ouo.io/63G1os
104.22.22.162301 Moved Permanently 0 B IP 104.22.22.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /63G1os HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Nov 2022 05:06:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 22 Nov 2022 06:06:43 GMT
Location: https://ouo.io/63G1os
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76df232b9b960b02-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2807
Expires: Tue, 22 Nov 2022 05:53:30 GMT
Date: Tue, 22 Nov 2022 05:06:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4843de3bf95411e6aa89834def44bb86
1f1882351ac63fba73a22014382f69df5e02ec96
1e6ed1df02f8fa6c89ddca66f7c9981f8a06127d7ec90b503703137e823bb4b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4417
Cache-Control: max-age=110291
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:43 GMT
Etag: "637b5375-1d7"
Expires: Wed, 23 Nov 2022 11:44:54 GMT
Last-Modified: Mon, 21 Nov 2022 10:31:17 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8a6c553d89cb6fd1de4787fee2a0e0dc
b974e022ea8675c0a09f58864cc99df05b5b1241
a62ecedcb0953814f982237818a3d902fdca501f82b675629d28b5d476e0fbfa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A62ECEDCB0953814F982237818A3D902FDCA501F82B675629D28B5D476E0FBFA"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2481
Expires: Tue, 22 Nov 2022 05:48:04 GMT
Date: Tue, 22 Nov 2022 05:06:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 04:09:18 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3445
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +wNzKMbpE+j3nBwFBlSzlVlicioeLXafnhXbBUlkzonyIvPZhTuuWw0FrthKEAs5HbwmU18vi3g=
x-amz-request-id: JVKSFRY1AP53F6GF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 04:39:25 GMT
age: 1638
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 05:06:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7f9eda46279991e22cd69dcc6a18e978
4d3a4a8eba76e32a622d90ba542946ad16d71834
07bb7052a52eeaf666856641d4225e886c48de82013dea9436d8fe2df17aa1ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144721
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:43 GMT
Etag: "637beb34-117"
Expires: Wed, 23 Nov 2022 21:18:44 GMT
Last-Modified: Mon, 21 Nov 2022 21:18:44 GMT
Server: nginx
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 04:08:47 GMT
cache-control: public,max-age=3600
age: 3476
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2db0ebb9efcf3be3c92f23b61de5c065
dd830565723f18a7944c26d24b0fb142d06a71a5
8615316184c4d1d64db923a5364363bbb3d25e146a042c5fbd5bf0cfcec8effb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5323
Cache-Control: max-age=106133
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Etag: "637b3fae-1d7"
Expires: Wed, 23 Nov 2022 10:35:37 GMT
Last-Modified: Mon, 21 Nov 2022 09:06:54 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2896241dd6d2cf2e35006a0e5ce4bd37
e101628a149ba5960e817970f73c979f82d5b88c
cfef98c08429b179512ea7a585941a5c3749c1041a2b4c3ae709bf888a8c3956
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4102
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Etag: "637bbe25-117"
Last-Modified: Tue, 22 Nov 2022 03:58:22 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
54.148.242.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.242.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: T7oB+RRi7ro0qnQ0isKx+Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TcYII4ixSdDyuoUKseuX6qEkwdg=
ouo.press/images/world.png
104.22.58.251200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP 104.22.58.251:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/63G1os
Cookie: ouoio_session=eyJpdiI6InR3UzRsaWlnN2dJRldKTWxLMWdobjlsVjVnUWQ1K3c3bzBoN1ZjMXpTcDA9IiwidmFsdWUiOiJLWVJVNFNcL2JSeXlcL3M5TmNhK2g0bVA0Qm9NTFdlYWZ1K1wva2NuTDJwV3p0eDZwXC9jekM5TDRJRkNaT3B4TEJYN1QyejZqY0VQVVBRNEQ2MkdXcUsxRnc9PSIsIm1hYyI6ImU3NTk1ZmNkMzFkMzA0NTM2MGQ5MTBhNzI2NzIyODkwYmQ1ZTNjNTIzY2ZiM2ZlNTA5ZmVjMDY3Y2ViMDllYmIifQ%3D%3D; language=eyJpdiI6ImVxMnA5dHVXTER0aFZ4ZmpDUG5lV1NrXC96NXB6YVwvbXR4THpEeVwvdklEUVU9IiwidmFsdWUiOiI0N0pGaVE3Y2JvM0hcLzBRaExUZFwvRmRiWXpvZEhlRWR2WFZLN2FUWEU1K009IiwibWFjIjoiNWM4NzA5NjI0ZmI2YWM3ZWFiMzIzMzlhY2QwOTQyMDE4ZDMyYjM5ZjY5NjIxNzFlNmVmZGIxZmZlOWQ0NWE1YSJ9; f581976b8ac2a894da47493b1783dc5f2fdbb1ab=eyJpdiI6IjNINVlIa3NjV0VWSm1BckNcL3RPQlI2a3FjbWZWeU1lWmVVNTNyTHZCYmJjPSIsInZhbHVlIjoiaGdOeDhYZVIyTG9KZlwvV0xlc1NsZmhhbEJqWmtkNHBNSnJzSDhXMEpZRkN6NDdpU1N4Z1A4b2JjWWRBQllOenV0VUhrUHFIYit3UTdvVmY0VG9lanA4MEhxd0YxZ002Y2x5YnRiRTMxVmo5OHNQXC9jNmJmMUZ3d2NSOWJLXC9nTjJNSEpYejE2MVdzZFI4Q3lpTmZkZWwwXC9wc2Fqd1FLV0JwaHE2czhoU2hyV1Q4Z0JkbXZvR0o3ckVFZFAzQXZFMDFWc1wvSzdUMnh5cVJtSHdkaGgrWHh6S2I4SUNsYzhzeVNHOEFFa25seDJaa3ZmQjZyOWpDTVwvM2xvZ1VhQ284cXZVY2ZydTZNQzBhTlB5K0Q4dmQ2OWRld0dlRmVNUFlYaXA0MTVNMVpuUmsxVStCZzRtTHRjb3NRb3dscWt2UUhTNFFIeFM5XC9mYWdySFwvK3B1WmlcL1U1Q0VBYVNveHJCd3BMRnBvbzRBNHRGNGdFQXUwUHJrVEowR0Q1SzlKeTlWIiwibWFjIjoiZjgwOGVhZmVkOGEwZmI1YTA1YjgyMTk2MWQxMjAyYjk4NGY3NTdiOTEwYTc4ODA5ZmE1NmFmMDdiOGVmNGQxOSJ9; __cf_bm=1US92U26Z0Y862hmYLmE92oPtydCXEgLpXW4.RRJXCA-1669093604-0-AelEP/JD6yK8d7MSXm5Py0BxYBnTPp7fxFCsaJa14MsN1PlqCKALmKsQSpq0JucuSU/ZtYUrexT92lTTaAFHPvw=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Sat, 03 Dec 2022 22:33:44 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1578780
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df2334ca6ffac4-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ff46d9054aa0380c2349d977889766fb
539d55f0d126652a5c60dc2710fe91c84642c035
5b15d0a41f07682f78e5bdec9b470046b7c5c4713f8b691f90ce4e224800b8d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5620
Cache-Control: max-age=90232
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Etag: "637b0068-117"
Expires: Wed, 23 Nov 2022 06:10:36 GMT
Last-Modified: Mon, 21 Nov 2022 04:36:56 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ff46d9054aa0380c2349d977889766fb
539d55f0d126652a5c60dc2710fe91c84642c035
5b15d0a41f07682f78e5bdec9b470046b7c5c4713f8b691f90ce4e224800b8d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5620
Cache-Control: max-age=90232
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Etag: "637b0068-117"
Expires: Wed, 23 Nov 2022 06:10:36 GMT
Last-Modified: Mon, 21 Nov 2022 04:36:56 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.164200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 729acee2a72aedc9406dba71bf4c1d00
e7f1dea037aaa2df1c1e5b884dc5d73b7bc35e82
7e9b8e953f317a7a47db6df1d1ac8be5c78e9a9524a0a07755c748c2198f816a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 22 Nov 2022 05:06:44 GMT
date: Tue, 22 Nov 2022 05:06:44 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Questrial
142.250.74.10200 OK 860 B URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.10:0
Hash 8974bec323ae7a3ca47b9906163386cb
6ab675c8d38d2106503c652b644ef561e9fb4a99
4dc2f3e001c0cfafca3620b3ee064834c45e9875167c232963f224a68b39020d
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Nov 2022 05:06:44 GMT
date: Tue, 22 Nov 2022 05:06:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50835abc313cd37ce47c1ec62345de4d
2c30ef846ccfbd83c3520d6e2671bf9e87d296a5
f646bc40fab160536adb3d5ad633a8d2c1473e872d87ec3d7eab5d4c7feee442
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F646BC40FAB160536ADB3D5AD633A8D2C1473E872D87EC3D7EAB5D4C7FEEE442"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2902
Expires: Tue, 22 Nov 2022 05:55:06 GMT
Date: Tue, 22 Nov 2022 05:06:44 GMT
Connection: keep-alive
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.22.58.251200 OK 4.9 kB URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.22.58.251:0
Hash 5073cdad51bfeda16de296b69cdd845d
9b50d7781244e4ec46f9c91420312ed1dba68643
76b2d6cf1cac1e3a7212d734d8430ac9846f9a853122933fb206075b8e4dbf37
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/63G1os
Cookie: ouoio_session=eyJpdiI6InR3UzRsaWlnN2dJRldKTWxLMWdobjlsVjVnUWQ1K3c3bzBoN1ZjMXpTcDA9IiwidmFsdWUiOiJLWVJVNFNcL2JSeXlcL3M5TmNhK2g0bVA0Qm9NTFdlYWZ1K1wva2NuTDJwV3p0eDZwXC9jekM5TDRJRkNaT3B4TEJYN1QyejZqY0VQVVBRNEQ2MkdXcUsxRnc9PSIsIm1hYyI6ImU3NTk1ZmNkMzFkMzA0NTM2MGQ5MTBhNzI2NzIyODkwYmQ1ZTNjNTIzY2ZiM2ZlNTA5ZmVjMDY3Y2ViMDllYmIifQ%3D%3D; language=eyJpdiI6ImVxMnA5dHVXTER0aFZ4ZmpDUG5lV1NrXC96NXB6YVwvbXR4THpEeVwvdklEUVU9IiwidmFsdWUiOiI0N0pGaVE3Y2JvM0hcLzBRaExUZFwvRmRiWXpvZEhlRWR2WFZLN2FUWEU1K009IiwibWFjIjoiNWM4NzA5NjI0ZmI2YWM3ZWFiMzIzMzlhY2QwOTQyMDE4ZDMyYjM5ZjY5NjIxNzFlNmVmZGIxZmZlOWQ0NWE1YSJ9; f581976b8ac2a894da47493b1783dc5f2fdbb1ab=eyJpdiI6IjNINVlIa3NjV0VWSm1BckNcL3RPQlI2a3FjbWZWeU1lWmVVNTNyTHZCYmJjPSIsInZhbHVlIjoiaGdOeDhYZVIyTG9KZlwvV0xlc1NsZmhhbEJqWmtkNHBNSnJzSDhXMEpZRkN6NDdpU1N4Z1A4b2JjWWRBQllOenV0VUhrUHFIYit3UTdvVmY0VG9lanA4MEhxd0YxZ002Y2x5YnRiRTMxVmo5OHNQXC9jNmJmMUZ3d2NSOWJLXC9nTjJNSEpYejE2MVdzZFI4Q3lpTmZkZWwwXC9wc2Fqd1FLV0JwaHE2czhoU2hyV1Q4Z0JkbXZvR0o3ckVFZFAzQXZFMDFWc1wvSzdUMnh5cVJtSHdkaGgrWHh6S2I4SUNsYzhzeVNHOEFFa25seDJaa3ZmQjZyOWpDTVwvM2xvZ1VhQ284cXZVY2ZydTZNQzBhTlB5K0Q4dmQ2OWRld0dlRmVNUFlYaXA0MTVNMVpuUmsxVStCZzRtTHRjb3NRb3dscWt2UUhTNFFIeFM5XC9mYWdySFwvK3B1WmlcL1U1Q0VBYVNveHJCd3BMRnBvbzRBNHRGNGdFQXUwUHJrVEowR0Q1SzlKeTlWIiwibWFjIjoiZjgwOGVhZmVkOGEwZmI1YTA1YjgyMTk2MWQxMjAyYjk4NGY3NTdiOTEwYTc4ODA5ZmE1NmFmMDdiOGVmNGQxOSJ9; __cf_bm=1US92U26Z0Y862hmYLmE92oPtydCXEgLpXW4.RRJXCA-1669093604-0-AelEP/JD6yK8d7MSXm5Py0BxYBnTPp7fxFCsaJa14MsN1PlqCKALmKsQSpq0JucuSU/ZtYUrexT92lTTaAFHPvw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 18:10:02 GMT
