ouo.press/z9GwFLs
104.22.58.251403 Forbidden 3.8 kB IP 104.22.58.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (836)
Hash 9649e7950fd63c855bba871c447f3b6b
7d5a9c754d775c2bcca47ff1867e48940f342fa4
1518905e0e79e1c1458b81d1d9b012a1ef996d9e7d527f8e8f07daff6463281c
GET /z9GwFLs HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Date: Sun, 27 Nov 2022 20:19:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Referrer-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: __cf_bm=mJ7XGOAie1mUsGkY1MFHQeep970T1_6Q7u.jo8b9ZqI-1669580368-0-Afc8Bhh8m+qyQaW7nNdLZ2WXrJYDbWglzf8Jh6TLqL4GTiiMqsLpcvxlH3NzX/Gq81fGv+InAUMlXz2+6JOdFrM=; path=/; expires=Sun, 27-Nov-22 20:49:28 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f196d791c02-OSL
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2169
Expires: Sun, 27 Nov 2022 20:55:38 GMT
Date: Sun, 27 Nov 2022 20:19:29 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4874
Cache-Control: max-age=142378
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:29 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:52:27 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4846
Expires: Sun, 27 Nov 2022 21:40:15 GMT
Date: Sun, 27 Nov 2022 20:19:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 20:19:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 5
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aqSJpWqT/p5mYYeJyySB+OGmOaFRTwdArVKo0qd929lPKKUSfqdqZHn+LM1IvJ79GeEPfeL4g08=
x-amz-request-id: H87F7Q1N0CGGQG9N
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 19:44:45 GMT
age: 2084
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/styles/challenges.css
104.22.58.251200 OK 2.6 kB URL HTTP/1.1 ouo.press/cdn-cgi/styles/challenges.css
IP 104.22.58.251:0
File type ASCII text, with very long lines (6294), with no line terminators
Hash ba2d8534d208d2a5b158507e004d7150
ab81307634698ea304a68783fa38937f562009a2
63b366fdbfea7cbec639f9a5f24714a831e171570625def9462d724b5c8fdc59
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:29 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:34:50 GMT
ETag: W/"637ccffa-1896"
Server: cloudflare
CF-RAY: 770d8f1bc9091c02-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 27 Nov 2022 22:19:29 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:19:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/favicon.ico
104.22.58.251200 OK 0 B IP 104.22.58.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:29 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Sat, 14 Feb 2015 06:41:24 GMT
ETag: "54deee14-0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 5322
Accept-Ranges: bytes
Set-Cookie: __cf_bm=bqqs0jhXUHseuR6IcOXCQFRFT9eWYn7KlQUETc.QMuY-1669580369-0-AbbNGZgO8E5vW23uG2CnCwbzbWPN3gobIyEnkR7O8yXRU8rtCOAtZnnb7cI/0lkdnWmsGbYHJfeWSpDtlHIQPSE=; path=/; expires=Sun, 27-Nov-22 20:49:29 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f1bcad0b52d-OSL
ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=770d8f196d791c02
104.22.58.251200 OK 42 B URL HTTP/1.1 ouo.press/cdn-cgi/images/trace/managed/js/transparent.gif?ray=770d8f196d791c02
IP 104.22.58.251:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=770d8f196d791c02 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:29 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:34:50 GMT
ETag: "637ccffa-2a"
Server: cloudflare
CF-RAY: 770d8f1c7a4f1c02-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sun, 27 Nov 2022 22:19:29 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770d8f196d791c02
104.22.58.251200 OK 23 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770d8f196d791c02
IP 104.22.58.251:0
File type ASCII text, with very long lines (53237), with no line terminators
Hash e9c66362ac20cf81d424332a5f0bf0d7
390b46d7e225be566e1f849d304dc4b39594b4d9
d717c828e3bac9b57dbcbefa8131b0c0097a1410ace88e96b8a4d0a9ec37eb2f
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=770d8f196d791c02 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs?__cf_chl_rt_tk=3tHR8g0yZk6gVcTWx5nvXLpqLRfmglVfXxWC4QuGu4c-1669580368-0-gaNycGzNAv0
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:29 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Set-Cookie: __cf_bm=saEXdQ0hEJHjnuXlSu4mYKugOeGZxKIh.aI.eaB_xOY-1669580369-0-AcUhD3RMyW8QIHlnbRtqiJiNcQ6E35hQm3taiGBsOLxnSNkQWVxmwYOsH4Rj8b3796kYMCDb7NWZMDQNBZSnWjs=; path=/; expires=Sun, 27-Nov-22 20:49:29 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770d8f1c7c53b52d-OSL
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c7c52d07b76716c439e964b15291e293
aeed4273121cefd857c2b5f23c8ac28cd4f6c325
930e946f81768d2e858ca3ff94a4a24b14fa9167f820fe7b5f6c19e755ad773c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4853
Cache-Control: max-age=143077
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:29 GMT
Etag: "63833f41-117"
Expires: Tue, 29 Nov 2022 12:04:06 GMT
Last-Modified: Sun, 27 Nov 2022 10:43:13 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
104.18.19.132200 OK 141 kB URL HTTP/2 cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP 104.18.19.132:0
File type Unicode text, UTF-8 text, with very long lines (57362)
Size 141 kB (140682 bytes)
Hash d351598ff99ebc4c77615fbf063bcdd5
be545b97236b02aef6cc9346e0fb4b3025aefdbb
4cecb1a939d72dc994aeb2d2de54fb3287eb135444a59b6cd7676e3c10f6a829
GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:29 GMT
content-type: application/javascript
cf-ray: 770d8f1d7c9bb524-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"4a87133d7cfb9f9797187d43ffdd5417"
last-modified: Fri, 25 Nov 2022 11:46:32 GMT
strict-transport-security: max-age=0
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: e-vtjjiTuJNWqympaO3s7V_aWlOK4yXOIyZWB7ZnvSo2w49xVfwmGQ==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 20:08:54 GMT
cache-control: public,max-age=3600
age: 635
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5664
Cache-Control: max-age=138106
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:30 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:41:16 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ouo.press/cdn-cgi/challenge-platform/h/b/img/770d8f196d791c02/1669580369582/KSqdR0yUhEkkSUn
104.22.58.251200 OK 61 B URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/img/770d8f196d791c02/1669580369582/KSqdR0yUhEkkSUn
IP 104.22.58.251:0
File type PNG image data, 60 x 83, 8-bit/color RGB, non-interlaced\012- data
Hash f3c1881ce41ec56f9158860b78efad18
f6db94cf6f570134a202077e666cef46a73dd253
74c69b141b074eaebb7a2c732bf41663c28d5c9be192042b36b5ce46c8d43ea3
GET /cdn-cgi/challenge-platform/h/b/img/770d8f196d791c02/1669580369582/KSqdR0yUhEkkSUn HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:30 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cf_bm=4EIt_Ghz9_zxn0KMGwbD_u3IStioqBy.kHVtJoevj.U-1669580370-0-AQRbk/0CcshM8jjF6/gHZG64WodPaQMFFkjnuCF6dOJxdy4kegocndUQrfdU3wQZbM9qZrETKnPUd7UfZ7sDino=; path=/; expires=Sun, 27-Nov-22 20:49:30 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770d8f20fddbb52d-OSL
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gEJIotHXAgylXiOsE4cceg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ov13CPfHK8grTQTOrYT/6w2ca9E=
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5
104.22.58.251200 OK 3.8 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5
IP 104.22.58.251:0
File type ASCII text, with very long lines (5040), with no line terminators
Hash a953b46c573d2e62a475a5df52763135
630212731b2ddaadf1e7ec6ffef09a93600fb0dc
