = (g = a(L), a(L)), L)), T), L, Q(g, L) || Q(x, L))
            }, I, (b(function(L, T) {
                L = (T = a(L), Q)(T, L.L), L[0].removeEventListener(L[1], L[2], F)
            }, (b(function(L, T, g) {
                v(false, true, L, T) || (T = a(L), g = a(L), Z(g, L, function(x) {
                    return eval(x)
                }(Gl(Q(T, L.L)))))
            }, I, (b(function(L) {
                Mi(L, 3)
            }, I, (b(function(L, T, g) {
                0 != (g = (g = (T = a(L), a(L)), Q)(g, L), Q(T, L)) && Z(169, L, g)
            }, (Z(426, I, (b(function(L, T, g, x, w) {
                x = (T = Q((g = (w = (T = (x = a(L), g = a(L), a)(L), a(L)), Q(g, L)), w = Q(w, L), T), L), Q)(x, L.L), 0 !== x && (T = PU(T, 1, L, w, x, g), x.addEventListener(g, T, F), Z(426, L, [x, g, T]))
            }, (Z((b(function(L) {
                gN(L, 4)
            }, (b(function(L, T, g, x) {
                Z((x = (T = (x = a(L), a(L)), g = a(L), T = Q(T, L), Q(x, L)), g), L, x in T | 0)
            }, (Z(258, (Z(504, (Z(98, I, (b(function() {}, I, (b(function(L, T, g, x) {
                Z((T = z((x = a(L), L)), g = a(L), g), L, Q(x, L) >>> T)
            }, I, (b(function(L, T, g) {
                Z((g = (T = a(L), a(L)), g), L, "" + Q(T, L))
            }, I, (b(function(L, T) {
                sK((T = Q(a(L), L), L.L), T)
            }, I, (b(function(L, T, g, x, w, D, M, W, t, p, V, u) {
                function U(Y, d) {
                    for (; g < Y;) u |= z(L) << g, g += 8;
                    return u >>= (d = u & (1 << (g -= Y, Y)) - 1, Y), d
                }
                for (w = (x = (g = (V = a(L), u = 0), M = (U(3) | 0) + 1, U(5)), []), D = T = 0; D < x; D++) W = U(1), w.push(W), T += W ? 0 : 1;
                for (p = (D = (T = ((T | 0) - 1).toString(2).length, 0), []); D < x; D++) w[D] || (p[D] = U(T));
                for (T = 0; T < x; T++) w[T] && (p[T] = a(L));
                for (t = []; M--;) t.push(Q(a(L), L));
                b(function(Y, d, y6, C, S) {
                    for (C = (y6 = [], S = [], 0); C < x; C++) {
                        if (d = p[C], !w[C]) {
                            for (; d >= S.length;) S.push(a(Y));
                            d = S[d]
                        }
                        y6.push(d)
                    }(Y.S = fv(t.slice(), Y), Y).v = fv(y6, Y)
                }, L, V)
            }, I, (b(function(L, T, g, x) {
                if (x = L.mu.pop()) {
                    for (g = z(L); 0 < g; g--) T = a(L), x[T] = L.K[T];
                    L.K = (x[504] = (x[19] = L.K[19], L).K[504], x)
                } else Z(169, L, L.O)
            }, (b(function(L) {
                Mi(L, 4)
            }, I, (b(function(L, T, g, x) {
                (x = (g = a((T = a(L), L)), a(L)), L.L == L) && (g = Q(g, L), x = Q(x, L), Q(T, L)[g] = x, 226 == T && (L.i = void 0, 2 == g && (L.H = h(32, L, false), L.i = void 0)))
            }, I, (b(function(L, T, g, x) {
                T = (g = a((T = (x = a(L), a(L)), L)), x = Q(x, L), Q)(T, L), Z(g, L, +(x == T))
            }, I, (Z(90, ((Z(117, (((I.l = 25, (I.T = void 0, (e = window.performance || {}, (I.v = (I.XU = 0, void 0), I.K = [], I).rY = (I.X = [], (I.O = 0, I.W = 0, I).N = [], I.H = (I.mu = [], I.R = false, void 0), I.B = 0, false), I).S = void 0, I.F = [], I).j = (I.Y = 0, I.V = void 0, I.G = 0, I.D = 0, 1), I).pv = (I.J = 8001, (I.I = void 0, I.h = (I.S0 = function(L) {
                this.L = L
            }, null), I.L = (I.C = [], I), I).U = false, (I.i = void 0, e).timeOrigin || (e.timing || {}).navigationStart || 0), Z)(169, I, 0), I), 0), I).Yv = 0, I), []), 111)), 292)), Z(184, I, 353), 170)), I), 382), 286)), 390)), 281)), 7)), 326)), {})), I), 2048), I), [0, 0, 0]), I), 44), I), 84), 207), I, q), I), 396), 0)), I), 323), 177)), 442)), I), 81), 376)), 433)), [])), I), 14), I), 222), I), 347), 287)), 50)), I), 123), 0), 0]), 0), I), I), 205)), I), 432), I).vV = 0, 215)), 4))), I), 228), I), 0), [ev])), [l, n])), [WU, E])), true))
        },
        R = function(n, E) {
            for (E = []; n--;) E.push(255 * Math.random() | 0);
            return E
        },
        f = function(n, E, I, e) {
            for (e = (I = (n | 0) - 1, []); 0 <= I; I--) e[(n | 0) - 1 - (I | 0)] = E >> 8 * I & 255;
            return e
        },
        Y0 = function(n, E) {
            return J[E](J.prototype, {
                splice: n,
                floor: n,
                pop: n,
                stack: n,
                document: n,
                call: n,
                length: n,
                prototype: n,
                parent: n,
                console: n,
                propertyIsEnumerable: n,
                replace: n
            })
        },
        Z = function(n, E, I) {
            if (169 == n || 117 == n) E.K[n] ? E.K[n].concat(I) : E.K[n] = fv(I, E);
            else {
                if (E.U && 226 != n) return;
                373 == n || 446 == n || 90 == n || 19 == n || 258 == n ? E.K[n] || (E.K[n] = pv(118, E, I, n)) : E.K[n] = pv(81, E, I, n)
            }
            226 == n && (E.H = h(32, E, false), E.i = void 0)
        },
        qi = function(n, E, I, e) {
            function X() {}
            return {
                invoke: (e = aa((I = void 0, n), function(L) {
                    X && (E && B(E), I = L, X(), X = void 0)
                }, !!E)[0], function(L, T, g, x) {
                    function w() {
                        I(function(D) {
                            B(function() {
                                L(D)
                            })
                        }, g)
                    }
                    if (!T) return T = e(g), L && L(T), T;
                    I ? w() : (x = X, X = function() {
                        (x(), B)(w)
                    })
                })
            }
        },
        OK = function(n, E, I) {
            if (3 == n.length) {
                for (I = 0; 3 > I; I++) E[I] += n[I];
                for (I = [13, 8, 13, 12, 16, (n = 0, 5), 3, 10, 15]; 9 > n; n++) E[3](E, n % 3, I[n])
            }
        },
        K = function(n, E, I) {
            I = this;
            try {
                bN(E, n, this)
            } catch (e) {
                A(e, this), n(function(X) {
                    X(I.T)
                })
            }
        },
        dN = function(n, E) {
            return E = z(n), E & 128 && (E = E & 127 | z(n) << 7), E
        },
        UK = function(n, E, I, e, X) {
            for (X = (I = I[e = I[2] | 0, 3] | 0, 0); 14 > X; X++) n = n >>> 8 | n << 24, n += E | 0, n ^= e + 2298, I = I >>> 8 | I << 24, E = E << 3 | E >>> 29, I += e | 0, I ^= X + 2298, E ^= n, e = e << 3 | e >>> 29, e ^= I;
            return [E >>> 24 & 255, E >>> 16 & 255, E >>> 8 & 255, E >>> 0 & 255, n >>> 24 & 255, n >>> 16 & 255, n >>> 8 & 255, n >>> 0 & 255]
        },
        hI = function(n, E, I) {
            return E.o(function(e) {
                I = e
            }, false, n), I
        },
        z = function(n) {
            return n.S ? Lv(n.v, n) : h(8, n, true)
        },
        jv = function(n, E) {
            return E[n] << 24 | E[(n | 0) + 1] << 16 | E[(n | 0) + 2] << 8 | E[(n | 0) + 3]
        },
        rN = function(n, E, I, e, X, L) {
            if (!n.T) {
                n.B++;
                try {
                    for (X = (L = 0, n.O), e = void 0; --E;) try {
                        if (I = void 0, n.S) e = Lv(n.S, n);
                        else {
                            if ((L = Q(169, n), L) >= X) break;
                            e = Q((Z(117, n, L), I = a(n), I), n)
                        }
                        v(false, false, (e && e[cU] & 2048 ? e(n, E) : P(0, n, [r, 21, I]), n), E)
                    } catch (T) {
                        Q(184, n) ? P(22, n, T) : Z(184, n, T)
                    }
                    if (!E) {
                        if (n.gY) {
                            rN(n, (n.B--, 168668240895));
                            return
                        }
                        P(0, n, [r, 33])
                    }
                } catch (T) {
                    try {
                        P(22, n, T)
                    } catch (g) {
                        A(g, n)
                    }
                }
                n.B--
            }
        },
        G = function(n, E, I, e, X, L) {
            if (n.L == n)
                for (L = Q(E, n), 446 == E ? (E = function(T, g, x, w) {
                        if ((w = (x = L.length, (x | 0) - 4 >> 3), L.q7) != w) {
                            g = [0, (w = (w << 3) - (L.q7 = w, 4), 0), X[1], X[2]];
                            try {
                                L.O$ = UK(jv((w | 0) + 4, L), jv(w, L), g)
                            } catch (D) {
                                throw D;
                            }
                        }
                        L.push(L.O$[x & 7] ^ T)
                    }, X = Q(258, n)) : E = function(T) {
                        L.push(T)
                    }, e && E(e & 255), n = 0, e = I.length; n < e; n++) E(I[n])
        },
        fv = function(n, E, I) {
            return ((I = J[E.g](E.xv), I)[E.g] = function() {
                return n
            }, I).concat = function(e) {
                n = e
            }, I
        },
        h = function(n, E, I, e, X, L, T, g, x, w, D, M, W, t) {
            if ((g = Q(169, E), g) >= E.O) throw [r, 31];
            for (w = (e = (D = E.aN.length, n), 0), x = g; 0 < e;) T = x >> 3, t = x % 8, W = 8 - (t | 0), L = E.X[T], W = W < e ? W : e, I && (X = E, X.i != x >> 6 && (X.i = x >> 6, M = Q(226, X), X.V = UK(X.i, X.H, [0, 0, M[1], M[2]])), L ^= E.V[T & D]), x += W, w |= (L >> 8 - (t | 0) - (W | 0) & (1 << W) - 1) << (e | 0) - (W | 0), e -= W;
            return Z(169, E, (I = w, (g | 0) + (n | 0))), I
        },
        q = this || self,
        B = q.requestIdleCallback ? function(n) {
            requestIdleCallback(function() {
                n()
            }, {
                timeout: 4
            })
        } : q.setImmediate ? function(n) {
            setImmediate(n)
        } : function(n) {
            setTimeout(n, 0)
        },
        PU = function(n, E, I, e, X, L) {
            function T() {
                if (I.L == I) {
                    if (I.K) {
                        var g = [H, n, e, void 0, X, L, arguments];
                        if (2 == E) var x = c(I, (m(I, g), false), false);
                        else if (1 == E) {
                            var w = !I.N.length;
                            (m(I, g), w) && c(I, false, false)
                        } else x = mC(g, I);
                        return x
                    }
                    X && L && X.removeEventListener(L, T, F)
                }
            }
            return T
        },
        pv = function(n, E, I, e, X, L, T, g) {
            return ((L = (T = n & (X = $0, I = [89, -43, 5, 1, 4, 91, I, 75, 51, -20], 7), J[E.g](E.Lv)), L)[E.g] = function(x) {
                T += 6 + 7 * n, g = x, T &= 7
            }, L).concat = function(x) {