etag: W/"6373d5fa-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df2334ca71fac4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 24 Nov 2022 05:06:44 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9ef11a2d1e232b4b45e40ff0c29fa8b0
0966963f13e3b149e3e3c8c2c81e7986d1d8a07b
9ce8b9ab5f1dfdc0686d1660ed64c6eff5cc3d1492d82aa769ac58e3a159dd1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tv.gourdycortes.com/1clkn/16562
172.255.6.150200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 172.255.6.150:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Nov 2022 05:06:44 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Wed, 23-Nov-2022 05:06:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Wed, 23-Nov-2022 05:06:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ouo.press/css/bootstrap.css
104.22.58.251200 OK 19 kB URL HTTP/2 ouo.press/css/bootstrap.css
IP 104.22.58.251:0
File type ASCII text, with very long lines (65452)
Hash 0ab73d81967fa7b343e06e69017a3939
0fd1e693142e0abeb02cd801fbaaf6df03a7c8f6
25f61f1eab97afa68cd3d76f3f215f8134bc354ca4f793fb8f812a1ebf17a7c7
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/63G1os
Cookie: ouoio_session=eyJpdiI6InR3UzRsaWlnN2dJRldKTWxLMWdobjlsVjVnUWQ1K3c3bzBoN1ZjMXpTcDA9IiwidmFsdWUiOiJLWVJVNFNcL2JSeXlcL3M5TmNhK2g0bVA0Qm9NTFdlYWZ1K1wva2NuTDJwV3p0eDZwXC9jekM5TDRJRkNaT3B4TEJYN1QyejZqY0VQVVBRNEQ2MkdXcUsxRnc9PSIsIm1hYyI6ImU3NTk1ZmNkMzFkMzA0NTM2MGQ5MTBhNzI2NzIyODkwYmQ1ZTNjNTIzY2ZiM2ZlNTA5ZmVjMDY3Y2ViMDllYmIifQ%3D%3D; language=eyJpdiI6ImVxMnA5dHVXTER0aFZ4ZmpDUG5lV1NrXC96NXB6YVwvbXR4THpEeVwvdklEUVU9IiwidmFsdWUiOiI0N0pGaVE3Y2JvM0hcLzBRaExUZFwvRmRiWXpvZEhlRWR2WFZLN2FUWEU1K009IiwibWFjIjoiNWM4NzA5NjI0ZmI2YWM3ZWFiMzIzMzlhY2QwOTQyMDE4ZDMyYjM5ZjY5NjIxNzFlNmVmZGIxZmZlOWQ0NWE1YSJ9; f581976b8ac2a894da47493b1783dc5f2fdbb1ab=eyJpdiI6IjNINVlIa3NjV0VWSm1BckNcL3RPQlI2a3FjbWZWeU1lWmVVNTNyTHZCYmJjPSIsInZhbHVlIjoiaGdOeDhYZVIyTG9KZlwvV0xlc1NsZmhhbEJqWmtkNHBNSnJzSDhXMEpZRkN6NDdpU1N4Z1A4b2JjWWRBQllOenV0VUhrUHFIYit3UTdvVmY0VG9lanA4MEhxd0YxZ002Y2x5YnRiRTMxVmo5OHNQXC9jNmJmMUZ3d2NSOWJLXC9nTjJNSEpYejE2MVdzZFI4Q3lpTmZkZWwwXC9wc2Fqd1FLV0JwaHE2czhoU2hyV1Q4Z0JkbXZvR0o3ckVFZFAzQXZFMDFWc1wvSzdUMnh5cVJtSHdkaGgrWHh6S2I4SUNsYzhzeVNHOEFFa25seDJaa3ZmQjZyOWpDTVwvM2xvZ1VhQ284cXZVY2ZydTZNQzBhTlB5K0Q4dmQ2OWRld0dlRmVNUFlYaXA0MTVNMVpuUmsxVStCZzRtTHRjb3NRb3dscWt2UUhTNFFIeFM5XC9mYWdySFwvK3B1WmlcL1U1Q0VBYVNveHJCd3BMRnBvbzRBNHRGNGdFQXUwUHJrVEowR0Q1SzlKeTlWIiwibWFjIjoiZjgwOGVhZmVkOGEwZmI1YTA1YjgyMTk2MWQxMjAyYjk4NGY3NTdiOTEwYTc4ODA5ZmE1NmFmMDdiOGVmNGQxOSJ9; __cf_bm=1US92U26Z0Y862hmYLmE92oPtydCXEgLpXW4.RRJXCA-1669093604-0-AelEP/JD6yK8d7MSXm5Py0BxYBnTPp7fxFCsaJa14MsN1PlqCKALmKsQSpq0JucuSU/ZtYUrexT92lTTaAFHPvw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Tue, 22 Nov 2022 09:51:52 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 26092
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df2334ba6cfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.73200 OK 94 kB URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.73:0
File type ASCII text, with very long lines (618)
Hash a3e15493bb32c68017e86e34f37fe220
75b996960036591da36b546c614fa49cb9e67d7f
d0f6dc3c05939ab73212a00393c19d6d11b7224c286708752da84055a92d3557
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 22 Nov 2022 04:21:57 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 04:21:57 UTC
etag: W/"41fc554b3aa454a73108588a0a2ec342"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SnmJPVmWaR95hTGpa2M5dBA7-6Az2laEWEMAoGnnovjvZbLFiC3Yfg==
age: 2687
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 908df03450dbd227637d126db0f9fb6d
481657e85bb7213d770e6512084d2d807627869f
f3bb735a321e0537e63bbee6c3d302d158fba36579fea61aef663b7ccc90cc74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3BB735A321E0537E63BBEE6C3D302D158FBA36579FEA61AEF663B7CCC90CC74"
Last-Modified: Mon, 21 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17383
Expires: Tue, 22 Nov 2022 09:56:28 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.36200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (37189), with no line terminators
Hash 253d61ff47f15fb8b8ab1c2a220a9ac6
aca11759e164e4c7bb9dd0f9fe95d723cf0e2e1a
4d3f23b7684048db63d3665291c7caeb29ab13d2b95ea49e1db3643307838ab0
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 22 Nov 2022 05:06:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d82d6d2cded6e4f6fa8aa392b0a1c7a0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 82401689b683af7cb8bfc79971fcaacc
e1bd44f9f5a52703768671ebed52417d29c70d14
a0edcb7c8b70be0faae8f29ae8a8672a29e1113389d93454d821fb69d3d1e28c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A0EDCB7C8B70BE0FAAE8F29AE8A8672A29E1113389D93454D821FB69D3D1E28C"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12116
Expires: Tue, 22 Nov 2022 08:28:41 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
216.58.207.195200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 20:03:37 GMT
expires: Tue, 21 Nov 2023 20:03:37 GMT
cache-control: public, max-age=31536000
age: 32588
last-modified: Wed, 27 Apr 2022 16:12:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
23.38.200.201200 OK 80 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
IP 23.38.200.201:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6a4ce36b0d03543974d71b88fa37145d
a5c1750aab7489f287c98bae25f5afff0ed16ce8
30fb02ff951a4220268d02c95e2dbd16adfad28b179a89e9643d75ade8809aaf
GET /AdServer/js/pwt/155495/4202/pwt.js HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 27 Oct 2021 05:33:12 GMT
etag: "1241a12-3fca8-5cf4eee137dd8"
server: Apache
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: https://ci-va2qa-mgmt.pubmatic.com
x-xss-protection: 1; mode=block
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: application/javascript
content-length: 80538
cache-control: max-age=150014
expires: Wed, 23 Nov 2022 22:46:59 GMT
date: Tue, 22 Nov 2022 05:06:45 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 475a2bcd0ca22473d900c78e84762245
c7fc502de2091c1398719ee50e8832995d19e43b
6225d07ff554cc6520e4526aa14eeb17884f1cf2c0a779614d745e9c40301c1c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=117652
Date: Tue, 22 Nov 2022 05:06:45 GMT
Etag: "637b7d94-1d7"
Expires: Wed, 23 Nov 2022 13:47:37 GMT
Last-Modified: Mon, 21 Nov 2022 13:31:00 GMT
Server: ECS (bsa/EB1B)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Sw-7FKExzkC3AkfMIagKsJ2yH5qeiO7n9GsNuifReHUk8jNzkal9GQ==
Age: 997
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2484
Expires: Tue, 22 Nov 2022 05:48:09 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2484
Expires: Tue, 22 Nov 2022 05:48:09 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2484
Expires: Tue, 22 Nov 2022 05:48:09 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cb92473-220a-4ebb-b8d8-6c17618bc006.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cb92473-220a-4ebb-b8d8-6c17618bc006.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd62f641e9d58eee10e41db0fa00b5f2
4210e5f150a49d6f6ee26cbb11ded8173ab8cf74
5858451bf7cac97b8881dde7e3197110fa8639c1d94b51934859669c51221e1a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cb92473-220a-4ebb-b8d8-6c17618bc006.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 7db10594-4acc-448d-b724-1c4bc8ec42ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrVFtRoAMFTzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee48-0a466f6b0bd48f3532216bca;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EZ6DqZY1DDMr_jSZs-aGTsD37q6dKLIEk9XJhKRTNOjjxfU-lWh8eg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:46:01 GMT
age: 26444
etag: "4210e5f150a49d6f6ee26cbb11ded8173ab8cf74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 38 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b34ef8e98d70cde014e77998f429e7b9
a2caa88b7b19ca3e333e3610160a6274f3325f37
c9bd7f70523484f021724709f3cb6cf9331ffef4ef05c5c37e3012299a8e8f52
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:45 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 32b1a6ac3b975e0fb93c9f62c2274a24
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 22 Nov 2022 05:06:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WoU9YYcxwi7W4OzrxGzk5wE4siTyht0KG8%2FrGcVujjIRhkvCbF1bZAws%2Fph6JpRuVsmAfEwyzstIL9mIKn98YPWSQ%2BtrQalNdWLnaX4vULAkmpfeEEeYzOECFrBcwG5X%2FZLqGF0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df233a1d3a772b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash e6372e5f181fbd48bbcb135f4e0af9df