459faa0d899bc604598badc904b34261e0aced2aef1d06ef14c32e65c2c82d43
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3a0466480c2a1a5
Content-Length: 15615
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:30 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: 1+5ZzpckTt6I6UG2qrV2c8wIwqIseENqP0Jnd1Kh/vw=$DXbLxTFZThyRXL3BuiO48g==
Set-Cookie: __cf_bm=yjoaqAmoJjB59.8GpiuPbM35HYR_JhtlDFMpyxjLWus-1669580370-0-ATF7qg76hY62IBqQRQAcEYhr1kT0ZSrqwmdl55EKoCBTkYndLf5L/SF6NLkJlvYfuRP0eQK0XxuLio8HTJ9sJlY=; path=/; expires=Sun, 27-Nov-22 20:49:30 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770d8f24dca5b52d-OSL
Content-Encoding: gzip
challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185302 Found 0 B URL HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 27 Nov 2022 20:19:30 GMT
content-length: 0
location: /turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
cache-control: max-age: 300
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f2578170b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2262
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 20:19:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2262
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 20:19:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2262
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 20:19:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2262
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 20:19:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 02:31:24 GMT
age: 64087
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:50:08 GMT
age: 80963
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I6egDH0h7D08HhaoQHQ0vgghBhPfje2lGIbnWD-t7p4txzHsFxmZfg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 16:15:23 GMT
age: 14648
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 80870
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 80870
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 20:58:18 GMT
age: 84073
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5
104.22.58.251200 OK 2.0 kB URL HTTP/1.1 ouo.press/cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5
IP 104.22.58.251:0
File type ASCII text, with very long lines (2632), with no line terminators
Hash d1b73db2711783932b372297313fabc4
5bde3f92d3344e84ccda1778f82cd9183cd7ac62
1fb2dc6b1457dfb74eec8f7f4fd8495ca7d7e5a38689f681b631a3f780a51b46
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/0.6289886639912963:1669577038:d0_yBsj7KFQY_FZrer5zo8xvEZYlT1Is9IXO0Q4ZwJ8/770d8f196d791c02/3a0466480c2a1a5 HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3a0466480c2a1a5
Content-Length: 16281
Origin: http://ouo.press
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_out: eMvA15/ssd0viD8Gad0ZcEFsJGLIS07zQ5sB6bZWGhyLgdYWhyFWHCQvdquxV+wZ1/iDGC0hXBZNXSIQJPagqQ==$XhR01El3ZYzOZ2YSpLbT+w==
cf_chl_out_s: Y9MsGuxKONEO/4Legnyl75AGm6xKQSusUIh3Z56rlA7zuWm3DGsTq48XzIp/2tWEKCLFm721IeZ1ogEwof+sLB4eLXfuZTjdlUXafWn4CXNRBVDf5nsAqesHZvlX0gx4ZQrVQiQioaK0Au7z2m8WzliGVwMg3kfcBHiWRCJSVkR8sb+Psbod3ISNffJ5Bitq$seRDO5ev+PgFECgHbICbHg==
set-cookie: cf_chl_rc_m=;Expires=Sat, 26 Nov 2022 20:19:32 GMT;SameSite=Strict
__cf_bm=Assqqf6sY5B4QF2.lu8eOWDSs7JIzznRpnnxZUbP4js-1669580372-0-AcWx1wI2QFpMBO1XEhTUvEvMe8lvlbLrNQASixZTHsTz4aBahOi3YRAMxcEB0FlfdEk3TrVUjdMzAljQ9ebj4bs=; path=/; expires=Sun, 27-Nov-22 20:49:32 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770d8f2f2e31b52d-OSL
Content-Encoding: gzip
ouo.press/z9GwFLs
104.22.58.251200 OK 3.8 kB IP 104.22.58.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1938)
Hash 9dcf05c780b8741609a58564f57db157
e6c5c317ae71e7d98e90a788a3d5cfbde2a4e2a8
2df8d1508459ae327419d8a6c1ad039db862e54f9117718c43b186305ac697fc
POST /z9GwFLs HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ouo.press/z9GwFLs?__cf_chl_tk=3tHR8g0yZk6gVcTWx5nvXLpqLRfmglVfXxWC4QuGu4c-1669580368-0-gaNycGzNAv0
Content-Type: application/x-www-form-urlencoded
Content-Length: 1766
Origin: http://ouo.press
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Set-Cookie: cf_clearance=1VwReaGfru8O58vFIaM2YzbfRkCGqd7K5fyZomZ5IJ8-1669580372-0-250; path=/; expires=Mon, 27-Nov-23 20:19:32 GMT; domain=.ouo.press; HttpOnly
ouoio_session=eyJpdiI6IitKS2dEUnZLZWNwZXYyU0VNekt5aHoyYjJUSEF4eUxnVDZjRWtocTRUcE09IiwidmFsdWUiOiJuZitUYW5OOEltWGZMclBrRGREdGtVZHdUZGpvdDBUd0RpRFBPY1hhTlZVVmxUNW5RMmNETUlNUWJqWmlMU2pUWmVvQ0pRVk92ZUNvTGZQWGdySmhzdz09IiwibWFjIjoiYjc3NjkxYTIyYWY2ZTAzYzQ0NjNiNzBiMDhiMmM3MzYzMzNjNDI3OTVhNmU1OTc5YzFhZmRmYTkyM2Q3MTllNyJ9; path=/; httponly
language=eyJpdiI6IjI0NUlYSWZ3aVhtM2NpZ1hhelI5RnJTbU1LcUxDWXZhNVBwVTdCZ2J0cTA9IiwidmFsdWUiOiJPOTVUT29RcGhDc1hWRHRRNGFucXhTYnF1blNUczlIc1pZUUpwTFI5SzVNPSIsIm1hYyI6ImFkZjdmNjNkYzAzMmEzZjdhMjFhYjMwOTdjN2UwZjgyZTg3ZDQwOGZiZWQ2MmY0NWQyNTEzMzJkMWE4Y2QzMzYifQ%3D%3D; expires=Fri, 26-Nov-2027 20:19:32 GMT; Max-Age=157680000; path=/; httponly
7f06d475fe2907db6dbaa4a3d5f926427b240843=eyJpdiI6IkprXC9YUlpLelJndTdUd1RvekRNQWpZUkR3cEY3aVNIVFhUY0ZxdTFYN2dVPSIsInZhbHVlIjoicXpESG9zY2pYN0QxOEtDK0REQ1hIcFlOWDNXSG5qdFhLR3BnVEgwRGRTRjF6SEhtQ1Z5ZXQxVmN1WHpHZzZyd2k4M0ZabTBPdmx1NGgxc3ptVCtrZE5nTHkrVkJCWnlDOG5FbHIwRUNzV2U2blo0amY0VGYyQmNERUhsd2V1anpcL0V4alwvZHI1VkxkSGF1T0lWRnhQRFlrcno0cUxBOFVRODQ4Mjg4eE9rZ3JoQ2hacHdBc1FyOWtmV3RuVmliRFZQVlErZE4ycit0SXN3NWs0WFBtWGFGREtuTExCT2IxYXVvZk1iZnhuaFBZcmNKRXRmR3FCYm9LZDZ5MncySUVRZVZlbFlWSWpGMzkxbG9WbkUwTHBUZTFidzkwOXZXYmxXTnlOaCtPZDFMcWtcLzYrS3p2SVpRdHJXV1QzN1NVV1E5bTJvNmNYVitwSkZYT1BJbStwS0NNNTUxNENhUVwvOThGUU11XC83SnUzaUFNWkxhelQ3dFpFWDNUd1VTU1hBcXMiLCJtYWMiOiJiNWIzMzg0ZWIzODQ3Yjg1ZTQ3ZThiYjE1YjZjNzEwMWFlM2UwMTAyN2ZkZWE0YmY0M2FiNDNhMDk0OTI0YzU3In0%3D; expires=Sun, 27-Nov-2022 22:19:32 GMT; Max-Age=7200; path=/; httponly
__cf_bm=du1cPeId4yiy_hI36Tk3OjZpQ2S5xY613zRsowql1k4-1669580372-0-AWv7ZehNAtfJrxyrX51zX22ILIn/2E400nlNfhuSjwvnZZUND2OYXElMdm/EjoFveTjVIz4a3HweOqzaumtUtpI=; path=/; expires=Sun, 27-Nov-22 20:49:32 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Server: cloudflare
CF-RAY: 770d8f30e917b52d-OSL
Content-Encoding: gzip
ouo.press/css/link-safe.css
104.22.58.251200 OK 1.8 kB URL HTTP/1.1 ouo.press/css/link-safe.css
IP 104.22.58.251:0
Hash d91a45478adaa488ef4f1733dfa3c44c
3686ea901ce8ca85bb82f42bf0a8d39095ebf73d
4bb66b15dd5791ec4c9867c3a89ee2ef9bdb5f0bbd0d442a1fbfe2c34e9bc86b
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/z9GwFLs
Cookie: cf_clearance=1VwReaGfru8O58vFIaM2YzbfRkCGqd7K5fyZomZ5IJ8-1669580372-0-250; ouoio_session=eyJpdiI6IitKS2dEUnZLZWNwZXYyU0VNekt5aHoyYjJUSEF4eUxnVDZjRWtocTRUcE09IiwidmFsdWUiOiJuZitUYW5OOEltWGZMclBrRGREdGtVZHdUZGpvdDBUd0RpRFBPY1hhTlZVVmxUNW5RMmNETUlNUWJqWmlMU2pUWmVvQ0pRVk92ZUNvTGZQWGdySmhzdz09IiwibWFjIjoiYjc3NjkxYTIyYWY2ZTAzYzQ0NjNiNzBiMDhiMmM3MzYzMzNjNDI3OTVhNmU1OTc5YzFhZmRmYTkyM2Q3MTllNyJ9; language=eyJpdiI6IjI0NUlYSWZ3aVhtM2NpZ1hhelI5RnJTbU1LcUxDWXZhNVBwVTdCZ2J0cTA9IiwidmFsdWUiOiJPOTVUT29RcGhDc1hWRHRRNGFucXhTYnF1blNUczlIc1pZUUpwTFI5SzVNPSIsIm1hYyI6ImFkZjdmNjNkYzAzMmEzZjdhMjFhYjMwOTdjN2UwZjgyZTg3ZDQwOGZiZWQ2MmY0NWQyNTEzMzJkMWE4Y2QzMzYifQ%3D%3D; 7f06d475fe2907db6dbaa4a3d5f926427b240843=eyJpdiI6IkprXC9YUlpLelJndTdUd1RvekRNQWpZUkR3cEY3aVNIVFhUY0ZxdTFYN2dVPSIsInZhbHVlIjoicXpESG9zY2pYN0QxOEtDK0REQ1hIcFlOWDNXSG5qdFhLR3BnVEgwRGRTRjF6SEhtQ1Z5ZXQxVmN1WHpHZzZyd2k4M0ZabTBPdmx1NGgxc3ptVCtrZE5nTHkrVkJCWnlDOG5FbHIwRUNzV2U2blo0amY0VGYyQmNERUhsd2V1anpcL0V4alwvZHI1VkxkSGF1T0lWRnhQRFlrcno0cUxBOFVRODQ4Mjg4eE9rZ3JoQ2hacHdBc1FyOWtmV3RuVmliRFZQVlErZE4ycit0SXN3NWs0WFBtWGFGREtuTExCT2IxYXVvZk1iZnhuaFBZcmNKRXRmR3FCYm9LZDZ5MncySUVRZVZlbFlWSWpGMzkxbG9WbkUwTHBUZTFidzkwOXZXYmxXTnlOaCtPZDFMcWtcLzYrS3p2SVpRdHJXV1QzN1NVV1E5bTJvNmNYVitwSkZYT1BJbStwS0NNNTUxNENhUVwvOThGUU11XC83SnUzaUFNWkxhelQ3dFpFWDNUd1VTU1hBcXMiLCJtYWMiOiJiNWIzMzg0ZWIzODQ3Yjg1ZTQ3ZThiYjE1YjZjNzEwMWFlM2UwMTAyN2ZkZWE0YmY0M2FiNDNhMDk0OTI0YzU3In0%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: status=cannot_optimize
