r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4983
Expires: Sat, 25 Mar 2023 13:59:16 GMT
Date: Sat, 25 Mar 2023 12:36:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13683
Expires: Sat, 25 Mar 2023 16:24:16 GMT
Date: Sat, 25 Mar 2023 12:36:13 GMT
Connection: keep-alive
5tl.ink/qc2hRDbZ
66.29.137.12301 Moved Permanently 707 B IP 66.29.137.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
GET /qc2hRDbZ HTTP/1.1
Host: 5tl.ink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 25 Mar 2023 12:36:13 GMT
server: LiteSpeed
location: https://5tl.ink/qc2hRDbZ
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9bb70197d53617b5e6889b890dd2ae26
f3e9b8a743de494529baf2d078a622539f965307
a094a13905b7f1cd89475f9c83f9245580d4c3c7228d51d5c16622aec3c6aa45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A094A13905B7F1CD89475F9C83F9245580D4C3C7228D51D5C16622AEC3C6AA45"
Last-Modified: Sat, 25 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5385
Expires: Sat, 25 Mar 2023 14:05:58 GMT
Date: Sat, 25 Mar 2023 12:36:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 12:15:25 GMT
content-type: application/json
age: 1248
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zos3fttQ2kx4rWlpDyVNAYDjlZ5Vud764+1MhX+HFQDG6I2fcJPjcjFIOeL8iFBAUlIAdcY7+fs=
x-amz-request-id: HH3VSHAZYQXW9Y7C
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 12:00:46 GMT
age: 2128
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:14 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 12:14:33 GMT
age: 1301
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 9d756784521cb2eca021ffccc88753be
74bae9fa1445fb9858e9dcea90cd4c62468b5be7
d738e44e52dffd3e2b990abfefc05d99fe662be500b93caea567a2b58508bf04
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 24 Mar 2023 07:17:14 GMT
Expires: Fri, 31 Mar 2023 07:17:13 GMT
Etag: "74bae9fa1445fb9858e9dcea90cd4c62468b5be7"
Cache-Control: max-age=498658,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad732c5e988b50c-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70300b32357c46f3448d567189b64cb3
6ba66a5cf63cdbfeaec59b936151cc812bac56df
5a2b4f9fc5ebaa8062058bf68eae75fc28e06c6ef6a0e79c3c761c1d92f81cb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A2B4F9FC5EBAA8062058BF68EAE75FC28E06C6EF6A0E79C3C761C1D92F81CB9"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5103
Expires: Sat, 25 Mar 2023 14:01:17 GMT
Date: Sat, 25 Mar 2023 12:36:14 GMT
Connection: keep-alive
5tl.ink/qc2hRDbZ
66.29.137.12302 Found 0 B IP 66.29.137.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /qc2hRDbZ HTTP/1.1
Host: 5tl.ink
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
x-powered-by: PHP/7.4.33
set-cookie: lang=en_US; expires=Tue, 19-Mar-2024 12:36:14 GMT; Max-Age=31104000; path=/; secure
AppSession=10103926726544d9c631dfa4aa3ea36b; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: http://tourismtravels3.sbs/post.php/qc2hRDbZ
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 25 Mar 2023 12:36:14 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tourismtravels3.sbs/post.php/qc2hRDbZ
104.21.2.41301 Moved Permanently 0 B URL HTTP/1.1 tourismtravels3.sbs/post.php/qc2hRDbZ
IP 104.21.2.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /post.php/qc2hRDbZ HTTP/1.1
Host: tourismtravels3.sbs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Mar 2023 12:36:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Mar 2023 13:36:14 GMT
Location: https://tourismtravels3.sbs/post.php/qc2hRDbZ
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BY2gFzal7lC%2B1du9tYUnEI8xtJreAl5DOF%2BDogI%2B9jSRWYp%2FeRB73L552XnOo42xGXoAcamrLGdSeSaEYxeQgIsnEf%2Bb28aAuUseQZuVzWv2e6LqJV9ZXNBsfE3FVf8oG3Y0tfOL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad732c89956b503-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
34.214.98.224101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.98.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HGA5jrquyJUf2uuOk+icQQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eb45GhWEm0c3zV0s3PddJe3PohQ=
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e75ef27d06fa9cfd3805f1ae4f025fd4
7221a93bde5b82c780fe08c8f4cd2d4e6af4ef76
1d1c64436ce1c3a128a4dc98d7ab2708c13b63259ba87ffe9164546ae396f6d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=cutt.us
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=cutt.us
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cutt.us HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 12:36:15 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-149490498-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-149490498-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 50484c393fd7b94d249c8d5a9a16473d
be4dcb5de381d5a9c0212e0e46a6471109e08589
96e9b1439637586b699f52223b14dd151c15d615d15b20c8d883b3164be1d511
GET /gtag/js?id=UA-149490498-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 12:36:15 GMT
expires: Sat, 25 Mar 2023 12:36:15 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44758
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com.eg/adsid/integrator.js?domain=cutt.us
216.58.207.226200 OK 100 B URL HTTP/2 adservice.google.com.eg/adsid/integrator.js?domain=cutt.us
IP 216.58.207.226:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cutt.us HTTP/1.1
Host: adservice.google.com.eg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 12:36:15 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4355291ec58b85ddde02c2446ecb2bb4
4ad43e10f82193f83e862e8a78f3e46de9490ac4
e32fd5635627751770ee13e8f77b14b2555163cfc2d7db98aa8edb5b4bae4d9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e75ef27d06fa9cfd3805f1ae4f025fd4
7221a93bde5b82c780fe08c8f4cd2d4e6af4ef76
1d1c64436ce1c3a128a4dc98d7ab2708c13b63259ba87ffe9164546ae396f6d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.142200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Mar 2023 12:05:11 GMT
expires: Sat, 25 Mar 2023 14:05:11 GMT
cache-control: public, max-age=7200
age: 1864
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
216.58.211.2200 OK 136 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (65395)
Size 136 kB (136293 bytes)
Hash 8a011961b978eb23ed512198af4ce104
17d8974a7d7b2033e407bd2a44137f93002e4c63
a162c158c3d3e4a77a8a9e5f1f6c2eb8ac6862171c25a7b4397ddb9daeec2552
GET /gpt/pubads_impl_2023030901.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 136293
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Mar 2023 13:56:57 GMT
expires: Tue, 19 Mar 2024 13:56:57 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 09 Mar 2023 09:39:14 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 427158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagservices.com/tag/js/gpt.js
142.250.74.130200 OK 27 kB URL HTTP/2 www.googletagservices.com/tag/js/gpt.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (39604)
Hash e2eb2648fb455e0d7ae7e0fd6faef453
784e55934b0dddeca0b3b03bf3ce5297aff02214
e01fbbbb04de9cdfdd293459adc87426d52f181261fbf81b1137c9867738832e
GET /tag/js/gpt.js HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27422
date: Sat, 25 Mar 2023 12:36:15 GMT
expires: Sat, 25 Mar 2023 12:36:15 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1521 / 261 of 1000 / last-modified: 1679695742"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
4c5de93390d035549078ceb463ccfbc4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
172.217.21.161200 OK 2.7 kB URL HTTP/2 4c5de93390d035549078ceb463ccfbc4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 4c5de93390d035549078ceb463ccfbc4.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 19:41:19 GMT
expires: Sat, 23 Mar 2024 19:41:19 GMT
cache-control: public, immutable, max-age=31536000
age: 60896
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
content-type: text/html
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Sat, 25 Mar 2023 16:10:50 GMT
Date: Sat, 25 Mar 2023 12:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Sat, 25 Mar 2023 16:10:50 GMT
Date: Sat, 25 Mar 2023 12:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Sat, 25 Mar 2023 16:10:50 GMT
Date: Sat, 25 Mar 2023 12:36:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Sat, 25 Mar 2023 16:10:50 GMT
Date: Sat, 25 Mar 2023 12:36:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 70169fbc493bf12f91f072aa3a30ddde
4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d
8b5fc3c8421d5696522231c3490a0853709897f5c9b645bd5e84398cf84089aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b6f4d1-af89-4aaf-acec-609bb76366de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12071
x-amzn-requestid: 02bb2a93-c0aa-4d43-aa99-759a0418bc20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfGHYoAMF8BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-2258162e1901b5cd6e7144d3;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JviLRALJFla17_jzjfSJ_krfBT1kOqoPPt03e8ymXPQGRlLXmrERsQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 53748
etag: "4cd24b81bd6ade3ab5ff90fc88b0f7497e93391d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73f9697594d173d623b331b5c35eab8d
6323f751f6b7517f062a0442480f672086ea02a1
116cb71658b31e87f19c390b242c684f6505cc8edf90b7fc934ac726fc7ddd18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bda2583-e595-45ff-852f-d4b6bd713109.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8635
x-amzn-requestid: fc715b03-f48f-4300-b752-ab157a684f08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihcETyIAMFhYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a2-68f685ec0f50dae026ea3f64;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: ogff88YPb_ia9BPyBI0afIy9cWym7eDnXHKykpTS3NVG4EY_SUENDA==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
etag: "6323f751f6b7517f062a0442480f672086ea02a1"
content-type: image/jpeg
age: 53748
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5773974a7341690f006b052ad02c94db
1b11316c952e2195da1646dd94671669e7e3bc2b
a06b72138745500cacc919fea29536ebd4188a1c483f6123e3402458e299f16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:18 GMT
age: 53758
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
54.230.111.93200 OK 6.8 kB URL HTTP/2 cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
IP 54.230.111.93:0
File type ASCII text, with very long lines (1834)
Hash db572b15d2c149ed178ee6b60073afda
223e5f3a4633cf064bcbe4a216d2688c8825838a
719d1a164376b4794cbc3e002058262bf1db29def5de9111d50d6475721edfdb