c98daf60bf4b9dd5cdbb2e98b77a0ea9b7668813
d23c6205504ec118668ce17f1e6a64587c6eb0782e60865c3f0839d903f2d294
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; expires=Fri, 19 Nov 2032 05:06:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: StZ9dxgY8W0WwUUqsxyeISFnbm_WGGcm_AMuo9dzfhF9Yp7wM0TMMg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 08:17:18 GMT
age: 74967
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 804755c7e438531c9ba2e781947e1640
7a93c31638ee89a561bac2174482a5d12aa62d63
aa6f123fed093048bd006bf5a0ea0a7b310d735436af0ca07a06574f2026ba9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA6F123FED093048BD006BF5A0EA0A7B310D735436AF0CA07A06574F2026BA9B"
Last-Modified: Sun, 20 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2484
Expires: Tue, 22 Nov 2022 05:48:09 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iGM_HV13dzz5eOswbOJfjj14jlFW4jy2YsW7eJumS_TM5TxxG8VMwQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 03:49:11 GMT
age: 4654
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ba2cc1-6e28-45a2-bc78-97012bdeedb2.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ba2cc1-6e28-45a2-bc78-97012bdeedb2.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b591bcc9d645eed0ea6ebc5dae07d31
97278cc5c5a1be7926d53fd8daf9e802bfb6cbdb
82dde9a4d139bdfae1d8859f4d7a77f92182c65ad630e25d0cc52f346dd1dfad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4ba2cc1-6e28-45a2-bc78-97012bdeedb2.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11793
x-amzn-requestid: 7edbd95e-83c8-4162-886f-b0bf88deee5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oFrQIAMFnYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-4f1317ec61500d713816830d;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hd2a0sbw7fzVnkVpCOEAnu_W-Z0EajArOracSTImr6jbhOFwKbDKpw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:44:56 GMT
age: 26509
etag: "97278cc5c5a1be7926d53fd8daf9e802bfb6cbdb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/favicon.ico
104.22.58.251200 OK 0 B IP 104.22.58.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/63G1os
Cookie: ouoio_session=eyJpdiI6InR3UzRsaWlnN2dJRldKTWxLMWdobjlsVjVnUWQ1K3c3bzBoN1ZjMXpTcDA9IiwidmFsdWUiOiJLWVJVNFNcL2JSeXlcL3M5TmNhK2g0bVA0Qm9NTFdlYWZ1K1wva2NuTDJwV3p0eDZwXC9jekM5TDRJRkNaT3B4TEJYN1QyejZqY0VQVVBRNEQ2MkdXcUsxRnc9PSIsIm1hYyI6ImU3NTk1ZmNkMzFkMzA0NTM2MGQ5MTBhNzI2NzIyODkwYmQ1ZTNjNTIzY2ZiM2ZlNTA5ZmVjMDY3Y2ViMDllYmIifQ%3D%3D; language=eyJpdiI6ImVxMnA5dHVXTER0aFZ4ZmpDUG5lV1NrXC96NXB6YVwvbXR4THpEeVwvdklEUVU9IiwidmFsdWUiOiI0N0pGaVE3Y2JvM0hcLzBRaExUZFwvRmRiWXpvZEhlRWR2WFZLN2FUWEU1K009IiwibWFjIjoiNWM4NzA5NjI0ZmI2YWM3ZWFiMzIzMzlhY2QwOTQyMDE4ZDMyYjM5ZjY5NjIxNzFlNmVmZGIxZmZlOWQ0NWE1YSJ9; f581976b8ac2a894da47493b1783dc5f2fdbb1ab=eyJpdiI6IjNINVlIa3NjV0VWSm1BckNcL3RPQlI2a3FjbWZWeU1lWmVVNTNyTHZCYmJjPSIsInZhbHVlIjoiaGdOeDhYZVIyTG9KZlwvV0xlc1NsZmhhbEJqWmtkNHBNSnJzSDhXMEpZRkN6NDdpU1N4Z1A4b2JjWWRBQllOenV0VUhrUHFIYit3UTdvVmY0VG9lanA4MEhxd0YxZ002Y2x5YnRiRTMxVmo5OHNQXC9jNmJmMUZ3d2NSOWJLXC9nTjJNSEpYejE2MVdzZFI4Q3lpTmZkZWwwXC9wc2Fqd1FLV0JwaHE2czhoU2hyV1Q4Z0JkbXZvR0o3ckVFZFAzQXZFMDFWc1wvSzdUMnh5cVJtSHdkaGgrWHh6S2I4SUNsYzhzeVNHOEFFa25seDJaa3ZmQjZyOWpDTVwvM2xvZ1VhQ284cXZVY2ZydTZNQzBhTlB5K0Q4dmQ2OWRld0dlRmVNUFlYaXA0MTVNMVpuUmsxVStCZzRtTHRjb3NRb3dscWt2UUhTNFFIeFM5XC9mYWdySFwvK3B1WmlcL1U1Q0VBYVNveHJCd3BMRnBvbzRBNHRGNGdFQXUwUHJrVEowR0Q1SzlKeTlWIiwibWFjIjoiZjgwOGVhZmVkOGEwZmI1YTA1YjgyMTk2MWQxMjAyYjk4NGY3NTdiOTEwYTc4ODA5ZmE1NmFmMDdiOGVmNGQxOSJ9; __cf_bm=1US92U26Z0Y862hmYLmE92oPtydCXEgLpXW4.RRJXCA-1669093604-0-AelEP/JD6yK8d7MSXm5Py0BxYBnTPp7fxFCsaJa14MsN1PlqCKALmKsQSpq0JucuSU/ZtYUrexT92lTTaAFHPvw=; _pbjs_userid_consent_data=3524755945110770; pbjs-pubCommonId=fb95718a-ea48-4cff-8b7a-e3229ce5cf9a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:45 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 3086
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df233b6c6bfac4-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 82401689b683af7cb8bfc79971fcaacc
e1bd44f9f5a52703768671ebed52417d29c70d14
a0edcb7c8b70be0faae8f29ae8a8672a29e1113389d93454d821fb69d3d1e28c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A0EDCB7C8B70BE0FAAE8F29AE8A8672A29E1113389D93454D821FB69D3D1E28C"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12116
Expires: Tue, 22 Nov 2022 08:28:41 GMT
Date: Tue, 22 Nov 2022 05:06:45 GMT
Connection: keep-alive
ouo.press/63G1os
104.22.58.251200 OK 9.4 kB IP 104.22.58.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1938)
Hash a052ed17b63be5fe1677f3b838b8b415
9bdef5b3bb3b19d98fe1c8c1a7eded82bbcb3527
be9748da2038b29be957b3b3733fee6ffaaa45c014907ecc65247edfcdbef9e1
GET /63G1os HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6InR3UzRsaWlnN2dJRldKTWxLMWdobjlsVjVnUWQ1K3c3bzBoN1ZjMXpTcDA9IiwidmFsdWUiOiJLWVJVNFNcL2JSeXlcL3M5TmNhK2g0bVA0Qm9NTFdlYWZ1K1wva2NuTDJwV3p0eDZwXC9jekM5TDRJRkNaT3B4TEJYN1QyejZqY0VQVVBRNEQ2MkdXcUsxRnc9PSIsIm1hYyI6ImU3NTk1ZmNkMzFkMzA0NTM2MGQ5MTBhNzI2NzIyODkwYmQ1ZTNjNTIzY2ZiM2ZlNTA5ZmVjMDY3Y2ViMDllYmIifQ%3D%3D; path=/; httponly
language=eyJpdiI6ImVxMnA5dHVXTER0aFZ4ZmpDUG5lV1NrXC96NXB6YVwvbXR4THpEeVwvdklEUVU9IiwidmFsdWUiOiI0N0pGaVE3Y2JvM0hcLzBRaExUZFwvRmRiWXpvZEhlRWR2WFZLN2FUWEU1K009IiwibWFjIjoiNWM4NzA5NjI0ZmI2YWM3ZWFiMzIzMzlhY2QwOTQyMDE4ZDMyYjM5ZjY5NjIxNzFlNmVmZGIxZmZlOWQ0NWE1YSJ9; expires=Sun, 21-Nov-2027 05:06:44 GMT; Max-Age=157680000; path=/; httponly
f581976b8ac2a894da47493b1783dc5f2fdbb1ab=eyJpdiI6IjNINVlIa3NjV0VWSm1BckNcL3RPQlI2a3FjbWZWeU1lWmVVNTNyTHZCYmJjPSIsInZhbHVlIjoiaGdOeDhYZVIyTG9KZlwvV0xlc1NsZmhhbEJqWmtkNHBNSnJzSDhXMEpZRkN6NDdpU1N4Z1A4b2JjWWRBQllOenV0VUhrUHFIYit3UTdvVmY0VG9lanA4MEhxd0YxZ002Y2x5YnRiRTMxVmo5OHNQXC9jNmJmMUZ3d2NSOWJLXC9nTjJNSEpYejE2MVdzZFI4Q3lpTmZkZWwwXC9wc2Fqd1FLV0JwaHE2czhoU2hyV1Q4Z0JkbXZvR0o3ckVFZFAzQXZFMDFWc1wvSzdUMnh5cVJtSHdkaGgrWHh6S2I4SUNsYzhzeVNHOEFFa25seDJaa3ZmQjZyOWpDTVwvM2xvZ1VhQ284cXZVY2ZydTZNQzBhTlB5K0Q4dmQ2OWRld0dlRmVNUFlYaXA0MTVNMVpuUmsxVStCZzRtTHRjb3NRb3dscWt2UUhTNFFIeFM5XC9mYWdySFwvK3B1WmlcL1U1Q0VBYVNveHJCd3BMRnBvbzRBNHRGNGdFQXUwUHJrVEowR0Q1SzlKeTlWIiwibWFjIjoiZjgwOGVhZmVkOGEwZmI1YTA1YjgyMTk2MWQxMjAyYjk4NGY3NTdiOTEwYTc4ODA5ZmE1NmFmMDdiOGVmNGQxOSJ9; expires=Tue, 22-Nov-2022 07:06:44 GMT; Max-Age=7200; path=/; httponly
__cf_bm=1US92U26Z0Y862hmYLmE92oPtydCXEgLpXW4.RRJXCA-1669093604-0-AelEP/JD6yK8d7MSXm5Py0BxYBnTPp7fxFCsaJa14MsN1PlqCKALmKsQSpq0JucuSU/ZtYUrexT92lTTaAFHPvw=; path=/; expires=Tue, 22-Nov-22 05:36:44 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76df2331c99dfac4-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
142.250.74.168200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash c37ba457585ac686ad1ebac43c0a85e0
a1ae975052435d6fe18bc7531f924eb763f4f6b6
9f09772fb97e4861ce1a0f3d548a2f1eaff0c04e929b6fa28cee25268e2f5443
GET /gtag/js?id=GTM-NPLC9ST HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 05:06:45 GMT
expires: Tue, 22 Nov 2022 05:06:45 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47044
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash a10230dea2107c1f41d3509b35b62ab3
7b47313c41d71d1c4c63d5fc9abfcb7036a46a64
29524f44be7b61da2bda1e58ad2b3cd4589fb6ddbcd0b372e45bb6d7cbc3411b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1688
Cache-Control: max-age=109690
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Etag: "637b5bc7-13a"
Expires: Wed, 23 Nov 2022 11:34:55 GMT
Last-Modified: Mon, 21 Nov 2022 11:06:47 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 314
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 712a33aa42498837d06871562bf457a6
7b05c23c54395c09de10cfae2fbabc62229257d5
3dc7ff298c6474ed510a74797f5df3415832fe9e86955e75bc738cac4d9555d9
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4384
Cache-Control: max-age=126067
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Etag: "637b9138-1d7"
Expires: Wed, 23 Nov 2022 16:07:52 GMT
Last-Modified: Mon, 21 Nov 2022 14:54:48 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0b3aa6ea955bd3f90d0edca3d7383ef1
82d3ad5ee1a5fb229ada3fc4a798863472206abb
82db94a0a4c41af665bf1d05c8edd7d87435abfc289e7c91f937404a18bf6c44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c.amazon-adsystem.com/aax2/apstag.js
143.204.46.73301 Moved Permanently 167 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 143.204.46.73:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 167
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
server: CloudFront
date: Mon, 21 Nov 2022 22:27:08 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront), 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA6-C1, OSL50-C1
x-amz-cf-id: 3Q0_gt7IiXURGQa8pFNI65lfsuhkQ_Lr_jnAMHdwHOOq6NZ9ZZNYpg==
age: 23976
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Nov 2022 11:26:10 GMT
expires: Mon, 20 Nov 2023 11:26:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 150035