ETag: W/"5d951ace-1830"
Expires: Mon, 28 Nov 2022 01:23:32 GMT
Last-Modified: Wed, 02 Oct 2019 21:46:54 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 24960
Set-Cookie: __cf_bm=VWufDIJPQWKa1y5ywtsjPF6DjmIZnYf9fwr497Am4JI-1669580372-0-AX/fo3so/Lqlp6F/KZATnhtgqFBO2oVz9Jg77SJ90/tEzGTPvmSUaLngNqEm+6XUFUSzLHDo7mhPQjRqSs/q+YY=; path=/; expires=Sun, 27-Nov-22 20:49:32 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f32897c1c02-OSL
Content-Encoding: gzip
fonts.googleapis.com/css?family=Questrial
142.250.74.10200 OK 387 B URL HTTP/1.1 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.10:0
Hash 7b73b3eed6a43db40b0640388112329f
ad4bb62a66f1f95c0a252f83345b40d40dcd5bb4
1776d3903d4f6fb36773bac4ccb4b86c0658838f29674d1fb506859506a41bc3
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 20:19:32 GMT
Date: Sun, 27 Nov 2022 20:19:32 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
hhklc.com/c.js
172.67.223.102301 Moved Permanently 0 B IP 172.67.223.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 20:19:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 27 Nov 2022 21:19:32 GMT
Location: https://hhklc.com/c.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5m5eN0UHC2GIz2Kry01bsCPjovsWr2dHX1BRy%2FZZwdS%2FbNu8jLTYdclJykkkFArgShstd3XIgQb4CHhshwRfw4%2FYnoq03%2Fs9omyuE2fYBFYlPmRt6agjeClr%2BuA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f329ee20b59-OSL
alt-svc: h2=":443"; ma=60
ouo.press/css/bootstrap.css
104.22.58.251200 OK 18 kB URL HTTP/1.1 ouo.press/css/bootstrap.css
IP 104.22.58.251:0
File type ASCII text, with very long lines (65452)
Hash ecd7a3b8fdf856cece681f760bad623c
3c16d8b0523e3c6de3b20f7c7f9de2ae48a2949a
40f5215bfeb4c595389b7d02127c47c94e173dbca21022c9f67eca101d03ab92
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/z9GwFLs
Cookie: cf_clearance=1VwReaGfru8O58vFIaM2YzbfRkCGqd7K5fyZomZ5IJ8-1669580372-0-250; ouoio_session=eyJpdiI6IitKS2dEUnZLZWNwZXYyU0VNekt5aHoyYjJUSEF4eUxnVDZjRWtocTRUcE09IiwidmFsdWUiOiJuZitUYW5OOEltWGZMclBrRGREdGtVZHdUZGpvdDBUd0RpRFBPY1hhTlZVVmxUNW5RMmNETUlNUWJqWmlMU2pUWmVvQ0pRVk92ZUNvTGZQWGdySmhzdz09IiwibWFjIjoiYjc3NjkxYTIyYWY2ZTAzYzQ0NjNiNzBiMDhiMmM3MzYzMzNjNDI3OTVhNmU1OTc5YzFhZmRmYTkyM2Q3MTllNyJ9; language=eyJpdiI6IjI0NUlYSWZ3aVhtM2NpZ1hhelI5RnJTbU1LcUxDWXZhNVBwVTdCZ2J0cTA9IiwidmFsdWUiOiJPOTVUT29RcGhDc1hWRHRRNGFucXhTYnF1blNUczlIc1pZUUpwTFI5SzVNPSIsIm1hYyI6ImFkZjdmNjNkYzAzMmEzZjdhMjFhYjMwOTdjN2UwZjgyZTg3ZDQwOGZiZWQ2MmY0NWQyNTEzMzJkMWE4Y2QzMzYifQ%3D%3D; 7f06d475fe2907db6dbaa4a3d5f926427b240843=eyJpdiI6IkprXC9YUlpLelJndTdUd1RvekRNQWpZUkR3cEY3aVNIVFhUY0ZxdTFYN2dVPSIsInZhbHVlIjoicXpESG9zY2pYN0QxOEtDK0REQ1hIcFlOWDNXSG5qdFhLR3BnVEgwRGRTRjF6SEhtQ1Z5ZXQxVmN1WHpHZzZyd2k4M0ZabTBPdmx1NGgxc3ptVCtrZE5nTHkrVkJCWnlDOG5FbHIwRUNzV2U2blo0amY0VGYyQmNERUhsd2V1anpcL0V4alwvZHI1VkxkSGF1T0lWRnhQRFlrcno0cUxBOFVRODQ4Mjg4eE9rZ3JoQ2hacHdBc1FyOWtmV3RuVmliRFZQVlErZE4ycit0SXN3NWs0WFBtWGFGREtuTExCT2IxYXVvZk1iZnhuaFBZcmNKRXRmR3FCYm9LZDZ5MncySUVRZVZlbFlWSWpGMzkxbG9WbkUwTHBUZTFidzkwOXZXYmxXTnlOaCtPZDFMcWtcLzYrS3p2SVpRdHJXV1QzN1NVV1E5bTJvNmNYVitwSkZYT1BJbStwS0NNNTUxNENhUVwvOThGUU11XC83SnUzaUFNWkxhelQ3dFpFWDNUd1VTU1hBcXMiLCJtYWMiOiJiNWIzMzg0ZWIzODQ3Yjg1ZTQ3ZThiYjE1YjZjNzEwMWFlM2UwMTAyN2ZkZWE0YmY0M2FiNDNhMDk0OTI0YzU3In0%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=109522
ETag: W/"54def1fc-1abd2"
Expires: Sun, 27 Nov 2022 22:43:38 GMT
Last-Modified: Sat, 14 Feb 2015 06:58:04 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 34554
Set-Cookie: __cf_bm=fGfBLeu14XL3Nz.5d6FwZNCPXyXecWV9zxrDOkF4lEY-1669580372-0-AaBYGEAbD6iyU8h0o2lfZ7imVZbtKh8c2NUyTxzTpBvRR68U1qfBQePtaGwD6MTSm6g4FS2piZo2S2or1e3EoMI=; path=/; expires=Sun, 27-Nov-22 20:49:32 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f328bedb52d-OSL
Content-Encoding: gzip
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.22.58.251200 OK 655 B URL HTTP/1.1 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.22.58.251:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/z9GwFLs
Cookie: cf_clearance=1VwReaGfru8O58vFIaM2YzbfRkCGqd7K5fyZomZ5IJ8-1669580372-0-250; ouoio_session=eyJpdiI6IitKS2dEUnZLZWNwZXYyU0VNekt5aHoyYjJUSEF4eUxnVDZjRWtocTRUcE09IiwidmFsdWUiOiJuZitUYW5OOEltWGZMclBrRGREdGtVZHdUZGpvdDBUd0RpRFBPY1hhTlZVVmxUNW5RMmNETUlNUWJqWmlMU2pUWmVvQ0pRVk92ZUNvTGZQWGdySmhzdz09IiwibWFjIjoiYjc3NjkxYTIyYWY2ZTAzYzQ0NjNiNzBiMDhiMmM3MzYzMzNjNDI3OTVhNmU1OTc5YzFhZmRmYTkyM2Q3MTllNyJ9; language=eyJpdiI6IjI0NUlYSWZ3aVhtM2NpZ1hhelI5RnJTbU1LcUxDWXZhNVBwVTdCZ2J0cTA9IiwidmFsdWUiOiJPOTVUT29RcGhDc1hWRHRRNGFucXhTYnF1blNUczlIc1pZUUpwTFI5SzVNPSIsIm1hYyI6ImFkZjdmNjNkYzAzMmEzZjdhMjFhYjMwOTdjN2UwZjgyZTg3ZDQwOGZiZWQ2MmY0NWQyNTEzMzJkMWE4Y2QzMzYifQ%3D%3D; 7f06d475fe2907db6dbaa4a3d5f926427b240843=eyJpdiI6IkprXC9YUlpLelJndTdUd1RvekRNQWpZUkR3cEY3aVNIVFhUY0ZxdTFYN2dVPSIsInZhbHVlIjoicXpESG9zY2pYN0QxOEtDK0REQ1hIcFlOWDNXSG5qdFhLR3BnVEgwRGRTRjF6SEhtQ1Z5ZXQxVmN1WHpHZzZyd2k4M0ZabTBPdmx1NGgxc3ptVCtrZE5nTHkrVkJCWnlDOG5FbHIwRUNzV2U2blo0amY0VGYyQmNERUhsd2V1anpcL0V4alwvZHI1VkxkSGF1T0lWRnhQRFlrcno0cUxBOFVRODQ4Mjg4eE9rZ3JoQ2hacHdBc1FyOWtmV3RuVmliRFZQVlErZE4ycit0SXN3NWs0WFBtWGFGREtuTExCT2IxYXVvZk1iZnhuaFBZcmNKRXRmR3FCYm9LZDZ5MncySUVRZVZlbFlWSWpGMzkxbG9WbkUwTHBUZTFidzkwOXZXYmxXTnlOaCtPZDFMcWtcLzYrS3p2SVpRdHJXV1QzN1NVV1E5bTJvNmNYVitwSkZYT1BJbStwS0NNNTUxNENhUVwvOThGUU11XC83SnUzaUFNWkxhelQ3dFpFWDNUd1VTU1hBcXMiLCJtYWMiOiJiNWIzMzg0ZWIzODQ3Yjg1ZTQ3ZThiYjE1YjZjNzEwMWFlM2UwMTAyN2ZkZWE0YmY0M2FiNDNhMDk0OTI0YzU3In0%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:35:09 GMT
ETag: W/"637cd00d-4d7"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f32993cb4f3-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 29 Nov 2022 20:19:32 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
ecdn.analysis.fi/static/js/fab.js
54.230.111.8200 OK 4.2 kB URL HTTP/1.1 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.8:0
File type ASCII text, with very long lines (574)
Hash 28a0bef1ecb63168106f97b637ab3414
e577575dd115f6a95aea8c2ae87d2c30c8464728
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 4240
Connection: keep-alive
Server: nginx/1.20.0
Last-Modified: Tue, 14 Dec 2021 15:30:51 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Date: Sun, 27 Nov 2022 19:23:12 GMT
Expires: Sun, 27 Nov 2022 20:23:10 GMT
Cache-Control: max-age=3600
ETag: "61b8b8ab-1090"
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xa5wKw3Tw0VrbQongKbMMKCqMCHCo9snbWhOi6inyM5eeeF4-ykq_A==
Age: 3382
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.164200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 729acee2a72aedc9406dba71bf4c1d00
e7f1dea037aaa2df1c1e5b884dc5d73b7bc35e82
7e9b8e953f317a7a47db6df1d1ac8be5c78e9a9524a0a07755c748c2198f816a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 27 Nov 2022 20:19:32 GMT
date: Sun, 27 Nov 2022 20:19:32 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.99200 OK 100 kB URL HTTP/1.1 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.99:0
File type ASCII text, with very long lines (618)
Size 100 kB (100050 bytes)
Hash 2b98ebbab6471b990a343c5f5414eedd
5e40cd557b95f511b9fcca2ffec60e91fd99edf4
132d37df2a2a8039fcbc01c8f5c0bf78cbc53a63244d03e1748723648259bb1c
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 27 Nov 2022 20:11:48 GMT
Server: nginx/1.20.0
X-Powered-By: PHP/8.0.14
X-XSS-Protection: 0