GET /choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Jun 2022 13:53:56 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: br
date: Sat, 25 Mar 2023 12:36:07 GMT
cache-control: max-age=3600
etag: W/"c53bd785b1ee57b613221019d7d72626"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Cpq4Kb8Y9gvCOnIKrocTuSHSc7tJKtUuyDdWqDwJzRYTnCoCn18-Tw==
age: 9
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd191e3a122d6e31f81e6e9d434c58d6
aec88022970c93289434f8097e4a663da33e5271
1f00c901ef479637ec703d7924526a970cb13dd2635b2bbb68b285df9d98e011
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: 223de50b-9a7e-4ac7-9305-336658eec4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiwYHoLoAMFXtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1802-226bd8524ade75234053ff50;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:06 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tMnTFkK-AtSlEsQskvoxwwCjddndz5GBLHiV5RHi3QumyL6MVC9ovg==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 53748
etag: "aec88022970c93289434f8097e4a663da33e5271"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:40:28 GMT
age: 53748
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a763ef2cc93e4ebacec0ea6db2e8f181
c1133cbe7037a635da2b75416e397fb2ebbc0150
b745fb5eaf60be5d3480feed8980a7094d418cc67ded12812c78abdabf94a9cb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 23 Mar 2023 18:10:20 GMT
Expires: Thu, 30 Mar 2023 18:10:19 GMT
Etag: "c1133cbe7037a635da2b75416e397fb2ebbc0150"
Cache-Control: max-age=451442,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad732d34b0bb50c-OSL
cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com
54.230.111.93200 OK 48 kB URL HTTP/2 cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com
IP 54.230.111.93:0
Hash 45c9315a0c8a017f08d01d7e206200a1
1cb999e22ebd79aabf2c498a0cc71165dc73b7ab
bc050f766e61ebedd95fa2d2f5de712ed46708896d47a42d517b949fc75343ba
GET /tcfv2/42/cmp2.js?referer=www.themoneytizer.com HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 05 Jul 2022 18:40:23 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
cache-control: max-age=172800
date: Fri, 24 Mar 2023 21:07:16 GMT
etag: W/"9494b70738cd74c9137e65c29c0b1f3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x7vHLcvounW0jsOZ5lxjYuQe96abFZPw9yB57kYemyJMmVeqpFlEmg==
age: 55740
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 3a85d9c2de0b1015b62c81a1ab7fe625
389c7fe2d0d53ff607a3fd8e27283c8f1cb3a238
717fa1c4098bd6e282c24452a39aafc0b436941b2f398ef0086960effcc3f2ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 3a85d9c2de0b1015b62c81a1ab7fe625
389c7fe2d0d53ff607a3fd8e27283c8f1cb3a238
717fa1c4098bd6e282c24452a39aafc0b436941b2f398ef0086960effcc3f2ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
216.58.207.234200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32061)
Hash b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 15:13:52 GMT
expires: Sat, 23 Mar 2024 15:13:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 76945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-154204431-2
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-154204431-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 10da610e17a0fc1efba612035c3286b9
713f3e2445a5f24c0c537a3f4124f0b54611ff2c
9d48e28d4180e6d10b7f1565708cb44bfa6d1209893983772e5b1151af8bf483
GET /gtag/js?id=UA-154204431-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 12:36:17 GMT
expires: Sat, 25 Mar 2023 12:36:17 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44781
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
216.58.207.234200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32072)
Hash d38e2944bbc9ae54b8947a2bd0b9a932
782a825679b248d38979c2d7ecae257873344437
65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 32954
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 17:33:25 GMT
expires: Sat, 23 Mar 2024 17:33:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 68572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 3a85d9c2de0b1015b62c81a1ab7fe625
389c7fe2d0d53ff607a3fd8e27283c8f1cb3a238
717fa1c4098bd6e282c24452a39aafc0b436941b2f398ef0086960effcc3f2ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 3a85d9c2de0b1015b62c81a1ab7fe625
389c7fe2d0d53ff607a3fd8e27283c8f1cb3a238
717fa1c4098bd6e282c24452a39aafc0b436941b2f398ef0086960effcc3f2ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
5tl.co/assets/css/font.awesome.min.css?v=1.1
66.29.137.12200 OK 6.7 kB URL HTTP/2 5tl.co/assets/css/font.awesome.min.css?v=1.1
IP 66.29.137.12:0
File type ASCII text, with very long lines (30837)
Hash 97c6ce9b4936f66aa388ad33c39aba2d
3f14a7e78fbb4935cf35c20779dc2035531849a9
1eea453c424793fc56ef14093c10b373e3ca8388a70e847394e8084048c5ce38
GET /assets/css/font.awesome.min.css?v=1.1 HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: text/css
last-modified: Mon, 02 Oct 2017 03:49:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6658
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
5tl.co/assets/css/styles.css?v=1.1
66.29.137.12200 OK 2.7 kB URL HTTP/2 5tl.co/assets/css/styles.css?v=1.1
IP 66.29.137.12:0
File type ASCII text, with CRLF line terminators
Hash 5272b9ea2331d63907e5b804aefec184
a2e327bce3751c7e91ec40d2a44bd40d83a19b75
61d12e5d10e468227e0ee79b51cf9dc5c38eef46bd477751fc795f3625ab7dbf
GET /assets/css/styles.css?v=1.1 HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: text/css
last-modified: Mon, 27 Nov 2017 06:27:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2685
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
5tl.co/assets/img/logo.png
66.29.137.12200 OK 6.9 kB URL HTTP/2 5tl.co/assets/img/logo.png
IP 66.29.137.12:0
File type PNG image data, 472 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 6e242a4c9f9647e57a188435206c945e
642f1a77e079644132a73e1f28f129b46c30f235
c7bcbe6cf71bece30e619061ea4d9e43d23a68061fc310975d527cf270ef3efd
GET /assets/img/logo.png HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: image/png
last-modified: Sun, 05 Nov 2017 21:53:04 GMT
accept-ranges: bytes
content-length: 6947
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
5tl.co/assets/js/javascript.js?v=1.1
66.29.137.12200 OK 2.1 kB URL HTTP/2 5tl.co/assets/js/javascript.js?v=1.1
IP 66.29.137.12:0
File type ASCII text, with CRLF line terminators
Hash 8cc993076703a2b9fc10fc06073fe8cf
36c951c1e252a0f5906a232f28c017f57e581dd6
66b0d2f74f729e96dfa3b936b07de37fbffdf8681e1abca0dda61eba5d65c348
GET /assets/js/javascript.js?v=1.1 HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2017 07:43:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2079
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
5tl.co/assets/js/icon.sort.js?v=1.1
66.29.137.12200 OK 647 B URL HTTP/2 5tl.co/assets/js/icon.sort.js?v=1.1
IP 66.29.137.12:0
File type ASCII text, with CRLF line terminators
Hash 1b9f5b98f412c83c466c326711d6b0fb
24e8597049d0e7898f081604cdf4f774d70daed6
efbd2dac882133de9b254ad6d7a3700f2b04791d2b54657bf6f8562edc2bc49a
GET /assets/js/icon.sort.js?v=1.1 HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2017 06:22:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 647
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/unit/6414758b83b4d7003f73a784.js?v=2
104.26.14.126200 OK 1.7 kB URL HTTP/2 platform.pubfuture.com/v1/unit/6414758b83b4d7003f73a784.js?v=2
IP 104.26.14.126:0
File type ASCII text, with very long lines (2725), with no line terminators
Hash fcd744e647648f12f2e2a7faf49029e6
85e154375aa5edad2e880737b458b36cee6a9021
6e115916d317af60cbcb960384ec509ff049b072a248e94f7d4bab155f7f00e6
GET /v1/unit/6414758b83b4d7003f73a784.js?v=2 HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
cache-control: public, max-age=172800
etag: W/"aa5-tNpDPk86CS/viH9SP+eF5ESy24Q"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WK45eIhXkIai6kWM9sXqYrgMChcCdSzlkpAFQs4PbXWRX0gyCJ7gjAHUK1R0D98obVawpx185blAYmXFpF8bIJQPJ2fGujTLe9A3veKP88Duk%2FPHIXV4w6QOqsNO%2FhaQ87kAHioTgl4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732d80c47b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0d498eea96a92b91065ab95b2b2bfd84
b0d9ab41d20ade019ea632e688042e906d99af6f
6f60fae3759f258229ef53e08a73a996900422d33bcabd17ce747a1ad18d0159
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6F60FAE3759F258229EF53E08A73A996900422D33BCABD17CE747A1AD18D0159"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6527
Expires: Sat, 25 Mar 2023 14:25:04 GMT
Date: Sat, 25 Mar 2023 12:36:17 GMT
Connection: keep-alive
5tl.co/
66.29.137.12200 OK 0 B IP 66.29.137.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ce6948c57f579a85042a4388c45514d6
4b3002c036034ef0cb8d9eb73b7bf7f561862b99
85e655e198ac1724ffca7bf4efc4f98de8c436cebf41ed665cc397fbb02a243a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ce6948c57f579a85042a4388c45514d6
4b3002c036034ef0cb8d9eb73b7bf7f561862b99
85e655e198ac1724ffca7bf4efc4f98de8c436cebf41ed665cc397fbb02a243a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5tl.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:46 GMT
expires: Sat, 23 Mar 2024 10:26:46 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
age: 94171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5tl.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:45 GMT
expires: Sat, 23 Mar 2024 10:26:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
age: 94172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ce6948c57f579a85042a4388c45514d6
4b3002c036034ef0cb8d9eb73b7bf7f561862b99
85e655e198ac1724ffca7bf4efc4f98de8c436cebf41ed665cc397fbb02a243a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dolatiaschan.com/tag.min.js
139.45.197.244200 OK 23 kB URL HTTP/2 dolatiaschan.com/tag.min.js
IP 139.45.197.244:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1991c156fec13626dc654533637ba876
aa0239d9423e288d47e8d6778650b71332607a6f
7bea548e959ebcce20f79f6b1219811eff434d14cf20e9be6ab3892a5fa85c32
Analyzer Verdict Alert fortinet Phishing
GET /tag.min.js HTTP/1.1
Host: dolatiaschan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: text/javascript; charset=utf-8
content-length: 23299
content-encoding: br
x-trace-id: 114aa3b54773c4364edc363f54ffe6f7
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 23 Mar 2023 11:57:06 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 314 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash f93f31358ebbcc1a9c6cce0d2c6d3fe6
29ed7ab938cb5508f1c8df4668b2c608199c3d0f
3c6b15294057ff7870be733cdafb8443550be3dc3b87f74a4b00414fd5f4b8e2