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.102200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.102:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 11:00:31 GMT
expires: Tue, 22 Nov 2022 11:00:31 GMT
cache-control: public, max-age=86400
age: 65174
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3e6a5106739bb90e4b30b9460b4e4a6
04a76e7aa9c2452fdac6c6a05429d2237d311dfb
8844d734c4b6b57f9847b64e8bfc35151e42252f871418938d06514b229f952d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4914
Cache-Control: max-age=107503
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Etag: "637b46a2-1d7"
Expires: Wed, 23 Nov 2022 10:58:28 GMT
Last-Modified: Mon, 21 Nov 2022 09:36:34 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=33055099761&lsavail=0
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=33055099761&lsavail=0
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.12.0-pre&cb=33055099761&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 406
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 22 Nov 2022 05:06:45 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
151.101.85.229200 OK 9.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (27677)
Hash 644ba7e773cf65b0bad3e0bfd876fadb
62e327afb13b45d6bd9cdb5b77259f4c48667ca5
44e73c184d22730c0b64b805501bad4b2bbbfc4e6a56de8832f0e5c0a211cb52
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.14.1
x-jsd-version-type: version
etag: W/"6c5a-y+sK0xXzH8ASLq957N20gljeHO8"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 05:06:45 GMT
age: 38576
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1652-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9244
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0b3aa6ea955bd3f90d0edca3d7383ef1
82d3ad5ee1a5fb229ada3fc4a798863472206abb
82db94a0a4c41af665bf1d05c8edd7d87435abfc289e7c91f937404a18bf6c44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 712a33aa42498837d06871562bf457a6
7b05c23c54395c09de10cfae2fbabc62229257d5
3dc7ff298c6474ed510a74797f5df3415832fe9e86955e75bc738cac4d9555d9
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4749
Cache-Control: max-age=126432
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Etag: "637b9138-1d7"
Expires: Wed, 23 Nov 2022 16:13:57 GMT
Last-Modified: Mon, 21 Nov 2022 14:54:48 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 5f3e0d2e5917b0dc8c5440938bab423c
ce2a9194e1a7cdbf60180802c81994e3c074e2d7
779fbb994f0358cbe4553822ef9b1f14f2062e15c1c6985c0e20822fb5e40419
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 05:06:45 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "615751277C5C32D2DC6F42588C397F33CB867321"
Expires: Tue, 22 Nov 2022 16:00:00 GMT
Last-Modified: Tue, 22 Nov 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1562
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76df233cba87b4eb-OSL
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 22 Nov 2022 04:41:09 GMT
expires: Tue, 22 Nov 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 1536
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.172.123200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.172.123:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3f2788503aab004060702ffa8efe6136
fa35bce8ee5d10ca073ae62cfc4c294ce6b38cc4
11758962be6506dd4a990462414321ad9008dad292aa885b8afa15c2d918f9af
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 535
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 22 Nov 2022 05:06:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: e445599a-60a8-4f6a-97fd-0ed5ce4200aa
Set-Cookie: icu=ChkItZqGARAKGAEgASgBMOWx8ZsGOAFAAUgBEOWx8ZsGGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Feb-2023 05:06:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=5341471348204993231; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Feb-2023 05:06:45 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 868
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
cache-control: no-cache, no-store, must-revalidate
date: Tue, 22 Nov 2022 05:06:45 GMT
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=94841132546
178.250.2.131200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=94841132546
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=94841132546 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 487
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 163 kB URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (730)
Size 163 kB (162998 bytes)
Hash d3fc94a3b41c906a09c611220ff3f04d
ec307b0dbced2dac72bcb4c7c4e3b88f88ddfabb
9d2d73a51642f13c35e5bc852d26991d7717a14f710dc39d411e7f0139a1bbfe
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:45 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 379937
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 4b48af2c89252613771b8cae29f772ed
bdf2912eb99053166888eb9e4e4e06fee3078fc9
da9736796d6aeb85730c148ea3fc234e7d668c7236691a92ca93b20491dd741c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 05:06:46 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 19 Nov 2022 13:55:55 GMT
Expires: Sat, 26 Nov 2022 13:55:54 GMT
Etag: "bdf2912eb99053166888eb9e4e4e06fee3078fc9"
Cache-Control: max-age=376747,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76df233e28b90b39-OSL
ib.adnxs.com/ut/v3/prebid
37.252.172.123200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.172.123:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 71cf33941e57d01101e149a778c82a11
ab76716e72d604d14f6b93e86029101465eef076
fab1971c59faa5e4ae07dfc9321432b891fb556b756c40f4d3d36778ff9a18e9
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 682
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 22 Nov 2022 05:06:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 73aacab3-bd1f-45b6-9a12-3468678acf76
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/ut/v3/prebid
37.252.172.123200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.172.123:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 38fab1725c0549c7ff4e1e5580d87b0c
8eb3db09ad186ba54bde3b7394bf52d312a36044
7934894123668cc340200af262f3d5856e9772020ce138ec56d5e08d825cfe3c
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 562
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 22 Nov 2022 05:06:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: af09207a-8836-453b-9fdd-683477cd01ce
Set-Cookie: icu=ChgIw6tREAoYASABKAEw5rHxmwY4AUABSAEQ5rHxmwYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Feb-2023 05:06:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=174057018434999938; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 20-Feb-2023 05:06:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2F63G1os&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2F63G1os&tg_i.page=https%3A%2F%2Fouo.press%2F63G1os&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=25be3aaf-6100-4fb1-a2c6-ce838147a51d&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8028680674703107
213.19.162.41200 OK 348 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2F63G1os&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2F63G1os&tg_i.page=https%3A%2F%2Fouo.press%2F63G1os&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=25be3aaf-6100-4fb1-a2c6-ce838147a51d&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8028680674703107
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash c99a14a0239e2b5aaf48e0983bb73833
8828656d2bd28e3e77552f9e1aab1c6a3ad59ea0
397bdb521068e069c86482189f8f704bf96d1069e27fc44a11b8c37c5bff49e6
GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2F63G1os&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2F63G1os&tg_i.page=https%3A%2F%2Fouo.press%2F63G1os&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=25be3aaf-6100-4fb1-a2c6-ce838147a51d&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8028680674703107 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LARR8KY6-A-6231; Domain=.rubiconproject.com; Path=/; Expires=Wed, 22-Nov-2023 05:06:46 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qp8e0ioHFR9de9DtVM30fCgu5f+cBSDHL+Gcg3ku/bsqJZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Wed, 22-Nov-2023 05:06:46 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 348
X-Firefox-Spdy: h2
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.43204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 617
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 22 Nov 2022 05:06:46 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ed472e4c63fd8786245ac7f984621a8d
1d60996a45fb605efa0c383dca843eb595a73f99
6a289839714af03bf4c4f4d0af76268cbfa52fc0315cc2add35bae98d62233e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4915
Cache-Control: max-age=90630
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:46 GMT
Etag: "637b04b9-117"
Expires: Wed, 23 Nov 2022 06:17:16 GMT