Last-Modified: Sun, 27 Nov 2022 20:11:48 UTC
ETag: W/"f14cd9adb375c1ed3c83da94dc93f184"
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N4xYpfkysau1wrYSW3Mfn5h94RE9WlGtjVJWbmqhaytr0jC1yqfDSA==
Age: 464
ouo.press/images/world.png
104.22.58.251200 OK 5.7 kB URL HTTP/1.1 ouo.press/images/world.png
IP 104.22.58.251:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/z9GwFLs
Cookie: cf_clearance=1VwReaGfru8O58vFIaM2YzbfRkCGqd7K5fyZomZ5IJ8-1669580372-0-250; ouoio_session=eyJpdiI6IitKS2dEUnZLZWNwZXYyU0VNekt5aHoyYjJUSEF4eUxnVDZjRWtocTRUcE09IiwidmFsdWUiOiJuZitUYW5OOEltWGZMclBrRGREdGtVZHdUZGpvdDBUd0RpRFBPY1hhTlZVVmxUNW5RMmNETUlNUWJqWmlMU2pUWmVvQ0pRVk92ZUNvTGZQWGdySmhzdz09IiwibWFjIjoiYjc3NjkxYTIyYWY2ZTAzYzQ0NjNiNzBiMDhiMmM3MzYzMzNjNDI3OTVhNmU1OTc5YzFhZmRmYTkyM2Q3MTllNyJ9; language=eyJpdiI6IjI0NUlYSWZ3aVhtM2NpZ1hhelI5RnJTbU1LcUxDWXZhNVBwVTdCZ2J0cTA9IiwidmFsdWUiOiJPOTVUT29RcGhDc1hWRHRRNGFucXhTYnF1blNUczlIc1pZUUpwTFI5SzVNPSIsIm1hYyI6ImFkZjdmNjNkYzAzMmEzZjdhMjFhYjMwOTdjN2UwZjgyZTg3ZDQwOGZiZWQ2MmY0NWQyNTEzMzJkMWE4Y2QzMzYifQ%3D%3D; 7f06d475fe2907db6dbaa4a3d5f926427b240843=eyJpdiI6IkprXC9YUlpLelJndTdUd1RvekRNQWpZUkR3cEY3aVNIVFhUY0ZxdTFYN2dVPSIsInZhbHVlIjoicXpESG9zY2pYN0QxOEtDK0REQ1hIcFlOWDNXSG5qdFhLR3BnVEgwRGRTRjF6SEhtQ1Z5ZXQxVmN1WHpHZzZyd2k4M0ZabTBPdmx1NGgxc3ptVCtrZE5nTHkrVkJCWnlDOG5FbHIwRUNzV2U2blo0amY0VGYyQmNERUhsd2V1anpcL0V4alwvZHI1VkxkSGF1T0lWRnhQRFlrcno0cUxBOFVRODQ4Mjg4eE9rZ3JoQ2hacHdBc1FyOWtmV3RuVmliRFZQVlErZE4ycit0SXN3NWs0WFBtWGFGREtuTExCT2IxYXVvZk1iZnhuaFBZcmNKRXRmR3FCYm9LZDZ5MncySUVRZVZlbFlWSWpGMzkxbG9WbkUwTHBUZTFidzkwOXZXYmxXTnlOaCtPZDFMcWtcLzYrS3p2SVpRdHJXV1QzN1NVV1E5bTJvNmNYVitwSkZYT1BJbStwS0NNNTUxNENhUVwvOThGUU11XC83SnUzaUFNWkxhelQ3dFpFWDNUd1VTU1hBcXMiLCJtYWMiOiJiNWIzMzg0ZWIzODQ3Yjg1ZTQ3ZThiYjE1YjZjNzEwMWFlM2UwMTAyN2ZkZWE0YmY0M2FiNDNhMDk0OTI0YzU3In0%3D
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:33 GMT
Content-Type: image/png
Content-Length: 5692
Connection: keep-alive
Cache-Control: max-age=2592000
Cf-Bgj: imgq:85,h2pri
Cf-Polished: status=not_needed
ETag: "5549a07c-163c"
Expires: Sat, 03 Dec 2022 22:33:44 GMT
Last-Modified: Wed, 06 May 2015 05:02:52 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
CF-Cache-Status: HIT
Age: 2065549
Accept-Ranges: bytes
Set-Cookie: __cf_bm=TVML5zrgB9zcdNLqS9Ov0UMPYIZhbp6RdDbXn70H9lQ-1669580373-0-AeNfj9HuOO8DfInwomdVA1g8Yj1Ydb5ZQBNbinB1TeGKlyl8adcynhkgSV9GwXG3xWl32im3+ChuBNBSflF0wwA=; path=/; expires=Sun, 27-Nov-22 20:49:33 GMT; domain=.ouo.press; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f332ceeb52d-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tv.gourdycortes.com/1clkn/16562
23.109.248.177200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 23.109.248.177:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 20:19:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Mon, 28-Nov-2022 20:19:33 GMT; Max-Age=86400; path=/
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Mon, 28-Nov-2022 20:19:33 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
cdn.runative-syndicate.com/sdk/v1/n.js
8.247.218.249200 OK 5.2 kB URL HTTP/1.1 cdn.runative-syndicate.com/sdk/v1/n.js
IP 8.247.218.249:0
File type ASCII text, with very long lines (591)
Hash e6b953ae4edfbe129269f196fe87eee9
eb99511c1d23000bc72b2c640bbcd5792eb431f2
eb6d42f0cdeddc023b69947db248be42bc66aa2da8c59178b7f22b528c4dd60f
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Fri, 12 Aug 2022 08:59:18 GMT
Content-Type: application/javascript
Content-Length: 5220
Connection: keep-alive
Last-Modified: Wed, 23 Mar 2022 15:25:35 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"623b3bef-3202"
Age: 9285615
Accept-Ranges: bytes
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.60200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.60:0
File type ASCII text, with very long lines (37171), with no line terminators
Hash 68d826790f61a4b20c45edde46307d57
e6d7c18420d0fdddec0b4347c4c57073a7721b4e
41b9712822b3113ca751f27f010484394cb4a8163fd8d02c640ab6fcf2c96a14
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 24b1fb05e15e1706bd2782de30c40b45
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.run-syndicate.com/sdk/v1/n.css
8.254.252.210200 OK 8.3 kB URL HTTP/1.1 cdn.run-syndicate.com/sdk/v1/n.css
IP 8.254.252.210:0
File type ASCII text, with very long lines (8277), with no line terminators
Hash 37ebbc4b85fb5383d08547f5fe9d8d9f
99dac34980b1fd00028f76e782444bdf948724c5
24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Thu, 03 Mar 2022 22:40:12 GMT
Content-Type: text/css
Content-Length: 8277
Connection: keep-alive
ETag: "6114dd75-2055"
Last-Modified: Thu, 12 Aug 2021 08:36:05 GMT
Server: nginx
X-Robots-Tag: noindex, nofollow
Age: 23233161
Accept-Ranges: bytes
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
216.58.207.195200 OK 19 kB URL HTTP/1.1 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 19292
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 24 Nov 2022 15:53:57 GMT
Expires: Fri, 24 Nov 2023 15:53:57 GMT
Cache-Control: public, max-age=31536000
Age: 275136
Last-Modified: Wed, 27 Apr 2022 16:12:54 GMT
Content-Type: font/woff2
friendshipmale.com/sfp.js
104.21.234.92200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 104.21.234.92:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 8147ac423241c30036768403e6e69b5f
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 27 Nov 2022 20:19:33 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiGJ9RpO2ZP1y%2BBfWctN1Y7zpDnaZEN95jLOqHaPLHsr%2BKz27KiDVTEipeoZ6bxMd0EIYkAxG%2BTRUS2TtHRvkY9Tvo4pnyKK1DGF2rbwyGMMLlBcO3GpkjsJd40gl6t91slBYRI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770d8f363b0506b2-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 8781ef7b81ea378c87b9b75e52115397
df3106ed152971215d454459c4e7ad93559aa4ca
e44e3b4621bc2e63c4b7a69aee8cf240a496c5d1cdef6b26f5a6036c0e3007a1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=151859
Date: Sun, 27 Nov 2022 20:19:33 GMT
Etag: "63836697-1d7"
Expires: Tue, 29 Nov 2022 14:30:32 GMT
Last-Modified: Sun, 27 Nov 2022 13:31:03 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hXf89aNnidnJHHQljpDTvOky2K3u4p61mvZ2iVowkuC36VkhjWmJTg==
Age: 3569
hhklc.com/c.js
172.67.223.102200 OK 2.4 kB IP 172.67.223.102:0
File type ASCII text, with very long lines (8728), with no line terminators
Hash 42f55e29b68a163545d67c16a9760521
094b497b712be5ed45046aa28a8f3d6860757dfe
44cba7f64e0de844ba21d65dbfaa91f7cba724bc40de3c8abef45a0b6776babb
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:32 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Sun, 27 Nov 2022 20:36:24 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 1688
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSEI2Ti%2BexdDGeuNXoqd0HqKcZE7bWa8WonYrr%2BdFkYGqXnhg1%2FwwFbuqBffa6VBYx7Rf3ZpCDCFxdqOgeZCbYX9%2FG6lffXdgm5jJII6%2BCtDhwxvPcP6lYVgSe0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f32ec00b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,GwFLs&adtype=label-under&callback=callback_0DGrB
136.243.81.150200 OK 4.8 kB URL HTTP/1.1 run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,GwFLs&adtype=label-under&callback=callback_0DGrB
IP 136.243.81.150:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (9058), with no line terminators
Hash fac53b3861cc8f13a4f1fea2399d9c7f
56c3a1c6a9cf2d896fec084816957a554e2b43d2
d6df6c6d9b159ab3c68cde00b1949f416a1a2e0fadd3dfa52c8b6d7ad0d2b2ea
GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,GwFLs&adtype=label-under&callback=callback_0DGrB HTTP/1.1