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 314
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 05:15:15 GMT
Expires: Sat, 01 Apr 2023 05:15:14 GMT
Etag: "29ed7ab938cb5508f1c8df4668b2c608199c3d0f"
Cache-Control: max-age=577735,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad732dccba30b45-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 314 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash f93f31358ebbcc1a9c6cce0d2c6d3fe6
29ed7ab938cb5508f1c8df4668b2c608199c3d0f
3c6b15294057ff7870be733cdafb8443550be3dc3b87f74a4b00414fd5f4b8e2
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 314
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 05:15:15 GMT
Expires: Sat, 01 Apr 2023 05:15:14 GMT
Etag: "29ed7ab938cb5508f1c8df4668b2c608199c3d0f"
Cache-Control: max-age=577735,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad732dbaf25b4fd-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 314 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash f93f31358ebbcc1a9c6cce0d2c6d3fe6
29ed7ab938cb5508f1c8df4668b2c608199c3d0f
3c6b15294057ff7870be733cdafb8443550be3dc3b87f74a4b00414fd5f4b8e2
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:18 GMT
Content-Type: application/ocsp-response
Content-Length: 314
Connection: keep-alive
Last-Modified: Sat, 25 Mar 2023 05:15:15 GMT
Expires: Sat, 01 Apr 2023 05:15:14 GMT
Etag: "29ed7ab938cb5508f1c8df4668b2c608199c3d0f"
Cache-Control: max-age=577735,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ad732dcdeb00b49-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d770f5584a4585480ee500b7f0a98127
130c174d0f9dc2e24ec054f907b2de52fc2e9136
a7101799b8895a3395bf5feac2258c577e513f577d75768ee6fa41ca89027f20
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A7101799B8895A3395BF5FEAC2258C577E513F577D75768EE6FA41CA89027F20"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7800
Expires: Sat, 25 Mar 2023 14:46:18 GMT
Date: Sat, 25 Mar 2023 12:36:18 GMT
Connection: keep-alive
5tl.co/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
66.29.137.12200 OK 77 kB URL HTTP/2 5tl.co/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 66.29.137.12:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://5tl.co/assets/css/font.awesome.min.css?v=1.1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 01 Apr 2023 12:36:17 GMT
content-type: font/woff2
last-modified: Mon, 02 Oct 2017 03:49:40 GMT
accept-ranges: bytes
content-length: 77160
date: Sat, 25 Mar 2023 12:36:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=5ba3742a849d4cb3829abaa33ead787a
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=5ba3742a849d4cb3829abaa33ead787a
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 9c842951608cf8fda06ca3b73e662c8b
ef6bfc8db0099bd5aa2fd3f3809fb621cefc7c55
abdf0c27cbf27b850776ed37608cb26300660e20ae21f08d501b36ea01a65a32
GET /gid.js?userId=5ba3742a849d4cb3829abaa33ead787a HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:18 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://5tl.co
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5ba3742a849d4cb3829abaa33ead787a; expires=Sun, 24 Mar 2024 12:36:18 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
5tl.co/?get=qc2hRDbZ
66.29.137.12200 OK 57 kB IP 66.29.137.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (59448), with CRLF line terminators
Hash a1a4f6567eea7c55a66ef0b394e1f22f
40a86b7e30ccccc221161899de51f8c968c3e8ad
c4528cf73388dc3063936edcb4774a90565a368f4bebdc20d06cf1df5567bd6e
GET /?get=qc2hRDbZ HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 12:36:16 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ghb.adtelligent.com/geo
62.149.23.112200 OK 154 B IP 62.149.23.112:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ec65f841b5dcd74e7fbf6d72c39f8be4
a870e91242dd88bff2656674e85a819bab155c86
b5766bf1a0d74789f005f8935e4a0c88abe930f2f6df469ffe397038d955df54
GET /geo HTTP/1.1
Host: ghb.adtelligent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Adtelligent
Date: Sat, 25 Mar 2023 12:36:17 GMT
Content-Type: application/json
Content-Length: 154
Access-Control-Allow-Origin: https://5tl.co
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
X-Robots-Tag: noindex
platform.pubfuture.com/v1/unit/64177ffc55ee06003edbda88.js?v=2
104.26.14.126200 OK 1.3 kB URL HTTP/2 platform.pubfuture.com/v1/unit/64177ffc55ee06003edbda88.js?v=2
IP 104.26.14.126:0
File type ASCII text, with very long lines (2725), with no line terminators
Hash 43bc63e298c0c07f1eead98230abee1f
ad6824b4491185920f1d2e1139b0d7aa4df0a201
4eb0a2299792f43228262db5f914994f0442f1b114eebdcb535a7d669c4cd46b
GET /v1/unit/64177ffc55ee06003edbda88.js?v=2 HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
cache-control: public, max-age=172800
etag: W/"aa5-o9RnPwvLQzGRGq57On+nWjIukLY"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MiB8d2hw%2FAfaTFyvyFeDVY0u%2B6EdhV2Cd9jENes2fx%2Bx8vG4MFTdSo4XCWByJ4%2BF5evy6ft%2FsUZZPNVFfRSUy65qP3ff9JsC6%2FIEy7BZmjcv9sMHBI3sgbf0mobmPDy1k1RCzIQ8UVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732d81c52b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/unit/641418f935ea00003e8e81b9.js?v=2
104.26.14.126200 OK 1.3 kB URL HTTP/2 platform.pubfuture.com/v1/unit/641418f935ea00003e8e81b9.js?v=2
IP 104.26.14.126:0
File type ASCII text, with very long lines (2725), with no line terminators
Hash 2bd0b96c94888a41d34dfb084d0279b1
4e4b111e0a0b7f04ab280cafc55d8dcff3897dc3
d092b632b424547736728fcb4753828622a3975283d1493c69eb30bcf3b4730a
GET /v1/unit/641418f935ea00003e8e81b9.js?v=2 HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:18 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
cache-control: public, max-age=172800
etag: W/"aa5-4uSEqOkBYX7GcVvq9n3nJNUW31A"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFwqbheKg7bA1zLB117Men5ruZ4qPoY0ebgXKlkFD2Axk4rmBdqKmLZVnqkQx74TvLN18mVBcXNOyy4Epq1vS1dcqgw5WgEZNwXumtjmklgk%2FBkHNX6B5NhGEj%2BfvmociteKpf30kMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732d85ca1b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.142200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Mar 2023 12:05:11 GMT
expires: Sat, 25 Mar 2023 14:05:11 GMT
cache-control: public, max-age=7200
age: 1867
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash eef4409d0ad90e2899e538028bd3fa76
2d6edd13cbd2d201ef921fc33c053aec8f8b740c
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1379340482231173
142.250.74.66200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1379340482231173
IP 142.250.74.66:0
File type ASCII text, with very long lines (3599)
Hash 159015bed41fb1bf96bea509e8160259
f42bd0dd93d8b55f2599d9728f2755fe7f534e70
00592f4d25db694a06239192223757e2677e9e32a55b98580373c1b4c1bf6781
GET /pagead/js/adsbygoogle.js?client=ca-pub-1379340482231173 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 25 Mar 2023 12:36:18 GMT
expires: Sat, 25 Mar 2023 12:36:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15543351470303931288
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 48681
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2723687255553369
142.250.74.66200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2723687255553369
IP 142.250.74.66:0
File type ASCII text, with very long lines (3599)
Hash 1deb6451057a5be89f8c67dc26a83ef0
42f36acebc084ed1c265ae35ee7fe6e56d3007c9
0431c08ab1670ff80909054d0e5806b080ff87c095541aec761e37f3fb24df38
GET /pagead/js/adsbygoogle.js?client=ca-pub-2723687255553369 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 25 Mar 2023 12:36:18 GMT
expires: Sat, 25 Mar 2023 12:36:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 9604910761189759835
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 48677
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
5tl.co/favicon.ico
66.29.137.12404 Not Found 1.2 kB IP 66.29.137.12:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
GET /favicon.ico HTTP/1.1
Host: 5tl.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/?get=qc2hRDbZ
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 25 Mar 2023 12:36:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.5 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3205)
Hash bad17ab9662318e8927e5009c83c2ad1
53ded630f95abe04b7b77d43076bf71b9ea71c02
68da39270ebfa6d17f4b765cbe004797a736611585ff0c53213d91f78f13c260
GET /pagead/html/r20230322/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4549
x-xss-protection: 0
date: Fri, 24 Mar 2023 12:50:23 GMT
expires: Fri, 07 Apr 2023 12:50:23 GMT
cache-control: public, max-age=1209600
age: 85555
etag: 2378337311435320485
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f0f306ea49f1bd3f358f7579513e7377
c2845c696f6685a211bc040895d28ebf23fa1bc0
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dolatiaschan.com/?rb=bA-3GkBwuHhU9omzpdENhfsUpPMHFgYJ4umJUj_fpd9fHDsSQsJ_4VL2HwqkoztCPpqARl7wKeTLEHUo_2LqX45EsnyOSNVaSuz9L9Nrmw-obDvKB1DYDKPbaWOTGsKzqu-lwg-bP9805sUkCXFCEc5vy8o_Ov8LUQHKumcHFB37-3DK96qB7LXqmUyXt6Bi3T2AZr8hU02XWh7chRO2YGEsECM8CJqS&request_ab2=0&zoneid=5820740&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2F5tl.co%2F&drf=https%3A%2F%2Ftourismtravels3.sbs%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=61df62b5-d93b-407f-ad8b-f8bf8cb73830&userId=5ba3742a849d4cb3829abaa33ead787a&m=link
139.45.197.244200 OK 1.6 kB URL HTTP/2 dolatiaschan.com/?rb=bA-3GkBwuHhU9omzpdENhfsUpPMHFgYJ4umJUj_fpd9fHDsSQsJ_4VL2HwqkoztCPpqARl7wKeTLEHUo_2LqX45EsnyOSNVaSuz9L9Nrmw-obDvKB1DYDKPbaWOTGsKzqu-lwg-bP9805sUkCXFCEc5vy8o_Ov8LUQHKumcHFB37-3DK96qB7LXqmUyXt6Bi3T2AZr8hU02XWh7chRO2YGEsECM8CJqS&request_ab2=0&zoneid=5820740&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2F5tl.co%2F&drf=https%3A%2F%2Ftourismtravels3.sbs%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=61df62b5-d93b-407f-ad8b-f8bf8cb73830&userId=5ba3742a849d4cb3829abaa33ead787a&m=link
IP 139.45.197.244:0
File type JSON data\012- , ASCII text, with very long lines (1998), with no line terminators
Hash a6830eb4898f75c279ce8b88784f25b5
c19f044ff30e126b9869db7f9680532731805be2
d30182ede13ba6f643f576e692d9888b4a87283bd4fe18b126a71e4b84f98bf5
GET /?rb=bA-3GkBwuHhU9omzpdENhfsUpPMHFgYJ4umJUj_fpd9fHDsSQsJ_4VL2HwqkoztCPpqARl7wKeTLEHUo_2LqX45EsnyOSNVaSuz9L9Nrmw-obDvKB1DYDKPbaWOTGsKzqu-lwg-bP9805sUkCXFCEc5vy8o_Ov8LUQHKumcHFB37-3DK96qB7LXqmUyXt6Bi3T2AZr8hU02XWh7chRO2YGEsECM8CJqS&request_ab2=0&zoneid=5820740&js_build=iclick-v1.511.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=1&pl=https%3A%2F%2F5tl.co%2F&drf=https%3A%2F%2Ftourismtravels3.sbs%2F&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.511.0&bs=61df62b5-d93b-407f-ad8b-f8bf8cb73830&userId=5ba3742a849d4cb3829abaa33ead787a&m=link HTTP/1.1