Last-Modified: Mon, 21 Nov 2022 04:55:21 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.73200 OK 36 kB URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.73:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0b6c0bc13087957f2ff539953af13b0f
ccb3bbe227e3e4f6ed90c9b66faa751d597f7c33
05982a23af175a058de96adab82c41c2a4c4fbbcfeb4ba3f1b55b607f48a6010
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 22 Nov 2022 04:32:33 GMT
expires: Tue, 22 Nov 2022 05:29:57 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VP7hcefbUI_MhkSmv25xvC2Tm1d7IgIMjHUGE0WKGkGWvHLB-LZdig==
age: 2208
X-Firefox-Spdy: h2
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
143.204.46.73204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 143.204.46.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Tue, 22 Nov 2022 03:48:37 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zksaD1rqGjK3xxzTiZOi7DzoXU7_OlCwlMzyw6H6SFOVX8vQN7z_Pw==
age: 4689
X-Firefox-Spdy: h2
jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
104.18.36.64200 OK 931 B URL HTTP/2 jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
IP 104.18.36.64:0
File type ASCII text, with very long lines (2388)
Hash 8e8d7a0a62663d5f7c415376384593c2
f7cd825a352266b8c5b4b0dfea749c967d26b22d
222d7503ac4a040176b2029a74c3fda84012d21742a4b7deca73243d521fc3de
GET /a/d/adtrue.ouo.press.991771.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: text/javascript
content-length: 931
x-amz-id-2: DpAKct+ZZ8szDYgVNbB8CXlKoVt69Zzm6eUVI25PqgSFU4H5qOaoZOc2FaKbUe1Lt6Kn8tZGGlY=
x-amz-request-id: C76KDVMKZRK8NR4W
last-modified: Thu, 03 Nov 2022 11:38:04 GMT
etag: "8e8d7a0a62663d5f7c415376384593c2"
content-encoding: gzip
x-amz-version-id: SBZDoO6KUGsi9aXrwr03p7YsWy_YVSlV
cf-cache-status: HIT
expires: Tue, 22 Nov 2022 09:06:46 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df233f5a4ab527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ed472e4c63fd8786245ac7f984621a8d
1d60996a45fb605efa0c383dca843eb595a73f99
6a289839714af03bf4c4f4d0af76268cbfa52fc0315cc2add35bae98d62233e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4915
Cache-Control: max-age=90630
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:46 GMT
Etag: "637b04b9-117"
Expires: Wed, 23 Nov 2022 06:17:16 GMT
Last-Modified: Mon, 21 Nov 2022 04:55:21 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
143.204.46.73200 OK 21 kB URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 143.204.46.73:0
File type ASCII text, with very long lines (32628)
Hash e82f9195b7920e75cf5b42fd6a0c7128
a239d4e3d4ae4364a93ead3bc871891259e5a25c
dc7c40df80db706e704e932ce684188c3ae659ce1cab93ddc04b921b893a09f0
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 18 Nov 2022 03:05:15 GMT
x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
server: AmazonS3
content-encoding: gzip
date: Tue, 22 Nov 2022 04:03:43 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KZCk_R0dTo3JePRCqWzvC50H0CtNLE_8DNJ3td8URedCVodgDyi4Pg==
age: 7282
X-Firefox-Spdy: h2
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F63G1os&pid=oVZ1Xk34awqGR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
143.204.52.189200 OK 165 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F63G1os&pid=oVZ1Xk34awqGR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 143.204.52.189:0
File type ASCII text, with no line terminators
Hash 524702d9c4ac8c61e27c3d850412f10f
199d4d5b602799e1a01577115d249b9707dbf37a
7e4302335da0ce23c817a82d8d34836aef6ef7fb136f731d4ba29a7e4d762a7b
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F63G1os&pid=oVZ1Xk34awqGR&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 165
server: Server
date: Tue, 22 Nov 2022 05:06:46 GMT
x-amz-rid: N17KJX7E9T4FP4N6DR1A
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uSH7ckC0yel8natl_gRbbPAotdCiqnrUxqoZ7_mXHvX0rBKJjv8HOw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 6fc14b649b372e17262ac993a01b6e44
4866a8e009319378be142a25018223d7b0ef9bd8
31a96724f512a3cfec476ca9abfa1a5a6677668c4711a3063ce2380495771965
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3592
Cache-Control: max-age=149784
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:46 GMT
Etag: "637bf0f6-138"
Expires: Wed, 23 Nov 2022 22:43:10 GMT
Last-Modified: Mon, 21 Nov 2022 21:43:18 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e5bf97b0f8f82cd1712b34a118315c7e
8ebf659b5a09b932ed6ee219fd28803238f2816a
e64ddbc741840c4a933626710273fc41231d91a6a69b981ede401a4d6f59f7c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E64DDBC741840C4A933626710273FC41231D91A6A69B981EDE401A4D6F59F7C5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19347
Expires: Tue, 22 Nov 2022 10:29:14 GMT
Date: Tue, 22 Nov 2022 05:06:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash ae8d32915bda4a19345a548f8fcf6b6a
9c26ccca35a0c77c3c21767ad035efb2b966e3b4
824ef283079c1fcb276b71d6281dcd39d6f98874617c6178aebfdb6da200da11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1810
Cache-Control: max-age=133605
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:47 GMT
Etag: "637bb8ba-13a"
Expires: Wed, 23 Nov 2022 18:13:32 GMT
Last-Modified: Mon, 21 Nov 2022 17:43:22 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=SPAC-F80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRnZkZyUyRkVXVHQlMkJoRyUyRjU5VUZQOGxiWXlsQzRrSE9ROTNNWjBEN3p5NTNGag; expires=Sun, 17 Dec 2023 05:06:47 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 312186
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 0bde4c668bd2bed37cb5af49ab3c8848
e183d6699d45e6780b308cf315860b4567e144fe
866751aeed27ff1d9189ab495172a6005927e192e08a02d87a53d344619954d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3471
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:47 GMT
Last-Modified: Tue, 22 Nov 2022 04:08:56 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 312
unseenreport.com/pxf.gif?uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:47 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6aa34c69bb88e18a0966a54e593c49ee
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash afec857f09ac892f4d272a6506f0e2b9
46cef7b7c403235e439deb2d614f1848b2b2c168
71b2d3dfd33ece2fcd18294ec5608fdf12fff67d58d6a6886a6031c4f4eb45dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71B2D3DFD33ECE2FCD18294EC5608FDF12FFF67D58D6A6886A6031C4F4EB45DD"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5077
Expires: Tue, 22 Nov 2022 06:31:24 GMT
Date: Tue, 22 Nov 2022 05:06:47 GMT
Connection: keep-alive
static.criteo.net/js/ld/publishertag.prebid.123.js
178.250.0.130200 OK 29 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.123.js
IP 178.250.0.130:0
Hash 24f7c7229b707e9a43e7eefb119436c8
5034b0b8d09b4a66376dea357a9961f3b0aa012a
8dda164bd2bdea8988496199425662d9737be51e609176a22c0b973db4ecc9d5
GET /js/ld/publishertag.prebid.123.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: text/javascript
last-modified: Tue, 03 May 2022 11:21:03 GMT
etag: W/"6271101f-15b58"
expires: Wed, 23 Nov 2022 05:06:46 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
id5-sync.com/g/v2/806.json
162.19.138.83200 216 B URL HTTP/1.1 id5-sync.com/g/v2/806.json
IP 162.19.138.83:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 35954d7b2296393a15e6f524d7429b60
eb745e206ee1548c78ebec65ddd70540949732d7
af6398d28f37c6722a2dac96a652d3f94d3f07c833a2fa16f76f3fdafb42c278
POST /g/v2/806.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 193
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Tue, 22 Nov 2022 05:06:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash bbad8e749519dbaad27cca76281622e9
a6299f6e46e6db1601c4eb791843fd445bcd79d5
15010fca02ac1ad09e9263f571f24c4fbf24e1228f5e0b2cb360d1d138ee6290
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 05:06:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sat, 26 Nov 2022 02:50:20 GMT
ETag: "a6299f6e46e6db1601c4eb791843fd445bcd79d5"
Last-Modified: Tue, 22 Nov 2022 02:50:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 198
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76df234878deb4eb-OSL
match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
15.197.193.217200 OK 63 B URL HTTP/2 match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
IP 15.197.193.217:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c61851d96782337890138659df19801d
98ff44f37e786305d22546407e091ca5639f36ec
33d54b6a942a1406c9954a97cc4f059322716fe1d53b44e8bf15147e576ca374
GET /track/rid?ttd_pid=pubmatic&fmt=json HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:47 GMT
content-type: application/json; charset=utf-8
content-length: 63
cache-control: private
expires: Thu, 22 Dec 2022 05:06:47 GMT
vary: Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 5b5b8e627223b397ebd0249da988673a
b6625b12754aee6fd775e9d0d9492f25acbb64d1
0ff10ee296c5acd4f045050c5b8ff858dfaa2c8992f810d560f6b4751152f354