                return (g = (x = (x = e % 16 + 1, -40 * e * e * g - x * g - -2240 * g + I[T + 51 & 7] * e * x + 40 * g * g + T + 1 * e * e * x - -1720 * e * g + (X() | 0) * x), void 0), x = I[x], I[(T + 13 & 7) + (n & 2)] = x, I)[T + (n & 2)] = -43, x
            }, L
        },
        zl = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        cU = ((K.prototype.gY = false, K.prototype.dY = void 0, K).prototype.s = "toString", K.prototype.BV = void 0, []),
        H = [],
        l = [],
        k = [],
        ev = [],
        WU = [],
        r = {},
        N = [],
        uN = [],
        $0 = ((y = (((Tl, function() {})(R), DU, function() {})(OK), K.prototype.g = "create", K.prototype), y).bV = function(n, E, I) {
            return n ^ ((E = ((E ^= E << 13, E ^= E >> 17, E) ^ E << 5) & I) || (E = 1), E)
        }, void 0),
        J = (y.o = (y.HV = function() {
            return Math.floor(this.D + (this.Z() - this.Y))
        }, ((y.GW = function(n, E, I, e, X, L) {
            for (X = (e = L = 0, []); L < n.length; L++)
                for (I = I << E | n[L], e += E; 7 < e;) e -= 8, X.push(I >> e & 255);
            return X
        }, y).Z = (y.he = function() {
            return Math.floor(this.Z())
        }, (window.performance || {}).now) ? function() {
            return this.pv + window.performance.now()
        } : function() {
            return +new Date
        }, y).PV = function(n, E, I, e, X) {
            for (e = X = 0; X < n.length; X++) e += n.charCodeAt(X), e += e << 10, e ^= e >> 6;
            return X = new Number((n = (e += e << 3, e ^= e >> 11, e + (e << 15) >>> 0), n & (1 << E) - 1)), X[0] = (n >>> E) % I, X
        }, function(n, E, I, e, X) {
            if (I = "array" === iN(I) ? I : [I], this.T) n(this.T);
            else try {
                e = [], X = !this.N.length, m(this, [N, e, I]), m(this, [k, n, e]), E && !X || c(this, E, true)
            } catch (L) {
                A(L, this), n(this.T)
            }
        }), r).constructor;
    (K.prototype.u = function(n, E) {
        return $0 = function() {
                return n == E ? -56 : -98
            }, E = {}, n = {},
            function(I, e, X, L, T, g, x, w, D, M, W, t, p, V, u) {
                n = (t = n, E);
                try {
                    if (e = I[0], e == l) {
                        p = I[1];
                        try {
                            for (x = (u = (V = [], L = 0, atob(p)), 0); L < u.length; L++) T = u.charCodeAt(L), 255 < T && (V[x++] = T & 255, T >>= 8), V[x++] = T;
                            Z(226, this, (this.O = (this.X = V, this).X.length << 3, [0, 0, 0]))
                        } catch (U) {
                            P(17, this, U);
                            return
                        }
                        rN(this, 8001)
                    } else if (e == N) I[1].push(Q(373, this).length, Q(504, this), Q(446, this).length, Q(90, this).length), Z(98, this, I[2]), this.K[67] && Q6(this, Q(67, this), 8001);
                    else {
                        if (e == k) {
                            (w = (V = I[2], f(2, (Q(373, this).length | 0) + 2)), X = this.L, this).L = this;
                            try {
                                W = Q(19, this), 0 < W.length && G(this, 373, f(2, W.length).concat(W), 10), G(this, 373, f(1, this.j), 109), G(this, 373, f(1, this[k].length)), u = 0, u += Q(6, this) & 2047, u -= (Q(373, this).length | 0) + 5, D = Q(446, this), 4 < D.length && (u -= (D.length | 0) + 3), 0 < u && G(this, 373, f(2, u).concat(R(u)), 15), 4 < D.length && G(this, 373, f(2, D.length).concat(D), 156)
                            } finally {
                                this.L = X
                            }
                            if (g = ((x = R(2).concat(Q(373, this)), x[1] = x[0] ^ 6, x)[3] = x[1] ^ w[0], x[4] = x[1] ^ w[1], this).N7(x)) g = "!" + g;
                            else
                                for (u = 0, g = ""; u < x.length; u++) M = x[u][this.s](16), 1 == M.length && (M = "0" + M), g += M;
                            return Q(((Z(504, this, ((L = g, Q)(373, this).length = V.shift(), V.shift())), Q(446, this)).length = V.shift(), 90), this).length = V.shift(), L
                        }
                        if (e == uN) Q6(this, I[1], I[2]);
                        else if (e == H) return Q6(this, I[1], 8001)
                    }
                } finally {
                    n = t
                }
            }
    }(), K.prototype.yC = 0, K.prototype).N7 = function(n, E, I, e) {
        if (I = window.btoa) {
            for (e = "", E = 0; E < n.length; E += 8192) e += String.fromCharCode.apply(null, n.slice(E, E + 8192));
            n = I(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
        } else n = void 0;
        return n
    }, K.prototype.Z4 = 0;
    var V6, tI = /./,
        AI = (K.prototype[WU] = [0, 0, 1, 1, 0, 1, 1], l.pop.bind(K.prototype[N])),
        Gl = function(n, E) {
            return (E = Xn()) && 1 === n.eval(E.createScript("1")) ? function(I) {
                return E.createScript(I)
            } : function(I) {
                return "" + I
            }
        }(((V6 = Y0({get: AI
        }, (tI[K.prototype.s] = AI, K.prototype.g)), K).prototype.iV = void 0, q));
    (O = q.botguard || (q.botguard = {}), 40 < O.m) || (O.m = 41, O.bg = qi, O.a = aa), O.kDL_ = function(n, E, I) {
        return [(I = new K(E, n), function(e) {
            return hI(e, I)
        })]
    };
}).call(this);
#2 JavaScript::Eval (size: 22) - SHA256: 355b9b382781cde432ccca7627a8fdecad5040be2910428d5fc5b4b57fed949b
0,
function(L) {
    nv(1, L)
}
#3 JavaScript::Eval (size: 64) - SHA256: 9908576f4e1cce70106175d94488f9071022d3485f8a8ccf0655b399b318a7c4
0,
function(L, T, g) {
    (T = (g = a((T = a(L), L)), L).K[T] && Q(T, L), Z)(g, L, T)
}
#4 JavaScript::Eval (size: 112) - SHA256: d2c94e4094aec34952f0e9f7ba4be6d4cecdc40755f9cd510f287d00b34a5971
(function(p1, p2, p3, p4, p5, p6, mid) {})(cl254478p1, cl254478p2, cl254478p3, cl254478p4, "default", "default", cl254478mid)
#5 JavaScript::Eval (size: 112) - SHA256: 4ec7ab5cfe48b9e29a72c63635249454e585efe9f840c8748749c5794cccbf06
(function(p1, p2, p3, p4, p5, p6, mid) {})(cl253877p1, cl253877p2, cl253877p3, cl253877p4, "default", "default", cl253877mid)
#6 JavaScript::Eval (size: 15576) - SHA256: d4be0587aacd19697ae508209e99aa30536e2b75393db507b1cd329131d8e19c
/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var E = function(n) {
            return n
        },
        T = function(n, I) {
            if ((I = (n = null, e.trustedTypes), !I) || !I.createPolicy) return n;
            try {
                n = I.createPolicy("bg", {
                    createHTML: E,
                    createScript: E,
                    createScriptURL: E
                })
            } catch (L) {
                e.console && e.console.error(L.message)
            }
            return n
        },
        e = this || self;
    (0, eval)(function(n, I) {
        return (I = T()) && 1 === n.eval(I.createScript("1")) ? function(L) {
            return I.createScript(L)
        } : function(L) {
            return "" + L
        }
    }(e)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var y,nv=function(n,E,I,e){for(e=(I=a(E),0);0<n;n--)e=e<<8|z(E);Z(I,E,e)},c=function(n,E,I,e,X,L){if(n.N.length){(n.R=(n.R&&0(),true),n).rY=E;try{e=n.Z(),n.G=e,n.I=0,n.Y=e,L=Ia(E,n),X=n.Z()-n.Y,n.D+=X,X<(I?0:10)||0>=n.l--||(X=Math.floor(X),n.F.push(254>=X?X:254))}finally{n.R=false}return L}},iN=function(n,E,I){if((I=typeof n,"object")==I)if(n){if(n instanceof Array)return"array";if(n instanceof Object)return I;if((E=Object.prototype.toString.call(n),"[object Window]")==E)return"object";if("[object Array]"==E||"number"==typeof n.length&&"undefined"!=typeof n.splice&&"undefined"!=typeof n.propertyIsEnumerable&&!n.propertyIsEnumerable("splice"))return"array";if("[object Function]"==E||"undefined"!=typeof n.call&&"undefined"!=typeof n.propertyIsEnumerable&&!n.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==I&&"undefined"==typeof n.call)return"object";return I},m=function(n,E){n.N.splice(0,0,E)},Lv=function(n,E){return(n=n.create().shift(),E.S).create().length||E.v.create().length||(E.v=void 0,E.S=void 0),n},P=function(n,E,I,e,X,L){if(!E.U){if(3<(I=(0==((L=void 0,I&&I[0]===r)&&(n=I[1],L=I[2],I=void 0),X=Q(19,E),X).length&&(e=Q(117,E)>>3,X.push(n,e>>8&255,e&255),void 0!=L&&X.push(L&255)),n="",I&&(I.message&&(n+=I.message),I.stack&&(n+=":"+I.stack)),Q(504,E)),I)){E.L=(L=(n=(I-=(n=n.slice(0,(I|0)-3),n.length|0)+3,EK(n)),E.L),E);try{G(E,446,f(2,n.length).concat(n),9)}finally{E.L=L}}Z(504,E,I)}},b=function(n,E,I){n[Z(I,E,n),ev]=2796},Tl=function(n,E){(E.push(n[0]<<24|n[1]<<16|n[2]<<8|n[3]),E.push(n[4]<<24|n[5]<<16|n[6]<<8|n[7]),E).push(n[8]<<24|n[9]<<16|n[10]<<8|n[11])},gN=function(n,E,I,e){G(n,(I=(e=a(n),a(n)),I),f(E,Q(e,n)))},Xn=function(n,E){if(E=(n=q.trustedTypes,null),!n||!n.createPolicy)return E;try{E=n.createPolicy("bg",{createHTML:x0,createScript:x0,createScriptURL:x0})}catch(I){q.console&&q.console.error(I.message)}return E},aa=function(n,E,I,e){return(e=O[n.substring(0,3)+"_"])?e(n.substring(3),E,I):wN(E,n)},DU=function(n,E,I,e){try{e=n[((E|0)+2)%3],n[E]=(n[E]|0)-(n[((E|0)+1)%3]|0)-(e|0)^(1==E?e<<I:e>>>I)}catch(X){throw X;}},Q=function(n,E){if(void 0===(E=E.K[n],E))throw[r,30,n];if(E.value)return E.create();return E.create(1*n*n+-43*n+-56),E.prototype},ZU=function(n,E,I,e,X,L){for(e=(L=(I=((X=a((E=n[zl]||{},n)),E.TW=a(n),E).P=[],n.L==n)?(z(n)|0)-1:1,a(n)),0);e<I;e++)E.P.push(a(n));for(E.A=Q(X,n);I--;)E.P[I]=Q(E.P[I],n);return E.Kv=Q(L,n),E},Mi=function(n,E,I,e,X){G(n,(((e=Q((X=a((e=(I=E&4,E&=3,a(n)),n)),e),n),I)&&(e=EK(""+e)),E)&&G(n,X,f(2,e.length)),X),e)},EK=function(n,E,I,e,X){for(X=E=(n=n.replace(/\\r\\n/g,"\\n"),I=[],0);X<n.length;X++)e=n.charCodeAt(X),128>e?I[E++]=e:(2048>e?I[E++]=e>>6|192:(55296==(e&64512)&&X+1<n.length&&56320==(n.charCodeAt(X+1)&64512)?(e=65536+((e&1023)<<10)+(n.charCodeAt(++X)&1023),I[E++]=e>>18|240,I[E++]=e>>12&63|128):I[E++]=e>>12|224,I[E++]=e>>6&63|128),I[E++]=e&63|128);return I},O,a=function(n,E){if(n.S)return Lv(n.v,n);return(E=h(8,n,true),E&128)&&(E^=128,n=h(2,n,true),E=(E<<2)+(n|0)),E},A=function(n,E){E.T=((E.T?E.T+"~":"E:")+n.message+":"+n.stack).slice(0,2048)},mC=function(n,E,I,e,X){if((I=n[0],I)==N)E.l=25,E.u(n);else if(I==k){X=n[1];try{e=E.T||E.u(n)}catch(L){A(L,E),e=E.T}X(e)}else if(I==uN)E.u(n);else if(I==l)E.u(n);else if(I==WU){try{for(e=0;e<E.C.length;e++)try{X=E.C[e],X[0][X[1]](X[2])}catch(L){}}catch(L){}(0,n[1])(function(L,T){E.o(L,true,T)},(E.C=[],function(L){(m(E,(L=!E.N.length,[cU])),L)&&c(E,true,false)}))}else{if(I==H)return e=n[2],Z(264,E,n[6]),Z(98,E,e),E.u(n);I==cU?(E.F=[],E.K=null,E.X=[]):I==ev&&"loading"===q.document.readyState&&(E.h=function(L,T){function g(){T||(T=true,L())}q.document.addEventListener("DOMContentLoaded",(T=false,g),F),q.addEventListener("load",g,F)})}},F={passive:true,capture:true},wN=function(n,E){return n(function(I){I(E)}),[function(){return E}]},x0=function(n){return n},sK=function(n,E){Z(169,n,(n.mu.push(n.K.slice()),n.K[169]=void 0,E))},v=function(n,E,I,e,X,L,T,g,x){if(I.L=(T=(x=(g=(L=0<(E||I.I++,I).W&&I.R&&I.rY&&1>=I.B&&!I.S&&!I.h&&(!E||1<I.J-e)&&0==document.hidden,(X=4==I.I)||L)?I.Z():I.G,g)-I.G,x>>14),I.H&&(I.H^=T*(x<<2)),I.j+=T,T)||I.L,X||L)I.I=0,I.G=g;if(!L||g-I.Y<I.W-(n?255:E?5:2))return false;return I.h=((Z((n=Q(E?117:169,(I.J=e,I)),169),I,I.O),I).N.push([uN,n,E?e+1:e]),B),true},Ia=function(n,E,I,e){for(;E.N.length;){e=(E.h=null,E).N.pop();try{I=mC(e,E)}catch(X){A(X,E)}if(n&&E.h){n=E.h,n(function(){c(E,true,true)});break}}return I},Q6=function(n,E,I,e){return Q((Z(169,(rN(n,(e=Q(169,n),n.X&&e<n.O?