Host: run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 20:19:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding, *
X-Api-Version: 2
X-Request-Id: c51caca9d6489d9e
Set-Cookie: ts_uid=96798253-fabf-4ca7-bf80-47e2fbda8214; expires=Sat, 27 May 2023 20:19:33 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
Cache-Control: no-cache, no-store, no-transform, must-revalidate, no-transform
X-Robots-Tag: none, noindex, nofollow
Report-To: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
Content-Encoding: gzip
widgets.outbrain.com/images/widgetIcons/achoice.svg
23.38.201.81200 OK 2.7 kB URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 23.38.201.81:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Hash 9d26fa4e7238ed94f1d0d92afb453b3e
ae18efe7d09337bf2f580b3f5bc912284aad7821
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Tue, 27 Dec 2022 20:19:33 GMT
date: Sun, 27 Nov 2022 20:19:33 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9cff2c2ad4207e09e07c017987177850
833082ded91a1983a1367c48c8076949e079ce95
82b03e92d004f116875ba023a7e8782d3c124a1c499a6328f29cff70f397a6cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.102200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.102:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 11:00:31 GMT
expires: Mon, 28 Nov 2022 11:00:31 GMT
cache-control: public, max-age=86400
age: 33542
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:26:04 GMT
expires: Sun, 26 Nov 2023 21:26:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 82409
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9cff2c2ad4207e09e07c017987177850
833082ded91a1983a1367c48c8076949e079ce95
82b03e92d004f116875ba023a7e8782d3c124a1c499a6328f29cff70f397a6cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 20:19:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=502013,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770d8f3a1e69b500-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash bbb0f4db8cf5afadcf6aff6e3efd84f5
306a448867377ee652726a0ca8f45112ed46f3d2
f3793d646b320f22c02cde1bee7423484fba1abc89cce4667754107416ab640f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 20:19:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 15:56:29 GMT
Expires: Sat, 03 Dec 2022 15:56:28 GMT
Etag: "306a448867377ee652726a0ca8f45112ed46f3d2"
Cache-Control: max-age=502013,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770d8f3a1b840b61-OSL
lcdn.tsyndicate.com/images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp
8.254.252.214200 OK 4.6 kB URL HTTP/2 lcdn.tsyndicate.com/images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp
IP 8.254.252.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 28ab8bc86a12a46387751f0d0d3f8d76
752bb87d55026c563d91b60214abd39fe39ce5c8
b50b777891dc9f3c65918d24eabce9e83aed2f6c78da8d8ca784f173955b1ab8
GET /images/5/a/28e48d256a3f2fbfb83b09543cbaf5a5a4b7a1/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:34 GMT
content-type: image/webp
content-length: 4579
last-modified: Thu, 10 Nov 2022 11:53:00 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"636ce61c-11cc"
age: 1408381
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp
8.254.252.214200 OK 9.2 kB URL HTTP/2 lcdn.tsyndicate.com/images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp
IP 8.254.252.214:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a1ae644ba4fcaac6d9ce47cf82d7058a
f8df54e72325f37ed55147e6705e02cdd18c25c2
33a27d5aa39a48767831f7c48e40878f7c26a02d29c24dfe246703b2723be6ac
GET /images/f/3/a84b93a27e7842d835fe6af5e3e6fa8fe87fbe/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:34 GMT
content-type: image/webp
content-length: 9241
last-modified: Thu, 10 Nov 2022 11:53:00 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"636ce61c-2402"
age: 1408388
accept-ranges: bytes
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
18.185.190.54200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.185.190.54:0
File type ASCII text, with no line terminators
Hash 4e6bb883677cea60512493bd79d4d808
2692628c1bdc8c034ca72677f9d37e42c9f4a1fe
fde0f51f2ba38c212c80536f3fa6c3a5218a149952e3ff36b4366869ff8375ba
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Cookie: uid_id2=5d628805-16d2-41d9-963b-ef8fe1538808:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://ouo.press
access-control-allow-credentials: true
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XguDEjDI4yZca0EENGTI4WNMKIuTESRg4xLXJ0HCNjxgwyY24UFPEwTJ0xGWfAkEEmh4wwZlqMsRkGJQwcOFp4pMFyqAwZZszMMBMGBhkaPCGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTtkaNuA-nANnoo4ZOWzAsCHDxsMxbezqoLExcI6eZMwsJPxQjBs3b2HcYMzxYRs3GHXIoJEjB461n0PHyIHWsIg6cti8tSnY6MM6MjKioUMHzhwdL17gwcOmjBoXZ-SEoZPGTB42oMksLzPHxZg3bV78qEOnzZc5b2CPKdMjh1YYNDTbGBN4aRkcNLjUOVt4ToweQm_cyCGfvo05MvTQ0Ggx0BBDf0P9NwN-gQ1WGIL11dADZ45BuB4baYyxxhdpkNGDFExAkYQYRNBhhhBmsGHDElFocYUSd2jBmxBUaAGHDUnQgYcdODyhhh1K6IHGGmYQ0UQWbESRhR45HIEHDGmw0YQac3zhBhRIIHFGFEIIcYQQYtRRgxJE2KAGGXJoIUYQbsyQRx1DICFEDG-chcMVWgRxBBxj4HEDFnHQIEYVEt3xxRlVJEGEFFWkYaEa9x04X4Jq5CBgWGRgl1F4b7gAhxzUKXTYcgttYWAXa8kB1F9ltDBYZZLpAIMLMFQkwhhwePfpqrPSp5YIctihmFkPhZTrQr2idVsdaWQU2H44yFDDDC1wJUZSNIwRBkvX4gADSjphRZJHcYH1UBqKiZBDDC6w5gINMrjQkLnAcpjuuu3OCq-8NdBbRxgZNfGGHlGyEcYLNdAKAgpXpOFGpnfMAYITVIAQQ687gNCwGzbQkDEeHWccLEMwJAxDCiAcEdIab7xg1sW11gqCEWmAasYbeLxwsclhjbGqCE48EdYbcnzhc0ZBh8XGz0U4gWkZdnwBqmwM1aAfDjPY4C0MD8lxBmai1bDRQwdFLYYcC0FFNtRftPEGGWXhYIOtaL7x1kNvKLRYqjjnsdCvNuvGGxzAvcCpp6DOMccLYd2RUQwyeBsWGo8PRe8cwWYkxxt0LEd0C3W4kQYdLciQgws4QY7pzwd9kXpuFrVBkQ025CA2Wp2J0F1uDNFuu7czcHQDZWJJTR0cX5Dae-23Bz9DsVGHUZwcdOi9RVqoQiSGXyIcxFUdbEy01tLIHpZr1MoxZ7es716Vww2HqSZDHwoEBA%3D%3D&r=1&s=417c40a255598508d965d07c3a3ca49e6f14a773f84186b947812d3370bb11cd1669580373&w=t&ir=245x208
136.243.43.25200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XguDEjDI4yZca0EENGTI4WNMKIuTESRg4xLXJ0HCNjxgwyY24UFPEwTJ0xGWfAkEEmh4wwZlqMsRkGJQwcOFp4pMFyqAwZZszMMBMGBhkaPCGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTtkaNuA-nANnoo4ZOWzAsCHDxsMxbezqoLExcI6eZMwsJPxQjBs3b2HcYMzxYRs3GHXIoJEjB461n0PHyIHWsIg6cti8tSnY6MM6MjKioUMHzhwdL17gwcOmjBoXZ-SEoZPGTB42oMksLzPHxZg3bV78qEOnzZc5b2CPKdMjh1YYNDTbGBN4aRkcNLjUOVt4ToweQm_cyCGfvo05MvTQ0Ggx0BBDf0P9NwN-gQ1WGIL11dADZ45BuB4baYyxxhdpkNGDFExAkYQYRNBhhhBmsGHDElFocYUSd2jBmxBUaAGHDUnQgYcdODyhhh1K6IHGGmYQ0UQWbESRhR45HIEHDGmw0YQac3zhBhRIIHFGFEIIcYQQYtRRgxJE2KAGGXJoIUYQbsyQRx1DICFEDG-chcMVWgRxBBxj4HEDFnHQIEYVEt3xxRlVJEGEFFWkYaEa9x04X4Jq5CBgWGRgl1F4b7gAhxzUKXTYcgttYWAXa8kB1F9ltDBYZZLpAIMLMFQkwhhwePfpqrPSp5YIctihmFkPhZTrQr2idVsdaWQU2H44yFDDDC1wJUZSNIwRBkvX4gADSjphRZJHcYH1UBqKiZBDDC6w5gINMrjQkLnAcpjuuu3OCq-8NdBbRxgZNfGGHlGyEcYLNdAKAgpXpOFGpnfMAYITVIAQQ687gNCwGzbQkDEeHWccLEMwJAxDCiAcEdIab7xg1sW11gqCEWmAasYbeLxwsclhjbGqCE48EdYbcnzhc0ZBh8XGz0U4gWkZdnwBqmwM1aAfDjPY4C0MD8lxBmai1bDRQwdFLYYcC0FFNtRftPEGGWXhYIOtaL7x1kNvKLRYqjjnsdCvNuvGGxzAvcCpp6DOMccLYd2RUQwyeBsWGo8PRe8cwWYkxxt0LEd0C3W4kQYdLciQgws4QY7pzwd9kXpuFrVBkQ025CA2Wp2J0F1uDNFuu7czcHQDZWJJTR0cX5Dae-23Bz9DsVGHUZwcdOi9RVqoQiSGXyIcxFUdbEy01tLIHpZr1MoxZ7es716Vww2HqSZDHwoEBA%3D%3D&r=1&s=417c40a255598508d965d07c3a3ca49e6f14a773f84186b947812d3370bb11cd1669580373&w=t&ir=245x208