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 22 Nov 2022 05:06:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 21 Nov 2022 21:31:08 GMT
Expires: Tue, 22 Nov 2022 21:31:08 GMT
ETag: "b6625b12754aee6fd775e9d0d9492f25acbb64d1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b68c143d45d50d321eb4b86a4280806f
e98f49ddf3811291792d25e47cfec8daaaa7dfeb
da50bd5280b2450926ef26a20c2e40e3626650bc4fe7c3d4959766cb1c1c6404
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 05:06:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 20 Nov 2022 01:42:53 GMT
Expires: Sun, 27 Nov 2022 01:42:52 GMT
Etag: "e98f49ddf3811291792d25e47cfec8daaaa7dfeb"
Cache-Control: max-age=419164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76df23481d3d0b39-OSL
id.crwdcntrl.net/id
3.248.128.187200 OK 43 B IP 3.248.128.187:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90eeff5111bbbdce769d4130cc3cca3c
d62886c1a85d51814cb7f124761c5e6aca6d8933
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
GET /id HTTP/1.1
Host: id.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:47 GMT
content-type: application/json;charset=utf-8
content-length: 43
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.3.105
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.178200 OK 58 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.178:0
Hash 2e0a0deaa92d68bdbe9db000cb0a48b9
b52e7d3c3021e60bdc9ca999aa58ef14f6323784
e4c7c289ecc1f6d4216b25927b041a947964e8f38aa24fae597b72fa88b0a9fc
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 138378
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
tractorfoolproofstandard.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f%3A2%3A1
192.243.61.225200 OK 4.3 kB URL HTTP/1.1 tractorfoolproofstandard.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6126), with no line terminators
Hash 43d65e44969d38a546861d45bff1420f
af4d44f7d5dbeb0fef5b8a52bb481c04e420b686
267e9c26f490dcf44caefd0a58439f8d8bb6ab66f051c0774453362c3711dc17
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=8fdb5fa2-b275-499d-8774-e790bd576a3f%3A2%3A1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:47 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Wed, 23 Nov 2022 05:06:47 GMT; secure; SameSite=None
uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; expires=Tue, 29 Nov 2022 05:06:47 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 23 Nov 2022 05:06:47 GMT; secure; SameSite=None
uncs=1; expires=Wed, 23 Nov 2022 05:06:47 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 23 Nov 2022 05:06:47 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 23 Nov 2022 05:06:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c51f05e0938c41a1785ac35764bf9ab4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm3dMzmWn3sLiukbAxCburEfFS%2F3pSTk1XU9U9PQl7CC7IXoTxpMfOm2TD6iIungWZeJGAkPGw5GC8qeBR2LPMZGD0O9T3vXrf4b1X9elefkZ85PR0412zo7Smi42qX3l1UyXCFK6ydqcS%2BFX%2FamVTJUv1q5X%2B5LC9NwK%2FUfVfq7wjeccs1vzA9wM%2FqCwrK2PTX5yyUOmjKKhGfrVeqwaNOvr2v9jlHhz1IHpn5DkoMb689dNjKD5C0v32hnSdzKSvv93NNc2MRU8cvpd0ElMk6M7H2HqIk8PZNowbE%2FLlBZjkcOYAprc%2FcQCmxsR7EoAlhzOZYL2Dc6VMQyZg4gqK3ghSj6DoCNzcgxInBOACa%2BtIug%2FWjC3o9jlLJ%2ByYXHr6N1QxJpd%2BfR5J95vrWvUrt43OM2USh35cQvVHUO0R0vwI2Y4HVRyBZ59AiZ%2FJ4tNVJN39dacNlDh9pRUL1ohpbYHVmo2FehSJhVazWV%2BQzchnotFcomE8jUipEVQ8gpYDUHcBufOQKw957CFPPXTFaYU2otj3mzGLw7BV55yHIeeN1pJoiLDein3kfOJhgCwdgOsBuN1FanfRUQPY%2FAe4rRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlgdCu5soHQrucBbNem%2FWwHJqsvUcPTNaWCdlLz8iz0%2BD%2B%2Bug7dORpRYpwyQ%2FqS2HYqkWCN31arwnOqYxFHMZBAKdKKHcB1HnYUSfPPEGqTv5XgtEjOH0Erl4GzV8ELYbNmg%2B6Nay3fOwkD01uqqmVzkGYEml2Gdm2t6fPyAtTAdHvVyD58bUvPlv%2F7ar4ENyWSG2Jj9WPBG19f3jLFGT%2FlikcebyeZqqrdujkVW9nNJMXv7optwtjxcoNN3j4Jp8Qk%2FHRHemyVZoIlbQd%2Bfq6EkLaZWO5JN%2BvuE3JNnK3dT23SZ6ubry1vNKdClQmGYGqk%2Ffvgqsx%2Bb%2FtTP%2FrS3%2FehLIj2LxENz8ms4IyI%2FB0Fy6dq3eGwOr5Dks9FHk5tDU2v9SKQMs5pqyE%2Bxdm83nP3UfbeqDZPSTdEj1boqdLUD2Ayy8Os9QeX%2FslnBaY9oZMW2%2Bfaas%2FP4%2FWqdOKbMR%2BLP2aZHHE4ib1RRTXI0ajQDZZgwbI3Jjf%2FeCPfwAAAP%2F%2FAQAA%2F%2F8eTJuThwQAAA%3D%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 tractorfoolproofstandard.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm3dMzmWn3sLiukbAxCburEfFS%2F3pSTk1XU9U9PQl7CC7IXoTxpMfOm2TD6iIungWZeJGAkPGw5GC8qeBR2LPMZGD0O9T3vXrf4b1X9elefkZ85PR0412zo7Smi42qX3l1UyXCFK6ydqcS%2BFX%2FamVTJUv1q5X%2B5LC9NwK%2FUfVfq7wjeccs1vzA9wM%2FqCwrK2PTX5yyUOmjKKhGfrVeqwaNOvr2v9jlHhz1IHpn5DkoMb689dNjKD5C0v32hnSdzKSvv93NNc2MRU8cvpd0ElMk6M7H2HqIk8PZNowbE%2FLlBZjkcOYAprc%2FcQCmxsR7EoAlhzOZYL2Dc6VMQyZg4gqK3ghSj6DoCNzcgxInBOACa%2BtIug%2FWjC3o9jlLJ%2ByYXHr6N1QxJpd%2BfR5J95vrWvUrt43OM2USh35cQvVHUO0R0vwI2Y4HVRyBZ59AiZ%2FJ4tNVJN39dacNlDh9pRUL1ohpbYHVmo2FehSJhVazWV%2BQzchnotFcomE8jUipEVQ8gpYDUHcBufOQKw957CFPPXTFaYU2otj3mzGLw7BV55yHIeeN1pJoiLDein3kfOJhgCwdgOsBuN1FanfRUQPY%2FAe4rRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlgdCu5soHQrucBbNem%2FWwHJqsvUcPTNaWCdlLz8iz0%2BD%2B%2Bug7dORpRYpwyQ%2FqS2HYqkWCN31arwnOqYxFHMZBAKdKKHcB1HnYUSfPPEGqTv5XgtEjOH0Erl4GzV8ELYbNmg%2B6Nay3fOwkD01uqqmVzkGYEml2Gdm2t6fPyAtTAdHvVyD58bUvPlv%2F7ar4ENyWSG2Jj9WPBG19f3jLFGT%2FlikcebyeZqqrdujkVW9nNJMXv7optwtjxcoNN3j4Jp8Qk%2FHRHemyVZoIlbQd%2Bfq6EkLaZWO5JN%2BvuE3JNnK3dT23SZ6ubry1vNKdClQmGYGqk%2Ffvgqsx%2Bb%2FtTP%2FrS3%2FehLIj2LxENz8ms4IyI%2FB0Fy6dq3eGwOr5Dks9FHk5tDU2v9SKQMs5pqyE%2Bxdm83nP3UfbeqDZPSTdEj1boqdLUD2Ayy8Os9QeX%2FslnBaY9oZMW2%2Bfaas%2FP4%2FWqdOKbMR%2BLP2aZHHE4ib1RRTXI0ajQDZZgwbI3Jjf%2FeCPfwAAAP%2F%2FAQAA%2F%2F8eTJuThwQAAA%3D%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm3dMzmWn3sLiukbAxCburEfFS%2F3pSTk1XU9U9PQl7CC7IXoTxpMfOm2TD6iIungWZeJGAkPGw5GC8qeBR2LPMZGD0O9T3vXrf4b1X9elefkZ85PR0412zo7Smi42qX3l1UyXCFK6ydqcS%2BFX%2FamVTJUv1q5X%2B5LC9NwK%2FUfVfq7wjeccs1vzA9wM%2FqCwrK2PTX5yyUOmjKKhGfrVeqwaNOvr2v9jlHhz1IHpn5DkoMb689dNjKD5C0v32hnSdzKSvv93NNc2MRU8cvpd0ElMk6M7H2HqIk8PZNowbE%2FLlBZjkcOYAprc%2FcQCmxsR7EoAlhzOZYL2Dc6VMQyZg4gqK3ghSj6DoCNzcgxInBOACa%2BtIug%2FWjC3o9jlLJ%2ByYXHr6N1QxJpd%2BfR5J95vrWvUrt43OM2USh35cQvVHUO0R0vwI2Y4HVRyBZ59AiZ%2FJ4tNVJN39dacNlDh9pRUL1ohpbYHVmo2FehSJhVazWV%2BQzchnotFcomE8jUipEVQ8gpYDUHcBufOQKw957CFPPXTFaYU2otj3mzGLw7BV55yHIeeN1pJoiLDein3kfOJhgCwdgOsBuN1FanfRUQPY%2FAe4rRJOeHAZQU%2BUKCRB4QgKSlAogiIjKHrlgdCu5soHQrucBbNem%2FWwHJqsvUcPTNaWCdlLz8iz0%2BD%2B%2Bug7dORpRYpwyQ%2FqS2HYqkWCN31arwnOqYxFHMZBAKdKKHcB1HnYUSfPPEGqTv5XgtEjOH0Erl4GzV8ELYbNmg%2B6Nay3fOwkD01uqqmVzkGYEml2Gdm2t6fPyAtTAdHvVyD58bUvPlv%2F7ar4ENyWSG2Jj9WPBG19f3jLFGT%2FlikcebyeZqqrdujkVW9nNJMXv7optwtjxcoNN3j4Jp8Qk%2FHRHemyVZoIlbQd%2Bfq6EkLaZWO5JN%2BvuE3JNnK3dT23SZ6ubry1vNKdClQmGYGqk%2Ffvgqsx%2Bb%2FtTP%2FrS3%2FehLIj2LxENz8ms4IyI%2FB0Fy6dq3eGwOr5Dks9FHk5tDU2v9SKQMs5pqyE%2Bxdm83nP3UfbeqDZPSTdEj1boqdLUD2Ayy8Os9QeX%2FslnBaY9oZMW2%2Bfaas%2FP4%2FWqdOKbMR%2BLP2aZHHE4ib1RRTXI0ajQDZZgwbI3Jjf%2FeCPfwAAAP%2F%2FAQAA%2F%2F8eTJuThwQAAA%3D%3D HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e4415c687290bf02a9174f8feb46e86c
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b68c143d45d50d321eb4b86a4280806f
e98f49ddf3811291792d25e47cfec8daaaa7dfeb
da50bd5280b2450926ef26a20c2e40e3626650bc4fe7c3d4959766cb1c1c6404
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 05:06:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 20 Nov 2022 01:42:53 GMT
Expires: Sun, 27 Nov 2022 01:42:52 GMT
Etag: "e98f49ddf3811291792d25e47cfec8daaaa7dfeb"
Cache-Control: max-age=419163,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76df2349be320b39-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee351efa307041ba0081a0dcb5c04b60
ce855fa3b56ee6b55438cbe3bd44f52753dc90f2
1e909796a7ff60ebf333f3c36e7e80a09cbcc88292b397754484a0af3676651a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E909796A7FF60EBF333F3C36E7E80A09CBCC88292B397754484A0AF3676651A"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5092
Expires: Tue, 22 Nov 2022 06:31:40 GMT
Date: Tue, 22 Nov 2022 05:06:48 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14bb1a68029a02fba011db85d5499d96
50c731767d2de8a7eec8d5e2b2386683b3ad814d
1de79f89077c18af57451469d25c3eb4072371ecf87abf8ae7e9e7987b0ac19b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1DE79F89077C18AF57451469D25C3EB4072371ECF87ABF8AE7E9E7987B0AC19B"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8368
Expires: Tue, 22 Nov 2022 07:26:16 GMT
Date: Tue, 22 Nov 2022 05:06:48 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14bb1a68029a02fba011db85d5499d96
50c731767d2de8a7eec8d5e2b2386683b3ad814d
1de79f89077c18af57451469d25c3eb4072371ecf87abf8ae7e9e7987b0ac19b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1DE79F89077C18AF57451469D25C3EB4072371ECF87ABF8AE7E9E7987B0AC19B"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8368
Expires: Tue, 22 Nov 2022 07:26:16 GMT
Date: Tue, 22 Nov 2022 05:06:48 GMT
Connection: keep-alive
tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=413