Host: dolatiaschan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Cookie: OAID=5ba3742a849d4cb3829abaa33ead787a; oaidts=1679747777
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:18 GMT
content-type: application/json
x-trace-id: e7b4e50a93a3d7b2b98557f69e45fd55
access-control-allow-origin: https://5tl.co
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=5ba3742a849d4cb3829abaa33ead787a; expires=Sun, 24 Mar 2024 12:36:18 GMT; path=/; secure; SameSite=None
oaidts=1679747778; expires=Sun, 24 Mar 2024 12:36:18 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 01 Apr 2023 12:36:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=5tl.co
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=5tl.co
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=5tl.co HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 12:36:18 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 248b003a4a6dda3d2c481cfd45e49176
ae6e1dbc704dbe302549888e545689eb88e83bb9
14df223924711cca8488c64942b656023cb6e69cb83863ccd0f9cdb8ac4682fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9211052ef1bbc2fb3ff962abc8255c84
8710df14581fd8ddcb77bb70994eda60906200a7
7dc5595fcaaeb86b0c23cd0c43242c435213f697063c64c5b273b782a50bf918
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=5tl.co&callback=_gfp_s_&client=ca-pub-1379340482231173
172.217.21.162200 OK 247 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=5tl.co&callback=_gfp_s_&client=ca-pub-1379340482231173
IP 172.217.21.162:0
File type ASCII text, with very long lines (379), with no line terminators
Hash fa82bb3efe7749eb1735c96319a65f48
1151664c7d8c99f7cb3dfa9d52e51df9d1506856
87d1c697b20f8840d2e415128a2fd539c89a618b42db356e83838c7bf494b950
GET /gampad/cookie.js?domain=5tl.co&callback=_gfp_s_&client=ca-pub-1379340482231173 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 25 Mar 2023 12:36:19 GMT
server: cafe
cache-control: private
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.211.2200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (39604)
Hash 787cdb264a5705484cfa225555aa5863
f269890440771b14118eb22b6154f389b7159b3b
1e401c817aab137463477bfa800d72be03c824f91ca627ec73654823f7dd90c3
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27418
date: Sat, 25 Mar 2023 12:36:19 GMT
expires: Sat, 25 Mar 2023 12:36:19 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1521 / 859 of 1000 / last-modified: 1679695651"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9211052ef1bbc2fb3ff962abc8255c84
8710df14581fd8ddcb77bb70994eda60906200a7
7dc5595fcaaeb86b0c23cd0c43242c435213f697063c64c5b273b782a50bf918
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
172.217.21.161200 OK 2.7 kB URL HTTP/2 c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 172.217.21.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sat, 25 Mar 2023 12:36:19 GMT
expires: Sun, 24 Mar 2024 12:36:19 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 1faaa6e2a96df65e726bea8a873f5a1d
11b1d41aecbf8830cef3bb3d79667c3ae14fb7e5
ca8c2aeb31c285308a18a4eb8680fb9a1f52d26a61f83e2ca4a83b921aa49552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.65200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.65:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 25 Mar 2023 12:36:19 GMT
expires: Sat, 25 Mar 2023 12:36:19 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.65200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Mar 2023 02:02:12 GMT
expires: Fri, 22 Mar 2024 02:02:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 210847
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/config/641472c42f3b18003d0f0823.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
104.26.14.126200 OK 2.4 kB URL HTTP/2 platform.pubfuture.com/v1/config/641472c42f3b18003d0f0823.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
IP 104.26.14.126:0
File type HTML document, ASCII text, with very long lines (3986), with no line terminators
Hash e8943397c6d08fb60ba21be8695019ce
49c1c94edab3a9e8efef9849d7979278238f7123
6f2fa778b4bc58bdf3fb4a272b830de8c6078088c5f81e2b3aa3424b19748ced
GET /v1/config/641472c42f3b18003d0f0823.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw== HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:18 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"f92-PmFht4Pgr53c1Afz2M01/BjGofE"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqn6Zi6v1JAipUpNeM8KKU3bN4GoA%2BPLuwivMdiNyiPHLZQEMJQv02VIcLH8zaPb6wlOJ1qxUZnaL6JS35FE3%2BUrIbc1R6JQ2KUyIm%2Bm9bfu8I%2B4570AAC%2B62%2BY6ywGBSe3lNKJj0dY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732dfbdbdb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 512 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 7d6f8e24be77a5b1fa72799bf91eac57
0f450520095f45b6739d6c04723ebff5b2e20e04
3ed1fccb26ebc79c197417f7414fb9eac0cb889c406a272f762d97baa3ece3db
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 25 Mar 2023 12:36:19 GMT
date: Sat, 25 Mar 2023 12:36:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-iNZO1otZThJMCp53IrCOzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/config/6414758b83b4d7003f73a784.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
104.26.14.126200 OK 2.0 kB URL HTTP/2 platform.pubfuture.com/v1/config/6414758b83b4d7003f73a784.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
IP 104.26.14.126:0
File type HTML document, ASCII text, with very long lines (3986), with no line terminators
Hash ca5a8c3d158b239c0e9cef8b39f8af59
98788024909dbd7ce710f0ed682512ac98faf76c
d9d36f8659f369b68911a873d572fabf0db4a676a052ab2a650a167aa8e6753d
GET /v1/config/6414758b83b4d7003f73a784.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw== HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:19 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"f92-R29EnUs5B4/2lXKPfA/Smv1Y79E"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZvCkI6fN0djWmSkioSgGnWM%2Fy8k8GWzV9RsbJGd8ZL5LZEU%2BLhbhVr0WX%2FqwdQSfTxQWoYvCO%2Fye%2B5cUFWUbV%2F%2BvwWiD3fPdGUHpiFprtKbbuCrJgKA0D1cO%2BxfnwNTYLBLNR%2BoweOg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732dfadbab500-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/0-8iGxjpB1Y
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/0-8iGxjpB1Y
IP 216.58.211.3:0
Hash 673c6ec86dd3414773e87efbfb4326f1
41c719351bae6e93ebfced427168f6625ffdd9c9
c02770a8f8e3cd01a08ef7885a39c0d81420c2b9d2941ee72c66f0efe8ea1f42
POST /s/gts1d4/0-8iGxjpB1Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
151.101.129.229200 OK 439 B URL HTTP/2 cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (693)
Hash 0440929e9bfe21325bb9de6de158fba8
d175fec033c76d665a06513ce31e2c90d2c828e7
2621408bc9d3c95b7e24b8257993a2f433ee7f03e1c61ac77ed2d4f1e3e486b6
GET /gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
content-encoding: br
accept-ranges: bytes
date: Sat, 25 Mar 2023 12:36:20 GMT
age: 41791
x-served-by: cache-fra-eddf8230042-FRA, cache-bma1631-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
X-Firefox-Spdy: h2
oa.openxcdn.net/esp.js
34.102.146.192200 OK 7.9 kB IP 34.102.146.192:0
File type ASCII text, with very long lines (24615), with no line terminators
Hash df5542b88bc0e368c6999754a5b9e2ba
54f17142faeb7c882fee3bf67d537733e75e43ae
b82da9703a35c5436f9e47711f5b95d5357f02d590cb39dba99355b9b073561f
GET /esp.js HTTP/1.1
Host: oa.openxcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdt0FmEc5QAI_yovYskMkkHKXNtk1O_jTnYB8HjEe7S3kqBMY2dKEHFDZ0S0PtA0-zOqWFcMpvTwu3YIdnz-L731Wtn19qS_
x-goog-generation: 1622140251693895
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 7927
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 7927
server: UploadServer
date: Sat, 18 Mar 2023 17:19:11 GMT
expires: Sun, 17 Mar 2024 17:19:11 GMT
cache-control: no-transform
age: 587829
last-modified: Thu, 27 May 2021 18:30:51 GMT
etag: "df5542b88bc0e368c6999754a5b9e2ba"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.prod.uidapi.com/uid2SecureSignal.js
54.230.80.236200 OK 1.9 kB URL HTTP/1.1 cdn.prod.uidapi.com/uid2SecureSignal.js
IP 54.230.80.236:0
File type ASCII text, with very long lines (1859), with no line terminators
Hash aded621b17723f487b3c9d0e43cf2f94
90fbec381aa4a6ae2a2bb37eb082291432a1ab18
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
GET /uid2SecureSignal.js HTTP/1.1
Host: cdn.prod.uidapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1859
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 25 Mar 2023 05:18:47 GMT
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3gS37YtrTxnHLRUP4tYuaCl4y-MV3fT8EIVF_H-sYKVD2r2SS0Dt7g==
Age: 26253
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash 4893fbcb19ac9019072f815fe134fa1a
592307505c94a8b747c7286e9b7ea3ed8484d6dd
d13c5daeb55c1837b5e6901e02672c82f46930ac94f0db8c526f733739067301
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 12:36:20 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9C33A252627A3B48193427DD74DDADD55EE6A13D"
Expires: Sun, 26 Mar 2023 00:00:00 GMT
Last-Modified: Sat, 25 Mar 2023 12:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 539
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ad732ec7fdab511-OSL
ocsp.pki.goog/s/gts1d4/0-8iGxjpB1Y
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/0-8iGxjpB1Y
IP 216.58.211.3:0
Hash 673c6ec86dd3414773e87efbfb4326f1
41c719351bae6e93ebfced427168f6625ffdd9c9
c02770a8f8e3cd01a08ef7885a39c0d81420c2b9d2941ee72c66f0efe8ea1f42
POST /s/gts1d4/0-8iGxjpB1Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/-Iaa27mUZpU
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/-Iaa27mUZpU
IP 216.58.211.3:0
Hash 2be4cf647962460b49d0af400bf81688
bbbac1142b9fdfab085ec3d7a013d58542f9e390
3acaa02eab0d5c8005941b27265cf4e8377dcfbf16105c3d9d771a8a9863876c
POST /s/gts1d4/-Iaa27mUZpU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
34.96.70.87200 OK 1.3 kB URL HTTP/2 invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
IP 34.96.70.87:0
File type ASCII text, with very long lines (1178)
Hash f5bc066f146e3dbb049aa6c86c7012e6
efa97d857c263b3b3672e2ffa630af6e2625d84b
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
GET /encrypted-signals/encrypted-tag-g.js HTTP/1.1
Host: invstatic101.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsEdCmyDmy-K36REMmT0zuD6r2P6NfjGVbtY96bFe1yX4IO4jIgT4UjwuhcRupsEA7x80As1URmwt-kXIMnIJYpTPOqsBak