(Z(169,n,n.O),sK(n,E)):Z(169,n,E),I)),n),e),98),n)},bN=function(n,E,I,e,X){for(e=(I.xv=((I.uV=((I.aN=I[k],I).zW=V6,tI),I).Lv=Y0({get:function(){return this.concat()}},I.g),J[I.g](I.Lv,{value:{value:{}}})),0),X=[];128>e;e++)X[e]=String.fromCharCode(e);c(I,true,(m(I,(m(I,(m(I,(Z(6,(b(function(L,T,g,x,w,D){v(false,true,L,T)||(w=ZU(L.L),T=w.P,D=w.A,g=T.length,x=w.Kv,w=w.TW,T=0==g?new x[D]:1==g?new x[D](T[0]):2==g?new x[D](T[0],T[1]):3==g?new x[D](T[0],T[1],T[2]):4==g?new x[D](T[0],T[1],T[2],T[3]):2(),Z(w,L,T))},(Z(446,I,R((b(function(L,T,g,x,w,D){if(!v(true,true,L,T)){if((D=(w=Q((T=(g=(D=a(L),T=a(L),a(L)),w=a(L),Q)(T,L),w),L),Q(D,L)),L=Q(g,L),"object")==iN(D)){for(x in g=[],D)g.push(x);D=g}for(x=0,g=D.length,L=0<L?L:1;x<g;x+=L)T(D.slice(x,(x|0)+(L|0)),w)}},I,((b(function(L){nv(4,L)},(b(function(L,T,g,x,w,D,M){for(x=(T=(g=Q((D=a(L),w=dN(L),M="",157),L),g.length),0);w--;)x=((x|0)+(dN(L)|0))%T,M+=X[g[x]];Z(D,L,M)},I,(Z(409,(I.cV=(Z(373,I,[160,(b(function(L,T,g,x){Z((x=Q((g=(T=a((g=(x=a(L),a(L)),L)),Q(g,L)),x),L),T),L,x[g])},(b(function(L,T,g,x,w){Z((w=(g=(g=a((x=(T=a(L),a(L)),L)),w=a(L),Q)(g,L),x=Q(x,L),Q(w,L)),T),L,PU(x,w,L,g))},I,(b(function(L,T,g,x,w){for(x=(w=(g=dN((T=a(L),L)),[]),0);x<g;x++)w.push(z(L));Z(T,L,w)},I,(b(function(L){gN(L,1)},(b(function(L,T,g,x){!v(false,true,L,T)&&(T=ZU(L),x=T.Kv,g=T.A,L.L==L||g==L.S0&&x==L)&&(Z(T.TW,L,g.apply(x,T.P)),L.G=L.Z())},(b(function(L,T,g,x){Z((g=Q((T=a((g=a(L),L)),x=Q(T,L),g),L),T),L,x+g)},(Z(19,I,(b(function(L,T,g){Z((g=(T=a(L),a(L)),T=Q(T,L),T=iN(T),g),L,T)},I,(b(function(L,T,g,x){Z((T=a((x=(g=a(L),a(L)),L)),T),L,Q(g,L)||Q(x,L))},I,(b(function(L,T){L=(T=a(L),Q)(T,L.L),L[0].removeEventListener(L[1],L[2],F)},(b(function(L,T,g){v(false,true,L,T)||(T=a(L),g=a(L),Z(g,L,function(x){return eval(x)}(Gl(Q(T,L.L)))))},I,(b(function(L){Mi(L,3)},I,(b(function(L,T,g){0!=(g=(g=(T=a(L),a(L)),Q)(g,L),Q(T,L))&&Z(169,L,g)},(Z(426,I,(b(function(L,T,g,x,w){x=(T=Q((g=(w=(T=(x=a(L),g=a(L),a)(L),a(L)),Q(g,L)),w=Q(w,L),T),L),Q)(x,L.L),0!==x&&(T=PU(T,1,L,w,x,g),x.addEventListener(g,T,F),Z(426,L,[x,g,T]))},(Z((b(function(L){gN(L,4)},(b(function(L,T,g,x){Z((x=(T=(x=a(L),a(L)),g=a(L),T=Q(T,L),Q(x,L)),g),L,x in T|0)},(Z(258,(Z(504,(Z(98,I,(b(function(){},I,(b(function(L,T,g,x){Z((T=z((x=a(L),L)),g=a(L),g),L,Q(x,L)>>>T)},I,(b(function(L,T,g){Z((g=(T=a(L),a(L)),g),L,""+Q(T,L))},I,(b(function(L,T){sK((T=Q(a(L),L),L.L),T)},I,(b(function(L,T,g,x,w,D,M,W,t,p,V,u){function U(Y,d){for(;g<Y;)u|=z(L)<<g,g+=8;return u>>=(d=u&(1<<(g-=Y,Y))-1,Y),d}for(w=(x=(g=(V=a(L),u=0),M=(U(3)|0)+1,U(5)),[]),D=T=0;D<x;D++)W=U(1),w.push(W),T+=W?0:1;for(p=(D=(T=((T|0)-1).toString(2).length,0),[]);D<x;D++)w[D]||(p[D]=U(T));for(T=0;T<x;T++)w[T]&&(p[T]=a(L));for(t=[];M--;)t.push(Q(a(L),L));b(function(Y,d,y6,C,S){for(C=(y6=[],S=[],0);C<x;C++){if(d=p[C],!w[C]){for(;d>=S.length;)S.push(a(Y));d=S[d]}y6.push(d)}(Y.S=fv(t.slice(),Y),Y).v=fv(y6,Y)},L,V)},I,(b(function(L,T,g,x){if(x=L.mu.pop()){for(g=z(L);0<g;g--)T=a(L),x[T]=L.K[T];L.K=(x[504]=(x[19]=L.K[19],L).K[504],x)}else Z(169,L,L.O)},(b(function(L){Mi(L,4)},I,(b(function(L,T,g,x){(x=(g=a((T=a(L),L)),a(L)),L.L==L)&&(g=Q(g,L),x=Q(x,L),Q(T,L)[g]=x,226==T&&(L.i=void 0,2==g&&(L.H=h(32,L,false),L.i=void 0)))},I,(b(function(L,T,g,x){T=(g=a((T=(x=a(L),a(L)),L)),x=Q(x,L),Q)(T,L),Z(g,L,+(x==T))},I,(Z(90,((Z(117,(((I.l=25,(I.T=void 0,(e=window.performance||{},(I.v=(I.XU=0,void 0),I.K=[],I).rY=(I.X=[],(I.O=0,I.W=0,I).N=[],I.H=(I.mu=[],I.R=false,void 0),I.B=0,false),I).S=void 0,I.F=[],I).j=(I.Y=0,I.V=void 0,I.G=0,I.D=0,1),I).pv=(I.J=8001,(I.I=void 0,I.h=(I.S0=function(L){this.L=L},null),I.L=(I.C=[],I),I).U=false,(I.i=void 0,e).timeOrigin||(e.timing||{}).navigationStart||0),Z)(169,I,0),I),0),I).Yv=0,I),[]),111)),292)),Z(184,I,353),170)),I),382),286)),390)),281)),7)),326)),{})),I),2048),I),[0,0,0]),I),44),I),84),207),I,q),I),396),0)),I),323),177)),442)),I),81),376)),433)),[])),I),14),I),222),I),347),287)),50)),I),123),0),0]),0),I),I),205)),I),432),I).vV=0,215)),4))),I),228),I),0),[ev])),[l,n])),[WU,E])),true))},R=function(n,E){for(E=[];n--;)E.push(255*Math.random()|0);return E},f=function(n,E,I,e){for(e=(I=(n|0)-1,[]);0<=I;I--)e[(n|0)-1-(I|0)]=E>>8*I&255;return e},Y0=function(n,E){return J[E](J.prototype,{splice:n,floor:n,pop:n,stack:n,document:n,call:n,length:n,prototype:n,parent:n,console:n,propertyIsEnumerable:n,replace:n})},Z=function(n,E,I){if(169==n||117==n)E.K[n]?E.K[n].concat(I):E.K[n]=fv(I,E);else{if(E.U&&226!=n)return;373==n||446==n||90==n||19==n||258==n?E.K[n]||(E.K[n]=pv(118,E,I,n)):E.K[n]=pv(81,E,I,n)}226==n&&(E.H=h(32,E,false),E.i=void 0)},qi=function(n,E,I,e){function X(){}return{invoke:(e=aa((I=void 0,n),function(L){X&&(E&&B(E),I=L,X(),X=void 0)},!!E)[0],function(L,T,g,x){function w(){I(function(D){B(function(){L(D)})},g)}if(!T)return T=e(g),L&&L(T),T;I?w():(x=X,X=function(){(x(),B)(w)})})}},OK=function(n,E,I){if(3==n.length){for(I=0;3>I;I++)E[I]+=n[I];for(I=[13,8,13,12,16,(n=0,5),3,10,15];9>n;n++)E[3](E,n%3,I[n])}},K=function(n,E,I){I=this;try{bN(E,n,this)}catch(e){A(e,this),n(function(X){X(I.T)})}},dN=function(n,E){return E=z(n),E&128&&(E=E&127|z(n)<<7),E},UK=function(n,E,I,e,X){for(X=(I=I[e=I[2]|0,3]|0,0);14>X;X++)n=n>>>8|n<<24,n+=E|0,n^=e+2298,I=I>>>8|I<<24,E=E<<3|E>>>29,I+=e|0,I^=X+2298,E^=n,e=e<<3|e>>>29,e^=I;return[E>>>24&255,E>>>16&255,E>>>8&255,E>>>0&255,n>>>24&255,n>>>16&255,n>>>8&255,n>>>0&255]},hI=function(n,E,I){return E.o(function(e){I=e},false,n),I},z=function(n){return n.S?Lv(n.v,n):h(8,n,true)},jv=function(n,E){return E[n]<<24|E[(n|0)+1]<<16|E[(n|0)+2]<<8|E[(n|0)+3]},rN=function(n,E,I,e,X,L){if(!n.T){n.B++;try{for(X=(L=0,n.O),e=void 0;--E;)try{if(I=void 0,n.S)e=Lv(n.S,n);else{if((L=Q(169,n),L)>=X)break;e=Q((Z(117,n,L),I=a(n),I),n)}v(false,false,(e&&e[cU]&2048?e(n,E):P(0,n,[r,21,I]),n),E)}catch(T){Q(184,n)?P(22,n,T):Z(184,n,T)}if(!E){if(n.gY){rN(n,(n.B--,168668240895));return}P(0,n,[r,33])}}catch(T){try{P(22,n,T)}catch(g){A(g,n)}}n.B--}},G=function(n,E,I,e,X,L){if(n.L==n)for(L=Q(E,n),446==E?(E=function(T,g,x,w){if((w=(x=L.length,(x|0)-4>>3),L.q7)!=w){g=[0,(w=(w<<3)-(L.q7=w,4),0),X[1],X[2]];try{L.O$=UK(jv((w|0)+4,L),jv(w,L),g)}catch(D){throw D;}}L.push(L.O$[x&7]^T)},X=Q(258,n)):E=function(T){L.push(T)},e&&E(e&255),n=0,e=I.length;n<e;n++)E(I[n])},fv=function(n,E,I){return((I=J[E.g](E.xv),I)[E.g]=function(){return n},I).concat=function(e){n=e},I},h=function(n,E,I,e,X,L,T,g,x,w,D,M,W,t){if((g=Q(169,E),g)>=E.O)throw[r,31];for(w=(e=(D=E.aN.length,n),0),x=g;0<e;)T=x>>3,t=x%8,W=8-(t|0),L=E.X[T],W=W<e?W:e,I&&(X=E,X.i!=x>>6&&(X.i=x>>6,M=Q(226,X),X.V=UK(X.i,X.H,[0,0,M[1],M[2]])),L^=E.V[T&D]),x+=W,w|=(L>>8-(t|0)-(W|0)&(1<<W)-1)<<(e|0)-(W|0),e-=W;return Z(169,E,(I=w,(g|0)+(n|0))),I},q=this||self,B=q.requestIdleCallback?function(n){requestIdleCallback(function(){n()},{timeout:4})}:q.setImmediate?function(n){setImmediate(n)}:function(n){setTimeout(n,0)},PU=function(n,E,I,e,X,L){function T(){if(I.L==I){if(I.K){var g=[H,n,e,void 0,X,L,arguments];if(2==E)var x=c(I,(m(I,g),false),false);else if(1==E){var w=!I.N.length;(m(I,g),w)&&c(I,false,false)}else x=mC(g,I);return x}X&&L&&X.removeEventListener(L,T,F)}}return T},pv=function(n,E,I,e,X,L,T,g){return((L=(T=n&(X=$0,I=[89,-43,5,1,4,91,I,75,51,-20],7),J[E.g](E.Lv)),L)[E.g]=function(x){T+=6+7*n,g=x,T&=7},L).concat=function(x){return(g=(x=(x=e%16+1,-40*e*e*g-x*g- -2240*g+I[T+51&7]*e*x+40*g*g+T+1*e*e*x- -1720*e*g+(X()|0)*x),void 0),x=I[x],I[(T+13&7)+(n&2)]=x,I)[T+(n&2)]=-43,x},L},zl=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),cU=((K.prototype.gY=false,K.prototype.dY=void 0,K).prototype.s="toString",K.prototype.BV=void 0,[]),H=[],l=[],k=[],ev=[],WU=[],r={},N=[],uN=[],$0=((y=(((Tl,function(){})(R),DU,function(){})(OK),K.prototype.g="create",K.prototype),y).bV=function(n,E,I){return n^((E=((E^=E<<13,E^=E>>17,E)^E<<5)&I)||(E=1),E)},void 0),J=(y.o=(y.HV=function(){return Math.floor(this.D+(this.Z()-this.Y))},((y.GW=function(n,E,I,e,X,L){for(X=(e=L=0,[]);L<n.length;L++)for(I=I<<E|n[L],e+=E;7<e;)e-=8,X.push(I>>e&255);return X},y).Z=(y.he=function(){return Math.floor(this.Z())},(window.performance||{}).now)?function(){return this.pv+window.performance.now()}:function(){return+new Date},y).PV=function(n,E,I,e,X){for(e=X=0;X<n.length;X++)e+=n.charCodeAt(X),e+=e<<10,e^=e>>6;return X=new Number((n=(e+=e<<3,e^=e>>11,e+(e<<15)>>>0),n&(1<<E)-1)),X[0]=(n>>>E)%I,X},function(n,E,I,e,X){if(I="array"===iN(I)?I:[I],this.T)n(this.T);else try{e=[],X=!this.N.length,m(this,[N,e,I]),m(this,[k,n,e]),E&&!X||c(this,E,true)}catch(L){A(L,this),n(this.T)}}),r).constructor;(K.prototype.u=function(n,E){return $0=function(){return n==E?-56:-98},E={},n={},function(I,e,X,L,T,g,x,w,D,M,W,t,p,V,u){n=(t=n,E);try{if(e=I[0],e==l){p=I[1];try{for(x=(u=(V=[],L=0,atob(p)),0);L<u.length;L++)T=u.charCodeAt(L),255<T&&(V[x++]=T&255,T>>=8),V[x++]=T;Z(226,this,(this.O=(this.X=V,this).X.length<<3,[0,0,0]))}catch(U){P(17,this,U);return}rN(this,8001)}else if(e==N)I[1].push(Q(373,this).length,Q(504,this),Q(446,this).length,Q(90,this).length),Z(98,this,I[2]),this.K[67]&&Q6(this,Q(67,this),8001);else{if(e==k){(w=(V=I[2],f(2,(Q(373,this).length|0)+2)),X=this.L,this).L=this;try{W=Q(19,this),0<W.length&&G(this,373,f(2,W.length).concat(W),10),G(this,373,f(1,this.j),109),G(this,373,f(1,this[k].length)),u=0,u+=Q(6,this)&2047,u-=(Q(373,this).length|0)+5,D=Q(446,this),4<D.length&&(u-=(D.length|0)+3),0<u&&G(this,373,f(2,u).concat(R(u)),15),4<D.length&&G(this,373,f(2,D.length).concat(D),156)}finally{this.L=X}if(g=((x=R(2).concat(Q(373,this)),x[1]=x[0]^6,x)[3]=x[1]^w[0],x[4]=x[1]^w[1],this).N7(x))g="!"+g;else for(u=0,g="";u<x.length;u++)M=x[u][this.s](16),1==M.length&&(M="0"+M),g+=M;return Q(((Z(504,this,((L=g,Q)(373,this).length=V.shift(),V.shift())),Q(446,this)).length=V.shift(),90),this).length=V.shift(),L}if(e==uN)Q6(this,I[1],I[2]);else if(e==H)return Q6(this,I[1],8001)}}finally{n=t}}}(),K.prototype.yC=0,K.prototype).N7=function(n,E,I,e){if(I=window.btoa){for(e="",E=0;E<n.length;E+=8192)e+=String.fromCharCode.apply(null,n.slice(E,E+8192));n=I(e).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else n=void 0;return n},K.prototype.Z4=0;var V6,tI=/./,AI=(K.prototype[WU]=[0,0,1,1,0,1,1],l.pop.bind(K.prototype[N])),Gl=function(n,E){return(E=Xn())&&1===n.eval(E.createScript("1"))?function(I){return E.createScript(I)}:function(I){return""+I}}(((V6=Y0({get:AI},(tI[K.prototype.s]=AI,K.prototype.g)),K).prototype.iV=void 0,q));(O=q.botguard||(q.botguard={}),40<O.m)||(O.m=41,O.bg=qi,O.a=aa),O.kDL_=function(n,E,I){return[(I=new K(E,n),function(e){return hI(e,I)})]};}).call(this);'));
}).call(this);
#7 JavaScript::Eval (size: 22) - SHA256: 662748d1507b16ab56d1bceff58b8302eb43f21ce0de70b24b21b8ef39aeff35
0,
function(L) {
    nv(2, L)
}
#8 JavaScript::Eval (size: 18) - SHA256: 9e8886c02c2b56a9100d66b3988b7ad43ec8eb8d58d9fa8c2ced49242b03f17a
dont_need_to_check