192.243.61.225200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=413
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=413 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/sweep/social-box/white-small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 21 Sep 2021 12:02:03 GMT
etag: "6149c9bb-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 573318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7uQcrXUnKPTCITzcY1UC6rmFRB8TmClBm8qzf82klrNmoUg2YfrPobANUcZ%2BT9J1NQpv%2BFQalulUs2p3Kkjy3Mejuh5ZSAZAn0s1fpWqG9iNsRYVemZ3wX%2FU%2FJffCUS45Uh%2FIwrrnBt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df234d383371c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14bb1a68029a02fba011db85d5499d96
50c731767d2de8a7eec8d5e2b2386683b3ad814d
1de79f89077c18af57451469d25c3eb4072371ecf87abf8ae7e9e7987b0ac19b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1DE79F89077C18AF57451469D25C3EB4072371ECF87ABF8AE7E9E7987B0AC19B"
Last-Modified: Sun, 20 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8368
Expires: Tue, 22 Nov 2022 07:26:16 GMT
Date: Tue, 22 Nov 2022 05:06:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 128947ec7b52febb8ece9e9d63ebcffc
52fcbf26e04ea81e674e512dbc77ab67bacf3db6
5cfd821fe96a2e13784d9a63725f8aa5de392155cf1000c308a09a14ff9efe8b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CFD821FE96A2E13784D9A63725F8AA5DE392155CF1000C308A09A14FF9EFE8B"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3533
Expires: Tue, 22 Nov 2022 06:05:41 GMT
Date: Tue, 22 Nov 2022 05:06:48 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
172.64.109.13200 OK 1.2 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
IP 172.64.109.13:0
Hash e8c2344398b3bd0f75f57671d4dac2ce
76d40dc555fc8ec819b715004eda3546d73ddddd
93bd4aa7aff935eac97d613f87175743227d49482bbf0cea4596cbf605f5620a
GET /sb/ssp/sweep/social-box/white-small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:39:40 GMT
etag: W/"61ee81ec-123b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 573170
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GbFMdJeyQdRrf%2BQiNbuflyiNPhYKtPBU8EmzQd1%2BebofKCXacx1LUpD4eGAFvWwA7ZVSUh0Vtl%2BfJ7ne4pI7nyrL9VFK8vyJcTrzsKpQ8JdxMdarJ%2FofkpDDuvxrGrvz2%2BE0%2FIx1TNbn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df234d181971c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 99620d5e4f1ae93546c6dd31a58b5dd2
9dbe4c1e192890c3ddf47e7d1b7ba083b6c81aa6
8bb431af545d60f16b55862430b4876b8443d4d2969eaa49be045d414864b3f2
GET /si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: image/png
content-length: 32558
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:41:17 GMT
etag: "63656add-7f2e"
expires: Thu, 24 Nov 2022 05:06:48 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
45.133.44.3200 OK 5.3 kB URL HTTP/2 cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 4cfd7ccc9c9afc051fbdf040d043031a
bb67043a721e7c964f6ef9bd3e74666db5c6b0d0
ec6e5d11214be3c7a99de7c32b6cdf70276500462a58f848c69982a7c9c6bcb4
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:20:22 GMT
etag: W/"614c7106-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 22 Nov 2022 06:06:48 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
172.64.109.13200 OK 31 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
IP 172.64.109.13:0
File type ASCII text, with very long lines (32025)
Hash f5bd056d8d11c2f97ebebc82f566f6ad
7139d8667cfeb28add420865cf690e1c19351540
ce7c4078e0ab8b3004bad76c6b4e6c27db811d83a1c336fb9dcd593684776eb9
GET /sb/ssp/sweep/social-box/white-small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 573318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRdosbCQWlXOLhmZ3YFVc%2BoiSHYu%2FmlBQfFIUEIqFzqAO%2FVDHF6VRrG0QDlv0mC8bllfYYTJYiWhd4UVIv0VmFaq33IDO6FgiE4EF9n76JXX9b%2FrkqhKshnwwXN%2FINqNxfiMikobnDH5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df234d383471c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 19:34:08 GMT
expires: Thu, 16 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 466360
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
172.64.109.13200 OK 17 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/script.js
IP 172.64.109.13:0
Hash afe0833e4022a081fbd6fc2e81d1be45
3f07a0456540895e637463d9539d3100df92ea7b
318154f5bc9dbf8c21daf50d0da99fe72c5df3d27749eaa653d9a0c6ce0ca460
GET /sb/ssp/sweep/social-box/white-small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-306"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 573169
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a09l6N2FNxQjIzhFZx3D4lTKmHHNCDAiuckrVN8E6XGYZBN4MIPilaat8WX2%2FCMLBowLka2uPlp1N3d99mKq1u0VYewA9%2Foyf%2F%2BYLFnpClExw3V81d07kTTFezUv%2BSxhi%2B9JLq6DdBMa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df234db88a71c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tractorfoolproofstandard.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRitzu4edEFQvHhQBvGgYCb9N5kZc1iMayRsTMLuakS8VFdVT8qp6WqquqcnYQ%2FBBdmLMJ702HmTbFhdxMWzIBMvEhAyHpYcjDcVPAp7lpkMjPsd6vteve%2Fw3qv6fD8%2FJy5yerb5vt6VStGFWtWtvL4lE64LW1m%2FXfHcqrtU2ZLJYrhU6Y0P033Lc2tV943Ke4K19YLveq7ruV5lRRoR697ChIVMHza9atOthn7Vq4XomaexzR1Y6oB3z8kLkHx0ZfuXR5BsiKTz%2FXVh25lO33y3kyuaaYMuP%2FogaSe6SNCZjbFxECdH021oOyLk6zno5GjqALp7MHaASI6I89hDlBxNZSLqHl4ojRREgohfRdEdQqghJB2C6buQ%2FJQAjGN9A0nn%2Fro2Bd25YOmYHZHLT%2F6FLEbk8u8vIul8t6xkr3JLqzyTOrHoxSVkbwjZGiLNj5HtOpDFMVj2GST%2FlSw8WUPSOdiwSkPys9caMY9qMfXnI79emw%2BbTT7fqNfDeVFvuhGv1RdpEE8iknIIGQ%2BhRB%2FUziG3DnLpII8d5KmDDj%2Br0Fozdt16HMVB0AgZY0HAWK2xyGs8CBuxi5yNPfSRpX0w1Qcze0jNHtqyD5P%2FBLtdwnIHNiPo8hKFICgsQUEJCklQZARFtzzkyvq2vM%2BVzSNv2v1pD8qBzlr79FBnLZGQ%2FfScPD8J7p9PfkBbnFUEDxZdL1wMgobf5Kzu0tDnjFER8ziIPQ9WlpB2DtQ62JWnzz1GKk%2BfKRHRY1h1DCZfBc1fBi0Gdd8F3R6EDRe7yQOd62pqhLXgukSaXUG24%2Byrc%2FLSREDzz6sQ7OTaV19s%2FLHEPwYzJVJT4lP5M0FL3Rvc1AU5uKkLSx5tpJnsyF06ftVbGc3EpW9uiJ1CG7563fYfvM3GxHh8eFvYbI0mXCYtS75dlpwLs6INE%2BTHVbslos3cbi%2FnJsnTtc13VlY7E4FSJ0NQefrhHTA5Is%2Ba9uS%2FvvL3DUgzhMlLdPITMi1IPQRL92DTmXqrCYya7USpgyIvB8aPZpdKEigxwzQqYf%2BHo9m8b%2B%2BhZRzQ7C6STomuKdFVJajqw%2BaXBllqTq79FkwKkXIGkTLOQaSM%2BvIiWivPKjUvFI2oUWecR4Jxr%2B4HjcB1fc7DelN4TWR2xO589Nd%2FAAAA%2F%2F8BAAD%2F%2FwpEFXWHBAAA
192.243.61.225200 OK 7 B URL HTTP/1.1 tractorfoolproofstandard.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRitzu4edEFQvHhQBvGgYCb9N5kZc1iMayRsTMLuakS8VFdVT8qp6WqquqcnYQ%2FBBdmLMJ702HmTbFhdxMWzIBMvEhAyHpYcjDcVPAp7lpkMjPsd6vteve%2Fw3qv6fD8%2FJy5yerb5vt6VStGFWtWtvL4lE64LW1m%2FXfHcqrtU2ZLJYrhU6Y0P033Lc2tV943Ke4K19YLveq7ruV5lRRoR697ChIVMHza9atOthn7Vq4XomaexzR1Y6oB3z8kLkHx0ZfuXR5BsiKTz%2FXVh25lO33y3kyuaaYMuP%2FogaSe6SNCZjbFxECdH021oOyLk6zno5GjqALp7MHaASI6I89hDlBxNZSLqHl4ojRREgohfRdEdQqghJB2C6buQ%2FJQAjGN9A0nn%2Fro2Bd25YOmYHZHLT%2F6FLEbk8u8vIul8t6xkr3JLqzyTOrHoxSVkbwjZGiLNj5HtOpDFMVj2GST%2FlSw8WUPSOdiwSkPys9caMY9qMfXnI79emw%2BbTT7fqNfDeVFvuhGv1RdpEE8iknIIGQ%2BhRB%2FUziG3DnLpII8d5KmDDj%2Br0Fozdt16HMVB0AgZY0HAWK2xyGs8CBuxi5yNPfSRpX0w1Qcze0jNHtqyD5P%2FBLtdwnIHNiPo8hKFICgsQUEJCklQZARFtzzkyvq2vM%2BVzSNv2v1pD8qBzlr79FBnLZGQ%2FfScPD8J7p9PfkBbnFUEDxZdL1wMgobf5Kzu0tDnjFER8ziIPQ9WlpB2DtQ62JWnzz1GKk%2BfKRHRY1h1DCZfBc1fBi0Gdd8F3R6EDRe7yQOd62pqhLXgukSaXUG24%2Byrc%2FLSREDzz6sQ7OTaV19s%2FLHEPwYzJVJT4lP5M0FL3Rvc1AU5uKkLSx5tpJnsyF06ftVbGc3EpW9uiJ1CG7563fYfvM3GxHh8eFvYbI0mXCYtS75dlpwLs6INE%2BTHVbslos3cbi%2FnJsnTtc13VlY7E4FSJ0NQefrhHTA5Is%2Ba9uS%2FvvL3DUgzhMlLdPITMi1IPQRL92DTmXqrCYya7USpgyIvB8aPZpdKEigxwzQqYf%2BHo9m8b%2B%2BhZRzQ7C6STomuKdFVJajqw%2BaXBllqTq79FkwKkXIGkTLOQaSM%2BvIiWivPKjUvFI2oUWecR4Jxr%2B4HjcB1fc7DelN4TWR2xO589Nd%2FAAAA%2F%2F8BAAD%2F%2FwpEFXWHBAAA
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWgkRRitzu4edEFQvHhQBvGgYCb9N5kZc1iMayRsTMLuakS8VFdVT8qp6WqquqcnYQ%2FBBdmLMJ702HmTbFhdxMWzIBMvEhAyHpYcjDcVPAp7lpkMjPsd6vteve%2Fw3qv6fD8%2FJy5yerb5vt6VStGFWtWtvL4lE64LW1m%2FXfHcqrtU2ZLJYrhU6Y0P033Lc2tV943Ke4K19YLveq7ruV5lRRoR697ChIVMHza9atOthn7Vq4XomaexzR1Y6oB3z8kLkHx0ZfuXR5BsiKTz%2FXVh25lO33y3kyuaaYMuP%2FogaSe6SNCZjbFxECdH021oOyLk6zno5GjqALp7MHaASI6I89hDlBxNZSLqHl4ojRREgohfRdEdQqghJB2C6buQ%2FJQAjGN9A0nn%2Fro2Bd25YOmYHZHLT%2F6FLEbk8u8vIul8t6xkr3JLqzyTOrHoxSVkbwjZGiLNj5HtOpDFMVj2GST%2FlSw8WUPSOdiwSkPys9caMY9qMfXnI79emw%2BbTT7fqNfDeVFvuhGv1RdpEE8iknIIGQ%2BhRB%2FUziG3DnLpII8d5KmDDj%2Br0Fozdt16HMVB0AgZY0HAWK2xyGs8CBuxi5yNPfSRpX0w1Qcze0jNHtqyD5P%2FBLtdwnIHNiPo8hKFICgsQUEJCklQZARFtzzkyvq2vM%2BVzSNv2v1pD8qBzlr79FBnLZGQ%2FfScPD8J7p9PfkBbnFUEDxZdL1wMgobf5Kzu0tDnjFER8ziIPQ9WlpB2DtQ62JWnzz1GKk%2BfKRHRY1h1DCZfBc1fBi0Gdd8F3R6EDRe7yQOd62pqhLXgukSaXUG24%2Byrc%2FLSREDzz6sQ7OTaV19s%2FLHEPwYzJVJT4lP5M0FL3Rvc1AU5uKkLSx5tpJnsyF06ftVbGc3EpW9uiJ1CG7563fYfvM3GxHh8eFvYbI0mXCYtS75dlpwLs6INE%2BTHVbslos3cbi%2FnJsnTtc13VlY7E4FSJ0NQefrhHTA5Is%2Ba9uS%2FvvL3DUgzhMlLdPITMi1IPQRL92DTmXqrCYya7USpgyIvB8aPZpdKEigxwzQqYf%2BHo9m8b%2B%2BhZRzQ7C6STomuKdFVJajqw%2BaXBllqTq79FkwKkXIGkTLOQaSM%2BvIiWivPKjUvFI2oUWecR4Jxr%2B4HjcB1fc7DelN4TWR2xO589Nd%2FAAAA%2F%2F8BAAD%2F%2FwpEFXWHBAAA HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:48 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f56a7d552708844118f32d9dc0eb65a6