x-goog-generation: 1659113709880056
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1258
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 1258
server: UploadServer
via: 1.1 google
date: Sat, 25 Mar 2023 12:17:21 GMT
expires: Sat, 25 Mar 2023 13:17:21 GMT
cache-control: public, max-age=3600
age: 1139
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
content-type: text/javascript
vary: X-Goog-Allowed-Resources
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash cbb8969fef45c0eb4bea093b5127941b
7ee1f2f697db13b77f10c8a8ef45ecee0fc92959
df2fb9bac4f658bc9302ddd1aadf5b608ccd309e8f93396ffa6391f9db9a9db3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5089
Cache-Control: max-age=133288
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Etag: "641e3c8b-1d7"
Expires: Mon, 27 Mar 2023 01:37:48 GMT
Last-Modified: Sat, 25 Mar 2023 00:12:59 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/-Iaa27mUZpU
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/-Iaa27mUZpU
IP 216.58.211.3:0
Hash 2be4cf647962460b49d0af400bf81688
bbbac1142b9fdfab085ec3d7a013d58542f9e390
3acaa02eab0d5c8005941b27265cf4e8377dcfbf16105c3d9d771a8a9863876c
POST /s/gts1d4/-Iaa27mUZpU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.geotrust.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 625d0ce3a2e0c8b04135d02ce378f188
8474690ce7d66f5973ee0a6587c0f8c27456b767
fc3d23c29b5ab3b02ff662e6dc96894121e85872c68c72343b7450ca7de07bcc
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3426
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Last-Modified: Sat, 25 Mar 2023 11:39:14 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
IP 216.58.211.3:0
Hash 41380ea3a420895c0858f945ddf83ea8
de4047e4b09bfff5e6be9d785d9c2bb32d5fb3f5
b279826081706545b183679ef022c8e7adf4051f507fe4db8c41b4b6cd0b0b7a
POST /s/gts1d4/7jEnJbrtucU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
IP 216.58.211.3:0
Hash 41380ea3a420895c0858f945ddf83ea8
de4047e4b09bfff5e6be9d785d9c2bb32d5fb3f5
b279826081706545b183679ef022c8e7adf4051f507fe4db8c41b4b6cd0b0b7a
POST /s/gts1d4/7jEnJbrtucU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
esp.rtbhouse.com/encrypt
35.190.39.111200 OK 2 B IP 35.190.39.111:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /encrypt HTTP/1.1
Host: esp.rtbhouse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://5tl.co/
Origin: https://5tl.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Origin
access-control-allow-methods: POST, GET
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://5tl.co
access-control-allow-headers: content-type
content-type: text/plain; charset=utf-8
x-cloud-trace-context: f422c3921537fd621ffe94c7e0238a30
date: Sat, 25 Mar 2023 12:36:20 GMT
server: Google Frontend
content-length: 2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 94178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 780a992ada60f4f663f8940b620676b4
7e607f6e32beb4a5cbd1508c6c57d10b65b9582d
3c794fe134e47c2cf441ad0fe496243ecff2666576d8cc94c2f51beb090a26da
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C794FE134E47C2CF441AD0FE496243ECFF2666576D8CC94C2F51BEB090A26DA"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6072
Expires: Sat, 25 Mar 2023 14:17:32 GMT
Date: Sat, 25 Mar 2023 12:36:20 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 94179
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:43 GMT
expires: Sat, 23 Mar 2024 10:26:43 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 94177
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
esp.rtbhouse.com/encrypt
35.190.39.111200 OK 241 B IP 35.190.39.111:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ee45410a75e9c285ff527c885257fe79
222c8e465286987acbf7e70436a006f35745925a
d678f8aaa703fbba83727fde9482d995b266924e9f21aa7163b0bdaa4dda5e42
POST /encrypt HTTP/1.1
Host: esp.rtbhouse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://5tl.co
Content-Length: 177
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
x-cloud-trace-context: 6068eda7c7c30fe95c97e06f8662e175
date: Sat, 25 Mar 2023 12:36:20 GMT
server: Google Frontend
content-length: 241
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
id5-sync.com/api/esp/increment?counter=no-config
162.19.138.83204 0 B URL HTTP/1.1 id5-sync.com/api/esp/increment?counter=no-config
IP 162.19.138.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/esp/increment?counter=no-config HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://5tl.co
access-control-allow-credentials: true
date: Sat, 25 Mar 2023 12:36:20 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
oajs.openx.net/esp?url=https%3A%2F%2F5tl.co%2F&rid=esp
34.120.107.143200 OK 2 B URL HTTP/2 oajs.openx.net/esp?url=https%3A%2F%2F5tl.co%2F&rid=esp
IP 34.120.107.143:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /esp?url=https%3A%2F%2F5tl.co%2F&rid=esp HTTP/1.1
Host: oajs.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: https://5tl.co
vary: Origin
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 2
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
date: Sat, 25 Mar 2023 12:36:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bcp.crwdcntrl.net/6/map
52.49.217.141200 OK 60 B IP 52.49.217.141:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 76f7d7f9ddfeeebe9c1c73e22bd3e1e5
03abe64aaa2f944c57249a72aebd8fc0d3063305
f6ae9d9a3bb2ea1c623f2ec3ef80af6f6889fd2f08cd431245dd30d2327b26ac
POST /6/map HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 50
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: application/json;charset=utf-8
content-length: 60
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.9.106
access-control-allow-credentials: true
access-control-allow-origin: https://5tl.co
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/7jEnJbrtucU
IP 216.58.211.3:0
Hash 41380ea3a420895c0858f945ddf83ea8
de4047e4b09bfff5e6be9d785d9c2bb32d5fb3f5
b279826081706545b183679ef022c8e7adf4051f507fe4db8c41b4b6cd0b0b7a
POST /s/gts1d4/7jEnJbrtucU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.geotrust.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 625d0ce3a2e0c8b04135d02ce378f188
8474690ce7d66f5973ee0a6587c0f8c27456b767
fc3d23c29b5ab3b02ff662e6dc96894121e85872c68c72343b7450ca7de07bcc
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 458
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Last-Modified: Sat, 25 Mar 2023 12:28:42 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 88e5b5146933bbf5dfdcd53f3e878a93
89e3f8b909c6d6dad033153617b86b3804739607
17127e8f6b878f363ac444126645af23cddafdb68902355b28056ab928736728
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4041
Cache-Control: max-age=99118
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:20 GMT
Etag: "641dbb29-1d7"
Expires: Sun, 26 Mar 2023 16:08:18 GMT
Last-Modified: Fri, 24 Mar 2023 15:00:57 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
google-bidout-d.openx.net/w/1.0/pd?plm=5
34.98.64.218200 OK 20 B URL HTTP/2 google-bidout-d.openx.net/w/1.0/pd?plm=5
IP 34.98.64.218:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /w/1.0/pd?plm=5 HTTP/1.1
Host: google-bidout-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D8ipC2lRszVj8WyXV0ekBR42f4itX8UMF-_bOlnIUcNGEp1teMMjx_engIkq_HovpZoBLQdYOJti5sRpoSIR4vMWlN0Q&cry=1&dbm_d=AKAmf-CGRgEhLLT0Nog2_nJh61uDD8WBNvXkrKrJWNA4lveYzLwc3GDti_xZCG0iKu23XOG8ZzXJ4yCpNG1LGIBH0gGzi2jC65CqsLx36vGAM0eulLS1DMRUM9dpg3ala1w1a3DDzGfAhxdtDXU1hg9shuT9rthSS4U4e5efesoQb16p5l4Q5neCYOSFc8iAjVwtj99K44zJyB9yi-tMnebkX3uUk9ogrpqjW6bZ6kE8hQ3NepD6yerhJDmOrIFHXVTbDGBgY87HybDAdnf9EXco_7kOi91cfR8cuSoNZ8utQ7vUbw7FR1oAEpzYuCdjN0Q-fCrkGiHd7Wvg4Jjhz3mIr25pNrRxg6h5NZqmhgYkD2sGqvkXLEmyrz6sxbjbPkAV7bYVV8QWGtbJchYm0xQR3TzdtaxAPgUSuOWc5aZ-LSNAtGZmIiDEfd1gWmZT8eGLje438t70BtjMlLNEvfX4DjPYGscMha1wA60FMcWc_XlggOnn55vmgReZRi12Jo4NkhXGma9aY7wtzD_D2Lr0qEiYJULAiCXNjZkUi9P4B15IpT9U-0ADggsGl_P00_pvTYjm5phC7am59ALV4TNe8XdbHj2Lo4KNpEHaaxr2oZiC6mz_z5vnnzFoHEgNa9q4YwN9QSOXq4WQ-yvZUi4RGY9mRvYfuk_yVE8vL2Pj2G9OyaVdWgEQvPXBddhof2SmfS96k1UCDsxqTV58-5Dhh2LFIZYSf-GemsXGOfepEpX5K0FhQ0OSl4g3-5ZwaLBJWd_T6Oyneo3E9vyuVfwnN_XfwX6nMx2w9saq2JyyBakyiGpUs3XM1-kZo0QuiTj3rILc3uim_wa4W6OHdWT_Y8yN28fDg3lawdkD3-7K4DKpTjuoBdaoet8marvJ7-DbUe9hY_P2O1kZ6WIizmbGc9SEkxMxzFJqj5Yu2uvnAFFGOu6QE4dXQvx2gR8UWKySlTRwlkCeg6HE4qKzFqIcDDjnzidXak7MimySIz0LI2_rZU88wH8t0j76XNgaF4D1hMUftSEGQoRXFsH2Cey1njrfzIxQXGeYVhMQgzY5JDR1u0l0FMBrK5Tv2X9tIPKCWdkYNBfdfe3ROR-nAlOf9FMyXrElzoFBUr-xV3eY9uDA7p3c6MePf_opI_f_qZ4No7g-bpEfsy_2DNbF-n2gNmL0QYtOWDgEdPFuu3oUM19ceSbjYu3S-HCIc02z4xMH0bwI3LSImZMqxw8Dyk-pf1pNPcnTLbBGlM9jYUn9C-HArobM-i1Ep-VTLfxLxmUffXAVRxox3ddfr7SZrQzqXbPD1ZxTx-wEcbKCSDe0y4wU-fntMblo6bkUamGGPjYXkSOvo3XikDTvUfgVdFBR-2ABVyU87H_qDiKMfbiSLLWoJLPRam2FP-YwH5cGSnsAsnO_13KCv1IlLqYRxs-kW3GHAIf-olRsFlEYbVcsXukiIgVevY0TZ8vN-nmgCizbLa82x1S1eI2tRTIVvgOh6SblkpR_-hAcKgjNWgJZ5TKePNnisM2fpFwle_v7kVcWmFoTT7I2qVjqpXZLepGDFmig_sP4fBcTQ9TnPiU_UNsbNVggqtRczSaKz7JcoKiX4VgdE8qkTgAtRTu6WWk40aCVc18gCA4Hr1yiGAMzrnQfhaEBDnYIkOP5RYIUAduB0uBWLE2uiY42o6QDBhQ8ZHEjLSzIv4JpghbGJ1pchje9Eg5L6kDG-EHe_VzJuNjr1DR5-qAuGaqNpqOQ-AfD_qwnMu_iwXiDsSu76S_-0gFQI7mW3NYNpNS5lM3DG2jG4CsxKTpQ7fDzGCSTO8RiwaPNNGpvdL1R7sA0k_Yh2vxC3vAfch7a4MB2CvDfa0rHkEJETXYtMrvsNz5DRQfArUl57mIjyPnK7GJLnhNdjvMxO3s9doEXkC50QqNzbRVMU3vCTwHYT9lQO3pzHI262eiCpxooSm6rLP9mjwTK6C9Syq9DUPdiGdl2g6Wk0pZ_XEmM84IQEt13NK9nUvGHpgd8MjHQGhaB3lNcpM1-GRUvrVQp1-UMiFnNKwJ26xdIIk8wPPbkEjsiUrjfju_Kv5PX0BaMVtuoOa6-xdAgYUU8qupXPN4Xn_sSBv6etDhG6vgBfFtDrgiZqjxEBl8qtNIvqxzMLN6US-npTzuW7k3JKlXdqF07y0hLNT2Eim9yNric_6hY6wX1jpllFN85QgiSm81gP5RHPYYBMDzZaFUPXcuUFnSFb1kdYG-W_d1vGpBiIUQU7_s9CxHod20O06aTdPh1nSiOfB3OMrP6xCrZQ90gZCYOiiXmOC1fgzkAeW0IUb9lYadqI7Sfa9cUR8QvflzIpUS1BAnK4tmVAxc5Vv6gcMlhJsX_tDCDOY4nzWCGujh4zPg3j2MplO7MZ8DgQi7WmbEDGsVMBfR5Fh74bZRDw5-c4Rp__mX_eKvHkNPut4zd0F1xsHPnBQQc__NcFJtpo3iDK2RAUqxdnkVqTbhhPyFT2FadQQdGgQ3yaRZ5384TZ4Sz8aUVXVR5ObMAomlGNDcqpZRrZTUgyNaHbbGCKIxKuMy91LgPlzwvTAFfYOk5ul4Ll2_y7NQrV5gG3ot7btBI8ZxCmZ4xgqntOZVI15A-EgKGkBs33reu3FU6NX2bkaI-Ld5y68JvyJ80_YsAMW5RyeJdwd0pekRlphLxHBgQghODUznwakrg4fw6o_AWK8Y6gTPivYUTBdB-EsJmAVrd4AN3d01IZ5aQXxeWZAGbqhtOnmNSR6ZY8eOcb3IcxHkSo6FerOBEkndASnmEEu6CUjHhJPwYgF0LyvZJ3PZGW_EgKrsuw281hol_a7WCgty0639MoUGio4vM8gl1OP1k0edXxgyUsjtyMO4zQxfVuVXqJRJE--P-_uDoTFfwmyktWIuuT3zu5UeFJLzsANtK-w_T4QrnEUvqwjxBwNYggMeorplE-mnsduADt9wOflpHAqEs_BryuGrcrRGY4-F7NzSxTmbb2etdpkrISZFmd8Ob6bYsRIvGyhhKpjlV8OsQ7jf1T6cpVxY8NitKX41wfzIPjThuzhqx9innR3IsIJSk90X5WO1lAuTHi_-z1Q1ap6QRaxGyfM7MhQGNlIlSGwpBnEIoHbgnf_QFmXW7vSDmqMiBi-RU3JMn5CQ5jQrFfdxCp4BCdE-24FhDAD_4BZGrgAa_KnzcerGW7qlDU5CWet95PNfe5x3Pr83zhhQUghRnyqCZeyySPQH43QAQvXz2ussR86Z7mMmPR5flvEeNKRHKqT_GClcwXQoe1UhM2AOqvOlLlmE5jmy-AB1mffGH3VYEx99nVcd90uXKPI2FptLamx-_cHhEQsr1jDv_pE5MwY9oKZ_FkxwNBQs0dCe3P7nxOjyYzY5J5gtSQSj1_4Sg-qqRNbAGbwJGf5uoVOzys8Y7eNlFRcbJQXYfN8-_AGiw6eeXQaLeEM4Jf96S_hGnmq4RKYS8zTliJ6qbgR3cUL_wkSNsgHsehxMJrEv3YWo5atDo0vo7aHivmTRnaC_aMUlSGKReVO7JUCGg4Tx6Ub7cO2lejV-18w&cid=CAQSSwDUE5ymJmxsP2DGBkim0kPdsvmd1HSnv0RiVovRabzqKjDAoVntWSkP8UFlnZZ7TwAFXNnFmFODhEIEx8nmg-HzQHYNPCOj7KxNbBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1