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XguDEjDI4yZca0EENGTI4WNMKIuTESRg4xLXJ0HCNjxgwyY24UFPEwTJ0xGWfAkEEmh4wwZlqMsRkGJQwcOFp4pMFyqAwZZszMMBMGBhkaPCGSsbNQBgwYM2g8hFNHzMIZMho6hAgHTtkaNuA-nANnoo4ZOWzAsCHDxsMxbezqoLExcI6eZMwsJPxQjBs3b2HcYMzxYRs3GHXIoJEjB461n0PHyIHWsIg6cti8tSnY6MM6MjKioUMHzhwdL17gwcOmjBoXZ-SEoZPGTB42oMksLzPHxZg3bV78qEOnzZc5b2CPKdMjh1YYNDTbGBN4aRkcNLjUOVt4ToweQm_cyCGfvo05MvTQ0Ggx0BBDf0P9NwN-gQ1WGIL11dADZ45BuB4baYyxxhdpkNGDFExAkYQYRNBhhhBmsGHDElFocYUSd2jBmxBUaAGHDUnQgYcdODyhhh1K6IHGGmYQ0UQWbESRhR45HIEHDGmw0YQac3zhBhRIIHFGFEIIcYQQYtRRgxJE2KAGGXJoIUYQbsyQRx1DICFEDG-chcMVWgRxBBxj4HEDFnHQIEYVEt3xxRlVJEGEFFWkYaEa9x04X4Jq5CBgWGRgl1F4b7gAhxzUKXTYcgttYWAXa8kB1F9ltDBYZZLpAIMLMFQkwhhwePfpqrPSp5YIctihmFkPhZTrQr2idVsdaWQU2H44yFDDDC1wJUZSNIwRBkvX4gADSjphRZJHcYH1UBqKiZBDDC6w5gINMrjQkLnAcpjuuu3OCq-8NdBbRxgZNfGGHlGyEcYLNdAKAgpXpOFGpnfMAYITVIAQQ687gNCwGzbQkDEeHWccLEMwJAxDCiAcEdIab7xg1sW11gqCEWmAasYbeLxwsclhjbGqCE48EdYbcnzhc0ZBh8XGz0U4gWkZdnwBqmwM1aAfDjPY4C0MD8lxBmai1bDRQwdFLYYcC0FFNtRftPEGGWXhYIOtaL7x1kNvKLRYqjjnsdCvNuvGGxzAvcCpp6DOMccLYd2RUQwyeBsWGo8PRe8cwWYkxxt0LEd0C3W4kQYdLciQgws4QY7pzwd9kXpuFrVBkQ025CA2Wp2J0F1uDNFuu7czcHQDZWJJTR0cX5Dae-23Bz9DsVGHUZwcdOi9RVqoQiSGXyIcxFUdbEy01tLIHpZr1MoxZ7es716Vww2HqSZDHwoEBA%3D%3D&r=1&s=417c40a255598508d965d07c3a3ca49e6f14a773f84186b947812d3370bb11cd1669580373&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:19:34 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkoGEDBwwbM2C0KDMmxowWNGrAEIlDhpgwLWyECUODpA0xOMyIGSPiYZg6PHWICCmDTA4ZYcy0GDNjBkwaMHDgaBEGB40bLWDI2GrGzAwzYWCQodETIhk7C2WsnEHjIZw6YhbOkNHQIUQ4cNLWACnj4Rw4E3XMyGHjowwbD8e0yauDBo4bhHP4JGNmoY2-IsS4cSMXxg3HN2A8bOMGow4ZNHLkwOGWtOkYOWDMQCyijhw2cpsWxiG5toyMaOjQgTNHx4sXePCwKaPGxRk5YeikMZOHTWky0cvMcTHmTZsXP-rQafNlzhvbY8r0yOEVBtQbNsYQZlrGKpc6Kw_PidEj5A3I9-Vnwxwy9NAQajHQEEOAWg04Q3-EGWYDg_rV0ANokVEYHxtpjLHGF2mQ0YMSciDhhhhMMOGEVGag8QUSVzShhhxtlFGFEGQYoQQTSZzRwhQ4WDGGHkdk4YQZdmQxRw1pZPHEEGeQaEYbciglRgs4tJGFFTXIIEUTaxRxQxxJxIEDHkmYAcMZNUCRQx1QWCEGElGUoccSSFCBhBZhtBFHDGbQEIcQeIwxxhcxBPHFGVUkQYQUVaShoRr8LYhfg2rkYGBZZHiX0XlvuACHHNoplFh0C22hYBduyRHUDGVkRZsYlekAgwswVCTCGHCQN2pQt-bXlghy2MGYWg-R1OtCwcr2UB11pJERYZC1VMNJYNGK0hhhYEWrRyjdUIYMOmHXUoJlpcGYRjG4EJsLNMjgQkNkPSQHiOvm0O678c5bQ721hZFRE2_okQYbbITxQg24goDCFWm40ekdc4DgBBUgxBDsDiBA7IYNNHCMB8gcF8sQDAzDkAIIR5C0xhsvqKVxrrmCYEQapJrxBh4vaJxyWYZm5MQTZb1xb9BCDV0WG0GJUIQTnJZhxxek4sZQDf_hMJtHohF7Bmen1fDYQwdNLYYcC0lFttRftPEGGWnhYIOuZMjxhlwPvaFQY63unMdCw-YMnHBwGPcCqKKSOsccL5R1R0YxyOBRWWhArhXAcxSbkd10RGd0C3W4kQYdLciQgwtklPQb2U0f9EXqkZc1HkU22JCD2LLdMINFbfzGUO23ezSD7vDtbhbV2sHxBaq_24778MazHcZyctCx9xZssQqRGIGJcBBYdbAxkVtMU5RYr1NDJ93dtsIbQwzwJfaaDH0oEBA%3D&r=1&s=7c05134513c0540c89ae39ccf88bdde30da14c1051fa05d4bda6846c4fa0393f1669580373&w=t&ir=245x208
136.243.43.25200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkoGEDBwwbM2C0KDMmxowWNGrAEIlDhpgwLWyECUODpA0xOMyIGSPiYZg6PHWICCmDTA4ZYcy0GDNjBkwaMHDgaBEGB40bLWDI2GrGzAwzYWCQodETIhk7C2WsnEHjIZw6YhbOkNHQIUQ4cNLWACnj4Rw4E3XMyGHjowwbD8e0yauDBo4bhHP4JGNmoY2-IsS4cSMXxg3HN2A8bOMGow4ZNHLkwOGWtOkYOWDMQCyijhw2cpsWxiG5toyMaOjQgTNHx4sXePCwKaPGxRk5YeikMZOHTWky0cvMcTHmTZsXP-rQafNlzhvbY8r0yOEVBtQbNsYQZlrGKpc6Kw_PidEj5A3I9-Vnwxwy9NAQajHQEEOAWg04Q3-EGWYDg_rV0ANokVEYHxtpjLHGF2mQ0YMSciDhhhhMMOGEVGag8QUSVzShhhxtlFGFEGQYoQQTSZzRwhQ4WDGGHkdk4YQZdmQxRw1pZPHEEGeQaEYbciglRgs4tJGFFTXIIEUTaxRxQxxJxIEDHkmYAcMZNUCRQx1QWCEGElGUoccSSFCBhBZhtBFHDGbQEIcQeIwxxhcxBPHFGVUkQYQUVaShoRr8LYhfg2rkYGBZZHiX0XlvuACHHNoplFh0C22hYBduyRHUDGVkRZsYlekAgwswVCTCGHCQN2pQt-bXlghy2MGYWg-R1OtCwcr2UB11pJERYZC1VMNJYNGK0hhhYEWrRyjdUIYMOmHXUoJlpcGYRjG4EJsLNMjgQkNkPSQHiOvm0O678c5bQ721hZFRE2_okQYbbITxQg24goDCFWm40ekdc4DgBBUgxBDsDiBA7IYNNHCMB8gcF8sQDAzDkAIIR5C0xhsvqKVxrrmCYEQapJrxBh4vaJxyWYZm5MQTZb1xb9BCDV0WG0GJUIQTnJZhxxek4sZQDf_hMJtHohF7Bmen1fDYQwdNLYYcC0lFttRftPEGGWnhYIOuZMjxhlwPvaFQY63unMdCw-YMnHBwGPcCqKKSOsccL5R1R0YxyOBRWWhArhXAcxSbkd10RGd0C3W4kQYdLciQgwtklPQb2U0f9EXqkZc1HkU22JCD2LLdMINFbfzGUO23ezSD7vDtbhbV2sHxBaq_24778MazHcZyctCx9xZssQqRGIGJcBBYdbAxkVtMU5RYr1NDJ93dtsIbQwzwJfaaDH0oEBA%3D&r=1&s=7c05134513c0540c89ae39ccf88bdde30da14c1051fa05d4bda6846c4fa0393f1669580373&w=t&ir=245x208
IP 136.243.43.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkoGEDBwwbM2C0KDMmxowWNGrAEIlDhpgwLWyECUODpA0xOMyIGSPiYZg6PHWICCmDTA4ZYcy0GDNjBkwaMHDgaBEGB40bLWDI2GrGzAwzYWCQodETIhk7C2WsnEHjIZw6YhbOkNHQIUQ4cNLWACnj4Rw4E3XMyGHjowwbD8e0yauDBo4bhHP4JGNmoY2-IsS4cSMXxg3HN2A8bOMGow4ZNHLkwOGWtOkYOWDMQCyijhw2cpsWxiG5toyMaOjQgTNHx4sXePCwKaPGxRk5YeikMZOHTWky0cvMcTHmTZsXP-rQafNlzhvbY8r0yOEVBtQbNsYQZlrGKpc6Kw_PidEj5A3I9-Vnwxwy9NAQajHQEEOAWg04Q3-EGWYDg_rV0ANokVEYHxtpjLHGF2mQ0YMSciDhhhhMMOGEVGag8QUSVzShhhxtlFGFEGQYoQQTSZzRwhQ4WDGGHkdk4YQZdmQxRw1pZPHEEGeQaEYbciglRgs4tJGFFTXIIEUTaxRxQxxJxIEDHkmYAcMZNUCRQx1QWCEGElGUoccSSFCBhBZhtBFHDGbQEIcQeIwxxhcxBPHFGVUkQYQUVaShoRr8LYhfg2rkYGBZZHiX0XlvuACHHNoplFh0C22hYBduyRHUDGVkRZsYlekAgwswVCTCGHCQN2pQt-bXlghy2MGYWg-R1OtCwcr2UB11pJERYZC1VMNJYNGK0hhhYEWrRyjdUIYMOmHXUoJlpcGYRjG4EJsLNMjgQkNkPSQHiOvm0O678c5bQ721hZFRE2_okQYbbITxQg24goDCFWm40ekdc4DgBBUgxBDsDiBA7IYNNHCMB8gcF8sQDAzDkAIIR5C0xhsvqKVxrrmCYEQapJrxBh4vaJxyWYZm5MQTZb1xb9BCDV0WG0GJUIQTnJZhxxek4sZQDf_hMJtHohF7Bmen1fDYQwdNLYYcC0lFttRftPEGGWnhYIOuZMjxhlwPvaFQY63unMdCw-YMnHBwGPcCqKKSOsccL5R1R0YxyOBRWWhArhXAcxSbkd10RGd0C3W4kQYdLciQgwtklPQb2U0f9EXqkZc1HkU22JCD2LLdMINFbfzGUO23ezSD7vDtbhbV2sHxBaq_24778MazHcZyctCx9xZssQqRGIGJcBBYdbAxkVtMU5RYr1NDJ93dtsIbQwzwJfaaDH0oEBA%3D&r=1&s=7c05134513c0540c89ae39ccf88bdde30da14c1051fa05d4bda6846c4fa0393f1669580373&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 20:19:34 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=5d628805-16d2-41d9-963b-ef8fe1538808&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5d628805-16d2-41d9-963b-ef8fe1538808&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5d628805-16d2-41d9-963b-ef8fe1538808&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1053&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 27 Nov 2022 20:19:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2fdf40d3f9f661dd22f75bb23de7e149
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c0748d6b73f44e551a70bbd351fa44b
938677b2f0d2152ebb028c00d095492d4946d2ee
4e3fa15077f57b5966d4b60f2a856c9defe22ad657f6374387c83d8afe466861
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E3FA15077F57B5966D4B60F2A856C9DEFE22AD657F6374387C83D8AFE466861"
Last-Modified: Sat, 26 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9675
Expires: Sun, 27 Nov 2022 23:00:49 GMT
Date: Sun, 27 Nov 2022 20:19:34 GMT
Connection: keep-alive
tallysaturatesnare.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5d628805-16d2-41d9-963b-ef8fe1538808%3A3%3A1
173.233.137.60200 OK 3.5 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5d628805-16d2-41d9-963b-ef8fe1538808%3A3%3A1
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (6100), with no line terminators
Hash bf1aa9c90185fa27a33a586c8fd52f80
7c86e98a457001add3291e1da6723e95de485170
de70bf893d7fad4002fdc6f103224e090ddc6eea4bff2a4356883dc865f56ec1
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5d628805-16d2-41d9-963b-ef8fe1538808%3A3%3A1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://ouo.press
Access-Control-Allow-Origin: http://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Mon, 28 Nov 2022 20:19:35 GMT; secure; SameSite=None
uid_id2=5d628805-16d2-41d9-963b-ef8fe1538808:3:1; expires=Sun, 04 Dec 2022 20:19:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 28 Nov 2022 20:19:35 GMT; secure; SameSite=None
uncs=1; expires=Mon, 28 Nov 2022 20:19:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 28 Nov 2022 20:19:35 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 28 Nov 2022 20:19:35 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a16df0b5c633eede044075b1c870e087
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7afa63a2e765a5889feedb036228204
546d048429118d6ff49049b948a6d39c3706b4e1
ce33ebbd5115ffaac9721eacc50f458d369b30dbc875379c5602fe846d078207
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5478