Executed Writes (0)


HTTP Transactions (150)


Request Response
                                        
                                            GET /click/1/482312874/3fcb57a48811e2eabc468761f472eebb/bb8e3630ee2a010a0319f87debdcf757/next HTTP/1.1 
Host: proxy.quickmail.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         34.201.80.84
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: Cowboy
Date: Wed, 30 Nov 2022 14:33:23 GMT
Connection: keep-alive
Location: https://proxy.quickmail.com/click/1/482312874/3fcb57a48811e2eabc468761f472eebb/bb8e3630ee2a010a0319f87debdcf757/next
Transfer-Encoding: chunked
Via: 1.1 vegur

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13873
Expires: Wed, 30 Nov 2022 18:24:37 GMT
Date: Wed, 30 Nov 2022 14:33:24 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3690
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 14:33:24 GMT
Last-Modified: Wed, 30 Nov 2022 13:31:54 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8998
Expires: Wed, 30 Nov 2022 17:03:22 GMT
Date: Wed, 30 Nov 2022 14:33:24 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 14:19:41 GMT
cache-control: public,max-age=3600
age: 823
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: UTOrzivMidG53Rl4n1mlkNMvGPCiYO3B2rLENm1tjIGfhYVyp355wBa2+CO0t74WhU7haehNsck=
x-amz-request-id: YK6TPWSD6CDY433B
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 13:45:15 GMT
age: 2889
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 30 Nov 2022 14:33:24 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C0C4D2A9A919CFDA60A60B9EB8DDACE4A3E7C55AD402CE2B15A37E8A4B88826A"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10194
Expires: Wed, 30 Nov 2022 17:23:18 GMT
Date: Wed, 30 Nov 2022 14:33:24 GMT
Connection: keep-alive

                                        
                                            GET /click/1/482312874/3fcb57a48811e2eabc468761f472eebb/bb8e3630ee2a010a0319f87debdcf757/next HTTP/1.1 
Host: proxy.quickmail.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         54.157.4.65
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
                                        
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.buildinglink.com%2F&data=05%7C01%7CJMartinez%40buildinglink.com%7C9990e9e987cf494c8bc008da2c566cc7%7C6f1f7fec9a73489ea52eeee311a48135%7C1%7C0%7C637871046959311491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cX%2FBHmFjouWO%2B8ej5IctbV56hiJcM7pjw3p%2B%2BkM7q1o%3D&reserved=0
Cache-Control: no-cache
X-Request-Id: cc0067d5-1d0c-4fcd-b0ce-326b895c4daa
X-Runtime: 0.033086
Server:
Date:
Last-Modified:
Strict-Transport-Security: max-age=63072000; includeSubDomains
Transfer-Encoding: chunked
Via: 1.1 vegur