173.194.222.157200 OK 16 kB URL HTTP/2 bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D8ipC2lRszVj8WyXV0ekBR42f4itX8UMF-_bOlnIUcNGEp1teMMjx_engIkq_HovpZoBLQdYOJti5sRpoSIR4vMWlN0Q&cry=1&dbm_d=AKAmf-CGRgEhLLT0Nog2_nJh61uDD8WBNvXkrKrJWNA4lveYzLwc3GDti_xZCG0iKu23XOG8ZzXJ4yCpNG1LGIBH0gGzi2jC65CqsLx36vGAM0eulLS1DMRUM9dpg3ala1w1a3DDzGfAhxdtDXU1hg9shuT9rthSS4U4e5efesoQb16p5l4Q5neCYOSFc8iAjVwtj99K44zJyB9yi-tMnebkX3uUk9ogrpqjW6bZ6kE8hQ3NepD6yerhJDmOrIFHXVTbDGBgY87HybDAdnf9EXco_7kOi91cfR8cuSoNZ8utQ7vUbw7FR1oAEpzYuCdjN0Q-fCrkGiHd7Wvg4Jjhz3mIr25pNrRxg6h5NZqmhgYkD2sGqvkXLEmyrz6sxbjbPkAV7bYVV8QWGtbJchYm0xQR3TzdtaxAPgUSuOWc5aZ-LSNAtGZmIiDEfd1gWmZT8eGLje438t70BtjMlLNEvfX4DjPYGscMha1wA60FMcWc_XlggOnn55vmgReZRi12Jo4NkhXGma9aY7wtzD_D2Lr0qEiYJULAiCXNjZkUi9P4B15IpT9U-0ADggsGl_P00_pvTYjm5phC7am59ALV4TNe8XdbHj2Lo4KNpEHaaxr2oZiC6mz_z5vnnzFoHEgNa9q4YwN9QSOXq4WQ-yvZUi4RGY9mRvYfuk_yVE8vL2Pj2G9OyaVdWgEQvPXBddhof2SmfS96k1UCDsxqTV58-5Dhh2LFIZYSf-GemsXGOfepEpX5K0FhQ0OSl4g3-5ZwaLBJWd_T6Oyneo3E9vyuVfwnN_XfwX6nMx2w9saq2JyyBakyiGpUs3XM1-kZo0QuiTj3rILc3uim_wa4W6OHdWT_Y8yN28fDg3lawdkD3-7K4DKpTjuoBdaoet8marvJ7-DbUe9hY_P2O1kZ6WIizmbGc9SEkxMxzFJqj5Yu2uvnAFFGOu6QE4dXQvx2gR8UWKySlTRwlkCeg6HE4qKzFqIcDDjnzidXak7MimySIz0LI2_rZU88wH8t0j76XNgaF4D1hMUftSEGQoRXFsH2Cey1njrfzIxQXGeYVhMQgzY5JDR1u0l0FMBrK5Tv2X9tIPKCWdkYNBfdfe3ROR-nAlOf9FMyXrElzoFBUr-xV3eY9uDA7p3c6MePf_opI_f_qZ4No7g-bpEfsy_2DNbF-n2gNmL0QYtOWDgEdPFuu3oUM19ceSbjYu3S-HCIc02z4xMH0bwI3LSImZMqxw8Dyk-pf1pNPcnTLbBGlM9jYUn9C-HArobM-i1Ep-VTLfxLxmUffXAVRxox3ddfr7SZrQzqXbPD1ZxTx-wEcbKCSDe0y4wU-fntMblo6bkUamGGPjYXkSOvo3XikDTvUfgVdFBR-2ABVyU87H_qDiKMfbiSLLWoJLPRam2FP-YwH5cGSnsAsnO_13KCv1IlLqYRxs-kW3GHAIf-olRsFlEYbVcsXukiIgVevY0TZ8vN-nmgCizbLa82x1S1eI2tRTIVvgOh6SblkpR_-hAcKgjNWgJZ5TKePNnisM2fpFwle_v7kVcWmFoTT7I2qVjqpXZLepGDFmig_sP4fBcTQ9TnPiU_UNsbNVggqtRczSaKz7JcoKiX4VgdE8qkTgAtRTu6WWk40aCVc18gCA4Hr1yiGAMzrnQfhaEBDnYIkOP5RYIUAduB0uBWLE2uiY42o6QDBhQ8ZHEjLSzIv4JpghbGJ1pchje9Eg5L6kDG-EHe_VzJuNjr1DR5-qAuGaqNpqOQ-AfD_qwnMu_iwXiDsSu76S_-0gFQI7mW3NYNpNS5lM3DG2jG4CsxKTpQ7fDzGCSTO8RiwaPNNGpvdL1R7sA0k_Yh2vxC3vAfch7a4MB2CvDfa0rHkEJETXYtMrvsNz5DRQfArUl57mIjyPnK7GJLnhNdjvMxO3s9doEXkC50QqNzbRVMU3vCTwHYT9lQO3pzHI262eiCpxooSm6rLP9mjwTK6C9Syq9DUPdiGdl2g6Wk0pZ_XEmM84IQEt13NK9nUvGHpgd8MjHQGhaB3lNcpM1-GRUvrVQp1-UMiFnNKwJ26xdIIk8wPPbkEjsiUrjfju_Kv5PX0BaMVtuoOa6-xdAgYUU8qupXPN4Xn_sSBv6etDhG6vgBfFtDrgiZqjxEBl8qtNIvqxzMLN6US-npTzuW7k3JKlXdqF07y0hLNT2Eim9yNric_6hY6wX1jpllFN85QgiSm81gP5RHPYYBMDzZaFUPXcuUFnSFb1kdYG-W_d1vGpBiIUQU7_s9CxHod20O06aTdPh1nSiOfB3OMrP6xCrZQ90gZCYOiiXmOC1fgzkAeW0IUb9lYadqI7Sfa9cUR8QvflzIpUS1BAnK4tmVAxc5Vv6gcMlhJsX_tDCDOY4nzWCGujh4zPg3j2MplO7MZ8DgQi7WmbEDGsVMBfR5Fh74bZRDw5-c4Rp__mX_eKvHkNPut4zd0F1xsHPnBQQc__NcFJtpo3iDK2RAUqxdnkVqTbhhPyFT2FadQQdGgQ3yaRZ5384TZ4Sz8aUVXVR5ObMAomlGNDcqpZRrZTUgyNaHbbGCKIxKuMy91LgPlzwvTAFfYOk5ul4Ll2_y7NQrV5gG3ot7btBI8ZxCmZ4xgqntOZVI15A-EgKGkBs33reu3FU6NX2bkaI-Ld5y68JvyJ80_YsAMW5RyeJdwd0pekRlphLxHBgQghODUznwakrg4fw6o_AWK8Y6gTPivYUTBdB-EsJmAVrd4AN3d01IZ5aQXxeWZAGbqhtOnmNSR6ZY8eOcb3IcxHkSo6FerOBEkndASnmEEu6CUjHhJPwYgF0LyvZJ3PZGW_EgKrsuw281hol_a7WCgty0639MoUGio4vM8gl1OP1k0edXxgyUsjtyMO4zQxfVuVXqJRJE--P-_uDoTFfwmyktWIuuT3zu5UeFJLzsANtK-w_T4QrnEUvqwjxBwNYggMeorplE-mnsduADt9wOflpHAqEs_BryuGrcrRGY4-F7NzSxTmbb2etdpkrISZFmd8Ob6bYsRIvGyhhKpjlV8OsQ7jf1T6cpVxY8NitKX41wfzIPjThuzhqx9innR3IsIJSk90X5WO1lAuTHi_-z1Q1ap6QRaxGyfM7MhQGNlIlSGwpBnEIoHbgnf_QFmXW7vSDmqMiBi-RU3JMn5CQ5jQrFfdxCp4BCdE-24FhDAD_4BZGrgAa_KnzcerGW7qlDU5CWet95PNfe5x3Pr83zhhQUghRnyqCZeyySPQH43QAQvXz2ussR86Z7mMmPR5flvEeNKRHKqT_GClcwXQoe1UhM2AOqvOlLlmE5jmy-AB1mffGH3VYEx99nVcd90uXKPI2FptLamx-_cHhEQsr1jDv_pE5MwY9oKZ_FkxwNBQs0dCe3P7nxOjyYzY5J5gtSQSj1_4Sg-qqRNbAGbwJGf5uoVOzys8Y7eNlFRcbJQXYfN8-_AGiw6eeXQaLeEM4Jf96S_hGnmq4RKYS8zTliJ6qbgR3cUL_wkSNsgHsehxMJrEv3YWo5atDo0vo7aHivmTRnaC_aMUlSGKReVO7JUCGg4Tx6Ub7cO2lejV-18w&cid=CAQSSwDUE5ymJmxsP2DGBkim0kPdsvmd1HSnv0RiVovRabzqKjDAoVntWSkP8UFlnZZ7TwAFXNnFmFODhEIEx8nmg-HzQHYNPCOj7KxNbBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1
IP 173.194.222.157:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (16436)
Hash f01b4bac8c3f7d8f531496ac37adc13e
cd33b7ea8d2149d1d155ec514b037e7f7e829678
4cb9bae98e9e5e94c9b88a726d0777c7bce598de15854bda2db64e8c01a528b9
GET /dbm/vast?dbm_c=AKAmf-D8ipC2lRszVj8WyXV0ekBR42f4itX8UMF-_bOlnIUcNGEp1teMMjx_engIkq_HovpZoBLQdYOJti5sRpoSIR4vMWlN0Q&cry=1&dbm_d=AKAmf-CGRgEhLLT0Nog2_nJh61uDD8WBNvXkrKrJWNA4lveYzLwc3GDti_xZCG0iKu23XOG8ZzXJ4yCpNG1LGIBH0gGzi2jC65CqsLx36vGAM0eulLS1DMRUM9dpg3ala1w1a3DDzGfAhxdtDXU1hg9shuT9rthSS4U4e5efesoQb16p5l4Q5neCYOSFc8iAjVwtj99K44zJyB9yi-tMnebkX3uUk9ogrpqjW6bZ6kE8hQ3NepD6yerhJDmOrIFHXVTbDGBgY87HybDAdnf9EXco_7kOi91cfR8cuSoNZ8utQ7vUbw7FR1oAEpzYuCdjN0Q-fCrkGiHd7Wvg4Jjhz3mIr25pNrRxg6h5NZqmhgYkD2sGqvkXLEmyrz6sxbjbPkAV7bYVV8QWGtbJchYm0xQR3TzdtaxAPgUSuOWc5aZ-LSNAtGZmIiDEfd1gWmZT8eGLje438t70BtjMlLNEvfX4DjPYGscMha1wA60FMcWc_XlggOnn55vmgReZRi12Jo4NkhXGma9aY7wtzD_D2Lr0qEiYJULAiCXNjZkUi9P4B15IpT9U-0ADggsGl_P00_pvTYjm5phC7am59ALV4TNe8XdbHj2Lo4KNpEHaaxr2oZiC6mz_z5vnnzFoHEgNa9q4YwN9QSOXq4WQ-yvZUi4RGY9mRvYfuk_yVE8vL2Pj2G9OyaVdWgEQvPXBddhof2SmfS96k1UCDsxqTV58-5Dhh2LFIZYSf-GemsXGOfepEpX5K0FhQ0OSl4g3-5ZwaLBJWd_T6Oyneo3E9vyuVfwnN_XfwX6nMx2w9saq2JyyBakyiGpUs3XM1-kZo0QuiTj3rILc3uim_wa4W6OHdWT_Y8yN28fDg3lawdkD3-7K4DKpTjuoBdaoet8marvJ7-DbUe9hY_P2O1kZ6WIizmbGc9SEkxMxzFJqj5Yu2uvnAFFGOu6QE4dXQvx2gR8UWKySlTRwlkCeg6HE4qKzFqIcDDjnzidXak7MimySIz0LI2_rZU88wH8t0j76XNgaF4D1hMUftSEGQoRXFsH2Cey1njrfzIxQXGeYVhMQgzY5JDR1u0l0FMBrK5Tv2X9tIPKCWdkYNBfdfe3ROR-nAlOf9FMyXrElzoFBUr-xV3eY9uDA7p3c6MePf_opI_f_qZ4No7g-bpEfsy_2DNbF-n2gNmL0QYtOWDgEdPFuu3oUM19ceSbjYu3S-HCIc02z4xMH0bwI3LSImZMqxw8Dyk-pf1pNPcnTLbBGlM9jYUn9C-HArobM-i1Ep-VTLfxLxmUffXAVRxox3ddfr7SZrQzqXbPD1ZxTx-wEcbKCSDe0y4wU-fntMblo6bkUamGGPjYXkSOvo3XikDTvUfgVdFBR-2ABVyU87H_qDiKMfbiSLLWoJLPRam2FP-YwH5cGSnsAsnO_13KCv1IlLqYRxs-kW3GHAIf-olRsFlEYbVcsXukiIgVevY0TZ8vN-nmgCizbLa82x1S1eI2tRTIVvgOh6SblkpR_-hAcKgjNWgJZ5TKePNnisM2fpFwle_v7kVcWmFoTT7I2qVjqpXZLepGDFmig_sP4fBcTQ9TnPiU_UNsbNVggqtRczSaKz7JcoKiX4VgdE8qkTgAtRTu6WWk40aCVc18gCA4Hr1yiGAMzrnQfhaEBDnYIkOP5RYIUAduB0uBWLE2uiY42o6QDBhQ8ZHEjLSzIv4JpghbGJ1pchje9Eg5L6kDG-EHe_VzJuNjr1DR5-qAuGaqNpqOQ-AfD_qwnMu_iwXiDsSu76S_-0gFQI7mW3NYNpNS5lM3DG2jG4CsxKTpQ7fDzGCSTO8RiwaPNNGpvdL1R7sA0k_Yh2vxC3vAfch7a4MB2CvDfa0rHkEJETXYtMrvsNz5DRQfArUl57mIjyPnK7GJLnhNdjvMxO3s9doEXkC50QqNzbRVMU3vCTwHYT9lQO3pzHI262eiCpxooSm6rLP9mjwTK6C9Syq9DUPdiGdl2g6Wk0pZ_XEmM84IQEt13NK9nUvGHpgd8MjHQGhaB3lNcpM1-GRUvrVQp1-UMiFnNKwJ26xdIIk8wPPbkEjsiUrjfju_Kv5PX0BaMVtuoOa6-xdAgYUU8qupXPN4Xn_sSBv6etDhG6vgBfFtDrgiZqjxEBl8qtNIvqxzMLN6US-npTzuW7k3JKlXdqF07y0hLNT2Eim9yNric_6hY6wX1jpllFN85QgiSm81gP5RHPYYBMDzZaFUPXcuUFnSFb1kdYG-W_d1vGpBiIUQU7_s9CxHod20O06aTdPh1nSiOfB3OMrP6xCrZQ90gZCYOiiXmOC1fgzkAeW0IUb9lYadqI7Sfa9cUR8QvflzIpUS1BAnK4tmVAxc5Vv6gcMlhJsX_tDCDOY4nzWCGujh4zPg3j2MplO7MZ8DgQi7WmbEDGsVMBfR5Fh74bZRDw5-c4Rp__mX_eKvHkNPut4zd0F1xsHPnBQQc__NcFJtpo3iDK2RAUqxdnkVqTbhhPyFT2FadQQdGgQ3yaRZ5384TZ4Sz8aUVXVR5ObMAomlGNDcqpZRrZTUgyNaHbbGCKIxKuMy91LgPlzwvTAFfYOk5ul4Ll2_y7NQrV5gG3ot7btBI8ZxCmZ4xgqntOZVI15A-EgKGkBs33reu3FU6NX2bkaI-Ld5y68JvyJ80_YsAMW5RyeJdwd0pekRlphLxHBgQghODUznwakrg4fw6o_AWK8Y6gTPivYUTBdB-EsJmAVrd4AN3d01IZ5aQXxeWZAGbqhtOnmNSR6ZY8eOcb3IcxHkSo6FerOBEkndASnmEEu6CUjHhJPwYgF0LyvZJ3PZGW_EgKrsuw281hol_a7WCgty0639MoUGio4vM8gl1OP1k0edXxgyUsjtyMO4zQxfVuVXqJRJE--P-_uDoTFfwmyktWIuuT3zu5UeFJLzsANtK-w_T4QrnEUvqwjxBwNYggMeorplE-mnsduADt9wOflpHAqEs_BryuGrcrRGY4-F7NzSxTmbb2etdpkrISZFmd8Ob6bYsRIvGyhhKpjlV8OsQ7jf1T6cpVxY8NitKX41wfzIPjThuzhqx9innR3IsIJSk90X5WO1lAuTHi_-z1Q1ap6QRaxGyfM7MhQGNlIlSGwpBnEIoHbgnf_QFmXW7vSDmqMiBi-RU3JMn5CQ5jQrFfdxCp4BCdE-24FhDAD_4BZGrgAa_KnzcerGW7qlDU5CWet95PNfe5x3Pr83zhhQUghRnyqCZeyySPQH43QAQvXz2ussR86Z7mMmPR5flvEeNKRHKqT_GClcwXQoe1UhM2AOqvOlLlmE5jmy-AB1mffGH3VYEx99nVcd90uXKPI2FptLamx-_cHhEQsr1jDv_pE5MwY9oKZ_FkxwNBQs0dCe3P7nxOjyYzY5J5gtSQSj1_4Sg-qqRNbAGbwJGf5uoVOzys8Y7eNlFRcbJQXYfN8-_AGiw6eeXQaLeEM4Jf96S_hGnmq4RKYS8zTliJ6qbgR3cUL_wkSNsgHsehxMJrEv3YWo5atDo0vo7aHivmTRnaC_aMUlSGKReVO7JUCGg4Tx6Ub7cO2lejV-18w&cid=CAQSSwDUE5ymJmxsP2DGBkim0kPdsvmd1HSnv0RiVovRabzqKjDAoVntWSkP8UFlnZZ7TwAFXNnFmFODhEIEx8nmg-HzQHYNPCOj7KxNbBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1 HTTP/1.1
Host: bid.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 12:36:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
content-type: text/xml; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16112
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 25-Mar-2023 12:51:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gcdn.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C/key/ck2/file/file.mp4
142.250.74.142302 Found 0 B URL HTTP/2 gcdn.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C/key/ck2/file/file.mp4
IP 142.250.74.142:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C/key/ck2/file/file.mp4 HTTP/1.1
Host: gcdn.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 25 Mar 2023 12:36:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
access-control-allow-origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
access-control-allow-credentials: true
timing-allow-origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
location: https://r4---sn-5go7ynl6.c.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 642
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 1bd931d1709def47ca088cc42ce2e643
dba91f1108ee0ae8c35a2495b8f2196f5a1f662a
7c576b751256ee1a587f98d1bd3ab7ce4dedaacbeb96cb998bbeee998139eb39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2075
Cache-Control: max-age=105412
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Etag: "641ddb6e-1d7"
Expires: Sun, 26 Mar 2023 17:53:13 GMT
Last-Modified: Fri, 24 Mar 2023 17:18:38 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
dnacdn.net/dna
178.250.1.11200 OK 0 B IP 178.250.1.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=dVTQuF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czczbEtncWRFUElMUlpGeWtzN3lrbWdOMEk1YVVpT1JWaFk4JTJGRXpMcTIlMkJn; expires=Thu, 18 Apr 2024 12:36:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 154350