Expires: Sun, 27 Nov 2022 21:50:53 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Connection: keep-alive
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWhjRRiet9096IKgePGgBPGgYNN5eUma2MNiXStla1t2VwviZd7MvHTM5M1j5r28tHgoFmQvQjzp8fVLu2V1ERfPgqQiSEFoPCw9WG8ieBT2LEkDcf%2FD%2FP8333%2F4vm%2Fm84PsglBk7HzzfbOrtGYLtTItvb6lYmFyV1q%2FW%2FJpmS6VtlRcry6VeuPDdt%2Fyaa1M3yi9J3nbLFSoT6lP%2FdKKsjIyvYUJC5U8bPrlJi1XK2W%2FVkXPPo1d5sExD6J7QV6AEqNr278%2BguJDxJ3vb0rXTk3y5rudTLPUWHTF8QdxOzZ5jM5sjKyHKD6ebsO4ESFfX4GJj6cOYLqHYwcI1Yh4j32E8fFUJsLu0aXSUEPGCMV15N0hpB5CsSG42YcSZwTgAusbiDv3143N2c4ly8bsiFx98i9UPiJX%2F3gRcee7Za16pTtGZ6kysUMvKqB6Q6jWEEl2gnTXg8pPwNPPoMRvZOHJGuLO4YbTBkqcv1YT9UqjQWvzfl1U5qu%2BaM4360E4L6NGJP1a0GjQxiQipYZQ0RBa9sHcHDLnIVMesshDlnjoiPMSqzUjShejMAqCRpVzHgSc1xp1URNBtRFRZHzsoY806YPrPrjdQ2L30FZ92OwnuO0CTnhwKUFXFMglQe4IckaQK4I8Jci7xZHQruKK%2B0K7LPSnvTLtQTEwaeuAHZm0JWNykFyQ5yfB%2FfPxD2jL85IUQZ361XoQNCpNwRcpq1YE50xGIgoi34dTBZS7AuY87Kqz5x4jUWfPFAjZCZw%2BAVevgmUvg%2BWDxQoF2x5UGxS78QOTmXJipXMQpkCSXkO64x3oC%2FLSREDzr%2BuQ%2FPTGV19s%2FLkkPgK3BRJb4BP1M0FL3xvcNjk5vG1yRx5tJKnqqF02ftU7KUvl3De35E5urFi96foP3uZjYjw%2BvCtdusZioeKWI98uKyGkXTGWS%2FLjqtuS4WbmtpczG2fJ2uY7K6udiUBl4iGYOvvwU3A1Is%2Fa9uS%2FvvL3LSg7hM0KdLJTMi0oMwRP9uCSmXpnCKye7YSJhzwrBrYSzi61ItByhllYwP0Ph7P5wN1Dy3pg6T7iToGuLdDVBZjuw2VzgzSxpzd%2BDyaFUHuDUFvvMNRWf3kZrVPnJVmLaCRpRYZRM4wWGRXNqNoMWdOXi2GN%2BUjdiO%2F%2FsvUfAAAA%2F%2F8BAAD%2F%2FzuQMeiHBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWhjRRiet9096IKgePGgBPGgYNN5eUma2MNiXStla1t2VwviZd7MvHTM5M1j5r28tHgoFmQvQjzp8fVLu2V1ERfPgqQiSEFoPCw9WG8ieBT2LEkDcf%2FD%2FP8333%2F4vm%2Fm84PsglBk7HzzfbOrtGYLtTItvb6lYmFyV1q%2FW%2FJpmS6VtlRcry6VeuPDdt%2Fyaa1M3yi9J3nbLFSoT6lP%2FdKKsjIyvYUJC5U8bPrlJi1XK2W%2FVkXPPo1d5sExD6J7QV6AEqNr278%2BguJDxJ3vb0rXTk3y5rudTLPUWHTF8QdxOzZ5jM5sjKyHKD6ebsO4ESFfX4GJj6cOYLqHYwcI1Yh4j32E8fFUJsLu0aXSUEPGCMV15N0hpB5CsSG42YcSZwTgAusbiDv3143N2c4ly8bsiFx98i9UPiJX%2F3gRcee7Za16pTtGZ6kysUMvKqB6Q6jWEEl2gnTXg8pPwNPPoMRvZOHJGuLO4YbTBkqcv1YT9UqjQWvzfl1U5qu%2BaM4360E4L6NGJP1a0GjQxiQipYZQ0RBa9sHcHDLnIVMesshDlnjoiPMSqzUjShejMAqCRpVzHgSc1xp1URNBtRFRZHzsoY806YPrPrjdQ2L30FZ92OwnuO0CTnhwKUFXFMglQe4IckaQK4I8Jci7xZHQruKK%2B0K7LPSnvTLtQTEwaeuAHZm0JWNykFyQ5yfB%2FfPxD2jL85IUQZ361XoQNCpNwRcpq1YE50xGIgoi34dTBZS7AuY87Kqz5x4jUWfPFAjZCZw%2BAVevgmUvg%2BWDxQoF2x5UGxS78QOTmXJipXMQpkCSXkO64x3oC%2FLSREDzr%2BuQ%2FPTGV19s%2FLkkPgK3BRJb4BP1M0FL3xvcNjk5vG1yRx5tJKnqqF02ftU7KUvl3De35E5urFi96foP3uZjYjw%2BvCtdusZioeKWI98uKyGkXTGWS%2FLjqtuS4WbmtpczG2fJ2uY7K6udiUBl4iGYOvvwU3A1Is%2Fa9uS%2FvvL3LSg7hM0KdLJTMi0oMwRP9uCSmXpnCKye7YSJhzwrBrYSzi61ItByhllYwP0Ph7P5wN1Dy3pg6T7iToGuLdDVBZjuw2VzgzSxpzd%2BDyaFUHuDUFvvMNRWf3kZrVPnJVmLaCRpRYZRM4wWGRXNqNoMWdOXi2GN%2BUjdiO%2F%2FsvUfAAAA%2F%2F8BAAD%2F%2FzuQMeiHBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWhjRRiet9096IKgePGgBPGgYNN5eUma2MNiXStla1t2VwviZd7MvHTM5M1j5r28tHgoFmQvQjzp8fVLu2V1ERfPgqQiSEFoPCw9WG8ieBT2LEkDcf%2FD%2FP8333%2F4vm%2Fm84PsglBk7HzzfbOrtGYLtTItvb6lYmFyV1q%2FW%2FJpmS6VtlRcry6VeuPDdt%2Fyaa1M3yi9J3nbLFSoT6lP%2FdKKsjIyvYUJC5U8bPrlJi1XK2W%2FVkXPPo1d5sExD6J7QV6AEqNr278%2BguJDxJ3vb0rXTk3y5rudTLPUWHTF8QdxOzZ5jM5sjKyHKD6ebsO4ESFfX4GJj6cOYLqHYwcI1Yh4j32E8fFUJsLu0aXSUEPGCMV15N0hpB5CsSG42YcSZwTgAusbiDv3143N2c4ly8bsiFx98i9UPiJX%2F3gRcee7Za16pTtGZ6kysUMvKqB6Q6jWEEl2gnTXg8pPwNPPoMRvZOHJGuLO4YbTBkqcv1YT9UqjQWvzfl1U5qu%2BaM4360E4L6NGJP1a0GjQxiQipYZQ0RBa9sHcHDLnIVMesshDlnjoiPMSqzUjShejMAqCRpVzHgSc1xp1URNBtRFRZHzsoY806YPrPrjdQ2L30FZ92OwnuO0CTnhwKUFXFMglQe4IckaQK4I8Jci7xZHQruKK%2B0K7LPSnvTLtQTEwaeuAHZm0JWNykFyQ5yfB%2FfPxD2jL85IUQZ361XoQNCpNwRcpq1YE50xGIgoi34dTBZS7AuY87Kqz5x4jUWfPFAjZCZw%2BAVevgmUvg%2BWDxQoF2x5UGxS78QOTmXJipXMQpkCSXkO64x3oC%2FLSREDzr%2BuQ%2FPTGV19s%2FLkkPgK3BRJb4BP1M0FL3xvcNjk5vG1yRx5tJKnqqF02ftU7KUvl3De35E5urFi96foP3uZjYjw%2BvCtdusZioeKWI98uKyGkXTGWS%2FLjqtuS4WbmtpczG2fJ2uY7K6udiUBl4iGYOvvwU3A1Is%2Fa9uS%2FvvL3LSg7hM0KdLJTMi0oMwRP9uCSmXpnCKye7YSJhzwrBrYSzi61ItByhllYwP0Ph7P5wN1Dy3pg6T7iToGuLdDVBZjuw2VzgzSxpzd%2BDyaFUHuDUFvvMNRWf3kZrVPnJVmLaCRpRYZRM4wWGRXNqNoMWdOXi2GN%2BUjdiO%2F%2FsvUfAAAA%2F%2F8BAAD%2F%2FzuQMeiHBAAA HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=5d628805-16d2-41d9-963b-ef8fe1538808:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 01f3e2f53eb6268028fe4f1d5a42ca17
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5182
Expires: Sun, 27 Nov 2022 21:45:57 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5182
Expires: Sun, 27 Nov 2022 21:45:57 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 660 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
Hash 55130bf120bd75a4bba7d678be617cdf
77b172c0cc1d15e60ab95edccf3ac1e640d16812
262b9e8c2eeba18bdc3dd53ac7bbacdbbec713a9443ff5dc34e359de56ea040d
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 27 Nov 2022 20:19:35 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d02308d366e622aa26e632ea017600cc
c16673d53c20ac70efbda483ca12b4374a76105c
ad8ccb9b049120b7e44a79dcbc9caab326567933cfce70608bc812237319a0ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD8CCB9B049120B7E44A79DCBC9CAAB326567933CFCE70608BC812237319A0EC"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14926
Expires: Mon, 28 Nov 2022 00:28:21 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=97
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=97
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F29%2Fa4%2F96%2F29a4965e1015f036b834d9da1d4a5e6c%2F1632399618.html&l=1379&fd=97 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
172.64.108.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/img/close.png
IP 172.64.108.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/sweep/social-box/white-small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 21 Sep 2021 12:02:03 GMT
etag: "6149c9bb-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1060103
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jPsFWM4U%2FL00vVqcmxzbxPDTGlcHYHQm%2BZYSZM01fv%2FQ92bRWcJ5OSSWttxwbkCgIFLH%2B63axC6n6Me80UA2voTxhxg4GirQxhzD0BsW%2BlVL3qd9LZmWvPnHOrYrD0ox88QNGVsYgS2b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f432eeb7707-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
45.133.44.9200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 99620d5e4f1ae93546c6dd31a58b5dd2
9dbe4c1e192890c3ddf47e7d1b7ba083b6c81aa6
8bb431af545d60f16b55862430b4876b8443d4d2969eaa49be045d414864b3f2
GET /si/97/1b/94/971b94f609762e18222a7efa0ac567cc/1667590869.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: image/png
content-length: 32558
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:41:17 GMT
etag: "63656add-7f2e"
expires: Tue, 29 Nov 2022 20:19:35 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a1eb8e3d7b5e963c21e1905e849e570
fff8193edc6218562c5612b0e02f73dbcca98c0c
12db50941a08926a1f14146c52b53cfc6acc1dcb6ac858f6fcfb421330dfb12f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12DB50941A08926A1F14146C52B53CFC6ACC1DCB6AC858F6FCFB421330DFB12F"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5182
Expires: Sun, 27 Nov 2022 21:45:57 GMT
Date: Sun, 27 Nov 2022 20:19:35 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=180
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=180
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fanimate.css&l=79249&fd=180 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=188
173.233.137.60200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=188
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fsweep%2Fsocial-box%2Fwhite-small%2Fcss%2Fstyle.css&l=4667&fd=188 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ouo.press/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