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (488), with no line terminators
Size:   488
Md5:    a2a06f676ca6aa4f63474aef8e2f9e2d
Sha1:   1353cbb6f5e3e27839356b74e38fc161e9eb6a43
Sha256: 52a480fd64698bbb1f0a20a651d7c29258065152cc2509663f26d1a55c3f6708
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 14:11:14 GMT
cache-control: public,max-age=3600
age: 1331
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3682
Cache-Control: max-age=156888
Date: Wed, 30 Nov 2022 14:33:25 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:08:13 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g8IvA+L7UqVqe3lS+M0cug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.189.139.67
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7X3HSQLDvQGHskrXB7z7Tyz0kMg=

                                        
                                            GET /?url=http%3A%2F%2Fwww.buildinglink.com%2F&data=05%7C01%7CJMartinez%40buildinglink.com%7C9990e9e987cf494c8bc008da2c566cc7%7C6f1f7fec9a73489ea52eeee311a48135%7C1%7C0%7C637871046959311491%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cX%2FBHmFjouWO%2B8ej5IctbV56hiJcM7pjw3p%2B%2BkM7q1o%3D&reserved=0 HTTP/1.1 
Host: nam02.safelinks.protection.outlook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         104.47.57.28
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: http://www.buildinglink.com/
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 4.0
X-SL-GetUrlReputation-Verdict: Good
X-Robots-Tag: noindex, nofollow
X-AspNet-Version: 4.0.30319
X-ServerName: SN1NAM02WS0038
X-ServerVersion: 15.20.5880.008
X-ServerLat: 1011
X-SafeLinks-Tracking-Id: bf9d4893-b4a9-4bba-a79b-08dad2dfd78a
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
Date: Wed, 30 Nov 2022 14:33:26 GMT
Connection: close
Content-Length: 145


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   145
Md5:    cba8c74e0505e39a9f77b207621f7b97
Sha1:   dd44b09acc6cfebd11edc824bfd18f234ef49e6d
Sha256: 078550ca0e2f40025498317fd2ec32b21daa890b1e89929424ef4fd8a7b1681a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11739
Expires: Wed, 30 Nov 2022 17:49:05 GMT
Date: Wed, 30 Nov 2022 14:33:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11739
Expires: Wed, 30 Nov 2022 17:49:05 GMT
Date: Wed, 30 Nov 2022 14:33:26 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 60235
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9051
Md5:    05196ec43964cf559caa0c0279148d62
Sha1:   6170d6776615503e3e29f86783febc3e3e78ca66
Sha256: 47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 59821
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7298
Md5:    e00769bd1391b8f4f5b8ab128a825355
Sha1:   e4ddf955e8ac1986045ed55880c43c69e588a021
Sha256: 81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9330
x-amzn-requestid: 3fad352d-7664-43e0-9395-e840f671ca61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFQFIdoAMFSmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a21-5e9847852f8435231d401fe6;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mCEtSOenWKxay4vNy5mN9cexxXKXKt7TMuLaLw-M86tLKwQ2MwuxPg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:00:54 GMT
age: 59552
etag: "2f3a39a528d3b759060203931de33c12303592e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9330
Md5:    bbe350ea797a0fec5a19a450fc5de4b4
Sha1:   2f3a39a528d3b759060203931de33c12303592e1
Sha256: 4d661dac2e19e07ae15d0f8cf00bd268c6c2defb2f5e4de38fcb6e7031dfd605
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 34660
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10176
Md5:    03014221d7f49b50ffc2d1b0a0e75457
Sha1:   772d86ad983042a728ee3490630a9cf1134ad0dd
Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
age: 59080
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5785
Md5:    59baec8db5ced0210ab766ea5636a5fd
Sha1:   f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
Sha256: 33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
age: 58594
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10958
Md5:    777ce44582c70bf01a31da4cab366f36
Sha1:   57e1d34f146d5ccd9943aa97bcc3158f7103bb07
Sha256: fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
                                        
                                            GET / HTTP/1.1 
Host: www.buildinglink.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.18.23.136
HTTP/1.1 302 Found
                                        
Date: Wed, 30 Nov 2022 14:33:26 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.buildinglink.com/
CF-Cache-Status: DYNAMIC
Set-Cookie: __cflb=02DiuDXvJ1dKekvY3orry22HB3MMHGLG5JvFhLV2H9rHa; SameSite=Lax; path=/; expires=Thu, 01-Dec-22 13:33:26 GMT; HttpOnly
Server: cloudflare
CF-RAY: 77244c55fc19b4ee-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3713
Cache-Control: max-age=91409
Date: Wed, 30 Nov 2022 14:33:28 GMT
Etag: "63861d48-117"
Expires: Thu, 01 Dec 2022 15:56:57 GMT
Last-Modified: Tue, 29 Nov 2022 14:55:04 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=UA-2730441-3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 14:33:28 GMT
expires: Wed, 30 Nov 2022 14:33:28 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43609
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43609
Md5:    3bf67adaeb616b637ed5dfe44b86bc5e
Sha1:   8e83117e8fceaecd8d03b7bdb31937f06b5e0de0
Sha256: e2fdde8d03135c7bb81364956865852ecfeec93b2e8940692bdec2c534a7ef73
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/gsap/3.5.0/gsap.min.js?ver=6.1.1 HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
content-length: 21895
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f35e1c6-ee8d"
last-modified: Fri, 14 Aug 2020 00:58:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 19933127
expires: Mon, 20 Nov 2023 14:33:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMAyGxrQDBfhm11dTSCElmzfmuPJMpQ2O2goZa%2FNqzW%2FFozekN8PJAt78nn1yysdib2Fs%2FhKYFd1Cxn4NpdrohLcWeSjkFxj7grkqPf%2B4rd87qlRuRjvsfck3w%2Boo5sFdqF%2Fb7GI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77244c60298bb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047)
Size:   40756
Md5:    a701a38768d705b97d525533ddbd105e
Sha1:   48fa762de7259534bfac1222d8ca149813a5f2d3
Sha256: ed8c79437062e3bc9c04813a307da4eefca5fd6c1b52d50f381cb608edca60f5
                                        
                                            GET /ajax/libs/gsap/3.5.0/ScrollTrigger.min.js?ver=6.1.1 HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
content-length: 7823
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f35e1c6-4c01"
last-modified: Fri, 14 Aug 2020 00:58:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 23289345
expires: Mon, 20 Nov 2023 14:33:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcM%2F86TVxksCoAVkts4eSkoXbNQQnTZbd%2FNDEqlkfQ44WGogg%2FL7FfbgllRhTr5ffi1O%2BYOVLYW0P4GQE3EYRz%2FkjtocpIhs0nDpIZRD0RUa%2FDrOo3QTvR2nQPE5iFz%2F0ZVidpNY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77244c60399db4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19151)
Size:   7823
Md5:    1084e33c566f4ceba44cd166601a21b6
Sha1:   4634ded7d4557a3bf503be25a6f7c1d1282fac6e
Sha256: ed0a34dd94046d5b1b039f52afdca81f09e908536a160b45ccefc219c5bf372c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /swiper@7/swiper-bundle.min.js?ver=6.1.1 HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.122.175
HTTP/2 302 Found
content-type: text/plain; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
access-control-allow-origin: *
location: /swiper@7/swiper-bundle.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK4E59E91Q2HHZ1E6501ZZVF-fra
cf-cache-status: HIT
age: 1200
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77244c5ffe40b512-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /npm/locomotive-scroll@3.5.4/dist/locomotive-scroll.min.js?ver=6.1.1 HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.129.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 3.5.4
x-jsd-version-type: version
etag: W/"9170-A1p+FrHHz52vewF/y7LPrfqJmbE"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 30 Nov 2022 14:33:28 GMT
age: 3483225
x-served-by: cache-fra-eddf8230023-FRA, cache-bma1663-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10152
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (37232), with no line terminators
Size:   10152
Md5:    8483b481b15691466caad701dc6e1503
Sha1:   492f07185e3b14622c55f8236306112ea3979f81
Sha256: cb8e8a7986a75684d612f3443d99e23b0b367c4c5dbc3c897396e82ee946b6aa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   1187
Md5:    b6a1796cb5d1de3fffb38d864ce0ec63
Sha1:   347140cf1b8eff89c2fafffae0cc8ac6a33f2482
Sha256: d88f5ada5872d920104df9e7af754faef4b052e44ed8ddf9b96929d4b04d6347
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "7B0594FC0611D3FED3477E013A2C80C790CF9BA9"
Expires: Thu, 01 Dec 2022 02:00:00 GMT
Last-Modified: Wed, 30 Nov 2022 14:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1322
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77244c60de280af6-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    707fd780141442ae0855b75cd231074b
Sha1:   bdd1e47bec0bf2db4a0f17d8601a4c109c32c010
Sha256: e7c2b1ac0c05b4f109680366850d0b03209245e15f99178f990f12176c646ebc
                                        
                                            GET /css2?family=Inter%3Awght%40100%3B200%3B300%3B400%3B500%3B600%3B700%3B800%3B900&display=swap&ver=6.1.1 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 14:33:28 GMT
date: Wed, 30 Nov 2022 14:33:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (884)
Size:   1432
Md5:    981470f89ff0c21b9aba708f35357980
Sha1:   f202d7bd4f7b62814ac4626f0502016eec8268bc
Sha256: 414f1dfc7d6b35970d82a1b63260588e0d2db7e43ee851a69353c6b41f12207f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3610
Cache-Control: max-age=167617
Date: Wed, 30 Nov 2022 14:33:28 GMT
Etag: "6387475f-117"
Expires: Fri, 02 Dec 2022 13:07:05 GMT
Last-Modified: Wed, 30 Nov 2022 12:06:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A1E6C488375F0CF8653712A4D627B8CC8F413E9FC9CAEACEDDAA412D3A879903"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12189
Expires: Wed, 30 Nov 2022 17:56:37 GMT
Date: Wed, 30 Nov 2022 14:33:28 GMT
Connection: keep-alive

                                        
                                            GET /javascript/copypastesubscribeformlogic.js HTTP/1.1 
Host: js.createsend1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.36
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
server: csw
date: Wed, 30 Nov 2022 14:03:14 GMT
cache-control: public, max-age=2632
expires: Wed, 30 Nov 2022 14:47:06 GMT
last-modified: Wed, 30 Nov 2022 13:47:06 GMT
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _Ax-ilEIwnLbM-m7nO9qGU5z0ryA8aWuZ4YThloBHPNY0oCVA29E7g==
age: 1814
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   87676
Md5:    55ccdbd1de96e30772a8e7c42b771a26
Sha1:   2d63ffeada85fdc32613dd7e4dc85f3de574fa5b
Sha256: 065fb23971a752c8ba8432f80fe4ac41709c8a66fbe3bb14409d68bfb99ec815
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:56 GMT
expires: Thu, 23 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 586772
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   22822
Md5:    a99a0a65e0bdfa6ad42de877cadf34ea
Sha1:   34d94bb3763cc05e595b107146aec543ca512bee
Sha256: fef3d395292d31e9f72a49c0d2e77b06be2c9f164cb2b56a2599097aec62e315
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /swiper@7/swiper-bundle.min.css HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buildinglink.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.122.175
HTTP/2 302 Found
content-type: text/plain; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /swiper@7.4.1/swiper-bundle.min.css
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK4F6RVH532VAKJ8XR6ZEG64-fra
cf-cache-status: HIT
age: 104
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77244c5f7d23b512-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   21410
Md5:    89368c59f216779d122c57d199cd016b
Sha1:   f64985f6870a35bf9fe8efdc707c904e66f60823
Sha256: 6399ba3f6d45cf4cf80c86f97bdabf3808c4da9b0d6b5c8cc8b71321fae64f57
                                        