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash fa363658b10afd87af493d2c443e3106
6d1f5da75206662432381be4dd22e72fb3cb968a
f0d0e2a38e51f762415e65b7f49f2acd09b4651b5c111875ff9184a58f0cc8f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.1.11200 OK 441 B IP 178.250.1.11:0
Hash a3fd7fb167030ad9046e34c5482cc81b
c02760be7e95d2a88cfe16c2b239d7442f2f9476
9ff10cea8f6b0790b09ec5b93fcd4db25330579ca25aee925c9a84837bd12716
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=dVTQuF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czczbEtncWRFUElMUlpGeWtzN3lrbWdOMEk1YVVpT1JWaFk4JTJGRXpMcTIlMkJn
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=oDVgjV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czczbEtncWRFUElMUlpGeWtzN3lrbWklMkJSMTlaV3l2JTJCUUJneW9nWmlicXdr; expires=Thu, 18 Apr 2024 12:36:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 188734
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 312 B IP 192.229.221.95:0
Hash f275ddbbdd218034a7b4b9bca9debb26
6d57f763157f97d9e13d6644cdc6272e999acea1
0f87718bea06096a6d67a11d31f41f9227070ed458de8e30f1ac59ffcb8b7137
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6343
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Last-Modified: Sat, 25 Mar 2023 10:50:38 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 312
gum.criteo.com/syncframe?origin=publishertagids&topUrl=5tl.co
178.250.0.157200 OK 5.5 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertagids&topUrl=5tl.co
IP 178.250.0.157:0
Hash 3cc26e972ec958f7045546aa40ed0d85
1f20962f9cad9d6ef9f3df9f5010046c87fbec60
3c7372ce56f84ba5d44cc62f24b438a5e9e1bc8b9eb194b3aa686debc97fac56
GET /syncframe?origin=publishertagids&topUrl=5tl.co HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=aec40e4d-4291-4586-beec-2b14256f4600; expires=Thu, 18 Apr 2024 12:36:20 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 786117
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r4---sn-5go7ynl6.c.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4
74.125.111.41200 OK 0 B URL HTTP/1.1 r4---sn-5go7ynl6.c.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4
IP 74.125.111.41:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4 HTTP/1.1
Host: r4---sn-5go7ynl6.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Feb 2023 12:02:53 GMT
Content-Type: video/mp4
Date: Sat, 25 Mar 2023 12:36:21 GMT
Expires: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: private, max-age=86400
Accept-Ranges: bytes
Content-Length: 891869
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: null
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash ca34d884419af46dd7d48575bc817f10
9bc26238a95175e469c503af6729f58caaeb509a
f2a55a94b622d3b1d7086a8e627d70d6382ff85641009b78d1050510721ec675
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r4---sn-5go7ynl6.c.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4
74.125.111.41206 Partial Content 37 kB URL HTTP/1.1 r4---sn-5go7ynl6.c.2mdn.net/videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4
IP 74.125.111.41:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash 7b31aab2baeeef4fee0601bf081cbc62
9779ccecf57a1a84ac3ce7845ccb5468ed97efc3
86b992c85c24ec4eb2f4778fd2f9ecbf11b5218bcfb2a462f95439bf4ad23305
GET /videoplayback/id/29e13b31a0d14378/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1711283780/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/63DCB37BB5C1645F24D140E9A49FC113B74ED5E0.196B6D0A8B5569A2F65734045B358EC32DC1B7F5/key/cms1/cms_redirect/yes/mh/h8/mip/91.90.42.154/mm/42/mn/sn-5go7ynl6/ms/onc/mt/1679746898/mv/u/mvi/4/pl/21/file/file.mp4 HTTP/1.1
Host: r4---sn-5go7ynl6.c.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Fri, 24 Feb 2023 12:02:53 GMT
Content-Type: video/mp4
Date: Sat, 25 Mar 2023 12:36:21 GMT
Expires: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: private, max-age=86400
Content-Range: bytes 0-891868/891869
Accept-Ranges: bytes
Content-Length: 891869
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
gem.gbc.criteo.com/newidsd
185.235.84.16200 OK 332 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.16:0
File type JSON data\012- , ASCII text, with very long lines (370), with no line terminators
Hash fe808814f1b0e9ef20f4b99dc4955f5e
905a097730c8f7fcaa31fd3463fd1f0a4544db6a
008801bf666ca7e1fcea63359b9e7c3c1db73f34bc5ba20b03d43a45bcfb8689
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 79286
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.77200 OK 124 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.77:0
Size 124 kB (124107 bytes)
Hash 7e77523936850420ced66d14ee93350f
fa67ff1db2ed412f3eaffcf33f6160748405607c
2cc47b6e522556bcf59a561e84c8473f451f727367ef2e877b2de0035190a9d7
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101950
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012302271541000/v0/amp-form-0.1.mjs
142.250.74.65200 OK 13 kB URL HTTP/2 cdn.ampproject.org/rtv/012302271541000/v0/amp-form-0.1.mjs
IP 142.250.74.65:0
File type Unicode text, UTF-8 text, with very long lines (41068)
Hash 29e6ca8d9edc05b4a956dcce746de287
01e641dc83f7983e17ddaf615178cd01cf68da48
5ed7c51df3267031660c777660ef695cceb8c82e22b1a417e07a4a6f9de2330f
GET /rtv/012302271541000/v0/amp-form-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 12965
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 19:09:03 GMT
expires: Sat, 23 Mar 2024 19:09:03 GMT
cache-control: public, max-age=31536000
etag: "2e1a930b1f14d060"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 62838
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.ampproject.org/rtv/012302271541000/amp4ads-v0.mjs
142.250.74.65200 OK 62 kB URL HTTP/2 cdn.ampproject.org/rtv/012302271541000/amp4ads-v0.mjs
IP 142.250.74.65:0
File type Unicode text, UTF-8 text, with very long lines (65008)
Hash 1339ec70ef22f9a9bbc60211432c7b8d
15965f972a1a3c3a62942d5cf53bf220f325cc01
7125067e8ee20da59444918dc7c190803551bb7aa627d49dcc63ae82996aba30
GET /rtv/012302271541000/amp4ads-v0.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 61845
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 18 Mar 2023 20:14:56 GMT
expires: Sun, 17 Mar 2024 20:14:56 GMT
cache-control: public, max-age=31536000
etag: "4fba9ccee66ca96a"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 577285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012302271541000/v0/amp-ad-exit-0.1.mjs
142.250.74.65200 OK 5.2 kB URL HTTP/2 cdn.ampproject.org/rtv/012302271541000/v0/amp-ad-exit-0.1.mjs
IP 142.250.74.65:0
File type ASCII text, with very long lines (14764)
Hash b768be4ec895091a432dcd125d02d18a
403f5cacc316fa63e34b9c966fb1f407289960f7
a3d9373ac3cf42c49d24ab565dc6725919c09819f82485c2216e0998562b77a6
GET /rtv/012302271541000/v0/amp-ad-exit-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 5236
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Mar 2023 14:23:00 GMT
expires: Tue, 19 Mar 2024 14:23:00 GMT
cache-control: public, max-age=31536000
etag: "cedf9691907d886d"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 425601
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012302271541000/v0/amp-analytics-0.1.mjs
142.250.74.65200 OK 29 kB URL HTTP/2 cdn.ampproject.org/rtv/012302271541000/v0/amp-analytics-0.1.mjs
IP 142.250.74.65:0
File type ASCII text, with very long lines (65534)
Hash 97148bebedae50d7264d4d5405be0a3b
db63df3856d8695f61b0c171b88d6ebc88620e36
0c4b6a78c0561c36ed709f09039426304fcbe06e0f58e4e21209c59c401cba73
GET /rtv/012302271541000/v0/amp-analytics-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 28954
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Mar 2023 13:46:30 GMT
expires: Tue, 19 Mar 2024 13:46:30 GMT
cache-control: public, max-age=31536000
etag: "eb54a928dd76f593"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 427791
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.ampproject.org/rtv/012302271541000/v0/amp-fit-text-0.1.mjs
142.250.74.65200 OK 1.9 kB URL HTTP/2 cdn.ampproject.org/rtv/012302271541000/v0/amp-fit-text-0.1.mjs
IP 142.250.74.65:0
File type ASCII text, with very long lines (5021)
Hash 29310274e55382559cb128e7210c3290
c4ee1bfdccf9bcdb6c3f3522021c698233ed11f5
f0ec8e4452c0078c6f320b8f9117ebae510dd5732e1ab6abb8cf2d71ec52cdab
GET /rtv/012302271541000/v0/amp-fit-text-0.1.mjs HTTP/1.1
Host: cdn.ampproject.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5tl.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
timing-allow-origin: *
content-length: 1898
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 25 Mar 2023 11:58:24 GMT
expires: Sun, 24 Mar 2024 11:58:24 GMT
cache-control: public, max-age=31536000
etag: "aaf5c93962f41d5e"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 2277
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 154ef93611074de64f533fb7ced2a354
3b518959fbe6d6a274c854d52099e9fefdee4dcc
33dae5d3859920914d42af2c992735bca6e8625ee31ee24c871cbab2872d45af
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 12:36:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
csi.gstatic.com/csi?v=2&s=osv&puid=1~lfnygsnh&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
172.217.26.67204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=osv&puid=1~lfnygsnh&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
IP 172.217.26.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=osv&puid=1~lfnygsnh&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 25 Mar 2023 12:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=osv&puid=5~lfnygsx4&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F29e13b31a0d14378%252Fitag%252F343%252Fsource%252Fweb_video_ads%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F1711283780%252Fsparams%252Fip%252Cipbits%252Cexpire%252Cid%252Citag%252Csource%252Cctier%252Cacao%252Fsignature%252F8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
172.217.26.67204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=osv&puid=5~lfnygsx4&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F29e13b31a0d14378%252Fitag%252F343%252Fsource%252Fweb_video_ads%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F1711283780%252Fsparams%252Fip%252Cipbits%252Cexpire%252Cid%252Citag%252Csource%252Cctier%252Cacao%252Fsignature%252F8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