Strict-Transport-Security: max-age=0; includeSubdomains
tractorfoolproofstandard.com/pixel/sbs?c=1
192.243.61.225200 OK 0 B URL HTTP/1.1 tractorfoolproofstandard.com/pixel/sbs?c=1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=8fdb5fa2-b275-499d-8774-e790bd576a3f:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 22 Nov 2022 05:06:48 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
23.38.200.201200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=155495 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=73683
expires: Wed, 23 Nov 2022 01:34:52 GMT
date: Tue, 22 Nov 2022 05:06:49 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
185.64.190.78200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 185.64.190.78:0
File type ASCII text, with no line terminators
Hash 3dec02dbd2070252f822af0365020184
f30672f9465306ba17b6eca95c35b203e5ae70d6
fc7c243f26f2bddcd96335be40e1052960904035e767ef4f124dcffb4fac6695
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Sun, 19 Feb 2023 20:17:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 22 Nov 2022 05:06:47 GMT
content-length: 60
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
23.38.200.201200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP 23.38.200.201:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=157753
expires: Thu, 24 Nov 2022 00:56:02 GMT
date: Tue, 22 Nov 2022 05:06:49 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 0 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
GET /AdServer/SPug?o=1&p=155495&sc=1&u=62AFE4FB-19B4-4EF9-9CB1-AE5C619D7CD8&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.io/63G1os
104.22.23.162302 Found 0 B IP 104.22.23.162:0
GET /63G1os HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/63G1os
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6IjVta3JjOTNUS2ZQTWUwdyt2YTV0NFBBc1VCQ0UyeWdob3VrbzZUQzcrbkE9IiwidmFsdWUiOiJZd3c3SVhcLzBTV2NaTnVVbnZGODhiZGVtUmRSQXg1ajFNVzhXVldoZmpHWkVORnpMRkhcL0F1NmtpQmhrcmlBWWpjZWNydnZXYUc5dFJwdWNLeThnOEV3PT0iLCJtYWMiOiI1NmJlYWE2ZDBhZjUyMjlmMWNjZDZkMjgxMjk1ZWE4ZDE2MmRiZDQ3ZmZhZjc2MjcxZTc5ZWMzZWY0ZDBlZjE3In0%3D; path=/; httponly
language=eyJpdiI6Ink4WVd1dUMzcUEyRWpoVWZOY2FWVWxDNXk2VzZRTjNqTGdubUsrQ2FJQTA9IiwidmFsdWUiOiJod2tMeFR4U1wvUnRFYlNsM29aVlFsVXpqVkJ5VkQrbFF3SnY2YXNpT0dIdz0iLCJtYWMiOiJkZTA4NzEyOTZlNGIxYTU4MGEwZTQ3M2VkYjhiM2Q1MTk4M2U4OTA4MTljNzhjMjUxYWVjZjc3NTk5NmU3MGM3In0%3D; expires=Sun, 21-Nov-2027 05:06:43 GMT; Max-Age=157680000; path=/; httponly
3fde6c7ee3aae807b9729c43a02b8d3c305309c2=eyJpdiI6IjdLelJCRVcxMmlEcktNaXA5cW5IVFFBTGY2bHUzVE53eGwzS2xneEJ3ejg9IiwidmFsdWUiOiJhTGNkemNcL0tsQWR1clNRUnVkcWpUdmROODVrSllua2JwamNMUmRPOE84dlFnZGRtNDJjQXU2WW5hQmNTXC9keGh2Myt3UTA0QlJPUStvSXBTUFwvdkZtY0RuZldNanNYTVRCbVhJZExETThEVXpFNW9yVkF0SjhPVHlDTG1FTWhVeHhxVnVJNENTVE1zUEIxRWJsVzg4TnF2aUY0azNYMU5cL3A4M0VERnBERGY4OWVNNUROVDQ2d0luVWdwK0dnWFVFN3QyR1BaVGZvbm5UQU1jZVUwVkZUOStJY2tmUWppSFQzSUtQTmVHRmY0YWh3UjVRRTVqbVYwK1wvMXIyT3BtcktrVG1VV2ZJeGhOejVqN21FdWxmNGxTcDhwOXZHUUEycnZrMzJhTCsybTQ0KzROMGw3d1VpUVlTVFZqd2hFRmE1RHdFU0taODJXOFNXWlZqSE93Rkxmdz09IiwibWFjIjoiYWM5ZDUwOTE5NGFmYjU1M2Y0YTk5NzM0ZThlY2I1ZGY3MDQ2NTRjMDkxYTE2ZWZkOTNjNTA2YmJlMmUyMTE4YyJ9; expires=Tue, 22-Nov-2022 07:06:43 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76df232f4815b50b-OSL
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
54.230.111.73200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP 54.230.111.73:0
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 22 Nov 2022 04:10:42 GMT
expires: Tue, 22 Nov 2022 05:10:31 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iyHu8ItxBnzelc9tiUXNeioW05rUu9WRdK6A5K9zC6t7bxuJ_TSzQQ==
age: 3374
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=SPAC-F80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRnZkZyUyRkVXVHQlMkJoRyUyRjU5VUZQOGxiWXlsQzRrSE9ROTNNWjBEN3p5NTNGag
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=2vOYbV80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRnZkZyUyRkVXVHQlMkJoRyUyRjU5VUZQOGxiWThhWWc3S1FPNGNtbk9FJTJCWlBIQm54; expires=Sun, 17 Dec 2023 05:06:47 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 298772
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 1157480
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.adtrue.com/rtb/async.js
172.67.144.172200 OK 0 B URL HTTP/2 cdn.adtrue.com/rtb/async.js
IP 172.67.144.172:0
GET /rtb/async.js HTTP/1.1
Host: cdn.adtrue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: application/javascript
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
etag: W/"5fb1d3ed-1c9f"
expires: Sun, 24 Sep 2023 03:46:20 GMT
cache-control: max-age=31104000
access-control-allow-origin: *
cf-cache-status: HIT
age: 4670424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LpUnP%2Fg5F7CPVgLBsoR2pMdyvdUa2lAr7kIllLxj%2BbemA19tb4Bx6242ODZJwoCYBtoIq49HGX4C%2BgFT6gG5G7c0BCrCBMpB6l9q1Fi8kHKMQAAWMUCQ4sA%2F1IUVTnUyRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df23351858b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
IP 178.250.0.157:0
GET /syncframe?origin=publishertag&topUrl=ouo.press HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=c6531877-f3b4-49b6-9c1c-61bc4363914a; expires=Sun, 17 Dec 2023 05:06:47 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 480820
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: browser_data=2vOYbV80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRnZkZyUyRkVXVHQlMkJoRyUyRjU5VUZQOGxiWThhWWc3S1FPNGNtbk9FJTJCWlBIQm54
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=haCVsF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyRnZkZyUyRkVXVHQlMkJoRyUyRjU5VUZQOGxiWVF0Z1h3d3pUSXp0S1VUS2lsa3J2cQ; expires=Sun, 17 Dec 2023 05:06:49 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 334156
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
54.230.111.73200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 54.230.111.73:0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 05:06:46 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SEZkV5h0J10NV50nj530RxjrZBX2iVWwR2R2FUL1Oi5U54_alka5VA==
X-Firefox-Spdy: h2
hhklc.com/c.js
172.67.223.102200 OK 0 B IP 172.67.223.102:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:44 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Tue, 22 Nov 2022 05:15:41 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2163
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3z5ImwG8shayuOZHIMubcGDK5iFokaF4XkbAUdGIvzMyhry07OVluoLscmcRv3TRB6EG9t05ZmnmX8bbRY4Gv5yHbq8qSzobACgvG5pm%2F0pdFaAUtqCaHqosIss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76df2336ab6e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 0 B IP 142.250.74.35:0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 05:06:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d3div1mtym39ic.cloudfront.net/aax2/apstag.js
143.204.42.43200 OK 0 B URL HTTP/2 d3div1mtym39ic.cloudfront.net/aax2/apstag.js
IP 143.204.42.43:0
GET /aax2/apstag.js HTTP/1.1
Host: d3div1mtym39ic.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 22 Nov 2022 04:50:03 GMT
last-modified: Wed, 09 Nov 2022 20:51:50 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: br
etag: W/"fa24fe2b94a2fc864b1ec67f32e8db32"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZnC4khvcDRUVFO1dlF8yQVc1gthVXTyZGiocBdAg_XnadHf-x-GDHA==
age: 1002
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 05:06:47 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Wed, 23 Nov 2022 05:06:47 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F63G1os&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=92506513
54.230.111.73200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F63G1os&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=92506513
IP 54.230.111.73:0
GET /delivery/spc_fi.php?id=7419&url=%2F63G1os&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=92506513 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
date: Tue, 22 Nov 2022 05:06:45 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Wed, 22-Nov-2023 05:06:45 GMT; Max-Age=31536000; path=/; secure; SameSite=none
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UfkZmVeYyRiOPtwL5EWmPHB_vNdQXEZDrNXXc7-1Pd6OlExy_FNBuA==
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
IP 178.250.0.157:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:48 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 460566
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:45 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 634358
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.247200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.247:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 05:06:46 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 117380
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2