                                            GET /s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47728
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 19:22:22 GMT
expires: Wed, 29 Nov 2023 19:22:22 GMT
cache-control: public, max-age=31536000
age: 69066
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   48137
Md5:    91f6066b745f41a84d02939ef09649c4
Sha1:   d6631e4f0dd6dfd9a2c027d23ae31953cb3d858a
Sha256: 6df40791e45453ae6ceedcea198a89391f33d1ac098448beac76f33eaa99860d
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 586774
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /swiper@7/swiper-bundle.min.css?ver=6.1.1 HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.122.175
HTTP/2 302 Found
content-type: text/plain; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
access-control-allow-origin: *
location: /swiper@7/swiper-bundle.min.css
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK4E59EGNQ0A0EVQNVJYEWJP-fra
cf-cache-status: HIT
age: 1200
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77244c5f4cdcb512-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   37977
Md5:    c635c3c95654d19c4372b977269a1a62
Sha1:   7130f54cff82110f16b1567f792829372f62618b
Sha256: 56740a8db1cb3983d884fbcd7bef8e3bcfcd017c24917dd971d56af6dcf63198
                                        
                                            GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17508
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:47:16 GMT
expires: Thu, 23 Nov 2023 19:47:16 GMT
cache-control: public, max-age=31536000
age: 585972
last-modified: Wed, 11 May 2022 19:24:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   53419
Md5:    9a685db3d3392a39a90234061d87c0d5
Sha1:   f3e41f0920cb6bfe0853e8229e61332a6e9b4073
Sha256: e23557d87b59749f51f07752d7ca04792b86cbf90b06d0e38404109a47f3486c
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 586753
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /swiper@7.4.1/swiper-bundle.min.css HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buildinglink.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.122.175
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"3ccb-5Koe10fACH1gYqRziowpfORPwas"
via: 1.1 fly.io
fly-request-id: 01G4XE8SCR7T97G2PBX7YV096Y-fra
cf-cache-status: HIT
age: 15268274
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77244c601e5fb512-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1908), with no line terminators
Size:   22339
Md5:    da646e1ab2891e0be3ac9197357b2d27
Sha1:   eea23913310bbba54a3f72417df30e8165467c6b
Sha256: 31021f4d53f327198c920579c770fd50d607562d7ebda96e4b9eee4eeb65e688
                                        
                                            GET /releases/v5.15.4/css/all.css?ver=6.1.1 HTTP/1.1 
Host: use.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.64.132.15
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 30 Nov 2022 14:33:28 GMT
x-amz-id-2: yV5CQKVAfsfzCDUrxwzXYfVz0E9+Ja1en0DUm3OOKzHOjctJ26aEcz7/tlzTvpsAzvHlL9neSyg=
x-amz-request-id: YDAHPY4GFM5NCS4F
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
etag: W/"ecd507b3125edc4d2a03aa6ae5d07da9"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1277038
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O1iAQhtWoLv4%2BmEIG8aF6wWjAG%2BfY%2FiGO6SvpbuZ72wLWMQRwBma%2FrzKTz7CfODCBmpQJQLqraPFuLPcUWGdWQhOtFudtE5ohixTQPa0YFgZVbGNjlBeRo0E0Nugiwdzn3s9e20c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77244c60bbb97743-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59119)
Size:   178401
Md5:    221c52352e295f140322a40b18e1e379
Sha1:   25dd0c29837e5f7a6febc634313e3aa2c051a8a9
Sha256: 039e5bce165dadfa6aac07e5390027d86438155f4eab46b08c6e78e3322b4b85
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 586753
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size:   15740
Md5:    b9c29351c46f3e8c8631c4002457f48a
Sha1:   e57e59c5780995ff2937ab2b511a769212974a87
Sha256: f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2843
Cache-Control: max-age=133394
Date: Wed, 30 Nov 2022 14:33:28 GMT
Etag: "6386c4af-117"
Expires: Fri, 02 Dec 2022 03:36:42 GMT
Last-Modified: Wed, 30 Nov 2022 02:49:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3079
Cache-Control: max-age=147303
Date: Wed, 30 Nov 2022 14:33:28 GMT
Etag: "6386fa18-117"
Expires: Fri, 02 Dec 2022 07:28:31 GMT
Last-Modified: Wed, 30 Nov 2022 06:37:12 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1735
Cache-Control: max-age=119281
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "638691e3-116"
Expires: Thu, 01 Dec 2022 23:41:30 GMT
Last-Modified: Tue, 29 Nov 2022 23:12:35 GMT
Server: ECS (amb/6B93)
X-Cache: HIT
Content-Length: 278


--- Additional Info ---
Magic:  data
Size:   3270
Md5:    a2acc8845dba88df0d629b5d83ff1541
Sha1:   9d1570bb34007439379374cf27eb81ae8024ccd3
Sha256: 03379ae51a85b2df419aa94189b212192278ebe9bc019860d58683090c200c91
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3399
Cache-Control: max-age=98983
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "63863c19-117"
Expires: Thu, 01 Dec 2022 18:03:12 GMT
Last-Modified: Tue, 29 Nov 2022 17:06:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169091
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "638741d2-1d7"
Expires: Fri, 02 Dec 2022 13:31:40 GMT
Last-Modified: Wed, 30 Nov 2022 11:43:14 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2vKoTdKz5Ps6-79LdjcG5RmEOQ3EE7egEJvmvMYdSppgtElu1RPrWA==
Age: 6506

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3707
Cache-Control: max-age=101861
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "63864623-117"
Expires: Thu, 01 Dec 2022 18:51:10 GMT
Last-Modified: Tue, 29 Nov 2022 17:49:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /hs-script-loader-public/v1/config/pixel/json?portalId=20565294 HTTP/1.1 
Host: api.hubapi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.201.204
HTTP/2 200 OK
content-type: application/json;charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:29 GMT
cf-ray: 77244c664c500b55-OSL
access-control-allow-origin: https://www.buildinglink.com
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-max-age: 180
x-hubspot-correlation-id: 204ca627-a434-4e56-a530-f1d669474479
x-trace: 2BCFBD453A760A41C134BD71668992C4D628FE4467000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYkLpwl659a%2Fp4992u5k%2F9uAtSTfxQA4tDtuNs94pCnuUJMcKq2MO2sJQkbXTNtjHyAbXfa78vUhY97QnH5g0bh31mi%2FvJCtmwuTka9VIRAO%2BOrJ%2FVEb%2FdVu2Wv%2BorOZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   353
Md5:    01d7b7a29321952f920d10c86978f2d2
Sha1:   a6fcb5cad675aea03d186ef9e9d143ac842bc851
Sha256: 5fc18f0c0d76c0ba08d54661bda7a064f3957d6e7fddf3e4e938cc2e4fa7d3d2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2967
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "638675e1-116"
Last-Modified: Wed, 30 Nov 2022 13:44:02 GMT
Server: ECS (amb/6B93)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=20565294 HTTP/1.1 
Host: api.hubapi.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.17.201.204
HTTP/2 200 OK
content-type: application/json;charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:29 GMT
content-length: 2
cf-ray: 77244c673d280b55-OSL
access-control-allow-origin: https://www.buildinglink.com
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-max-age: 180
x-hubspot-correlation-id: ac970c83-8ea1-4961-b922-a1caf81d562d
x-trace: 2B47A1C45117A0071472AFAF45CBD4EA8F1DDA40E1000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XGs7dHO9lGM%2BFnJH0St7%2F8jF4seSJzmT9%2FdZEanDgoEtu5Bb41KAZXbULY%2FjWdCf2pFb8Sa%2FJxrQRRrYKqEcO%2BpkA8rGYcNAZaxJAectHQfeFCKNjeOmPC6TuL8Imyt9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    d751713988987e9331980363e24189ce
Sha1:   97d170e1550eee4afc0af065b78cda302a97674c
Sha256: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3707
Cache-Control: max-age=101861
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "63864623-117"
Expires: Thu, 01 Dec 2022 18:51:10 GMT
Last-Modified: Tue, 29 Nov 2022 17:49:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3436
Cache-Control: max-age=133612
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "6386c339-116"
Expires: Fri, 02 Dec 2022 03:40:21 GMT
Last-Modified: Wed, 30 Nov 2022 02:43:05 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:42:34 GMT
expires: Thu, 23 Nov 2023 19:42:34 GMT
cache-control: public, max-age=31536000
age: 586254
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3436
Cache-Control: max-age=133612
Date: Wed, 30 Nov 2022 14:33:29 GMT
Etag: "6386c339-116"
Expires: Fri, 02 Dec 2022 03:40:21 GMT
Last-Modified: Wed, 30 Nov 2022 02:43:05 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST /g/collect?v=2&tid=G-2S1YDMR0NM&gtm=2oebs0&_p=1689398899&_gaz=1&cid=1968107376.1669818808&ul=en-us&sr=1280x1024&_s=1&sid=1669818808&sct=1&seg=0&dl=https%3A%2F%2Fwww.buildinglink.com%2Fmarketing%2Fpublic%2Fmain&dt=Industry-Leading%20Property%20Management%20Software%20-%20BuildingLink&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 
Host: region1.analytics.google.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://www.buildinglink.com
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /px/?c=24abd7d60f26320 HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.buildinglink.com/
Connection: keep-alive
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.26.9.50
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 30 Nov 2022 14:33:29 GMT
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:29 GMT; Path=/; HttpOnly; SameSite=None; Secure _ccpx_24abd7d60f26320=1; Expires=Thu, 30 Nov 2023 14:33:29 GMT; Path=/; HttpOnly; SameSite=None; Secure _ccpx=24abd7d60f26320; Expires=Thu, 30 Nov 2023 14:33:29 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-cqttt:cc-nginx-c76b96594-cqttt
x-requestid: 2ebb0c60-1b8b-43cb-8fae-b26a48c75c43
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2F0oOH9O%2BMiasHYhruRMjtZbPYLyAt76ehsrxgGx1vvR3BWkStDzuSgXVlscg0Xrw8jeGCpnpGtVyT72R6tKaT0Rwbx9aO%2B0038%2BAGWfDSBRjyHfDNZ%2FxrBHL0Sv8Y6ygx%2FYUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c68bcf2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2807)
Size:   2368
Md5:    09ad990313f89dade6985a8c7bac500f
Sha1:   a609c075471bb222601798f23936f3877c1db8bc
Sha256: 1c2fa7b2c407456a17f4cfec96210b809cccd2d7a32629efb03fb96827a6e9c3
                                        
                                            POST /g/collect?v=2&tid=G-2S1YDMR0NM&cid=1968107376.1669818808&gtm=2oebs0&aip=1 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         74.125.131.155
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://www.buildinglink.com
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /cl50833agdusz4.js HTTP/1.1 
Host: cdn.js.customerlabs.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.42.24
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 96231
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, PUT, POST, DELETE
access-control-expose-headers: ETag, x-amz-meta-custom-header
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Nov 2022 14:24:38 GMT
x-amz-version-id: vXd1YVeqQInaWM9E32mfdqB7S6KtzPzp
accept-ranges: bytes
server: AmazonS3
date: Wed, 30 Nov 2022 14:33:30 GMT
cache-control: max-age=60
etag: "4863499e715a0758d47148369c40be37"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: RefreshHit from cloudfront
via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: evQPnez_1q5QbEYO8Mt59JyaSKXJzHnja5yhC5ZvRyMJ4ibOlNer_w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (33540)
Size:   96231
Md5:    4863499e715a0758d47148369c40be37
Sha1:   3bb25659715c1356d8141d6ab418a5ba75f85320
Sha256: 753ba5770b1a03af9aeeb78edc4ca6e8e3ed693fe6c0a43646fa2363b77d7f1f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /group/0/070f1f86d6ecd47ee30e/12/swap_session.json HTTP/1.1 
Host: js.calltrk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 589
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.59
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:29 GMT
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers:
access-control-max-age: 7200
cache-control: max-age=0, private, must-revalidate
etag: W/"5150b4c54cf4c6a6150aba029b6d43f1"
vary: Origin
x-request-id: ff407232-355e-4226-832e-dcd77a3457d8
x-runtime: 0.050870
x-cache: Miss from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SxlpdfpjZFOhTae95uzbF3kajvknE1kmPkZwzzTnVHYShGhvBeipxA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- data
Size:   613
Md5:    e54a837ca679f9183c18ea0f4d3eca76
Sha1:   eb185a5bf08f262e429ac93ceea71dfd274728b2
Sha256: 5feea937af11b9a47279e37cbf68ad19105eae1487441b30420ac89e165c931e
                                        