IP 172.217.26.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=osv&puid=5~lfnygsx4&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&ple=1&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F29e13b31a0d14378%252Fitag%252F343%252Fsource%252Fweb_video_ads%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F1711283780%252Fsparams%252Fip%252Cipbits%252Cexpire%252Cid%252Citag%252Csource%252Cctier%252Cacao%252Fsignature%252F8CC37BE353ADF765FA9DD986D64ED899B92E25ED.96242844D4416DDFCBDF3D179302FC6AEADD424C%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 25 Mar 2023 12:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=osv&puid=2~lfnygso6&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&ulv=1&cll=0&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
172.217.26.67204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=osv&puid=2~lfnygso6&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&ulv=1&cll=0&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
IP 172.217.26.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=osv&puid=2~lfnygso6&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&ulv=1&cll=0&vast_v=4.0&lima_p_ich=0&lima_p_icu=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 25 Mar 2023 12:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=osv&puid=4~lfnygswq&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&met.4=videopreviewvisible.164
172.217.26.67204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=osv&puid=4~lfnygswq&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&met.4=videopreviewvisible.164
IP 172.217.26.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=osv&puid=4~lfnygswq&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=983&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&ape=1&met.4=videopreviewvisible.164 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 25 Mar 2023 12:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
csi.gstatic.com/csi?v=2&s=osv&puid=3~lfnygsq0&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
172.217.26.67204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=osv&puid=3~lfnygsq0&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0
IP 172.217.26.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=osv&puid=3~lfnygsq0&c=3945534701494&slotId=1972767350747&qqid=CIGv242M9_0CFZYMewodgZMJGQ&fb=outstream-lima&vast_v=2.0&vmfc=12&vhc=0 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://c63bceff32de1c6f2e889819c5915de9.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sat, 25 Mar 2023 12:36:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cmp.quantcast.com/tcfv2/google-atp-list.json
54.230.111.93200 OK 0 B URL HTTP/2 cmp.quantcast.com/tcfv2/google-atp-list.json
IP 54.230.111.93:0
GET /tcfv2/google-atp-list.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tourismtravels3.sbs
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Sat, 25 Mar 2023 03:00:29 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Sat, 25 Mar 2023 03:00:26 GMT
etag: W/"1dbfd79d4ea7f69c0c42a2f6065532e7"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wGda2cxnoIyB-GHQn6mCXUEB9ilWQTZJHpa0xBslTPpk7A70y0PwiQ==
age: 34547
X-Firefox-Spdy: h2
live.demand.supply/up.js
104.16.134.22403 Forbidden 0 B IP 104.16.134.22:0
GET /up.js HTTP/1.1
Host: live.demand.supply
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=NyCg.XGmSGRtIlsNVGdyQcWWwLk9Akpmkvt1Lg0IpYM-1679747777-0-AXFRVzgQdOOZGGucPrURl1xqjR59L4SwF+sM56uXCQ7IIqp/l555DHOOIpDTmURcrdwCu8JYiqFX78mA/ztMVRc=; path=/; expires=Sat, 25-Mar-23 13:06:17 GMT; domain=.demand.supply; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ad732d7d9ec1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.ids.js
178.250.1.3200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.ids.js
IP 178.250.1.3:0
GET /js/ld/publishertag.ids.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: text/javascript
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
etag: W/"63f86dec-9c21"
expires: Sun, 26 Mar 2023 12:36:20 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/unit/641472c42f3b18003d0f0823.js?v=2
104.26.14.126200 OK 0 B URL HTTP/2 platform.pubfuture.com/v1/unit/641472c42f3b18003d0f0823.js?v=2
IP 104.26.14.126:0
GET /v1/unit/641472c42f3b18003d0f0823.js?v=2 HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
cache-control: public, max-age=172800
etag: W/"aa5-kjA6+shCAvQ2Cvvo5KyEF207kp0"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CjLl3W8%2BZTi2iEIRmZ65YGM6lBkxOCo8nDzv7DMFPQhgBipkn57Zru%2BOAf5X72518YnKlVmacSoE0pU2kepCij%2BQLtgsI1C2MtwzYXttGjPdJDsIo9AqsTRetomAWGlFvkLwKwXC3r8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732d7ec21b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/config/641418f935ea00003e8e81b9.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
104.26.14.126200 OK 0 B URL HTTP/2 platform.pubfuture.com/v1/config/641418f935ea00003e8e81b9.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
IP 104.26.14.126:0
GET /v1/config/641418f935ea00003e8e81b9.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw== HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:19 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"f92-tCIZ567/BZqErys9yD/wZulmpBo"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9%2F3WhACO%2BEDYSs6tVlymx%2FcoWqJ%2Bv8Io9X42HyK21pXaC2bEiyWexCJTVDvrNQCEUuf3%2BF8QEkseMplSdfDuy3vinFyBqhagADEQ6FglHsVWYdCY9muVlDUPFjkjecvuhp6e3aiZPE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732dfada4b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
tourismtravels3.sbs/post.php/qc2hRDbZ
104.21.2.41200 OK 0 B URL HTTP/2 tourismtravels3.sbs/post.php/qc2hRDbZ
IP 104.21.2.41:0
GET /post.php/qc2hRDbZ HTTP/1.1
Host: tourismtravels3.sbs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9lHHe5EDDiKwbONFwvjZHVWbyWltqLZZpzel8xXQm5tWuAN1ynxWcNbZldVQr51ZrG5%2FGs4lGpDIgpr69CZzj8fUVQ1%2B7F7QUGimP97LmmgM4jBivac3oOeYk8F7qlpRliYq7R0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732c8db3db4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
platform.pubfuture.com/v1/config/64177ffc55ee06003edbda88.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
104.26.14.126200 OK 0 B URL HTTP/2 platform.pubfuture.com/v1/config/64177ffc55ee06003edbda88.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw==
IP 104.26.14.126:0
GET /v1/config/64177ffc55ee06003edbda88.js?v=6&ip=OTEuOTAuNDIuMTU0&cc=Tk8=&c=MzE0MzI0NA==&d=b3RoZXJz&s=NXRsLmNvLw== HTTP/1.1
Host: platform.pubfuture.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:19 GMT
content-type: application/javascript; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control: off
expect-ct: max-age=0
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
access-control-allow-origin: *
etag: W/"6a7-BxT1Tvf2tL5PtZPpFHjGQcS1kGA"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uC4Fdohl6%2BYSQaeOHMcI7SwXsd8CU9g8ohBebCFKVPsjRsmtyc56%2Bb%2FZb1Dk%2FQ7ULZoGNZZ9xFo5SvIZ6wST02EMI3U5z1SE%2BGe7kSDAqIlbM1oHAKRzBVB9htH8bxepWooK3tJdOqA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ad732dfbdbfb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,700
IP 142.250.74.74:0
GET /css?family=Lato:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Mar 2023 12:36:17 GMT
date: Sat, 25 Mar 2023 12:36:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
test.cmp.quantcast.com/GVL-v2/cmp-list.json
54.230.111.108200 OK 0 B URL HTTP/2 test.cmp.quantcast.com/GVL-v2/cmp-list.json
IP 54.230.111.108:0
GET /GVL-v2/cmp-list.json HTTP/1.1
Host: test.cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tourismtravels3.sbs
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Sat, 25 Mar 2023 03:00:36 GMT
last-modified: Wed, 15 Mar 2023 19:52:29 GMT
etag: W/"4958fc924e291de6e8d94c7f49ababfa"
x-amz-server-side-encryption: AES256
x-amz-version-id: rrDKdPiC6DTUsB4O5Q5BpNF7km7hHe63
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uOrio97iQmHDpgvlUr-VlLLJaREcjNIDNrX24nvkL-OOch5VGIx4kg==
age: 34540
X-Firefox-Spdy: h2
cmp.quantcast.com/tcfv2/42/cmp2ui-en.js
54.230.111.93200 OK 0 B URL HTTP/2 cmp.quantcast.com/tcfv2/42/cmp2ui-en.js
IP 54.230.111.93:0
GET /tcfv2/42/cmp2ui-en.js HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tourismtravels3.sbs/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 604800
last-modified: Tue, 05 Jul 2022 18:40:26 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Sat, 25 Mar 2023 00:17:16 GMT
cache-control: max-age=172800
etag: W/"24932b3e61742029985961c24d35dbb7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3bff78035f818b6a3185b0f5f4586410.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rYx7nJvZZeY2whB-dUojSIBfcp5uHSMGnpVGKOnda-mbqTNvQzLJbQ==
age: 44372
X-Firefox-Spdy: h2
dolatiaschan.com/5/5820740/?oo=1&aab=1
139.45.197.244200 OK 0 B URL HTTP/2 dolatiaschan.com/5/5820740/?oo=1&aab=1
IP 139.45.197.244:0
GET /5/5820740/?oo=1&aab=1 HTTP/1.1
Host: dolatiaschan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5tl.co
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 12:36:17 GMT
content-type: application/json
x-trace-id: dc252c1c0c1ff1413b38c83636132889
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://5tl.co
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=5ba3742a849d4cb3829abaa33ead787a; expires=Sun, 24 Mar 2024 12:36:17 GMT; path=/; secure; SameSite=None
oaidts=1679747777; expires=Sun, 24 Mar 2024 12:36:17 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
tags.crwdcntrl.net/lt/c/16589/sync.min.js
54.230.111.4200 OK 0 B URL HTTP/2 tags.crwdcntrl.net/lt/c/16589/sync.min.js
IP 54.230.111.4:0
GET /lt/c/16589/sync.min.js HTTP/1.1
Host: tags.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 22 Mar 2023 22:36:59 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 24 Mar 2023 22:50:07 GMT
cache-control: public, max-age=86400
etag: W/"4fd6c99ca40fed5d11cbd9e1b76a92f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 56THMoBqNnzhYbjSuWLHaBqQ__Eynb2l1BLBMzMe3vkW-gU3wEOCxg==
age: 49574
X-Firefox-Spdy: h2
cdn.id5-sync.com/api/1.0/esp.js
172.67.38.106200 OK 0 B URL HTTP/2 cdn.id5-sync.com/api/1.0/esp.js
IP 172.67.38.106:0
GET /api/1.0/esp.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5tl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 12:36:20 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: ZjWvYdCQ+n+8pVPo4fgjrkJtLsHSUGhVHJHK8qr0o38/ZNHeA+tbvOrvX+a5AuqVu4Tgr//ghOk=
x-amz-request-id: PETS1203JXCZQ7S0
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 621
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ad732eccc6cb51e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2