172.64.108.13200 OK 1.5 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/style.css
IP 172.64.108.13:0
Hash 53f47799709d536ca23ec1dc1ad7b68b
b1b8f06c80f5e9436f4ced4c476c7006e158fee7
80bde26bd9ea13a6b53bced1e18666bc52c1af99aa5ac6f7e6d69494dfda9b1a
GET /sb/ssp/sweep/social-box/white-small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: text/css
last-modified: Mon, 24 Jan 2022 10:39:40 GMT
etag: W/"61ee81ec-123b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1acMPYU7D6LCh838Gd7Q3rXXCYlcMeA2kGQasuyl69cHgAG1uxxJZHlwY7KI%2FWJD%2BLiWt5bVvsuRx%2Bue3G2%2Ff5BfeDcR5GJ9nJb2F7BLJeomJH6P1o9Mo5Tt%2BGyNMT2TRRZEBijJBLKG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f432ed97707-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 20:16:50 GMT
Expires: Thu, 23 Nov 2023 20:16:50 GMT
Cache-Control: public, max-age=31536000
Age: 345765
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ouo.press
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 23 Nov 2022 20:16:46 GMT
Expires: Thu, 23 Nov 2023 20:16:46 GMT
Cache-Control: public, max-age=31536000
Age: 345769
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm%2FWf%2B9JjDYlwjYWMSdlcD4qW6qnpSTk1XU9U9PQkeggHZizCe9Nh5k2xYXcTFsyATESQgZDwsORhvIngU9iwzGRj9DvV9r953eO9VfXqQXxAXOT3ffFfvSqXoYr3qVl7dkgnXha2s36t4btVdqmzJpFFbqvQnh%2Bm94bn1qvta5R3BOnrRdz3X9VyvsiKNiHV%2FccpCpo9aXrXlVmt%2B1avX0Df%2FxTZ3YKkD3rsgz0Hy8fXtnx9DshGS7re3hO1kOn397W6uaKYNevz4vaST6CJBdz7GxkGcHM%2B2oe2YkC%2BvQCfHMwfQvcOJA0RyTJwnHqLkeCYTUe%2FoUmmkIBJE%2FAaK3ghCjSDpCEzvQ%2FIzAjCO9Q0k3Qfr2hR055KlE3ZMrj39G7IYk2u%2FPY%2Bk%2B82ykv3KXa3yTOrEoh%2BXkP0RZHuEND9BtutAFidg2SeQ%2FBey%2BHQNSfdwwyoNyc9fqfOGH4ZufcFrcH%2Bh5vHWQqsRRAsiDmPh1YMwdMNpRFKOIOMRlBiA2qvIrYNcOshjB3nqoMvPK7Teil23GUdxEIQ1xlgQMFYPG7zOg1oYu8jZxMMAWToAUwMws4fU7KEjBzD5D7DbJSx3YDOCHi9RCILCEhSUoJAERUZQ9Mojrqxvywdc2TzyZt2f9aAc6qx9QI901hYJOUgvyLPT4P768Dt0xHlF8KDherVGEIR%2Bi7OmS2s%2BZ4yKmMdB7HmwsoS0V0Ctg1159swTpPLsfyUiegKrTsDky6D5i6DFsOm7oNvDWuhiN3moc11NjbAWXJdIs%2BvIdpwDdUFemApo%2FXEDgp3e%2FOKzjd%2BX%2BAdgpkRqSnwkfyRoq%2FvDO7ogh3d0YcnjjTSTXblLJ696N6OZuPrVbbFTaMNXb9nBwzfZhJiMj%2B4Jm63RhMukbcnXy5JzYVa0YYJ8v2q3RLSZ2%2B3l3CR5urb51spqdypQ6mQEKs%2Fe%2FxhMjsn%2FTWf6X1%2F68zakGcHkJbr5KZkVpB6BpXuw6Vy91QRGzXei1EGRl0PjR%2FNLJQmUmGMalbD%2FwtF8PrD30TYOaLaPpFuiZ0r0VAmqBrD51WGWmtObvwbTQqScYaSMcxgpoz6%2FjNbK80rdq4kwCpuM80gw7jX9IAxc1%2Be81mwJr4XMjtn%2BT1v%2FAAAA%2F%2F8BAAD%2F%2Fy%2BYvw6HBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm%2FWf%2B9JjDYlwjYWMSdlcD4qW6qnpSTk1XU9U9PQkeggHZizCe9Nh5k2xYXcTFsyATESQgZDwsORhvIngU9iwzGRj9DvV9r953eO9VfXqQXxAXOT3ffFfvSqXoYr3qVl7dkgnXha2s36t4btVdqmzJpFFbqvQnh%2Bm94bn1qvta5R3BOnrRdz3X9VyvsiKNiHV%2FccpCpo9aXrXlVmt%2B1avX0Df%2FxTZ3YKkD3rsgz0Hy8fXtnx9DshGS7re3hO1kOn397W6uaKYNevz4vaST6CJBdz7GxkGcHM%2B2oe2YkC%2BvQCfHMwfQvcOJA0RyTJwnHqLkeCYTUe%2FoUmmkIBJE%2FAaK3ghCjSDpCEzvQ%2FIzAjCO9Q0k3Qfr2hR055KlE3ZMrj39G7IYk2u%2FPY%2Bk%2B82ykv3KXa3yTOrEoh%2BXkP0RZHuEND9BtutAFidg2SeQ%2FBey%2BHQNSfdwwyoNyc9fqfOGH4ZufcFrcH%2Bh5vHWQqsRRAsiDmPh1YMwdMNpRFKOIOMRlBiA2qvIrYNcOshjB3nqoMvPK7Teil23GUdxEIQ1xlgQMFYPG7zOg1oYu8jZxMMAWToAUwMws4fU7KEjBzD5D7DbJSx3YDOCHi9RCILCEhSUoJAERUZQ9Mojrqxvywdc2TzyZt2f9aAc6qx9QI901hYJOUgvyLPT4P768Dt0xHlF8KDherVGEIR%2Bi7OmS2s%2BZ4yKmMdB7HmwsoS0V0Ctg1159swTpPLsfyUiegKrTsDky6D5i6DFsOm7oNvDWuhiN3moc11NjbAWXJdIs%2BvIdpwDdUFemApo%2FXEDgp3e%2FOKzjd%2BX%2BAdgpkRqSnwkfyRoq%2FvDO7ogh3d0YcnjjTSTXblLJ696N6OZuPrVbbFTaMNXb9nBwzfZhJiMj%2B4Jm63RhMukbcnXy5JzYVa0YYJ8v2q3RLSZ2%2B3l3CR5urb51spqdypQ6mQEKs%2Fe%2FxhMjsn%2FTWf6X1%2F68zakGcHkJbr5KZkVpB6BpXuw6Vy91QRGzXei1EGRl0PjR%2FNLJQmUmGMalbD%2FwtF8PrD30TYOaLaPpFuiZ0r0VAmqBrD51WGWmtObvwbTQqScYaSMcxgpoz6%2FjNbK80rdq4kwCpuM80gw7jX9IAxc1%2Be81mwJr4XMjtn%2BT1v%2FAAAA%2F%2F8BAAD%2F%2Fy%2BYvw6HBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST2gkxRut3j%2BH329BULx4UAbxoGAm%2FWf%2B9JjDYlwjYWMSdlcD4qW6qnpSTk1XU9U9PQkeggHZizCe9Nh5k2xYXcTFsyATESQgZDwsORhvIngU9iwzGRj9DvV9r953eO9VfXqQXxAXOT3ffFfvSqXoYr3qVl7dkgnXha2s36t4btVdqmzJpFFbqvQnh%2Bm94bn1qvta5R3BOnrRdz3X9VyvsiKNiHV%2FccpCpo9aXrXlVmt%2B1avX0Df%2FxTZ3YKkD3rsgz0Hy8fXtnx9DshGS7re3hO1kOn397W6uaKYNevz4vaST6CJBdz7GxkGcHM%2B2oe2YkC%2BvQCfHMwfQvcOJA0RyTJwnHqLkeCYTUe%2FoUmmkIBJE%2FAaK3ghCjSDpCEzvQ%2FIzAjCO9Q0k3Qfr2hR055KlE3ZMrj39G7IYk2u%2FPY%2Bk%2B82ykv3KXa3yTOrEoh%2BXkP0RZHuEND9BtutAFidg2SeQ%2FBey%2BHQNSfdwwyoNyc9fqfOGH4ZufcFrcH%2Bh5vHWQqsRRAsiDmPh1YMwdMNpRFKOIOMRlBiA2qvIrYNcOshjB3nqoMvPK7Teil23GUdxEIQ1xlgQMFYPG7zOg1oYu8jZxMMAWToAUwMws4fU7KEjBzD5D7DbJSx3YDOCHi9RCILCEhSUoJAERUZQ9Mojrqxvywdc2TzyZt2f9aAc6qx9QI901hYJOUgvyLPT4P768Dt0xHlF8KDherVGEIR%2Bi7OmS2s%2BZ4yKmMdB7HmwsoS0V0Ctg1159swTpPLsfyUiegKrTsDky6D5i6DFsOm7oNvDWuhiN3moc11NjbAWXJdIs%2BvIdpwDdUFemApo%2FXEDgp3e%2FOKzjd%2BX%2BAdgpkRqSnwkfyRoq%2FvDO7ogh3d0YcnjjTSTXblLJ696N6OZuPrVbbFTaMNXb9nBwzfZhJiMj%2B4Jm63RhMukbcnXy5JzYVa0YYJ8v2q3RLSZ2%2B3l3CR5urb51spqdypQ6mQEKs%2Fe%2FxhMjsn%2FTWf6X1%2F68zakGcHkJbr5KZkVpB6BpXuw6Vy91QRGzXei1EGRl0PjR%2FNLJQmUmGMalbD%2FwtF8PrD30TYOaLaPpFuiZ0r0VAmqBrD51WGWmtObvwbTQqScYaSMcxgpoz6%2FjNbK80rdq4kwCpuM80gw7jX9IAxc1%2Be81mwJr4XMjtn%2BT1v%2FAAAA%2F%2F8BAAD%2F%2Fy%2BYvw6HBAAA HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ouo.press/
Cookie: u_pl=15424691; uid_id2=5d628805-16d2-41d9-963b-ef8fe1538808:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 27 Nov 2022 20:19:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c157fe6cc679c4cd8b9123d0eaf2473c
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
172.64.108.13200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/css/animate.css
IP 172.64.108.13:0
Hash c91016401e0a0b7b3d7572de48c76597
12fb634abb5e708b4f55d1489055b4f626d3cdd1
2472e286e0bf6f54cef9d99e9c63301c873fa02bc4e3979e1a18587a6d973120
GET /sb/ssp/sweep/social-box/white-small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:02:02 GMT
etag: W/"6149c9ba-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dcJDAuFH34xW3t6r8i8qmZOve2n03LnmCzGH8JV8n7N49QY6C5QnWnk%2FtnygO5k2zH3cn1NIVnwWwq7a4eaBpRBgJ8Xi8UReReay5g451Gnj5t78LlhsNWMGkXSuwL3tZ3dVISO9taQv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f431ed27707-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
172.64.108.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/sweep/social-box/white-small/js/jquery.min.js
IP 172.64.108.13:0
GET /sb/ssp/sweep/social-box/white-small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:02:04 GMT
etag: W/"6149c9bc-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1060103
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AwfF2pHLFRwJjppyjYrcVLrk%2F0J%2FW8Lr4F9Ke0PzCWjzu0g7m%2F8GmFd9UP2DmDqR9Dt%2BJie95BwuDnuxeKY%2FQMX8K4jHiCt3EinYVs0rfVXmOhq4NehxVDs8ou%2B9aq38Svok9%2FaNbjFM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f433ef67707-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 0 B URL HTTP/2 challenges.cloudflare.com/turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:0
GET /turnstile/v0/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:30 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 770d8f25a86e0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/29/a4/96/29a4965e1015f036b834d9da1d4a5e6c/1632399618.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ouo.press
Connection: keep-alive
Referer: http://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 20:19:35 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 23 Sep 2021 12:20:22 GMT
etag: W/"614c7106-563"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 27 Nov 2022 21:19:35 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2