                                            GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
age: 156213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (730)
Size:   162976
Md5:    79d18cf4265108d7cecca1bf4ada6109
Sha1:   e51d0285a545381d4c39e9e0292a650ffeeecbb9
Sha256: 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3572
Cache-Control: max-age=160354
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "63872b28-118"
Expires: Fri, 02 Dec 2022 11:06:04 GMT
Last-Modified: Wed, 30 Nov 2022 10:06:32 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /px/ta/?ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=24abd7d60f26320&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&cn=NO
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; _ccpx_24abd7d60f26320=1; _ccpx=24abd7d60f26320
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.9.50
HTTP/2 302 Found
content-type: text/html
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:30 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-vlmvj:cc-nginx-c76b96594-vlmvj
x-requestid: 08375909-f90f-452a-b418-f2713d6befdd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2AjIDY0GhW%2BaI3izJ5rRL%2FZ5dluVzsoFxnJ0lR%2FunkP8wNPRqSn9s8O2dh3mkViuswEmX%2BupzqgP8lfs0z4JhHxnoefkX8zfbzRSEb27YinVTWguYQjFqU1UfgMnv6C1gNOl1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c6abf5bb515-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 14:33:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/1037606382/?random=1669818807907&cv=11&fst=1669818807907&bg=ffffff&guid=ON&async=1&gtm=2wgbs0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.buildinglink.com%2Fmarketing%2Fpublic%2Fmain&tiba=Industry-Leading%20Property%20Management%20Software%20-%20BuildingLink&auid=46294793.1669818808&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.66
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 891
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Nov-2022 14:48:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1939), with no line terminators
Size:   891
Md5:    5f5c0a576ad2f46687489a3a27e66746
Sha1:   8801c54dff499141088cbb1a9719962eeebd0a7c
Sha256: e2fc8ad60495a0e40365ffdb008ff280e4a20f2e86472c56067081ab76de070b
                                        
                                            GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2S1YDMR0NM&cid=1968107376.1669818808&gtm=2oebs0&aip=1&z=1203193364 HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3648
Cache-Control: max-age=138831
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "6386d6c9-1d7"
Expires: Fri, 02 Dec 2022 05:07:21 GMT
Last-Modified: Wed, 30 Nov 2022 04:06:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /pagead/1p-user-list/1037606382/?random=1669818807907&cv=11&fst=1669816800000&bg=ffffff&guid=ON&async=1&gtm=2wgbs0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.buildinglink.com%2Fmarketing%2Fpublic%2Fmain&tiba=Industry-Leading%20Property%20Management%20Software%20-%20BuildingLink&fmt=3&is_vtc=1&random=2332664546&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /group/0/070f1f86d6ecd47ee30e/12/icap.js?t=1669818808835&GoogleAnalytics__ga=GA1.1.1968107376.1669818808&ga=GA1.1.1968107376.1669818808&uuid=19ef992b-b16b-42e8-ba45-6eb8f8379799&ids%5B%5D=647579612 HTTP/1.1 
Host: js.calltrk.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         143.204.55.119
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
cache-control: max-age=0, private, must-revalidate
etag: W/"1643b5cec44cc597bc2cce3448ce5434"
x-request-id: 4838341a-eab8-4f24-8e69-b1eacb80e881
x-runtime: 0.049979
x-cache: Miss from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yBUosF6FjGl-xLeZ11-yqb7K4lM_ki-vSK0X8UWbKcem2VeuP5hJoA==
X-Firefox-Spdy: h2

                                        
                                            GET /modules.8066ef274cc529c933d8.js HTTP/1.1 
Host: script.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.46
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 68637
date: Wed, 30 Nov 2022 12:36:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "0b6db42a732a2de4485e2b0a05434f63"
last-modified: Wed, 30 Nov 2022 12:35:50 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: t1SAc80wJjv8OC8oQ3TMkI1ijYIFPU6qHWm4FhuQmsWd8d6Wf8o1Hw==
age: 7044
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (48714)
Size:   68637
Md5:    0b6db42a732a2de4485e2b0a05434f63
Sha1:   66444f933838db2867531f93074398f64d88f564
Sha256: 00b5a5f52cd6034433eb7f56b4de77c78f305bbb2046d25ffcb55a821f71d1b4
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         
                                        


--- Additional Info ---
Magic:  data
Size:   1408
Md5:    6d198b304dd3677ef84216dc298d85b6
Sha1:   bd8b5092eb1a66e1a9447b6be35ca325d2fb32ee
Sha256: b87036ed0c34a444cc704b83b9f96269b85323e2a731e05eb8620f4d7b573ef8
                                        
                                            GET /idsync/ex/receive?partner_id=3318&partner_device_id=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1 
Host: pixel.tapad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         35.227.248.159
HTTP/2 302 Found
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1669818810359;Expires=Sun, 29 Jan 2023 14:33:30 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=c057f15a-cf07-4b53-8796-f62cc769e976;Expires=Sun, 29 Jan 2023 14:33:30 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/styles__ltr.css HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24262
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:53:03 GMT
expires: Tue, 28 Nov 2023 19:53:03 GMT
cache-control: public, max-age=31536000
age: 153627
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (52913), with no line terminators
Size:   24262
Md5:    f4bb161deae4e93f1a82e52f82ea2af9
Sha1:   74cd72b02999ea35cde6dd6c1d58ca9aec94da07
Sha256: 3330fe65fd8dbe742211f1609fbfe70b3b94434ad5639223942d921f085ea589
                                        
                                            GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
age: 156213
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (730)
Size:   162976
Md5:    79d18cf4265108d7cecca1bf4ada6109
Sha1:   e51d0285a545381d4c39e9e0292a650ffeeecbb9
Sha256: 59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3648
Cache-Control: max-age=138831
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "6386d6c9-1d7"
Expires: Fri, 02 Dec 2022 05:07:21 GMT
Last-Modified: Wed, 30 Nov 2022 04:06:33 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   1243
Md5:    79225d05b73f42f21484e49704ad0488
Sha1:   a0f4fc631867e740735572182eef881439bd6620
Sha256: e747746409fce9ad9d312c3b8727b98ef71402c377d48b8b0ed66f4b952d058a
                                        
                                            GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1 
Host: vars.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         143.204.55.101
HTTP/2 200 OK
content-type: text/html
                                        
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: thWCsb7l_SBUM1Pxo0eM2g4rnDfjY2l1Fw4nHfitSKttsRODhTr2Tw==
age: 609804
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Size:   1035
Md5:    e0652b84b7b3b650769c759fc520c3f8
Sha1:   0b55d6e28613350c7f41b88f19e726e6751ad03b
Sha256: 94b4c240f83065223dcacdd3f8b69cb229d0616edc3e2041eef3e270d859fc3d
                                        
                                            GET /idsync/ex/receive/check?partner_id=3318&partner_device_id=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1 
Host: pixel.tapad.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         35.227.248.159
HTTP/2 302 Found
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1669818810416;Expires=Sun, 29 Jan 2023 14:33:30 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=0107f1b0-23bc-4a30-81b0-ad06e883a30e;Expires=Sun, 29 Jan 2023 14:33:30 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_3WAY_SYNCS=;Expires=Sun, 29 Jan 2023 14:33:30 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://a.clickcertain.com/px/ta/?done=true&ta_id=0107f1b0-23bc-4a30-81b0-ad06e883a30e
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

                                        
                                            GET /pagead/viewthroughconversion/1037606382/?random=1669818808369&cv=11&fst=1669818808369&bg=ffffff&guid=ON&async=1&gtm=2oabs0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.buildinglink.com%2Fmarketing%2Fpublic%2Fmain&tiba=Industry-Leading%20Property%20Management%20Software%20-%20BuildingLink&did=dZTNiMT%2CdZTQ1Zm&gdid=dZTNiMT.dZTQ1Zm&auid=46294793.1669818808&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.66
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 30 Nov 2022 14:33:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 908
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Nov-2022 14:48:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2001), with no line terminators
Size:   908
Md5:    db9506ebcdf367bb221d9a5e1aa0b908
Sha1:   4de913fccd12f066294efe82e77fc03fcf1b0f5b
Sha256: b20e083a7a494c1ad0e601f7777f4fdef77e0487bddee1e873c4806266513ea6
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:48:03 GMT
expires: Fri, 24 Nov 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 492327
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:43 GMT
expires: Fri, 24 Nov 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 510767
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
                                        
                                            GET /recaptcha/api2/logo_48.png HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 14:40:09 GMT
expires: Sat, 03 Dec 2022 14:40:09 GMT
cache-control: public, max-age=604800
age: 345201
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   2228
Md5:    ef9941290c50cd3866e2ba6b793f010d
Sha1:   4736508c795667dcea21f8d864233031223b7832
Sha256: 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
                                        
                                            GET /px/ta/?done=true&ta_id=0107f1b0-23bc-4a30-81b0-ad06e883a30e HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; _ccpx_24abd7d60f26320=1; _ccpx=24abd7d60f26320
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.26.9.50
HTTP/2 204 No Content
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:30 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-qgfp4:cc-nginx-c76b96594-qgfp4
x-requestid: 39cf50f0-22f7-4da1-8b7c-60201b99fca3
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bv%2FY9HD7YbPR5fdQT6IYWcSWoB6%2FWeeXDsTwbZi5OOPiP0UEQEgn%2FEa%2BIyfXJfeI59eEs9ZYLMtNc8v2kNcuYMBfM0q5EJy%2FZfXMOu5qRh4g%2FJ2pnTpOEEfMZ%2Fa1nrvonVKMyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c6d4a06b515-OSL
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=122375
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "6386961f-1d7"
Expires: Fri, 02 Dec 2022 00:33:05 GMT
Last-Modified: Tue, 29 Nov 2022 23:30:39 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ee0fEr0VGgxzmBHmIjtSwVNLEGYkX-vhWbP9M8vQmhdmSuK6BU0aEg==
Age: 3746

                                        
                                            POST / HTTP/1.1 
Host: ocsp.r2m02.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.80.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152953
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "638702a7-1d7"
Expires: Fri, 02 Dec 2022 09:02:43 GMT
Last-Modified: Wed, 30 Nov 2022 07:13:43 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: us0Cmqcg79fAdUKmRpRLzYv_qmlL3p-ihtbsn1hWLE86GjEbSNu7KQ==
Age: 6540

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93230
Date: Wed, 30 Nov 2022 14:33:30 GMT
Etag: "63862456-1d7"
Expires: Thu, 01 Dec 2022 16:27:20 GMT
Last-Modified: Tue, 29 Nov 2022 15:25:10 GMT
Server: ECS (nyb/1D2A)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Gu9Pd6K9VaHjGb86yLB1YTVF1dW3b4ouDF-ZTNfvXjceZc9j1oIO2g==
Age: 3730

                                        
                                            GET /s/56408?bidder_id=200441&bidder_uuid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dddc24d95%25252d45cf%25252d4c16%25252db8d4%25252d0fef6df43f7a%252526anx_uId%25253d%252524UID HTTP/1.1 
Host: i.liadm.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.174.64.137
HTTP/1.1 303 See Other
                                        
Date: Wed, 30 Nov 2022 14:33:30 GMT
Content-Length: 0
Connection: keep-alive
Location: /s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dddc24d95%25252d45cf%25252d4c16%25252db8d4%25252d0fef6df43f7a%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&_li_chk=true&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&previous_uuid=4f403d7df21d4e2ca1358c6cbe7c1d47
Set-Cookie: lidid=4f403d7d-f21d-4e2c-a135-8c6cbe7c1d47; Max-Age=63072000; Expires=Fri, 29 Nov 2024 14:33:30 GMT; SameSite=None; Path=/; Domain=liadm.com; Secure
Request-Time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

                                        
                                            GET /cs?puid=0ecdb435-2772-5f65-afb8-edc69805c298&pid=lc HTTP/1.1 
Host: a.browserspeed.support
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         52.11.204.242
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: awselb/2.0
date: Wed, 30 Nov 2022 14:33:30 GMT
content-length: 24
location: https://a.browserspeed.support/
set-cookie: tuid=f3965466-bdb8-4874-8248-12477f90b4a5; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   24
Md5:    cd5fa747861f510d1d45ab9dc80a16a0
Sha1:   90d910869fbe5e0f79b7f7e58f59f5303f46ad78
Sha256: 5bdd19de1ad3c04f1a88334882b16565cef8ac274902e671a72ebebdb35c697c
                                        
                                            POST /api/v2/client/sites/3073375/visit-data?sv=7 HTTP/1.1 
Host: in.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 149
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         52.31.187.71
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   95
Md5:    039d32f7359c34eee13f02bae640eff7
Sha1:   7550a24e404da6c533fa8597113eec17a6d55f4c
Sha256: 1874a3ed03bfe4289ca3a8cc3c495a498033ddb248a6fbdcdce02e70065eca54
                                        
                                            GET / HTTP/1.1 
Host: a.browserspeed.support
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: tuid=f3965466-bdb8-4874-8248-12477f90b4a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         52.11.204.242
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: awselb/2.0
date: Wed, 30 Nov 2022 14:33:30 GMT
content-length: 4
set-cookie: tuid=f3965466-bdb8-4874-8248-12477f90b4a5; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    72054d9a6fbdcc7df012e19f32345b65
Sha1:   52dd4c74c813db3790179c4f236ceadaca3467a8
Sha256: c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a%26anx_uId%3d%24UID HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.162
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dddc24d95%2D45cf%2D4c16%2Db8d4%2D0fef6df43f7a%26anx_uId%3D%24UID&google_tc=
date: Wed, 30 Nov 2022 14:33:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 509
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 30-Nov-2022 14:48:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (332), with CRLF, LF line terminators
Size:   509
Md5:    7b6e30fae865e1a013e137611fbc39b0
Sha1:   69e141af37000249e81e5f22b7352b207988dd2a
Sha256: 84db2a26bc48c12caa7bbffa70637544f2cea4dc5ad449369c5fc23df37ccee7
                                        
                                            GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dddc24d95%2D45cf%2D4c16%2Db8d4%2D0fef6df43f7a%26anx_uId%3D%24UID&google_tc= HTTP/1.1 
Host: cm.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.162
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
location: https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dddc24d95%2D45cf%2D4c16%2Db8d4%2D0fef6df43f7a%26anx_uId%3D%24UID&google_error=3
date: Wed, 30 Nov 2022 14:33:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 455
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size:   455
Md5:    6ba07324d151de5d4a74088e72ba4a32
Sha1:   e44587020a67ec81179405d758132e4dd48d94a7
Sha256: b2380127fb05dfc8d86291e5fcc5f3cda4ca43952005b58d162c2709f32e69a2
                                        
                                            GET /pages/scripts/0112/6942.js HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.19.148.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 27 Nov 2022 21:27:10 GMT
timing-allow-origin: *
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77244c6bfa6db4f1-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2684
Md5:    885ca3387143cc8294d54ae15274e664
Sha1:   7a9f116da1aa80f84987700e0bfa85d7d48c8b06
Sha256: 6d8136f44b1f17236e684741d465ed47d0704a237c012dc0aafa3b054fdf4ca4
                                        
                                            GET /px/cont/?c=24abd7d60f26320&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&cn=NO HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; _ccpx_24abd7d60f26320=2; _ccpx=24abd7d60f26320
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-None-Match: W/"ZGRjMjRkOTVnNDVjZmc0YzE2Z2I4ZDRnMGZlZjZkZjQzZjdhLXow"
TE: trailers

search
                                         104.26.9.50
HTTP/2 304 Not Modified
                                        
date: Wed, 30 Nov 2022 14:33:31 GMT
etag: W/"ZGRjMjRkOTVnNDVjZmc0YzE2Z2I4ZDRnMGZlZjZkZjQzZjdhLXow"
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:31 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-cqttt:cc-nginx-c76b96594-cqttt
x-requestid: 99abf103-d0a9-491a-930d-cf2d97599782
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wu18bMAwuIdxen5SrLgKwxFv5ILcjPMMGI9%2Bu5Ld0AtC41NuJv98GzaWKunzSLeG9XO6oHl0tAN68L8abkujmgROIlvvGXcTeama4gazFOUuqtPaQ7zeNUshRi7dFXzGwDcXRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c72783fb515-OSL
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158255
Date: Wed, 30 Nov 2022 14:33:31 GMT
Etag: "63871bd6-1d7"
Expires: Fri, 02 Dec 2022 10:31:06 GMT
Last-Modified: Wed, 30 Nov 2022 09:01:10 GMT
Server: ECS (dcb/7F3A)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C3DTyyJ6f4sOI2aZ4OcsGJJShyPzQdIi6LV05LbKs1PDdrmom9KU0g==
Age: 5396

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 14:33:31 GMT
Last-Modified: Wed, 30 Nov 2022 12:58:29 GMT
Server: ECS (nyb/1D25)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6l1I1SzjfP2ZPASWm7-3PDLsa9Docvgw_cHLSuPlHn1rvX_npySznA==
Age: 5702

                                        
                                            GET /getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&anx_uId=$UID HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.89.211.84
HTTP/1.1 307 Redirection
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Wed, 30 Nov 2022 14:33:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dddc24d95-45cf-4c16-b8d4-0fef6df43f7a%26anx_uId%3D%24UID
AN-X-Request-Uuid: 9947f88b-7f88-476d-b44a-ef8e2e440063
Set-Cookie: uuid2=1767910757458693350; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 28-Feb-2023 14:33:31 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158466
Date: Wed, 30 Nov 2022 14:33:31 GMT
Etag: "63871bd6-1d7"
Expires: Fri, 02 Dec 2022 10:34:37 GMT
Last-Modified: Wed, 30 Nov 2022 09:01:10 GMT
Server: ECS (dcb/7ECB)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UsK5TvrWwGKj-t-hIWg0awoDGF0jHCTqcr-WCPP6g-tO05QzkXMe3w==
Age: 5607

                                        
                                            GET /bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dddc24d95-45cf-4c16-b8d4-0fef6df43f7a%26anx_uId%3D%24UID HTTP/1.1 
Host: secure.adnxs.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.89.211.84
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Wed, 30 Nov 2022 14:33:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&anx_uId=0
AN-X-Request-Uuid: 10b84916-f4cf-4190-b867-8eb9221e26a6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

                                        
                                            POST /cl HTTP/1.1 
Host: io.v2.customerlabs.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 709
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         44.207.227.229
HTTP/1.1 200 OK
                                        
Access-Control-Allow-Headers: Origin, Accept, Content-Type, Max-Age, X-CL-APP-ID, X-Content-Type-Options
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: https://www.buildinglink.com
Date: Wed, 30 Nov 2022 14:33:31 GMT
Server: nginx/1.12.1
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /pages/data-scripts/0112/6942/site/www.buildinglink.com.json?t=1 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.buildinglink.com
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.19.148.8
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 30 Nov 2022 14:33:31 GMT
content-length: 1681
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 30 Nov 2022 10:04:13 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77244c732b4f0b59-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5085), with no line terminators
Size:   1681
Md5:    db87a08b8cdc1a3a4227d4473969a6a6
Sha1:   ee4b5f0d472a00250089f258601d19f1a0f00a97
Sha256: 6c3015f4bb772b37682ec7ae90dac6bb9a57def6dd63ae96b04ff4ce5242956c
                                        
                                            GET /px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253dddc24d95%252d45cf%252d4c16%252db8d4%252d0fef6df43f7a%2526anx_uId%253d%2524UID&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; _ccpx_24abd7d60f26320=1; _ccpx=24abd7d60f26320
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.26.9.50
HTTP/2 302 Found
content-type: text/html
                                        
date: Wed, 30 Nov 2022 14:33:31 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a%26anx_uId%3d%24UID
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:31 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-vlmvj:cc-nginx-c76b96594-vlmvj
x-requestid: 7654e75b-3c0b-4124-9303-c0916ab9a5d8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4lBrQx0zi%2B4zzSKkfqt9zA4EMAYtWrX23WTeNkwhPZV72TNnIvTs1UNF8U%2BNM0uZbIK%2F7NWQDeTOqT9Sjj7kYtD3UIiCNyztTkUurn9Ez8845%2BB%2B1D%2Fiyu77QAI0g4f99TGmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c709decb515-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /externalIds?customerlabs_user_id=cl50833agdusz468523263-a9d8-455f-90e5-76f48884553c&id=cl50833agdusz4&uid=cl50833agdusz468523263-a9d8-455f-90e5-76f48884553c HTTP/1.1 
Host: io.v2.customerlabs.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         44.207.227.229
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Access-Control-Allow-Headers: Origin, Accept, Content-Type, Max-Age, X-CL-APP-ID, X-Content-Type-Options
Access-Control-Allow-Methods: POST, OPTIONS
Date: Wed, 30 Nov 2022 14:33:31 GMT
Server: nginx/1.12.1
Content-Length: 178
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   178
Md5:    593f5f5a40ba517416bf0f4dd0c094e2
Sha1:   3f13d5e0ba559db762bb044c12a9207c65013f5e
Sha256: ce71d9912deee299c453631d150dcc3e608afc986e9d545d8ee250e64fb59abc
                                        
                                            GET /px/smart/?c=24abd7d60f26320&seg=marketing/public/main&partner_id=cl50833agdusz468523263-a9d8-455f-90e5-76f48884553c HTTP/1.1 
Host: a.remarketstats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.buildinglink.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.67.69.73
HTTP/2 302 Found
content-type: text/html
                                        
date: Wed, 30 Nov 2022 14:33:30 GMT
location: https://a.clickcertain.com/px/smart/a/?partner_id=cl50833agdusz468523263-a9d8-455f-90e5-76f48884553c&c=24abd7d60f26320&seg=marketing/public/main
x-frontend: cc-nginx-c76b96594-cqttt:cc-nginx-c76b96594-cqttt
x-requestid: 9abface6-c892-477c-98c9-9ded8db1b3bb
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lnmvhh7AaFck9wiGVc81PKOul%2FWlzGgoumVeHddDVTN%2F6jWOG9sTkmb7P5URPA2yey8Ho%2FAPJLnEqJ%2FJ%2BQcNAoLnq4%2Fi9MF7%2BM0MH83TMUey7zO7ty8m5mQIJksTcyyazUcArJM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77244c6f99e50b61-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /px/ta/?ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a HTTP/1.1 
Host: a.clickcertain.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=24abd7d60f26320&ccid=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&cn=NO
Cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; _ccpx_24abd7d60f26320=2; _ccpx=24abd7d60f26320
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.9.50
HTTP/2 302 Found
content-type: text/html
                                        
date: Wed, 30 Nov 2022 14:33:31 GMT
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=ddc24d95-45cf-4c16-b8d4-0fef6df43f7a&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
set-cookie: _ccpx_u=ddc24d95%2d45cf%2d4c16%2db8d4%2d0fef6df43f7a; Expires=Thu, 30 Nov 2023 14:33:31 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-vlmvj:cc-nginx-c76b96594-vlmvj
x-requestid: eb5dc906-499b-4a79-a28a-e4d26ac4fce0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel