ouo.io/I813Wa
104.22.22.162301 Moved Permanently 0 B IP 104.22.22.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /I813Wa HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 09 Feb 2023 02:07:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 09 Feb 2023 03:07:40 GMT
Location: https://ouo.io/I813Wa
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79690d843c61fac4-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3526
Expires: Thu, 09 Feb 2023 03:06:26 GMT
Date: Thu, 09 Feb 2023 02:07:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11758
Expires: Thu, 09 Feb 2023 05:23:38 GMT
Date: Thu, 09 Feb 2023 02:07:40 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 01:36:46 GMT
content-type: application/json
age: 1854
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19547
Expires: Thu, 09 Feb 2023 07:33:27 GMT
Date: Thu, 09 Feb 2023 02:07:40 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 03bc7de3762610edc7d61090c69d15ba
b0a86d508530d2c1f913face675e7f7131b56817
77b3dffb6683a7e52d1793bc5fb622abb1a709ed74b6ce60332aa41ff0bb9060
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2769
Cache-Control: max-age=158227
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:40 GMT
Etag: "63e411ae-118"
Expires: Fri, 10 Feb 2023 22:04:47 GMT
Last-Modified: Wed, 08 Feb 2023 21:18:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JzZSV7kqHIsdNpzYQ5pfz62NcJKW/UJAxWKdY9OlARv09rtphqeRXtcWIYWE96ARblY9HJ/YzLXD0brrLAY0ig==
x-amz-request-id: HX3JF7VT0T251CW2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 01:46:11 GMT
age: 1289
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:07:40 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash bdae773081516eae9c198bf612c11cec
625f92d5f6dff484c646884932a4831d19209564
6a9585b94d70ce1a1964c3c9cad0a837a222423a4b0c371e45ae01ceb47a8f1a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2667
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Last-Modified: Thu, 09 Feb 2023 01:23:14 GMT
Server: ECS (amb/6B96)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 01:51:21 GMT
age: 980
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2563
Expires: Thu, 09 Feb 2023 02:50:24 GMT
Date: Thu, 09 Feb 2023 02:07:41 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.100.136101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.100.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rc0cphXuTVflBYY1Wzu5dQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yIkVEoyE69dqjTNFLlBwuzxxc8M=
ouo.press/images/world.png
104.22.58.251200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP 104.22.58.251:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/I813Wa
Cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; __cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Fri, 03 Mar 2023 22:46:59 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 616841
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8c9c07b4f4-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c84b569aab8c5c749f9682cda6169531
a317b0ce92bc40d2b5c3448c7483aa2dc5442212
a00b47d6775297b40e7168b929139a936e289ba0b6c728e620666e7e5af71b0c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3798
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Last-Modified: Thu, 09 Feb 2023 01:04:23 GMT
Server: ECS (amb/6B96)
X-Cache: HIT
Content-Length: 278
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
142.250.74.164200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 5729c8ae80dd3fd1300b04c1831c6b6c
1017e29a4070f366569eccaf11650f76fee56d32
cbc90067b532279649223935ad648beb6f29fecb0c2722af4ccd099de143d448
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 09 Feb 2023 02:07:41 GMT
date: Thu, 09 Feb 2023 02:07:41 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c84b569aab8c5c749f9682cda6169531
a317b0ce92bc40d2b5c3448c7483aa2dc5442212
a00b47d6775297b40e7168b929139a936e289ba0b6c728e620666e7e5af71b0c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3798
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Last-Modified: Thu, 09 Feb 2023 01:04:23 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ecdn.analysis.fi/static/js/fab.js
54.230.111.15200 OK 2.2 kB URL HTTP/2 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.15:0
Hash 08f01ede039571015bba5abda7512767
fac8bf02736eda504e557e2d2788db8e75ddd78c
4f2415ce12fe72d01c701ea96458491871b39da24b78fafbaabca5c6c5a6e2de
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 09 Feb 2023 01:28:59 GMT
expires: Thu, 09 Feb 2023 02:28:53 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-1090"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: d8bqPPVdeh3KTf1Uq_qlUKZkbCK4GSVXRKOYUdKh4iES30V1-grv3A==
age: 2328
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a87ffdd7685a9b47a6a95f0836dd0fa0
b5921ecf591a9138d7cf7bb6fac10fe2cee993ee
7b0dfaec19c67c8bde544812d943c88d05a620aa280cb6795408f3616a1ade9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B0DFAEC19C67C8BDE544812D943C88D05A620AA280CB6795408F3616A1ADE9B"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18094
Expires: Thu, 09 Feb 2023 07:09:15 GMT
Date: Thu, 09 Feb 2023 02:07:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b74adbb2002a72c9eecfd5e0c3dee631
23957d43332c2082995b1497ceafbe2f9b7ed6e6
1b27bf7cfc55314a3f36ead46cd08210c40a31ed3a9b11be040b0ea8b0c9ca23
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Etag: "63e326e5-117"
Server: ECS (amb/6B9A)
Content-Length: 279
ouo.press/I813Wa
104.22.58.251200 OK 3.4 kB IP 104.22.58.251:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1938)
Hash b3636b7a330a299c358c0a5836c9aabc
bef19e8f471946de4b311c66421a596c27c667d2
073f739ba5219bc656976b1a05b5e5ed28ab7abcf65a8956799cf11480379f83
GET /I813Wa HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; path=/; httponly
language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; expires=Tue, 08-Feb-2028 02:07:41 GMT; Max-Age=157680000; path=/; httponly
c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; expires=Thu, 09-Feb-2023 04:07:41 GMT; Max-Age=7200; path=/; httponly
__cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=; path=/; expires=Thu, 09-Feb-23 02:37:41 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 79690d899aa5b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b74adbb2002a72c9eecfd5e0c3dee631
23957d43332c2082995b1497ceafbe2f9b7ed6e6
1b27bf7cfc55314a3f36ead46cd08210c40a31ed3a9b11be040b0ea8b0c9ca23
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=95352
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:41 GMT
Etag: "63e326e5-117"
Expires: Fri, 10 Feb 2023 04:36:53 GMT
Last-Modified: Wed, 08 Feb 2023 04:36:53 GMT
Server: nginx
Content-Length: 279
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.44200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.44:0
File type ASCII text, with very long lines (37201), with no line terminators
Hash 4d0d2545473e70ea5aa3c1114f50f38e
27821cfce410999a56bd9a0d4ac7c8bb66c452f7
ff790b334addc49dea602277a02e062230a222839b64093120419759ecbda7f5
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 02:07:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 718ab63c52382e8e05d58d0110a621b3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8012abc67903501fd07306b5cdca2014
e3f47115db6f7669bdfe4b1222e8f8aa4e3e8d4a
b41a520cf782b36627a9f38adeee6796a5157db8a9a9ca45b60a0d34ee9de6c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B41A520CF782B36627A9F38ADEEE6796A5157DB8A9A9CA45B60A0D34EE9DE6C8"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4908
Expires: Thu, 09 Feb 2023 03:29:30 GMT
Date: Thu, 09 Feb 2023 02:07:42 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Questrial
142.250.74.106200 OK 20 kB URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.106:0
Hash df4ec356259452c7be1a0194940c9ff6
c3e4b22e9b958a942e1c52eac705b84ae56066ee
7ae351e08511ee2f1359da9dd76da34839b08a4d0131f00e7e02d63abebe85ea
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 02:07:41 GMT
date: Thu, 09 Feb 2023 02:07:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash a28222744ed7330bea9a621b935adcc1
d6c82547cae9ebf20c9e2534b2b072977d721399
14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 09 Feb 2023 02:07:42 GMT
Last-Modified: Thu, 09 Feb 2023 01:38:14 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Zl2WwJm8hC41jKSMDdv2tYAN0Ts5TZUu54wc_W3XERyVGaZnL7Xmwg==
Age: 1768
ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
2.18.172.200200 OK 80 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
IP 2.18.172.200:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6a4ce36b0d03543974d71b88fa37145d
a5c1750aab7489f287c98bae25f5afff0ed16ce8
30fb02ff951a4220268d02c95e2dbd16adfad28b179a89e9643d75ade8809aaf
GET /AdServer/js/pwt/155495/4202/pwt.js HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 27 Oct 2021 05:33:12 GMT
etag: "1241a12-3fca8-5cf4eee137dd8"
server: Apache
unused62: 8096267
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: text/javascript
content-length: 80538
cache-control: max-age=171848
expires: Sat, 11 Feb 2023 01:51:50 GMT
date: Thu, 09 Feb 2023 02:07:42 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash e164d0f5eadbac28feb99a6c232e4d2e
f60a1f35f1bf2c2d90a07682309eef1de0fa11a2
7b4eb29bc391d1bfb2c002baadd869d85183538037b4f21d83b65fe9c73fa153
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f:1:1; expires=Sun, 06 Feb 2033 02:07:42 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ouo.press/favicon.ico
104.22.58.251200 OK 0 B IP 104.22.58.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/I813Wa
Cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; __cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 5661
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d918eefb4f4-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
216.58.207.227200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 216.58.207.227:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 08:53:11 GMT
expires: Wed, 07 Feb 2024 08:53:11 GMT
cache-control: public, max-age=31536000
age: 148471
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
widgets.outbrain.com/images/widgetIcons/achoice.svg
23.38.201.81200 OK 990 B URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 23.38.201.81:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (990), with no line terminators
Hash 5ab8e16b5f46213840bcd403e349419c
f03f6dc8e2206a94119af76f9a3b3c835390cae7
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "5ab8e16b5f46213840bcd403e349419c:1673369393.880194"
last-modified: Tue, 10 Jan 2023 16:40:08 GMT
server: AkamaiNetStorage
content-length: 990
cache-control: max-age=2592000
expires: Sat, 11 Mar 2023 02:07:42 GMT
date: Thu, 09 Feb 2023 02:07:42 GMT
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
216.58.207.200200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
IP 216.58.207.200:0
File type ASCII text, with very long lines (1759)
Hash 4dd6598f8a3bce2113f0c2f414117748
13651dddd9b4bd107959cc74ed2b30c5423c8ace
fa3a8e7dc706f014a460602af11a29f454d73b62cb1e781fb49fba9b005c5613
GET /gtag/js?id=GTM-NPLC9ST HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 02:07:42 GMT
expires: Thu, 09 Feb 2023 02:07:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 00:33:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47330
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f30ebb7855430e77d7f7e78185824905
f833d3fbb268c2d0b289b8af527a13ea6ab3535d
ecf61ddf953eab9c7889a0b5e697364bed9f8fee9f7be3c3d13258542c858354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
216.58.207.230200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 216.58.207.230:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 15:55:01 GMT
expires: Thu, 09 Feb 2023 15:55:01 GMT
cache-control: public, max-age=86400
age: 36761
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 054fdcff5853ca82fe55fb7655ec00c4
b048e1d16384aeaeac003db9119c30fe78ec4054
62ad987e23c51b53598d860d77e3ff16525632567e9098a20ea557ca8c7f007b
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6275
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Last-Modified: Thu, 09 Feb 2023 00:23:08 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
friendshipmale.com/sfp.js
172.64.203.23200 OK 28 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 773a6322525445e97ca266b17fad0755
bb044636f011977f8c021aafc036e38925b3e157
9127b04f805d29dd5f9a516ff54511e1e449fd10217a4578de7f3996cf9cf3a5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4eff52e91b72ab0fb395a1e0a273926c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 09 Feb 2023 02:07:41 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZTBf%2BQSuLLHqjjOXofysMoUnqs3Imfbvi%2FejNmAqsAVmi04B4iW%2Bp3K73uxkJEQ3jbhWduJ3QYIX%2Fq%2BehU7FOFoodAfaU7UdfqoEqROmMQw94R2tnPSGoSxoWYau8Qr03TGBfI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d9098837484-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 8e109baddb22b573a373457259aac9ac
f5f95ff6171d3cb8b274fa8c1eb361a98faaf423
f6d6b1beb6eb4837871a5b74c2f74ef9d1fc27b9f86b4eeba62c43cebf8914a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5615
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Last-Modified: Thu, 09 Feb 2023 00:34:07 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d09192b0325fc351f837998af0ec0859
9a2e9bd3eafa7a522727e29908c1576e7d256a87
def6f8c8083625ad72cb4a4e93336979b5ab7d0181031f639c3abc3f5b63ef99
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3648
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Last-Modified: Thu, 09 Feb 2023 01:06:54 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash f30ebb7855430e77d7f7e78185824905
f833d3fbb268c2d0b289b8af527a13ea6ab3535d
ecf61ddf953eab9c7889a0b5e697364bed9f8fee9f7be3c3d13258542c858354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fptadtrue-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fouo.press%2FI813Wa&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f345a959-25e3-443e-931c-b1ad25dca5e7&nocache=1675908519354&aus=300x250&divids=adtrue_ads_12953_jvqulfksaxnm56qgks1&aucs=adtrue_ads_12953_jvqulfksaxnm56qgks1&auid=558223497&aumfs=100
35.244.159.8200 OK 79 B URL HTTP/2 fptadtrue-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fouo.press%2FI813Wa&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f345a959-25e3-443e-931c-b1ad25dca5e7&nocache=1675908519354&aus=300x250&divids=adtrue_ads_12953_jvqulfksaxnm56qgks1&aucs=adtrue_ads_12953_jvqulfksaxnm56qgks1&auid=558223497&aumfs=100
IP 35.244.159.8:0
File type JSON data\012- , ASCII text
Hash c042d7e533e41fe84bc182826e9a397e
258cb41cbc2a77f4f48e201e7da4b7af52508d84
3eaf5fa9327b23c0b7fa67af760f2fc8fc91a7a61b156808dc6471529f5186aa
GET /w/1.0/arj?ju=https%3A%2F%2Fouo.press%2FI813Wa&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=f345a959-25e3-443e-931c-b1ad25dca5e7&nocache=1675908519354&aus=300x250&divids=adtrue_ads_12953_jvqulfksaxnm56qgks1&aucs=adtrue_ads_12953_jvqulfksaxnm56qgks1&auid=558223497&aumfs=100 HTTP/1.1
Host: fptadtrue-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=14691434849&lsavail=0
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=14691434849&lsavail=0
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.12.0-pre&cb=14691434849&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 406
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 02:07:41 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 868
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
cache-control: no-cache, no-store, must-revalidate
date: Thu, 09 Feb 2023 02:07:41 GMT
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 054fdcff5853ca82fe55fb7655ec00c4
b048e1d16384aeaeac003db9119c30fe78ec4054
62ad987e23c51b53598d860d77e3ff16525632567e9098a20ea557ca8c7f007b
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6275
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Last-Modified: Thu, 09 Feb 2023 00:23:08 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8154
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:07:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8154
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Thu, 09 Feb 2023 02:07:42 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 01:44:05 GMT
expires: Thu, 09 Feb 2023 03:44:05 GMT
cache-control: public, max-age=7200
age: 1417
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.89.211.84200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.211.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 867e8e653ac37805762deae2f5bb6b60
85b485592184f7ec7bb2d417353c4da39e4cea9d
6b6d9293d8512595ee8299ac04fa19454808ac6c9b18aac4bcfbf2493342c341
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 535
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:42 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 07f3eaf8-ee2d-4cd2-b14d-a6876c44945a
Set-Cookie: icu=ChkItZqGARAKGAEgASgBMO6qkZ8GOAFAAUgBEO6qkZ8GGAA.; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:42 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=4088083433052805254; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:42 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 48374
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 16378
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc553a8677d9c0bf4835a0c29a7345c
ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8
e821faf86e44f2b9c9d5bd8cd3575c0a99acfc58774077034c413e345a7c0c0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F396748b7-25c0-4112-960c-9c86d5ad28f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7451
x-amzn-requestid: a900a5b4-85cd-4817-8e70-2516eb33a0a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fox8IHMuIAMFdHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c9e7-1122726b315a7c5623d1ff3f;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 02:09:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JFPF2xZJ9QIqJbOEjTi5gt2aflnM9HVaWp8FpRAIIeDf59cJzbp6kw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:36 GMT
age: 15666
etag: "ec8541dd8ae32e1cf597d40cc1d9d04aefb46ba8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP 34.120.237.76:0
Hash acca0807ef177e312fe9890fcc0da25e
c70811077cb45b58dcb7622f44755225bdf6a103
7f04af8ec970c1b41c02505363811941a22bf204c147709f0c04cdb7b8d4b58c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1mDt4mKlkZG2_zBPhwB_lbzJ0Im0FlnjmJMa7gcopuv14gwqtwlA2w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
age: 16385
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c45da743665658afcfbf2309e1594b
04d025452dcec571f3eb6068499290d86e0c4c30
3ddfcf83ea18ba20700364c7095750a142a15575c988ba5688ed2f4dbbba4ee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6471
x-amzn-requestid: ab4c8119-a2f0-4b3d-bbed-b34c5a0a7a30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGaGsjoAMFmZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f5-7298e0530bee8f997b552e6e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b74bFyh7eYS-pBQhcW3BItLbjUzmTdCMoKd_lpXXwqVWyfhfdKUP0A==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:46:24 GMT
age: 15678
etag: "04d025452dcec571f3eb6068499290d86e0c4c30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: c3dabd4b-797b-4bbe-8824-5f502ff477b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2aG-IoAMFfnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf5-68de905b2ed5bfe46a87e688;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CsMWJP4A64pbv9jhvJkyNF2SU7gQEIkQ5xWBlSVSlGjlfz9O0dkPGQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 03:38:47 GMT
age: 80935
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FI813Wa&charset=UTF-8&ch=2&ref=ouo.press&viewerId=null&referer=&_firid=8567113
108.157.229.98200 OK 5.7 kB URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FI813Wa&charset=UTF-8&ch=2&ref=ouo.press&viewerId=null&referer=&_firid=8567113
IP 108.157.229.98:0
File type JSON data\012- , ASCII text, with very long lines (25928), with no line terminators
Hash bccfb1783d31299e46390bd36fc3f5ee
9ebc893891cfd952163dc35ad6f0d2f99272ddd8
4a266922983da7adaf7f3fc17661b4ef7de8b0f9996269ffa42cc51db075815e
GET /delivery/spc_fi.php?id=7419&url=%2FI813Wa&charset=UTF-8&ch=2&ref=ouo.press&viewerId=null&referer=&_firid=8567113 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
content-length: 5690
date: Thu, 09 Feb 2023 02:07:42 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Fri, 09-Feb-2024 02:07:42 GMT; Max-Age=31536000; path=/; secure; SameSite=none
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a1883601a786b7317faec0d94ef154f2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: sEq4wK8RB9Qk8FMSeUa7qXj2vHVob_OQ5YjzTwSxJfYIoQOYaVZtkw==
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 715 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
Hash 42ea7bfe2d0224494d094b22710ee8d5
930c46ba06b38aff74c6fd87386e8931a971f173
74f61c6c8e7ed5874c30381543c2dd8cd90675a215e899f69916ad0d114ecb6b
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 793948
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.89200 OK 36 kB URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.89:0
Hash b55df34aad4bf9cd3a203a4a77698079
013e564949b8a71b8b191e2a7f21e101f207f71b
f3e73d92e9259013220e407eb0623888fa86f63b285375e0492290afd4ac67d0
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 09 Feb 2023 01:49:32 GMT
expires: Thu, 09 Feb 2023 02:49:31 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tP-7ocKLMHyFLFHfQkiks4t0MYTUCdmfJZqKhxYb49Np51xSjVsvTA==
age: 1091
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
151.101.1.229200 OK 8.9 kB URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (26104)
Hash f93233a919d47bd470922826d4cc00f1
5571e6ae9c7026c733084b390d78b93703b63ceb
f7bd9a813b14d3aa76ec1d67d654cce845d3b3bc980ae0fc0500d4ac8f85ea1d
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.15.0
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 09 Feb 2023 02:07:42 GMT
age: 27765
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1667-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8852
X-Firefox-Spdy: h2
jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
104.18.36.64200 OK 1.0 kB URL HTTP/2 jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
IP 104.18.36.64:0
File type ASCII text, with very long lines (2675)
Hash 3e5774cc051dee622677d79fc0487cdb
9b768db703a166a575420dcffe275947c861f990
4f296af028406b181c488fcdfa4d5c96595971396783c40006b92792fbc0490e
GET /a/d/adtrue.ouo.press.991771.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: text/javascript
content-length: 1018
x-amz-id-2: qO+VuN1YC18fPCZczj69QNAsXknPIgHcDM92e3ENuIU2bK6Ax09aBdd0Md1mVNs7YaggjOJ1efY=
x-amz-request-id: 7CAQ926Y51BVEJ35
last-modified: Wed, 18 Jan 2023 10:11:47 GMT
etag: "3e5774cc051dee622677d79fc0487cdb"
content-encoding: gzip
x-amz-version-id: _rSJ_J.YB_qzvxsQXIHnJCUoJz3t.X_7
cf-cache-status: HIT
age: 1635
expires: Thu, 09 Feb 2023 06:07:42 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d955ab4b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash f8d01d4f317ffef5c17e14b2338c2cd1
6cbc9586eca2607cd20f5edeb8e6d8988c5d9f53
62882111f66332269e3fac5f452d33579f8a668e2e503a03270d4bda29a27ace
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 02:07:42 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "0A99AC5FC7D83F50ED02E5EDBA39A3B859AFCC75"
Expires: Thu, 09 Feb 2023 13:00:00 GMT
Last-Modified: Thu, 09 Feb 2023 01:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3233
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79690d958e78b523-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 428dfd97b5ecce8b0a60c9195c6f7a07
ce2672fc6c08a2b676353a25a2c4d86599c7ca70
412dc0f3c18c5234507fb563052daa7365397895d66629e0be8e3c5c742eaf87
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: max-age=102847
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:42 GMT
Etag: "63e32b0a-117"
Expires: Fri, 10 Feb 2023 06:41:49 GMT
Last-Modified: Wed, 08 Feb 2023 04:54:34 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=59271511159
178.250.0.165200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=59271511159
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=59271511159 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 487
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9ce0c9bc2a6db0953de294199054df32
349a4f1fa3240e2b9d0a2254453ecaa4d78113e5
992aaf5ee320fb9291ced258e2b6fa49170bf1b5d54ee6b74955cf32719ebd93
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4547
Cache-Control: max-age=87299
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Etag: "63e2f5af-1d7"
Expires: Fri, 10 Feb 2023 02:22:42 GMT
Last-Modified: Wed, 08 Feb 2023 01:06:55 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/ut/v3/prebid
185.89.211.84200 OK 12 kB URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.211.84:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20040), with no line terminators
Hash 15c03c05c9c76c9cc4416f45df6de07a
dd89486c2e201eba8a6ca07c2a3afb781686fa61
582e16627961ec6531c08469b4532988535e83a70f437bc5279856215cd20249
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 561
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 4f673c49-3fe2-47b6-a8f3-5032d1132b70
Set-Cookie: icu=ChgIw6tREAoYASABKAEw76qRnwY4AUABSAEQ76qRnwYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:43 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=745760423957715618; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:43 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Encoding: gzip
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 297bc65c49d69adf06bb81e5f61af373
92c640748ad77b6e75bd3ddf09fae0df8d9bc248
cf3fcdfb7668814a58e51e4fa2c7cddf187ba3750d58596cdb56013c14ce6f2b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 01:55:53 GMT
Expires: Wed, 15 Feb 2023 01:55:52 GMT
Etag: "92c640748ad77b6e75bd3ddf09fae0df8d9bc248"
Cache-Control: max-age=517088,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79690d97ac73b518-OSL
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FI813Wa&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.page=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=9c974a18-2428-4d79-9375-ced3e5f901df&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05465637815874158
213.19.162.41200 OK 348 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FI813Wa&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.page=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=9c974a18-2428-4d79-9375-ced3e5f901df&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05465637815874158
IP 213.19.162.41:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash 06c3bcb835572a5f1a48a8da35eae99d
49e6f48e85fa450e73b6026fb3f74e82825db1a4
fcd39bae117dc5d020f72c8dc5978ddb163d0da681e8cdd062a72e47b149ceef
GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FI813Wa&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.page=https%3A%2F%2Fouo.press%2FI813Wa&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=9c974a18-2428-4d79-9375-ced3e5f901df&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05465637815874158 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LDWGMMDQ-T-FLQ1; Domain=.rubiconproject.com; Path=/; Expires=Fri, 09-Feb-2024 02:07:43 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qqqkjiSkxVDEe9DtVM30fCgweH8d56csowLr5UNMQGYrZZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Fri, 09-Feb-2024 02:07:43 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 348
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.89.211.84200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.211.84:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 27b1b79fc4b2144891e3039d50e88b59
46c9c81e6854742e9ec63471bbbe31cd34f1d03d
4fd962b8d7c8451161fb8afd91fdec32defd1ac256b767d0c57d35f30c7b0da7
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 682
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: a0168454-3d15-4189-bd8a-29491dea1347
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
c.amazon-adsystem.com/aax2/apstag.js
54.230.111.210200 OK 110 kB URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 54.230.111.210:0
File type ASCII text, with very long lines (65458)
Size 110 kB (110442 bytes)
Hash 0a4462aa77260794aa2ce6b8a8dec7b3
ad4fcb011804b5889187c409d10ff17901b26f67
7245bf8780ef63ab98d4b36d337a187ea37359168bcc1920d43c82efd34a6a52
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 09 Feb 2023 02:05:17 GMT
last-modified: Wed, 08 Feb 2023 21:24:16 GMT
etag: W/"73a4291e0b24cc8bf12a18bcd544a2b9"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 c80fd33b8f8c4dff5488cc52ba797aa6.cloudfront.net (CloudFront), 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-P1
x-amz-cf-id: NWnV4LR8SHbwpxTmVr6pFjjmsKXM6F1pfHCu7_YtABDZz2yMq0KUsw==
age: 146
X-Firefox-Spdy: h2
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.43204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 618
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 09 Feb 2023 02:07:43 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 808b8bcde8023e50a7983f32153a5ec2
afcdf26d583d223dd9e89fab23c8bb42a8bbbed0
683eb688005206619954fade8a9eb484c6ff692c1b95440c824848c1fae1c5f5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 625
Cache-Control: max-age=145689
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Etag: "63e3e917-139"
Expires: Fri, 10 Feb 2023 18:35:52 GMT
Last-Modified: Wed, 08 Feb 2023 18:25:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
54.230.111.210204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 54.230.111.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Wed, 08 Feb 2023 22:07:10 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zO6aXTvhYxVxVPolxfuLk8jQURZNB3GXxBqOMrkg9UJWuQT5ep2EMA==
age: 14432
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 684cc8beee740cc991cc3347d693f1a8
a48d526397f249e134e8207899ca290b50fa0bf0
96093863c0cfc887145e90af5d1fa901e74c0446447321332d783e3f59dd402d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96093863C0CFC887145E90AF5D1FA901E74C0446447321332D783E3F59DD402D"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8729
Expires: Thu, 09 Feb 2023 04:33:12 GMT
Date: Thu, 09 Feb 2023 02:07:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0fc3e2be9a02b14fdb24e92d26da8838
d55b2ea7ea9d97de65bd0833926173f205591b6e
55958bd04c967f293dd41c5f4cd5fc52eaaad9738af71c0910fad08b11996c24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4556
Cache-Control: max-age=132280
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Etag: "63e3a55b-139"
Expires: Fri, 10 Feb 2023 14:52:23 GMT
Last-Modified: Wed, 08 Feb 2023 13:36:27 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:43 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=UYG3hl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnclMkJPMzc4RGRTQTZTQ2xkR0h0N1dIaA; expires=Tue, 05 Mar 2024 02:07:43 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 214231
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8eb866b48f4c72fabff971b1df7782ec
298494bea8c6ac3c8f9b86008c8ae002fa035504
00e6531d9307a20d9c1382f1bfa271c48e4b4a60b85ecf0bdf3be8287ea333bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E6531D9307A20D9C1382F1BFA271C48E4B4A60B85ECF0BDF3BE8287EA333BC"
Last-Modified: Mon, 06 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12440
Expires: Thu, 09 Feb 2023 05:35:03 GMT
Date: Thu, 09 Feb 2023 02:07:43 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4670
Cache-Control: max-age=99321
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Etag: "63e3242a-139"
Expires: Fri, 10 Feb 2023 05:43:04 GMT
Last-Modified: Wed, 08 Feb 2023 04:25:14 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FI813Wa&pid=YsyqV1Sr4zLnX&cb=0&ws=728x90&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
54.230.241.131200 OK 145 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FI813Wa&pid=YsyqV1Sr4zLnX&cb=0&ws=728x90&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 54.230.241.131:0
File type ASCII text, with no line terminators
Hash 3d76a0871bf57ce8540ecb0bf1333763
b75ac12ee4a187303e843a19e97d6f01e6759e4f
17102a4b86e006f431d6aeac0a04d628d2ad3a6a1722a60b8fec94d6ebaf851f
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FI813Wa&pid=YsyqV1Sr4zLnX&cb=0&ws=728x90&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 145
server: Server
date: Thu, 09 Feb 2023 02:07:43 GMT
x-amz-rid: YF9XSYJ09QJGY6JNDD1M
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZAg8P_55jdn7mt6_LlV7i-NivXLEeB6fRifvk2qjFgdwXW0fl8AOjA==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4670
Cache-Control: max-age=99321
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Etag: "63e3242a-139"
Expires: Fri, 10 Feb 2023 05:43:04 GMT
Last-Modified: Wed, 08 Feb 2023 04:25:14 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
unseenreport.com/pxf.gif?uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1d5fc167f758f274ea0e913d5654599f
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
54.230.111.210200 OK 3.1 kB URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 54.230.111.210:0
Hash 4fde6e0b20fd623dc9cae9fd23e4c0bf
8c38ff52cc500a3dcd3b3af02829b7c70479c1f6
8870d1ff4bb9b77fd7e67b204c816ffa9cb44f06113a0af61abafa54bef6e4dc
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 08 Feb 2023 10:05:57 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 08 Feb 2023 10:05:52 GMT
etag: W/"a4d296427fc806b21335359e398c025c"
cache-control: public, max-age=86400
x-amz-version-id: zv0zkgF8NnUlHbYAYVWZBKSRYlhapW6k
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YDkk9owlj03nlKfdS2PAhp8Q4muV964OemFA1SbdEQ0bFHG_GkTcBw==
age: 57707
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/xbfe_backfill.js
142.250.74.66200 OK 3.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/xbfe_backfill.js
IP 142.250.74.66:0
File type ASCII text, with very long lines (1531)
Hash 562506238b9215a693454fbc88d0df5a
165f27696f81a017b433ba8d1d0f8c7cdc677041
b906b51be2742b7cfc21fe2d99515aa1aa51a2af3a1b1b4335792138bde40486
GET /pagead/xbfe_backfill.js HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 3003
x-xss-protection: 0
date: Thu, 09 Feb 2023 01:43:34 GMT
expires: Thu, 09 Feb 2023 02:43:34 GMT
cache-control: public, max-age=3600
age: 1449
etag: 2660866305706646737
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.14200 OK 4.8 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.14:0
Hash b7c4ad46a8a5bf6b8239063dceef8b66
824310c15c2b09761399eca3601814cec8ee8573
6eea2808f94809082d09977ac27bb895e6682a98e234f642b3d7d8eb70d72d16
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 154097
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 129 B IP 178.250.0.157:0
Hash a67c4b17594753e223eb05dc3da58fa8
7487e5a8bf7c396f82e526aaf02c1ee9ad270db2
4e1c0a326d6b7410820def0f0ec4d61e6dd564132b096f5b2d2cdc0bd54d7f55
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=UYG3hl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnclMkJPMzc4RGRTQTZTQ2xkR0h0N1dIaA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=IMJ2aF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnh1aUdBaTh4MGg2aDZKUCUyQkVBUUVvSA; expires=Tue, 05 Mar 2024 02:07:43 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 306791
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLfLuhfFwAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvRwA5gB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy9JODEzV2HyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTMzNDU4NzQ0OfICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90STKoc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZE4XADQoImxvYWQiLGYsITEpO7Y6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAAEJiZGSAAAKDZqADBiJiYoZC5hdHRyaWJ1YbMUc3JjPSIiAb4BChRjO2EuZ29KnQE0LnB1c2goZCl9CjtmdW5lIAwgcSgpJZZ8YT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O3JldHVybigybgJUbnVsbDphKSYmIjc3Ij09PWEuZ2V0QQ2QOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTtBNyxyPVJlZ0V4cCgiXmihIeA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmYR4AB0FeAAawVhDGM9W10FCQRlPQHGCDtkbwX_GGI9YTt0cnkFDCxkO2lmKGQ9ISFiJiYBJBwhPWIubG9jYSFqIC5ocmVmKWI6ewEtkG0oYi5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChoKXt9ZD0hMX0B1ghmPWQZFwBmARYMaWYoZil5AGc-XgAQO2U9Yi4xNgQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf_wQH19d2hpbGUoYSYmYiE9YSk7Yj0wO2ZvcihhPWMubGVuZ3RoLTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2E8EYpMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUAZCFaCCYmZQVIARsIKTtjBa0UdihiLGcpbYsYIGMuZz9jLgX6DDpjLmkBQAB9ddAwdihhLGMpe3RoaXMuaUHVAQkIZz1jGSIAdR0iCHVybBEkFGg9ISFjOwUvBYglCgB9mSkAd3VJfHQoKSxjPWEuaW5kZXhPZigiPyIpO3NldFRpbWVvdXQoEYwNMQRlPdVWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDKtABBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NBRmPyExOmYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4QKX19LDBVoFwwPD1jP2Euc3Vic3RyaW5nKDAsYyk6YX0J4BAucmZsPV0jyWBsIGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoQKTsKPC8asApo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1CNjEyZlZLZ3RZNDhRLWUwdWVFakM0MmFwZUNOV3lWVEJ2SlVGX29vam1vdk8xWUNVUDU0Nzhfa0c4aUZsQVVzVUR0X0dfMUZva3hydnJHYlpqczd0V1VQWWZYZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGqhkaXNwbGF5Om5vbmUiPjwvZGl2PvICmQEKDFBPU1RfU0NSSVBUUxKIATxzEgIINggBFlkIUGFkcy5nLmRvdWJsZWNsaWNrLm5ldDEGPHhiZmVfYmFja2ZpbGwuanMBZS21DVMubQxgIHtyM3B4KCczMzQ1ODc0NDknKTt9KSgpOz3qEMMQChBIAZ00UE9SVF9QQVJBTVMSrhCRI4qUAPB5YWRmZXRjaD9hZGs9Mjc2NTE3MDgwJmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD03Mjh4OTBfYXMmaXA9OTEuOTAuNDIuMTU0Jm91dHB1dD1odG1sJnVudmlld2VkX3BNiCBfc3RhcnQ9MSahcxG5CG91bzL8DRQmc3ViX2MJhwBiQYzwfXItNTA4MTYzMiZobD1lbiZhY2VpZD1NTzR3WXdEYkRyUUFaaHkwQUpWd05BRmVnRFFCSTRNMEFVeUROQUdsZ3pRQjFJTTBBUUtFTkFFTGhEUUJWNFEwQWFTRU5BSG5oRFFCX29RMEFSU0ZOQUVaaFRRQko0VTBBU21GTkFFcQEQLEs0VTBBVVNGTkFGUQEQAFYBEARXZQEQAHIBEBhlb1UwQVlhARD0wgJMYzBFQlRYTkJBVkxBX1FFUUgxd0NtQjljQWpqSVhBSmItWWdDYVBtSUFpVDhpQUluUXFvQ0tFS3FBaWxDcWdJYlVhb0NsR3FxQXUtR3FnS0FtNm9DZ1p1cUFvS2JxZ0wwbmFvQzc2V3FBcUtvcWdMSHlLb0NmTTJxQXByYnFnTEk0cW9Db09XcUF0ZnhxZ0x6OWFvQ2F2aXFBaVg3cWdKQi02b0N4QXlyQXZRTnF3SWhFS3NDR2hTckFuQVpxd0tSR2FzQ29CbXJBbjBjcXdLbElhc0NpQ0tyQWxRb3F3SmNLS3NDNXlxckF2c3Jxd0xsTDZzQzV5LXJBb00wcXdJU05xc0MtVGVyQXJjNXF3TG5PcXNDRFR5ckFpTThxd0pOUEtzQ3RqeXJBakktcXdMM1Bxc0NaMENyQWo1QnF3SzlRYXNDREVPckF1VkRxd0lXUmFzQ21rV3JBbmhHcXdLWlJxc0NIRWlyQWtoSXF3SlFTS3NDVDBtckFveEpxd0tTUzZzQ1lFNnJBbkpQcXdLcVQ2c0NkVkNyQWdaUnF3SVRVYXNDYjFHckFyMVJxd0l2VXFzQ1QxS3JBcDFTcXdMWVVxc0M5RktyQWdCVHF3SUtVNnNDUDFPckFxQlRxd0xwVTZzQzhGT3JBdnhUcXdLd1ZLc0NfRlNyQWlwVnF3STFWYXNDQ2xpckFrTllxd0pSV0tzQ21qcjZBNnV5eFFVQzFmQUp3OWloRG1tai14S2d1ZnNTSWNYN0VyYlcteElKNlBzU2d2WDdFajM0LXhJcEN2d1NMQXY4RW5FTF9CTFpDX3dTQnd6OEVpa01fQksxRFB3UzJ3ejhFajhOX0JLNlhOQVRXNV9xRkFGY054ZkpVNk1ZLWxackdxeThfeU5feTdVdThEaVNNQSZleGs9MzM0NTg3NDQ5JmF3YmlkX2M9QaWn8LBERi1uMkh3LW1WcUJ1MTlTMFl4cGNIOF9yUndkU3F5dFZSZ3RXczVIU1Y4VnNWcExHY3FoVTNaVU1Wa2NqMFg4X0MzTENyUXc1RER3Zkd5MU9rNnkyWUd4SGc4RTkyYjdYZUJySS1sbXRkNmNXbnhjeTdtdzA1U1JlVS1mYnRaRW5BdnhaQ3hvWWRmLTFfZDVicDFlUXQ1dXMwWTBEdVdOMEJ4X2tYcWJ0a2gtZnJVN0nNZwBkzWf0UwREdGJqbU1uYUJNQjM5SG1xaXU2aHFaMTlwcFhUOFlZUkxNX2sybGRiWTdFbEdIMU5jYUZXMmJlUlhFYWpLOV96WmM4N3AxTDVIN2NBUHZWSExocFhlX3dzSVZSVEJNZ19kdEFSbUZuSGdvaFBRNnJNclBYRnRJVm90cWVNV1c4bWtBZG85LUlJLVdJc2JWX3VTYjVGeF9kUGdvV1pjbVhndTVQcXBFRlBDTl9GMmdLX2d4Q1hzSC01OXFLOFY4T1JFaGl1d0hlTjF1RlY1WEhQUWFaM1pHYm5VZnU3UFJESE8zRUZTcFdHa1RrcHE5UEpJTHJNNVdOdWU0RFhsek5LOHVfcEIwTUZPR0tNNlZrdl84T01MT2JEd044ekdTZ21IZUJKbmpibFhRS3A3NDFNbFhGVVh6THNMZWJZMUEta0pUU3JHRXBoOVFHVnVIZGRMWHRUaFFSZmVIc2JCR3ZEMFpnSVRrR1k1SUNfWmdLT1lDTzVPZDloYXhQblBBWXZOeDNmRXFESHFSSkxpTVdmNW50eFVxcGgybEl6SkZLelhfSHpRRkdMRkRORjB4eGlIV04zSHJVN1ZFR3IxOVFLY0poVDZBRnZVOWpxLVlGUndRUjNzbU9GMmhTa3V6QzZvREhtNUs1T2FaRzR2eF9BLVdwN0dsNHpldkVGQUk1QnV3ZDd3dkZpS0Q1Q1paWHl1ajRTOWRFZk5reFowLUVrc2dETUhnb0k2cXcwaDhrMVZNQ1BTN0luNEs3Vy1lckxsdXAwR2FRTjFHOW5SMENqV3h0NlhHa1Q3UzZWMGRJdXctaTlmNktJYy1rdEt3VXpqY3kwZ1pHeDllVnByWC0tUUlLWm16WnR3YnQxc0xxT3p1dm5FckxaeVllY2pLVTNTbURIMEt1aUVnc1B6cWxRWWNZRHJ6MEFtTmRxa1lyRDU5dk9oN2VOYnRsck1HUk4xbU9rZm92TGl0SEEmY2lkPUNBUVNHd0RVRTV5bWpYMmp3UWJzVnNBY1FCVnhpU2J2UkhEUHY1SG1leGdCSUFvJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbi77Zyay4V5wAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFw8EP-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzI4NjUxMzQwMjAxyAfD8gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=1349a61945b9ab0f9d991c91748d6d39b95f105d&bdref=https%3A%2F%2Fouo.press%2FI813Wa&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa&
185.89.210.90200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLfLuhfFwAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvRwA5gB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy9JODEzV2HyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTMzNDU4NzQ0OfICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90STKoc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZE4XADQoImxvYWQiLGYsITEpO7Y6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAAEJiZGSAAAKDZqADBiJiYoZC5hdHRyaWJ1YbMUc3JjPSIiAb4BChRjO2EuZ29KnQE0LnB1c2goZCl9CjtmdW5lIAwgcSgpJZZ8YT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O3JldHVybigybgJUbnVsbDphKSYmIjc3Ij09PWEuZ2V0QQ2QOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTtBNyxyPVJlZ0V4cCgiXmihIeA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmYR4AB0FeAAawVhDGM9W10FCQRlPQHGCDtkbwX_GGI9YTt0cnkFDCxkO2lmKGQ9ISFiJiYBJBwhPWIubG9jYSFqIC5ocmVmKWI6ewEtkG0oYi5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChoKXt9ZD0hMX0B1ghmPWQZFwBmARYMaWYoZil5AGc-XgAQO2U9Yi4xNgQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf_wQH19d2hpbGUoYSYmYiE9YSk7Yj0wO2ZvcihhPWMubGVuZ3RoLTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2E8EYpMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUAZCFaCCYmZQVIARsIKTtjBa0UdihiLGcpbYsYIGMuZz9jLgX6DDpjLmkBQAB9ddAwdihhLGMpe3RoaXMuaUHVAQkIZz1jGSIAdR0iCHVybBEkFGg9ISFjOwUvBYglCgB9mSkAd3VJfHQoKSxjPWEuaW5kZXhPZigiPyIpO3NldFRpbWVvdXQoEYwNMQRlPdVWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDKtABBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NBRmPyExOmYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4QKX19LDBVoFwwPD1jP2Euc3Vic3RyaW5nKDAsYyk6YX0J4BAucmZsPV0jyWBsIGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoQKTsKPC8asApo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1CNjEyZlZLZ3RZNDhRLWUwdWVFakM0MmFwZUNOV3lWVEJ2SlVGX29vam1vdk8xWUNVUDU0Nzhfa0c4aUZsQVVzVUR0X0dfMUZva3hydnJHYlpqczd0V1VQWWZYZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGqhkaXNwbGF5Om5vbmUiPjwvZGl2PvICmQEKDFBPU1RfU0NSSVBUUxKIATxzEgIINggBFlkIUGFkcy5nLmRvdWJsZWNsaWNrLm5ldDEGPHhiZmVfYmFja2ZpbGwuanMBZS21DVMubQxgIHtyM3B4KCczMzQ1ODc0NDknKTt9KSgpOz3qEMMQChBIAZ00UE9SVF9QQVJBTVMSrhCRI4qUAPB5YWRmZXRjaD9hZGs9Mjc2NTE3MDgwJmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD03Mjh4OTBfYXMmaXA9OTEuOTAuNDIuMTU0Jm91dHB1dD1odG1sJnVudmlld2VkX3BNiCBfc3RhcnQ9MSahcxG5CG91bzL8DRQmc3ViX2MJhwBiQYzwfXItNTA4MTYzMiZobD1lbiZhY2VpZD1NTzR3WXdEYkRyUUFaaHkwQUpWd05BRmVnRFFCSTRNMEFVeUROQUdsZ3pRQjFJTTBBUUtFTkFFTGhEUUJWNFEwQWFTRU5BSG5oRFFCX29RMEFSU0ZOQUVaaFRRQko0VTBBU21GTkFFcQEQLEs0VTBBVVNGTkFGUQEQAFYBEARXZQEQAHIBEBhlb1UwQVlhARD0wgJMYzBFQlRYTkJBVkxBX1FFUUgxd0NtQjljQWpqSVhBSmItWWdDYVBtSUFpVDhpQUluUXFvQ0tFS3FBaWxDcWdJYlVhb0NsR3FxQXUtR3FnS0FtNm9DZ1p1cUFvS2JxZ0wwbmFvQzc2V3FBcUtvcWdMSHlLb0NmTTJxQXByYnFnTEk0cW9Db09XcUF0ZnhxZ0x6OWFvQ2F2aXFBaVg3cWdKQi02b0N4QXlyQXZRTnF3SWhFS3NDR2hTckFuQVpxd0tSR2FzQ29CbXJBbjBjcXdLbElhc0NpQ0tyQWxRb3F3SmNLS3NDNXlxckF2c3Jxd0xsTDZzQzV5LXJBb00wcXdJU05xc0MtVGVyQXJjNXF3TG5PcXNDRFR5ckFpTThxd0pOUEtzQ3RqeXJBakktcXdMM1Bxc0NaMENyQWo1QnF3SzlRYXNDREVPckF1VkRxd0lXUmFzQ21rV3JBbmhHcXdLWlJxc0NIRWlyQWtoSXF3SlFTS3NDVDBtckFveEpxd0tTUzZzQ1lFNnJBbkpQcXdLcVQ2c0NkVkNyQWdaUnF3SVRVYXNDYjFHckFyMVJxd0l2VXFzQ1QxS3JBcDFTcXdMWVVxc0M5RktyQWdCVHF3SUtVNnNDUDFPckFxQlRxd0xwVTZzQzhGT3JBdnhUcXdLd1ZLc0NfRlNyQWlwVnF3STFWYXNDQ2xpckFrTllxd0pSV0tzQ21qcjZBNnV5eFFVQzFmQUp3OWloRG1tai14S2d1ZnNTSWNYN0VyYlcteElKNlBzU2d2WDdFajM0LXhJcEN2d1NMQXY4RW5FTF9CTFpDX3dTQnd6OEVpa01fQksxRFB3UzJ3ejhFajhOX0JLNlhOQVRXNV9xRkFGY054ZkpVNk1ZLWxackdxeThfeU5feTdVdThEaVNNQSZleGs9MzM0NTg3NDQ5JmF3YmlkX2M9QaWn8LBERi1uMkh3LW1WcUJ1MTlTMFl4cGNIOF9yUndkU3F5dFZSZ3RXczVIU1Y4VnNWcExHY3FoVTNaVU1Wa2NqMFg4X0MzTENyUXc1RER3Zkd5MU9rNnkyWUd4SGc4RTkyYjdYZUJySS1sbXRkNmNXbnhjeTdtdzA1U1JlVS1mYnRaRW5BdnhaQ3hvWWRmLTFfZDVicDFlUXQ1dXMwWTBEdVdOMEJ4X2tYcWJ0a2gtZnJVN0nNZwBkzWf0UwREdGJqbU1uYUJNQjM5SG1xaXU2aHFaMTlwcFhUOFlZUkxNX2sybGRiWTdFbEdIMU5jYUZXMmJlUlhFYWpLOV96WmM4N3AxTDVIN2NBUHZWSExocFhlX3dzSVZSVEJNZ19kdEFSbUZuSGdvaFBRNnJNclBYRnRJVm90cWVNV1c4bWtBZG85LUlJLVdJc2JWX3VTYjVGeF9kUGdvV1pjbVhndTVQcXBFRlBDTl9GMmdLX2d4Q1hzSC01OXFLOFY4T1JFaGl1d0hlTjF1RlY1WEhQUWFaM1pHYm5VZnU3UFJESE8zRUZTcFdHa1RrcHE5UEpJTHJNNVdOdWU0RFhsek5LOHVfcEIwTUZPR0tNNlZrdl84T01MT2JEd044ekdTZ21IZUJKbmpibFhRS3A3NDFNbFhGVVh6THNMZWJZMUEta0pUU3JHRXBoOVFHVnVIZGRMWHRUaFFSZmVIc2JCR3ZEMFpnSVRrR1k1SUNfWmdLT1lDTzVPZDloYXhQblBBWXZOeDNmRXFESHFSSkxpTVdmNW50eFVxcGgybEl6SkZLelhfSHpRRkdMRkRORjB4eGlIV04zSHJVN1ZFR3IxOVFLY0poVDZBRnZVOWpxLVlGUndRUjNzbU9GMmhTa3V6QzZvREhtNUs1T2FaRzR2eF9BLVdwN0dsNHpldkVGQUk1QnV3ZDd3dkZpS0Q1Q1paWHl1ajRTOWRFZk5reFowLUVrc2dETUhnb0k2cXcwaDhrMVZNQ1BTN0luNEs3Vy1lckxsdXAwR2FRTjFHOW5SMENqV3h0NlhHa1Q3UzZWMGRJdXctaTlmNktJYy1rdEt3VXpqY3kwZ1pHeDllVnByWC0tUUlLWm16WnR3YnQxc0xxT3p1dm5FckxaeVllY2pLVTNTbURIMEt1aUVnc1B6cWxRWWNZRHJ6MEFtTmRxa1lyRDU5dk9oN2VOYnRsck1HUk4xbU9rZm92TGl0SEEmY2lkPUNBUVNHd0RVRTV5bWpYMmp3UWJzVnNBY1FCVnhpU2J2UkhEUHY1SG1leGdCSUFvJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbi77Zyay4V5wAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFw8EP-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzI4NjUxMzQwMjAxyAfD8gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=1349a61945b9ab0f9d991c91748d6d39b95f105d&bdref=https%3A%2F%2Fouo.press%2FI813Wa&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa&
IP 185.89.210.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLfLuhfFwAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvRwA5gB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy9JODEzV2HyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhcKCklGUkFNRV9LRVkSCTMzNDU4NzQ0OfICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90STKoc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZE4XADQoImxvYWQiLGYsITEpO7Y6ABBlcnJvcg07GH07ZC5hZGRCcwA-FAA-cAA-IAAEJiZGSAAAKDZqADBiJiYoZC5hdHRyaWJ1YbMUc3JjPSIiAb4BChRjO2EuZ29KnQE0LnB1c2goZCl9CjtmdW5lIAwgcSgpJZZ8YT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O3JldHVybigybgJUbnVsbDphKSYmIjc3Ij09PWEuZ2V0QQ2QOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTtBNyxyPVJlZ0V4cCgiXmihIeA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmYR4AB0FeAAawVhDGM9W10FCQRlPQHGCDtkbwX_GGI9YTt0cnkFDCxkO2lmKGQ9ISFiJiYBJBwhPWIubG9jYSFqIC5ocmVmKWI6ewEtkG0oYi5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChoKXt9ZD0hMX0B1ghmPWQZFwBmARYMaWYoZil5AGc-XgAQO2U9Yi4xNgQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf_wQH19d2hpbGUoYSYmYiE9YSk7Yj0wO2ZvcihhPWMubGVuZ3RoLTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2E8EYpMOysrYSlnPWNbYV0sZy51cmx8fCgFCC5CATp2ABRbYS0KMV0hDBgsZy5oPSEwAeMpIgBrGash1WX_AGclFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFnJiZyLnRlc3QoZgGPICkmJihnPWYpLAUOLCYmIWYuaCl7Yj1mO0UbAH0NXQBlFeYEJiYBzAE7BDswQWUAZCFaCCYmZQVIARsIKTtjBa0UdihiLGcpbYsYIGMuZz9jLgX6DDpjLmkBQAB9ddAwdihhLGMpe3RoaXMuaUHVAQkIZz1jGSIAdR0iCHVybBEkFGg9ISFjOwUvBYglCgB9mSkAd3VJfHQoKSxjPWEuaW5kZXhPZigiPyIpO3NldFRpbWVvdXQoEYwNMQRlPdVWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDKtABBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NBRmPyExOmYhMzRkPWIubmF2aWdhdG9yKTIOAFAudXNlckFnZW50LGQ9L0Nocm9tZS9JmyBkKSYmIS9FZGcZERw_ITA6ITE7ZGGTFVEwLnNlbmRCZWFjb24_Ch1pHRggKGUpOnAoYixlGmgJBD09DZ4QKX19LDBVoFwwPD1jP2Euc3Vic3RyaW5nKDAsYyk6YX0J4BAucmZsPV0jyWBsIGVuY29kZVVSSUNvbXBvbmVudCh3KCkpfTt9KenbQZoQKTsKPC8asApo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1CNjEyZlZLZ3RZNDhRLWUwdWVFakM0MmFwZUNOV3lWVEJ2SlVGX29vam1vdk8xWUNVUDU0Nzhfa0c4aUZsQVVzVUR0X0dfMUZva3hydnJHYlpqczd0V1VQWWZYZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGqhkaXNwbGF5Om5vbmUiPjwvZGl2PvICmQEKDFBPU1RfU0NSSVBUUxKIATxzEgIINggBFlkIUGFkcy5nLmRvdWJsZWNsaWNrLm5ldDEGPHhiZmVfYmFja2ZpbGwuanMBZS21DVMubQxgIHtyM3B4KCczMzQ1ODc0NDknKTt9KSgpOz3qEMMQChBIAZ00UE9SVF9QQVJBTVMSrhCRI4qUAPB5YWRmZXRjaD9hZGs9Mjc2NTE3MDgwJmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD03Mjh4OTBfYXMmaXA9OTEuOTAuNDIuMTU0Jm91dHB1dD1odG1sJnVudmlld2VkX3BNiCBfc3RhcnQ9MSahcxG5CG91bzL8DRQmc3ViX2MJhwBiQYzwfXItNTA4MTYzMiZobD1lbiZhY2VpZD1NTzR3WXdEYkRyUUFaaHkwQUpWd05BRmVnRFFCSTRNMEFVeUROQUdsZ3pRQjFJTTBBUUtFTkFFTGhEUUJWNFEwQWFTRU5BSG5oRFFCX29RMEFSU0ZOQUVaaFRRQko0VTBBU21GTkFFcQEQLEs0VTBBVVNGTkFGUQEQAFYBEARXZQEQAHIBEBhlb1UwQVlhARD0wgJMYzBFQlRYTkJBVkxBX1FFUUgxd0NtQjljQWpqSVhBSmItWWdDYVBtSUFpVDhpQUluUXFvQ0tFS3FBaWxDcWdJYlVhb0NsR3FxQXUtR3FnS0FtNm9DZ1p1cUFvS2JxZ0wwbmFvQzc2V3FBcUtvcWdMSHlLb0NmTTJxQXByYnFnTEk0cW9Db09XcUF0ZnhxZ0x6OWFvQ2F2aXFBaVg3cWdKQi02b0N4QXlyQXZRTnF3SWhFS3NDR2hTckFuQVpxd0tSR2FzQ29CbXJBbjBjcXdLbElhc0NpQ0tyQWxRb3F3SmNLS3NDNXlxckF2c3Jxd0xsTDZzQzV5LXJBb00wcXdJU05xc0MtVGVyQXJjNXF3TG5PcXNDRFR5ckFpTThxd0pOUEtzQ3RqeXJBakktcXdMM1Bxc0NaMENyQWo1QnF3SzlRYXNDREVPckF1VkRxd0lXUmFzQ21rV3JBbmhHcXdLWlJxc0NIRWlyQWtoSXF3SlFTS3NDVDBtckFveEpxd0tTUzZzQ1lFNnJBbkpQcXdLcVQ2c0NkVkNyQWdaUnF3SVRVYXNDYjFHckFyMVJxd0l2VXFzQ1QxS3JBcDFTcXdMWVVxc0M5RktyQWdCVHF3SUtVNnNDUDFPckFxQlRxd0xwVTZzQzhGT3JBdnhUcXdLd1ZLc0NfRlNyQWlwVnF3STFWYXNDQ2xpckFrTllxd0pSV0tzQ21qcjZBNnV5eFFVQzFmQUp3OWloRG1tai14S2d1ZnNTSWNYN0VyYlcteElKNlBzU2d2WDdFajM0LXhJcEN2d1NMQXY4RW5FTF9CTFpDX3dTQnd6OEVpa01fQksxRFB3UzJ3ejhFajhOX0JLNlhOQVRXNV9xRkFGY054ZkpVNk1ZLWxackdxeThfeU5feTdVdThEaVNNQSZleGs9MzM0NTg3NDQ5JmF3YmlkX2M9QaWn8LBERi1uMkh3LW1WcUJ1MTlTMFl4cGNIOF9yUndkU3F5dFZSZ3RXczVIU1Y4VnNWcExHY3FoVTNaVU1Wa2NqMFg4X0MzTENyUXc1RER3Zkd5MU9rNnkyWUd4SGc4RTkyYjdYZUJySS1sbXRkNmNXbnhjeTdtdzA1U1JlVS1mYnRaRW5BdnhaQ3hvWWRmLTFfZDVicDFlUXQ1dXMwWTBEdVdOMEJ4X2tYcWJ0a2gtZnJVN0nNZwBkzWf0UwREdGJqbU1uYUJNQjM5SG1xaXU2aHFaMTlwcFhUOFlZUkxNX2sybGRiWTdFbEdIMU5jYUZXMmJlUlhFYWpLOV96WmM4N3AxTDVIN2NBUHZWSExocFhlX3dzSVZSVEJNZ19kdEFSbUZuSGdvaFBRNnJNclBYRnRJVm90cWVNV1c4bWtBZG85LUlJLVdJc2JWX3VTYjVGeF9kUGdvV1pjbVhndTVQcXBFRlBDTl9GMmdLX2d4Q1hzSC01OXFLOFY4T1JFaGl1d0hlTjF1RlY1WEhQUWFaM1pHYm5VZnU3UFJESE8zRUZTcFdHa1RrcHE5UEpJTHJNNVdOdWU0RFhsek5LOHVfcEIwTUZPR0tNNlZrdl84T01MT2JEd044ekdTZ21IZUJKbmpibFhRS3A3NDFNbFhGVVh6THNMZWJZMUEta0pUU3JHRXBoOVFHVnVIZGRMWHRUaFFSZmVIc2JCR3ZEMFpnSVRrR1k1SUNfWmdLT1lDTzVPZDloYXhQblBBWXZOeDNmRXFESHFSSkxpTVdmNW50eFVxcGgybEl6SkZLelhfSHpRRkdMRkRORjB4eGlIV04zSHJVN1ZFR3IxOVFLY0poVDZBRnZVOWpxLVlGUndRUjNzbU9GMmhTa3V6QzZvREhtNUs1T2FaRzR2eF9BLVdwN0dsNHpldkVGQUk1QnV3ZDd3dkZpS0Q1Q1paWHl1ajRTOWRFZk5reFowLUVrc2dETUhnb0k2cXcwaDhrMVZNQ1BTN0luNEs3Vy1lckxsdXAwR2FRTjFHOW5SMENqV3h0NlhHa1Q3UzZWMGRJdXctaTlmNktJYy1rdEt3VXpqY3kwZ1pHeDllVnByWC0tUUlLWm16WnR3YnQxc0xxT3p1dm5FckxaeVllY2pLVTNTbURIMEt1aUVnc1B6cWxRWWNZRHJ6MEFtTmRxa1lyRDU5dk9oN2VOYnRsck1HUk4xbU9rZm92TGl0SEEmY2lkPUNBUVNHd0RVRTV5bWpYMmp3UWJzVnNBY1FCVnhpU2J2UkhEUHY1SG1leGdCSUFvJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbi77Zyay4V5wAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFw8EP-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzI4NjUxMzQwMjAxyAfD8gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=1349a61945b9ab0f9d991c91748d6d39b95f105d&bdref=https%3A%2F%2Fouo.press%2FI813Wa&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa,https%3A%2F%2Fouo.press%2FI813Wa& HTTP/1.1
Host: ams3-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 151ca5b7-afff-40df-a85c-3f535488012e
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e
185.89.210.90200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e
IP 185.89.210.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e HTTP/1.1
Host: ams3-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 542e2894-df7f-42e8-b641-0793d2c0d318
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain
52.95.115.196302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain
IP 52.95.115.196:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Thu, 09 Feb 2023 02:07:43 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: VDVYJJ6C9Q91FEB75A3V
Set-Cookie: ad-id=Az0OBLALU0NMjjv3AdycLBY|t; Domain=.amazon-adsystem.com; Expires=Sun, 01-Oct-2023 02:07:43 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
cdn.adnxs.com/v/s/231/trk.js
2.18.172.187200 OK 28 kB URL HTTP/1.1 cdn.adnxs.com/v/s/231/trk.js
IP 2.18.172.187:0
File type ASCII text, with very long lines (3174)
Hash 3f3e5176c70a15daa549a047730ce9e1
bffa3987be4f3336bf4079759c4059143364f215
01748b20204714ba2887166c4eac83bac26bd6e0f01c455014a2419e5277b1ca
GET /v/s/231/trk.js HTTP/1.1
Host: cdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Expires: Fri, 09 Feb 2024 02:07:44 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Length: 27455
Connection: keep-alive
Access-Control-Allow-Origin: *
pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-B612fVKgtY48Q-e0ueEjC42apeCNWyVTBvJUF_oojmovO1YCUP5478_kG8iFlAUsUDt_G_1FokxrvrGbZjs7tWUPYfXg
142.250.74.98204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-B612fVKgtY48Q-e0ueEjC42apeCNWyVTBvJUF_oojmovO1YCUP5478_kG8iFlAUsUDt_G_1FokxrvrGbZjs7tWUPYfXg
IP 142.250.74.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=awbid&awbid_b=AKAmf-B612fVKgtY48Q-e0ueEjC42apeCNWyVTBvJUF_oojmovO1YCUP5478_kG8iFlAUsUDt_G_1FokxrvrGbZjs7tWUPYfXg HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 02:07:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
52.95.115.196200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
IP 52.95.115.196:0
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: HEG2KR6FH2J0TDAV3WXA
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
googleads.g.doubleclick.net/pagead/adfetch
142.250.74.66200 OK 32 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/adfetch
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash f9e1a009e1fcb9d385c8049500261030
a908c3fbb14844eeace946d380ea11aec916a577
8f20d4a50bd92bdb52a999399c5b7fd0ab10a4f8adbe0fb027d4294801ddd0b8
POST /pagead/adfetch HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2097
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 09 Feb 2023 02:07:44 GMT
server: cafe
content-length: 32291
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
innocenceexpeditionsensation.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f%3A1%3A1
192.243.59.13200 OK 4.3 kB URL HTTP/1.1 innocenceexpeditionsensation.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6117), with no line terminators
Hash 10279fa23555f8774da1768ce3b21aba
f0bd1f42bd6d356e4e9d44dc707d33ac84a6f344
6117895acf16d59a99335dd1eceab670f73275294821b6443d68549b63f680bb
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f%3A1%3A1 HTTP/1.1
Host: innocenceexpeditionsensation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Fri, 10 Feb 2023 02:07:43 GMT; secure; SameSite=None
uid_id2=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f:1:1; expires=Thu, 16 Feb 2023 02:07:43 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 10 Feb 2023 02:07:44 GMT; secure; SameSite=None
uncs=1; expires=Fri, 10 Feb 2023 02:07:44 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 10 Feb 2023 02:07:44 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 10 Feb 2023 02:07:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4e147af760b9e77dc990c196da54b3b4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a9c5a278f07b138c1503ea3f0ec3797e
d36fe8427bd7ba735b06e69469ef715d1600da4e
978b6a189d73e308e1d79ac9241b2e1d07c43bc9ec65e2f4112ed74f143e342b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a9c5a278f07b138c1503ea3f0ec3797e
d36fe8427bd7ba735b06e69469ef715d1600da4e
978b6a189d73e308e1d79ac9241b2e1d07c43bc9ec65e2f4112ed74f143e342b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/abg_lite.js
216.58.207.193200 OK 11 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230207/r20110914/abg_lite.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1484)
Hash 1aa24af66c2ed4abbc30772ab3be0b20
d4dbf32ec81a3bd61e407c294a33e6cc6abdc6e1
05ee66c0854f02d7bc0219550294848234b98fd717a77ceeadaed3e9df6a6fc8
GET /pagead/js/r20230207/r20110914/abg_lite.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10959
x-xss-protection: 0
date: Wed, 08 Feb 2023 18:23:18 GMT
expires: Wed, 22 Feb 2023 18:23:18 GMT
cache-control: public, max-age=1209600
age: 27866
etag: 8014804816029865715
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/qs_click_protection.js
216.58.207.193200 OK 10 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/qs_click_protection.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1512)
Hash 488757c82a3750931a88ed3a195a0002
19e9a97516021b85edfb7dd6bc2848cf28b3e846
d57077b876b126584706a1e1f8d0edcf38c2979bc9dfe148633d08dfff028470
GET /pagead/js/r20230207/r20110914/client/qs_click_protection.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10373
x-xss-protection: 0
date: Wed, 08 Feb 2023 18:23:18 GMT
expires: Wed, 22 Feb 2023 18:23:18 GMT
cache-control: public, max-age=1209600
age: 27866
etag: 8500822718963992128
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b317d1ec3f151d7348a57c62f689a6ef
1fe7df7bc019e321f82943119fae230b0126258d
8fc767ad26c25f2f3b37af2517babae85f1a274b54cca3db1df4c80e939fd50f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FC767AD26C25F2F3B37AF2517BABAE85F1A274B54CCA3DB1DF4C80E939FD50F"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6012
Expires: Thu, 09 Feb 2023 03:47:56 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
tpc.googlesyndication.com/simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g
216.58.207.193200 OK 18 kB URL HTTP/2 tpc.googlesyndication.com/simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g
IP 216.58.207.193:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 970x90, components 3\012- data
Hash 5195ed3a37b14c162bb4a90134b95b53
0deff1bf80cf019583a83f213881ab48c1014971
c396244b8f6c944ed5ddea166ae08114e55ef0e8b06e548e7fe470b87a2759b9
GET /simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 18511
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 01:48:39 GMT
expires: Mon, 05 Feb 2024 01:48:39 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Dec 2016 13:03:32 GMT
content-type: image/jpeg
age: 346745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/window_focus.js
216.58.207.193200 OK 1.3 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/window_focus.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1500)
Hash c6be4595650bfa6cbb0839f2fab25529
0ab58af5d6c029935919c889d75455a15f5429a3
bb2b1f1b24360f9d28e6e5e0bcffa6f19111b176cdbd849340673f224a73e92b
GET /pagead/js/r20230207/r20110914/client/window_focus.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1305
x-xss-protection: 0
date: Wed, 08 Feb 2023 18:23:18 GMT
expires: Wed, 22 Feb 2023 18:23:18 GMT
cache-control: public, max-age=1209600
age: 27866
etag: 12828169674928258300
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/one_click_handler_one_afma.js
216.58.207.193200 OK 18 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/one_click_handler_one_afma.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1823)
Hash 5c2ccbfe65083e0cb109b6dc94fc2ef7
8640b1ba47932c8e914d08b93b894b43d36e7562
a7b9f5755be9c222ac074a8738fdf0aae68727d15cc5f2f86e5bc29f4836a49a
GET /pagead/js/r20230207/r20110914/client/one_click_handler_one_afma.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 18148
x-xss-protection: 0
date: Wed, 08 Feb 2023 18:23:18 GMT
expires: Wed, 22 Feb 2023 18:23:18 GMT
cache-control: public, max-age=1209600
age: 27866
etag: 12905786629727798809
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
innocenceexpeditionsensation.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbH%2FPpHhbjGomuSdgPA%2BKlvnpSTk1XU9U9PQkegguyF2E86bHzn2TD6iIungWZeJGcMh6WHIwXEcGj4FlmMjD6oOq9V%2F93%2BL1X77O9%2FIz4yOnpxvtmR2lNr9arfuXVTZUIU7jK2p1K4Ff9a5VNlTRq1yqD6WX7bwR%2Bveq%2FVnlH8q65GvqB7wd%2BUFlRVsZmcHWmQqWP2kG17VdrYTWo1zCw%2F89d7sFRD6J%2FRp6DEpPLWz8%2FhuJjJL3vbkjXzUz6%2Btu9XNPMWPTF4d2km5giQW8RxtZDnBzOq2HchJCvLsAkh%2FMOYPr70w7A1IR4TwKw5HCOCdY%2FOCdlGjIBE0%2Bj6I8h9RiKjsHNPShxQgAusLaOpPdgzdiCbp%2BrdKpOyKV%2F%2FoYqJuTSr88j6X27rNWgctvoPFMmcRjEJdRgDNUZI82PkO14UMURePYplCBIeiWUOH2lzihvslZjiTVCulSjorZEw3a8FDVoyOsypPUwno1GqTFUPIaWQ1DnIZ8e5SGPPeSph544rdB6O%2Fb9ZsziKGrVOOdRxHm91RB1EdVasY%2BcT9mHyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqCgBIUiKDKCol8eCO1CVz4Q2uUsmPtw7qNyZLLOHj0wWUcmZC89I8%2FOBvbXR9%2BjK08rUkQNP6g1oqgVtgVv%2BrQWCs6pjEUcxUEAp0ood2HW5o46eeYJUnXyVAlGj%2BD0Ebh6GTR%2FEbQYNUMfdGtUa%2FnYSR6a3FRTK52DMCXS7DKybW9Pn5EXZgDtP65A8uPrX36%2B%2Fts18SG4LZHaEh%2Brnwg6%2Bv7olinI%2Fi1TOPJ4Pc1UT%2B3Q6W%2FezmgmL379ntwujBWrN9zw4Zt8KkzDR3eky27SRKik48g3y0oIaVeM5ZL8sOo2JdvI3dZybpM8vbnx1spqbwaoTDIGVScffAKuJuSK7c729KU%2F34WyY9i8RC8%2FJnODMmPwdBcuXdA7Q2D1ooalHoq8HNmQLR61ItBykVNWwv0nZ4t4z91Hx3qg2b3ZdvZtib4uQfUQLr84ylJ7fP2XaGZg2hsxbb19pq3%2B4ny0Tp1WZD32Y%2BmHksVtFjepL9pxrc1oO5BNVqcBMjfhv99N%2FwUAAP%2F%2FAQAA%2F%2F9jQxYAfwQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 innocenceexpeditionsensation.com/ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbH%2FPpHhbjGomuSdgPA%2BKlvnpSTk1XU9U9PQkegguyF2E86bHzn2TD6iIungWZeJGcMh6WHIwXEcGj4FlmMjD6oOq9V%2F93%2BL1X77O9%2FIz4yOnpxvtmR2lNr9arfuXVTZUIU7jK2p1K4Ff9a5VNlTRq1yqD6WX7bwR%2Bveq%2FVnlH8q65GvqB7wd%2BUFlRVsZmcHWmQqWP2kG17VdrYTWo1zCw%2F89d7sFRD6J%2FRp6DEpPLWz8%2FhuJjJL3vbkjXzUz6%2Btu9XNPMWPTF4d2km5giQW8RxtZDnBzOq2HchJCvLsAkh%2FMOYPr70w7A1IR4TwKw5HCOCdY%2FOCdlGjIBE0%2Bj6I8h9RiKjsHNPShxQgAusLaOpPdgzdiCbp%2BrdKpOyKV%2F%2FoYqJuTSr88j6X27rNWgctvoPFMmcRjEJdRgDNUZI82PkO14UMURePYplCBIeiWUOH2lzihvslZjiTVCulSjorZEw3a8FDVoyOsypPUwno1GqTFUPIaWQ1DnIZ8e5SGPPeSph544rdB6O%2Fb9ZsziKGrVOOdRxHm91RB1EdVasY%2BcT9mHyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqCgBIUiKDKCol8eCO1CVz4Q2uUsmPtw7qNyZLLOHj0wWUcmZC89I8%2FOBvbXR9%2BjK08rUkQNP6g1oqgVtgVv%2BrQWCs6pjEUcxUEAp0ood2HW5o46eeYJUnXyVAlGj%2BD0Ebh6GTR%2FEbQYNUMfdGtUa%2FnYSR6a3FRTK52DMCXS7DKybW9Pn5EXZgDtP65A8uPrX36%2B%2Fts18SG4LZHaEh%2Brnwg6%2Bv7olinI%2Fi1TOPJ4Pc1UT%2B3Q6W%2FezmgmL379ntwujBWrN9zw4Zt8KkzDR3eky27SRKik48g3y0oIaVeM5ZL8sOo2JdvI3dZybpM8vbnx1spqbwaoTDIGVScffAKuJuSK7c729KU%2F34WyY9i8RC8%2FJnODMmPwdBcuXdA7Q2D1ooalHoq8HNmQLR61ItBykVNWwv0nZ4t4z91Hx3qg2b3ZdvZtib4uQfUQLr84ylJ7fP2XaGZg2hsxbb19pq3%2B4ny0Tp1WZD32Y%2BmHksVtFjepL9pxrc1oO5BNVqcBMjfhv99N%2FwUAAP%2F%2FAQAA%2F%2F9jQxYAfwQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbH%2FPpHhbjGomuSdgPA%2BKlvnpSTk1XU9U9PQkegguyF2E86bHzn2TD6iIungWZeJGcMh6WHIwXEcGj4FlmMjD6oOq9V%2F93%2BL1X77O9%2FIz4yOnpxvtmR2lNr9arfuXVTZUIU7jK2p1K4Ff9a5VNlTRq1yqD6WX7bwR%2Bveq%2FVnlH8q65GvqB7wd%2BUFlRVsZmcHWmQqWP2kG17VdrYTWo1zCw%2F89d7sFRD6J%2FRp6DEpPLWz8%2FhuJjJL3vbkjXzUz6%2Btu9XNPMWPTF4d2km5giQW8RxtZDnBzOq2HchJCvLsAkh%2FMOYPr70w7A1IR4TwKw5HCOCdY%2FOCdlGjIBE0%2Bj6I8h9RiKjsHNPShxQgAusLaOpPdgzdiCbp%2BrdKpOyKV%2F%2FoYqJuTSr88j6X27rNWgctvoPFMmcRjEJdRgDNUZI82PkO14UMURePYplCBIeiWUOH2lzihvslZjiTVCulSjorZEw3a8FDVoyOsypPUwno1GqTFUPIaWQ1DnIZ8e5SGPPeSph544rdB6O%2Fb9ZsziKGrVOOdRxHm91RB1EdVasY%2BcT9mHyNIhuB6C212kdhddNYTNf4TbKuGEB5cR9EWJQhIUjqCgBIUiKDKCol8eCO1CVz4Q2uUsmPtw7qNyZLLOHj0wWUcmZC89I8%2FOBvbXR9%2BjK08rUkQNP6g1oqgVtgVv%2BrQWCs6pjEUcxUEAp0ood2HW5o46eeYJUnXyVAlGj%2BD0Ebh6GTR%2FEbQYNUMfdGtUa%2FnYSR6a3FRTK52DMCXS7DKybW9Pn5EXZgDtP65A8uPrX36%2B%2Fts18SG4LZHaEh%2Brnwg6%2Bv7olinI%2Fi1TOPJ4Pc1UT%2B3Q6W%2FezmgmL379ntwujBWrN9zw4Zt8KkzDR3eky27SRKik48g3y0oIaVeM5ZL8sOo2JdvI3dZybpM8vbnx1spqbwaoTDIGVScffAKuJuSK7c729KU%2F34WyY9i8RC8%2FJnODMmPwdBcuXdA7Q2D1ooalHoq8HNmQLR61ItBykVNWwv0nZ4t4z91Hx3qg2b3ZdvZtib4uQfUQLr84ylJ7fP2XaGZg2hsxbb19pq3%2B4ny0Tp1WZD32Y%2BmHksVtFjepL9pxrc1oO5BNVqcBMjfhv99N%2FwUAAP%2F%2FAQAA%2F%2F9jQxYAfwQAAA%3D%3D HTTP/1.1
Host: innocenceexpeditionsensation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd470d99e51355e7fa59444ac2998cb0
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15169
Expires: Thu, 09 Feb 2023 06:20:33 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15169
Expires: Thu, 09 Feb 2023 06:20:33 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15169
Expires: Thu, 09 Feb 2023 06:20:33 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b67850e3b3e13edebbd556f007617b39
f87b768ae3edea0649975ffe2dde53507cf7ef9e
5d2f919c5deae902674f2fec6fde833cd1286566566f9c70c2779edd789d08fb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D2F919C5DEAE902674F2FEC6FDE833CD1286566566F9C70C2779EDD789D08FB"
Last-Modified: Tue, 07 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4504
Expires: Thu, 09 Feb 2023 03:22:48 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash 4c94ec1a13242753e7d9bfc8372fda05
8d1a5cc9b6eabafd568bb587847d16948291e8b9
fa8558c89913b947c8c92cbb93bd63e4de62084cd912bd6da06a7ec65aa1a41b
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 12 Feb 2023 22:22:13 GMT
ETag: "8d1a5cc9b6eabafd568bb587847d16948291e8b9"
Last-Modified: Wed, 08 Feb 2023 22:22:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2667
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79690d9f5a6bb523-OSL
id5-sync.com/g/v2/806.json
162.19.138.82200 216 B URL HTTP/1.1 id5-sync.com/g/v2/806.json
IP 162.19.138.82:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 978739b2540dce6b9c15b691d70c9165
e44aa1b88299b45ee24b2c500bd58407eefcba9b
e2bb9922a6e39950afdecab6d05a3786228014d22acdcc9feeeae29ddf1c9917
POST /g/v2/806.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 193
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 09 Feb 2023 02:07:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
15.197.193.217200 OK 63 B URL HTTP/2 match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
IP 15.197.193.217:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 9bd2f681616fdc5e50dd1f5ea5678dd3
85212591061839280ff534ecbf2b5da85c4772f1
b3744e85f0b523aae116522bc4a781d83293d4840b2bf68a5caa58f43145214b
GET /track/rid?ttd_pid=pubmatic&fmt=json HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: application/json; charset=utf-8
content-length: 63
cache-control: private
expires: Sat, 11 Mar 2023 02:07:44 GMT
vary: Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e52c62e29c66d8b8ced593c18dc6f97b
9fd8008871bcdbe98471cc1d49abe429f68208ec
a893f73ce1067723043248fa6fc3e76ddfdd44506998bf5f4e157dfbacc4698d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A893F73CE1067723043248FA6FC3E76DDFDD44506998BF5F4E157DFBACC4698D"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15169
Expires: Thu, 09 Feb 2023 06:20:33 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=nv&nvt=5&jm=1003&px=271&py=1843&bw=728&bh=90&sid=4622845801015163208&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
185.89.210.90200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=nv&nvt=5&jm=1003&px=271&py=1843&bw=728&bh=90&sid=4622845801015163208&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
IP 185.89.210.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=nv&nvt=5&jm=1003&px=271&py=1843&bw=728&bh=90&sid=4622845801015163208&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2 HTTP/1.1
Host: ams3-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 544e0ae8-d80f-4d7f-b948-ce30c063e6a4
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3d2254db64618fd4b1915e5b6ea2fd4d
542a2a05ce51215616bd7db4332af8ccf4dbc3d9
dc9651e87bd870de66c5024cee6765a8dc32a548da72b5ee1b3998f3d7eba4ce
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 13:42:55 GMT
Expires: Wed, 15 Feb 2023 13:42:54 GMT
Etag: "542a2a05ce51215616bd7db4332af8ccf4dbc3d9"
Cache-Control: max-age=559509,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79690d9f3849b518-OSL
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
172.64.167.9200 OK 3.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
IP 172.64.167.9:0
Hash 6939e763a37ad1cb7be98cb49bd2fc9e
8dad1ce5807974769d7b898a41f569b1ee075edd
5168f9409ea0b105b6eeaf853838d3f92f4f5182c896c2b0f9c4df72612f352b
GET /sb/ssp/in-page_push/os/android/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:01 GMT
etag: W/"627b7b4d-126c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5075334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sSUNNr2fH8wq9ZRa0ds5a1uhjMWwrNYxcjVI2kMtnvNreMHwAC3Sez5e8XQr4Q1stbSqkVfU62wcGFpHnrTC79prHEHr4SeYYmoI%2B8qp3KrQZMlhu3XZEI3UjqGvxN%2FbtA9Igm9VBDAa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d9f4d2874ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
api.rlcdn.com/api/identity/envelope?pid=1258
34.120.133.55401 Unauthorized 19 B URL HTTP/2 api.rlcdn.com/api/identity/envelope?pid=1258
IP 34.120.133.55:0
Hash 63dfbd2b39fe4f536a04e7b32ada47b4
207298c4a215ad5d97d888522927910ae772ba48
26e51290d12b4fea0bb98da3ed118837b744555ba723061771ab3df30000b6b7
GET /api/identity/envelope?pid=1258 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 401 Unauthorized
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Thu, 09 Feb 2023 02:07:44 GMT
content-length: 19
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7873316c03b78ff1885778bd0e51ee34
441406bbfb620c4f0da3b3553840e008655aa689
104baaf054240301dbbfc50991ec38e8879a5c49f12e8e82bf3b5b5dc5b2ee33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "104BAAF054240301DBBFC50991EC38E8879A5C49F12E8E82BF3B5B5DC5B2EE33"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4065
Expires: Thu, 09 Feb 2023 03:15:29 GMT
Date: Thu, 09 Feb 2023 02:07:44 GMT
Connection: keep-alive
id.crwdcntrl.net/id
54.76.31.2200 OK 43 B IP 54.76.31.2:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90eeff5111bbbdce769d4130cc3cca3c
d62886c1a85d51814cb7f124761c5e6aca6d8933
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
GET /id HTTP/1.1
Host: id.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: application/json;charset=utf-8
content-length: 43
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.23.49
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png
45.133.44.10200 OK 33 kB URL HTTP/2 cdn.cloudimagesb.com/si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb2500acb00f247ef19403c3a0f89e1
7c57e8b84b2bb0003810ffae7a14e24869155464
7efcd5082673b787603d2a0b8d768fb26807cf2ab79771a69886a916d0cda3ce
GET /si/89/9f/8a/899f8a5bb7132795d339610f52f16dad/1667589937.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: image/png
content-length: 32763
server: nginx/1.17.6
last-modified: Fri, 04 Nov 2022 19:25:45 GMT
etag: "63656739-7ffb"
expires: Sat, 11 Feb 2023 02:07:44 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 3d2254db64618fd4b1915e5b6ea2fd4d
542a2a05ce51215616bd7db4332af8ccf4dbc3d9
dc9651e87bd870de66c5024cee6765a8dc32a548da72b5ee1b3998f3d7eba4ce
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 13:42:55 GMT
Expires: Wed, 15 Feb 2023 13:42:54 GMT
Etag: "542a2a05ce51215616bd7db4332af8ccf4dbc3d9"
Cache-Control: max-age=559509,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79690da0d8edb518-OSL
innocenceexpeditionsensation.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbX%2FPlHhbjGomuSdgPA%2BKluqp6Uk5NV1PVPT0JHoILshdhPOmx859kw%2BoiLp4F6XiRnDIelhyMFxHBo%2BBZZjIw%2BqDqvVf%2Fd%2Fi9V%2B%2BzvfyMuMjp6cb7ekcqRa826m7t1U2ZcF3Y2tqdmufW3Wu1TZk0w2u14fQygzc8t1F3X6u9I1hPX%2FVdz3U916utSCNiPbw6UyHTRx2v3nHroV%2F3GiGG5v%2B5zR1Y6oAPzshzkHxyeevnx5CsQtL%2F7oawvUynr7%2FdzxXNtMGAH95NeokuEvQXYWwcxMnhvBraTgj56gJ0cjjvAHqwP%2B0AkZwQ54mHKDmcYyIaHJyTRgoiQcSfRjGoIFQFSSswfQ%2BSnxCAcaytI%2Bk%2FWNOmoNvnKp2qE3Lpn78hiwm59OvzSPrfLis5rN3WKs%2BkTiyGcQk5rCC7FdL8CNmOA1kcgWWfQnKCpF9C8tNXGhFlrajdXIqaPl0KKQ%2BXqN%2BJl4Im9VlD%2BLThx7PRSFlBxhWUGIFaB%2Fn0SAd57CBPHfT5aY02OrHrtuIoDoJ2yBgLAsYa7SZv8CBsxy5yNmUfIUtHYGoEZnaRml305Agm%2FxF2q4TlDmxGMOAlCkFQWIKCEhSSoMgIikF5wJX1bfmAK5tH3tz7cx%2BUY5119%2BiBzroiIXvpGXl2NrC%2FPvoePXFaEzxoul7YDIK23%2BGs5dLQ54xREfM4iD0PVpaQ9sKszR158swTpPLkqRIRPYJVR2DyZdD8RdBi3PJd0K1x2HaxkzzUua6nRlgLrkuk2WVk286eOiMvzAA6f1yBYMfXv%2Fx8%2Fbdr%2FEMwUyI1JT6WPxF01f3xLV2Q%2FVu6sOTxeprJvtyh09%2B8ndFMXPz6PbFdaMNXb9jRwzfZVJiGj%2B4Im92kCZdJ15JvliXnwqxowwT5YdVuimgjt1vLuUny9ObGWyur%2FRmg1EkFKk8%2B%2BARMTsgV05vt6Ut%2FvgtpKpi8RD8%2FJnOD1BVYugubLuitJjBqUROlDoq8HBs%2FWjwqSaDEIqdRCfufPFrEe%2FY%2BusYBze7NtnNgSgxUCapGsPnFcZaa4%2Bu%2FBDNDpJxxpIyzHymjvjgfrZWntYYXinbUbjHOI8G41%2FKDduC6PudhqyO8DjI7Yb%2FfTf8FAAD%2F%2FwEAAP%2F%2Fd0uY5n8EAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 innocenceexpeditionsensation.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbX%2FPlHhbjGomuSdgPA%2BKluqp6Uk5NV1PVPT0JHoILshdhPOmx859kw%2BoiLp4F6XiRnDIelhyMFxHBo%2BBZZjIw%2BqDqvVf%2Fd%2Fi9V%2B%2BzvfyMuMjp6cb7ekcqRa826m7t1U2ZcF3Y2tqdmufW3Wu1TZk0w2u14fQygzc8t1F3X6u9I1hPX%2FVdz3U916utSCNiPbw6UyHTRx2v3nHroV%2F3GiGG5v%2B5zR1Y6oAPzshzkHxyeevnx5CsQtL%2F7oawvUynr7%2FdzxXNtMGAH95NeokuEvQXYWwcxMnhvBraTgj56gJ0cjjvAHqwP%2B0AkZwQ54mHKDmcYyIaHJyTRgoiQcSfRjGoIFQFSSswfQ%2BSnxCAcaytI%2Bk%2FWNOmoNvnKp2qE3Lpn78hiwm59OvzSPrfLis5rN3WKs%2BkTiyGcQk5rCC7FdL8CNmOA1kcgWWfQnKCpF9C8tNXGhFlrajdXIqaPl0KKQ%2BXqN%2BJl4Im9VlD%2BLThx7PRSFlBxhWUGIFaB%2Fn0SAd57CBPHfT5aY02OrHrtuIoDoJ2yBgLAsYa7SZv8CBsxy5yNmUfIUtHYGoEZnaRml305Agm%2FxF2q4TlDmxGMOAlCkFQWIKCEhSSoMgIikF5wJX1bfmAK5tH3tz7cx%2BUY5119%2BiBzroiIXvpGXl2NrC%2FPvoePXFaEzxoul7YDIK23%2BGs5dLQ54xREfM4iD0PVpaQ9sKszR158swTpPLkqRIRPYJVR2DyZdD8RdBi3PJd0K1x2HaxkzzUua6nRlgLrkuk2WVk286eOiMvzAA6f1yBYMfXv%2Fx8%2Fbdr%2FEMwUyI1JT6WPxF01f3xLV2Q%2FVu6sOTxeprJvtyh09%2B8ndFMXPz6PbFdaMNXb9jRwzfZVJiGj%2B4Im92kCZdJ15JvliXnwqxowwT5YdVuimgjt1vLuUny9ObGWyur%2FRmg1EkFKk8%2B%2BARMTsgV05vt6Ut%2FvgtpKpi8RD8%2FJnOD1BVYugubLuitJjBqUROlDoq8HBs%2FWjwqSaDEIqdRCfufPFrEe%2FY%2BusYBze7NtnNgSgxUCapGsPnFcZaa4%2Bu%2FBDNDpJxxpIyzHymjvjgfrZWntYYXinbUbjHOI8G41%2FKDduC6PudhqyO8DjI7Yb%2FfTf8FAAD%2F%2FwEAAP%2F%2Fd0uY5n8EAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSTWgkRRTHq%2Ffj4AqC4sWDMogHBTPbX%2FPlHhbjGomuSdgPA%2BKluqp6Uk5NV1PVPT0JHoILshdhPOmx859kw%2BoiLp4F6XiRnDIelhyMFxHBo%2BBZZjIw%2BqDqvVf%2Fd%2Fi9V%2B%2BzvfyMuMjp6cb7ekcqRa826m7t1U2ZcF3Y2tqdmufW3Wu1TZk0w2u14fQygzc8t1F3X6u9I1hPX%2FVdz3U916utSCNiPbw6UyHTRx2v3nHroV%2F3GiGG5v%2B5zR1Y6oAPzshzkHxyeevnx5CsQtL%2F7oawvUynr7%2FdzxXNtMGAH95NeokuEvQXYWwcxMnhvBraTgj56gJ0cjjvAHqwP%2B0AkZwQ54mHKDmcYyIaHJyTRgoiQcSfRjGoIFQFSSswfQ%2BSnxCAcaytI%2Bk%2FWNOmoNvnKp2qE3Lpn78hiwm59OvzSPrfLis5rN3WKs%2BkTiyGcQk5rCC7FdL8CNmOA1kcgWWfQnKCpF9C8tNXGhFlrajdXIqaPl0KKQ%2BXqN%2BJl4Im9VlD%2BLThx7PRSFlBxhWUGIFaB%2Fn0SAd57CBPHfT5aY02OrHrtuIoDoJ2yBgLAsYa7SZv8CBsxy5yNmUfIUtHYGoEZnaRml305Agm%2FxF2q4TlDmxGMOAlCkFQWIKCEhSSoMgIikF5wJX1bfmAK5tH3tz7cx%2BUY5119%2BiBzroiIXvpGXl2NrC%2FPvoePXFaEzxoul7YDIK23%2BGs5dLQ54xREfM4iD0PVpaQ9sKszR158swTpPLkqRIRPYJVR2DyZdD8RdBi3PJd0K1x2HaxkzzUua6nRlgLrkuk2WVk286eOiMvzAA6f1yBYMfXv%2Fx8%2Fbdr%2FEMwUyI1JT6WPxF01f3xLV2Q%2FVu6sOTxeprJvtyh09%2B8ndFMXPz6PbFdaMNXb9jRwzfZVJiGj%2B4Im92kCZdJ15JvliXnwqxowwT5YdVuimgjt1vLuUny9ObGWyur%2FRmg1EkFKk8%2B%2BARMTsgV05vt6Ut%2FvgtpKpi8RD8%2FJnOD1BVYugubLuitJjBqUROlDoq8HBs%2FWjwqSaDEIqdRCfufPFrEe%2FY%2BusYBze7NtnNgSgxUCapGsPnFcZaa4%2Bu%2FBDNDpJxxpIyzHymjvjgfrZWntYYXinbUbjHOI8G41%2FKDduC6PudhqyO8DjI7Yb%2FfTf8FAAD%2F%2FwEAAP%2F%2Fd0uY5n8EAAA%3D HTTP/1.1
Host: innocenceexpeditionsensation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 02:07:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c7370ec32855d8812fec239c99cec2a2
Strict-Transport-Security: max-age=0; includeSubdomains
innocenceexpeditionsensation.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 innocenceexpeditionsensation.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: innocenceexpeditionsensation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=5bac7b86-b62a-4ad4-a29f-36a2c5e2a52f:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 09 Feb 2023 02:07:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
2.18.172.200200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
IP 2.18.172.200:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=155495 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=81424
expires: Fri, 10 Feb 2023 00:44:49 GMT
date: Thu, 09 Feb 2023 02:07:45 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.113.js
178.250.2.130200 OK 28 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.113.js
IP 178.250.2.130:0
File type HTML document, ASCII text, with very long lines (65354)
Hash 41c89e663e403f6f43e8fcdae013f90c
78c1019c3c23080a9cb2a4a0f401e0b78dc9faa5
e85be71f46face23a1842bc72406f26abbc87853703317dcbbaa304e86b3d040
GET /js/ld/publishertag.prebid.113.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:07:45 GMT
content-type: text/javascript
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
etag: W/"6138b197-1532d"
expires: Fri, 10 Feb 2023 02:07:45 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
185.64.189.115200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 185.64.189.115:0
File type ASCII text, with no line terminators
Hash 30dfda1d0dd822e752d7276ebbba595f
a4296ca6947b9695718c9bf12a3c6f61c983583b
c68b95e218bd6534f52a96c615cb219c173d9b76cfe78bfc27a623747534c068
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Tue, 9 May 2023 18:50:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 09 Feb 2023 02:07:44 GMT
content-length: 60
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=7CAEA63D-71F8-406E-8C64-0060D75713FF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 1.2 kB URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=7CAEA63D-71F8-406E-8C64-0060D75713FF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1524)
Hash c29d19c2c2bbc4580a03b9ff3cb855c2
d1dda72040a76d65a99e1c588ba97a86f8214d03
e4772b42430f42bd236bc5f8af5748af2c4af7d7ea90706a6f81305ac846b274
GET /AdServer/SPug?o=1&p=155495&sc=1&u=7CAEA63D-71F8-406E-8C64-0060D75713FF&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:07:45 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=pv&jm=1003&px=271&py=1843&bw=728&bh=90&sf=1&sid=4622845801015163208&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2
185.89.210.90200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=pv&jm=1003&px=271&py=1843&bw=728&bh=90&sf=1&sid=4622845801015163208&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2
IP 185.89.210.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FI813Wa&e=wqT_3QLuBejuAgAAAwDWAAUBCO-qkZ8GELbou7S39rWFeBgAKjYJHt0Ii4o4jT8RrN-vdtLKhj8ZAAAAIK5H0T8hrA0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eMPyBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzL0k4MTNXYYADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtQy1Qd0JoakI4cWFYSk0ybjhPOENnVngtWmlUTFEwYmdsUkx4dS1PcVBnUUNDQTdRLTNZcVA0T3JjcGxFUFFETS1oQlpXdDN5TGNXVDJuUmxBelBwcW1kYS1vRncmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODY0OTk2MzIwMDEwNjY1NjgyMiIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAW4u-2cmsuFecAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcPBD_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAJP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHw_IF0gcNCQAJMwU0CNoHBgFscBgA4AcA6gcCCADwB_z2C4oIAhAAlQgAAIA_mAgB&s=75880bd343afd052fa04308508a061015735660e&type=pv&jm=1003&px=271&py=1843&bw=728&bh=90&sf=1&sid=4622845801015163208&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2 HTTP/1.1
Host: ams3-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 3c969fce-8d10-4ea0-a0c8-ba6285d8d0e6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
acdn.adnxs.com/dmp/async_usersync.html
23.38.200.189200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 23.38.200.189:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 10 Feb 2023 02:07:48 GMT
Date: Thu, 09 Feb 2023 02:07:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.211.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.211.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 33dade9e-8e2b-40c3-a6ed-70fae34aa7bc
Set-Cookie: uuid2=7237223185553730288; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
eus.rubiconproject.com/usync.html
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 09 Feb 2023 02:07:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18415)
Hash b5c30cc6d678af1f21e540acde2da3df
e4d2820e29cfbe4e91571208f71083cf1423d15c
1a7aab62e7c33f20363e9d736e180ba25d1bd41e8128264194b87d94198ca431
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 09 Feb 2023 00:20:27 GMT
Content-Encoding: gzip
Content-Length: 10007
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=79936
Expires: Fri, 10 Feb 2023 00:20:02 GMT
Date: Thu, 09 Feb 2023 02:07:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.211.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.211.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b3862bab-4ae1-4ff9-a41c-8fa13a13c382
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
54.230.111.112403 Forbidden 986 B URL HTTP/2 sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
IP 54.230.111.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0c108acace0b5bccd7ef190adcbc442a
6b17b671c8d4502024df1384cc1f0875cdfbcd1b
e001e744cec1ed49e57ab8eb3f91a0516b1add93e0aa6a1bb538f5569a1e2c8c
GET /profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54 HTTP/1.1
Host: sync.intentiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: CloudFront
date: Thu, 09 Feb 2023 02:07:46 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LF8RXaX-mRbL5bSI_ARoT_JSlyPT1qc5n4EiLecxaD478b9X2ELaXg==
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 623d1da3094c0d0079530d1e7707393c
9c562fc23a6233b375b60e01a11dc88d93b07cb9
e7a48d53020e53e448b7cf1807eeb03c24c5948b0208b99cf9b9988d61e8f98c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4669
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:46 GMT
Last-Modified: Thu, 09 Feb 2023 00:49:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
match.adsrvr.org/track/cmf/rubicon
15.197.193.217200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/rubicon
IP 15.197.193.217:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/rubicon HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:46 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
dmp.brand-display.com/cm/api/rubicon
34.111.151.213302 Found 121 B URL HTTP/2 dmp.brand-display.com/cm/api/rubicon
IP 34.111.151.213:0
File type HTML document, ASCII text
Hash b7dbc7bd75a00a45c73f6b0b3c9d651b
5de797d61a2aa59aac49642a6ca14bf73daf2f9a
181d8e7675ad05b61273e94246bdb728c756db437b3d50b6dfc836eef352122e
GET /cm/api/rubicon HTTP/1.1
Host: dmp.brand-display.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.22.1
date: Thu, 09 Feb 2023 02:07:46 GMT
content-type: text/html; charset=utf-8
content-length: 121
access-control-allow-origin: *
cache-control: max-age=3600
location: https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ab0aacb9-7df3-ef28-099ac223
p3p: CP='This is not a P3P policy!'
set-cookie: _knxq_=ab0aacb9-7df3-ef28-099ac223.1675908466.0.1675908466.1675908466; Path=/; Domain=brand-display.com; Max-Age=63072000; Secure; SameSite=None
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 623d1da3094c0d0079530d1e7707393c
9c562fc23a6233b375b60e01a11dc88d93b07cb9
e7a48d53020e53e448b7cf1807eeb03c24c5948b0208b99cf9b9988d61e8f98c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4669
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 02:07:46 GMT
Last-Modified: Thu, 09 Feb 2023 00:49:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
172.64.167.9200 OK 4.8 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
IP 172.64.167.9:0
Hash 21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237
GET /sb/ssp/in-page_push/os/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:02 GMT
etag: W/"627b7b4e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5075334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2FvKGcARJB4JpfhT7Dc0hpTYgX%2FqmrJOTMvlAe4f2Dv02DSoDcKpW%2BMyN6%2BAjd2aZ%2FqZEOip1fIjkIJGUUa0ZIY9G75wqJUozubpxsPaH8stI8TWAH8rfXe%2BVEbje9uNrMS90wSlO51K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d9f4d2474ad-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
45.133.44.4200 OK 588 B URL HTTP/2 cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash 228805eb6f582761238fa4c7ea10339c
cec2d5170e271b2e4639d2af7400eeefce2163ca
299a52b7d44d4b8302e3928223a88f7ec342cac216b9acf0f2cc5a3192325c11
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 07 Jun 2022 15:37:00 GMT
etag: W/"629f709c-40e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 09 Feb 2023 03:07:44 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
token.rubiconproject.com/token?pid=25470
213.19.162.90204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 0163a7456b0a5605e8b1fb1d4fba3e4d
sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
151.101.2.49302 Found 0 B URL HTTP/2 sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
IP 151.101.2.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~Y_RVcgAAARHBuQAb; Path=/; Domain=.everesttech.net; Expires=Fri, 09-Feb-2024 02:07:46 GMT; Max-Age=31536000
location: https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Y_RVcgAAARHBuQAb
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Thu, 09 Feb 2023 02:07:46 GMT
via: 1.1 varnish
x-served-by: cache-bma1677-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675908467.837791,VS0,VE92
cache-control: no-cache
pragma: no-cache
content-length: 0
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/rubicon
213.19.147.44302 Found 85 B URL HTTP/2 sync.1rx.io/usersync2/rubicon
IP 213.19.147.44:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 5bec6606b8392065f9da9898ca6f7b14
73ac5b01b5e3293fb792179626e7f8369cdb944d
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
GET /usersync2/rubicon HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 02:07:46 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-6da13e09-0fb8-47ef-a0d2-341b2d53c6a2-003%22%2C%22zdxidn%22%3A%222013%22%7D; path=/; expires=Fri, 09 Feb 2024 02:07:46 GMT; domain=.1rx.io; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://sync.1rx.io/usersync2/rubicon?zcc=1&cb=1675908466890
etag: RX6da13e090fb847efa0d2341b2d53c6a2003
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/rubicon?zcc=1&cb=1675908466890
213.19.147.44302 Found 0 B URL HTTP/2 sync.1rx.io/usersync2/rubicon?zcc=1&cb=1675908466890
IP 213.19.147.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usersync2/rubicon?zcc=1&cb=1675908466890 HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 09 Feb 2023 02:07:46 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
location: https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=OPTOUT&expires=30
etag: OPTOUT
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ab0aacb9-7df3-ef28-099ac223
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=ab0aacb9-7df3-ef28-099ac223
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=538100&nid=5446&put=ab0aacb9-7df3-ef28-099ac223 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 49049ff336235ad60cb44abcb1cec1d6
Content-Type: image/gif
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
142.250.74.34302 Found 280 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 71ad89ad199a33e899f914d898872fe4
6ca9d2988115dbec1e30c337be9b67adea23732e
d780663f1202366919be361d8b4a9c47e234342d0bb6e55695172837a17c0418
GET /pixel?google_nid=rubicon&google_hm= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
date: Thu, 09 Feb 2023 02:07:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 280
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 09-Feb-2023 02:22:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
142.250.74.34200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
IP 142.250.74.34:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_hm=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Thu, 09 Feb 2023 02:07:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.211.84307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.211.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: ef7dbd7f-7604-41ae-9ebe-acdb04744436
Set-Cookie: uuid2=3548936515625078277; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 10-May-2023 02:07:47 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.211.84200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.211.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 09 Feb 2023 02:07:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: f0d4bb55-3a47-479a-b0c4-08b7a6308062
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
108.157.229.98200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 108.157.229.98:0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Thu, 09 Feb 2023 02:07:43 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a1883601a786b7317faec0d94ef154f2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: NcEw8fjjHIJE8u3Nk3Rd3sDxBI8ZBP7k1g6RJjmHiwQLCpstsfNz8g==
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.189200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.189:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 157641
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.14200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.14:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:45 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 100023
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.io/I813Wa
104.22.23.162302 Found 0 B IP 104.22.23.162:0
GET /I813Wa HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 09 Feb 2023 02:07:40 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/I813Wa
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6IlRSbmVKeWQyaDQ3XC9oOCs5WnhYdFJuK0pcL0JaTUFoQ1ZqdytLdTIrT0NsQT0iLCJ2YWx1ZSI6InVtWXFuc3NjbU5cL080dkk3ejBhUHFLNXJmTGpKNytyT1QySStTcElmcXlIclIxWUZIVmNMM2FzK1pIOHpzYW5TV3A4TW5OeUFDdVNoczFZbG4yMDFyZz09IiwibWFjIjoiYjVmNDQ5NmM2MjM0NTVlYjcwNjNkMDI0NTQzOTc2MGRlOWZkZGFkNmNjMzBjM2IwNTgxYmNlMzlkYmU3ZTQ3MyJ9; path=/; httponly
language=eyJpdiI6ImNvZ0tCc2NIdVB6cTJTM3M0Y2oyenJcL3FQeHNwbEFNWmx4dGdYaG9DWDZzPSIsInZhbHVlIjoiXC9Tb0VcL0lNNVBQYXErSGN3ejVnNlVDODU1cytoMzM3d3VEbFhFM2s2RVBvPSIsIm1hYyI6IjM5MmQ4NzVkMTJkZGM3NTEyYjY2MWNmZmM4ZmNmODc2ZGMyYTZmZjI5MGRjNWZlMWEzZmRlZDBkZTgwMzEzNWEifQ%3D%3D; expires=Tue, 08-Feb-2028 02:07:40 GMT; Max-Age=157680000; path=/; httponly
4bb8f90052172001d9e1c34b49c80ddfb86e88ad=eyJpdiI6Ind1Vk94S0xTd2ZUajQrdGgxZTBHamdrVUxONkdoQzRxeEV1SEt5K0tiNHc9IiwidmFsdWUiOiJvZVZxbWYxeU5hVVdVcTQyK3lwam9VSzJJZExvSlBkNjE3SVRwVHZkVkVYR3JJVGhVWFdMY0craWZlejcrXC9PcHNHeDlpNEpidGNkcmhkN0NMXC9RT29ZRWkxY0FnMlorYVg5NG9OZVZxZUVxMGtZVGk1SFwvNGpRRjJDak81RUlkM1ZoQ1Y5dStTczQzd1licGxCblllSER4MVNDdkJKZDZpc1BObHR4V0JUOEJQXC81SERnd2lGQWZ1T3ROVzNhSzBTRUc0R09WemZkQnJPUXhXU1FmMTBnM0k0eTFET1JyVFFWV0RLejN5VjJyM3FwdFJNUmdFRGp5XC9aWnR0NVo0YVZaNnlzbVwvNTBOZXErS2trQUdPRXVpaXVOcGdDWGFtRVwvTFVvbkIzOGJXejZLczU1TjhtTmc0blVCUDByUEJjNGpzMmZNT0xxR2NxeTZIcjJTK0pBWFFnPT0iLCJtYWMiOiJiZDU2NjcwNzViZDRmM2E1OTg1NWU1ZGE1NmVkNTRmZGJkOTBiNjQzZDg1NzVkMzMzYjlhNGYxNjc1MjMwZWY4In0%3D; expires=Thu, 09-Feb-2023 04:07:40 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79690d869fb3b512-OSL
X-Firefox-Spdy: h2
ouo.press/css/link-safe.css
104.22.58.251200 OK 0 B URL HTTP/2 ouo.press/css/link-safe.css
IP 104.22.58.251:0
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/I813Wa
Cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; __cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"5d951ace-1830"
expires: Thu, 09 Feb 2023 04:46:43 GMT
last-modified: Wed, 02 Oct 2019 21:46:54 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 33658
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8c8c01b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
hhklc.com/c.js
172.67.223.102200 OK 0 B IP 172.67.223.102:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 13:04:38 GMT
etag: W/"63aaed66-2eef"
server-asp-net: Asp Net
expires: Thu, 09 Feb 2023 02:33:47 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 1134
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQK0bt%2BXejvqwtlZr%2BxemmjVkIVG5g8F9rSjt%2BmDbBlOCoq3mZ3sK%2FgORERAvfep67r2Z1MWsAXk%2BeW4yooJ%2BsnQ1Q8queEqlLD91W2tLGcuEAzoGVKmeCQaB5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8d388cb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 01:20:50 GMT
etag: W/"63c74972-162fb"
expires: Fri, 10 Feb 2023 02:07:43 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=IMJ2aF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnh1aUdBaTh4MGg2aDZKUCUyQkVBUUVvSA&idsd=1187966546,-1120868483&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=IMJ2aF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnh1aUdBaTh4MGg2aDZKUCUyQkVBUUVvSA&idsd=1187966546,-1120868483&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=IMJ2aF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnh1aUdBaTh4MGg2aDZKUCUyQkVBUUVvSA&idsd=1187966546,-1120868483&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1147248
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.189200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.189:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:45 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 146180
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=f1N_qV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnpjdE5OUTVuSld3eFR1UW9mcTMlMkJLdg&idsd=1187966546,-1120868483&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=f1N_qV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnpjdE5OUTVuSld3eFR1UW9mcTMlMkJLdg&idsd=1187966546,-1120868483&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=FpzPfF9RMmhxSVVYTGclMkJOJTJGTE9LSEZLVHZ1R0Vac3BYVWl5V2ZnNiUyRkdrTDJPRiUyRjNTZFhKTyUyRnVhTHRnc0lXJTJGbkIzM2M5Y2QwVUxGR1ozZDZwa3c2WlRYeHZsUnpCRzFpakt6b1I5aURwSjlTcmRHQ0x4R3hpR3Y4c042RGUlMkZSRVVybTRz&info=f1N_qV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJ5cndYTTZUTGxUdFJocHFNQlJIbnpjdE5OUTVuSld3eFR1UW9mcTMlMkJLdg&idsd=1187966546,-1120868483&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1060042
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
54.230.111.89200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP 54.230.111.89:0
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 09 Feb 2023 01:41:33 GMT
expires: Thu, 09 Feb 2023 02:41:29 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GTzHQyvNFuaVPNaR1NMDJ6Enu41-f-gbIPKZnifKv-_qAtwoSmEtEA==
age: 1573
X-Firefox-Spdy: h2
ouo.press/css/bootstrap.css
104.22.58.251200 OK 0 B URL HTTP/2 ouo.press/css/bootstrap.css
IP 104.22.58.251:0
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/I813Wa
Cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; __cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Thu, 09 Feb 2023 11:56:21 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 7880
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8c8bffb4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:42 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 496063
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.adtrue.com/rtb/async.js
172.67.144.249200 OK 0 B URL HTTP/2 cdn.adtrue.com/rtb/async.js
IP 172.67.144.249:0
GET /rtb/async.js HTTP/1.1
Host: cdn.adtrue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: application/javascript
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
etag: W/"5fb1d3ed-1c9f"
expires: Sun, 24 Sep 2023 03:46:20 GMT
cache-control: max-age=31104000
access-control-allow-origin: *
cf-cache-status: HIT
age: 11485281
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOW8PTtgGsv9MJyFmKoiSyTIdHmKPM5YdOw8P2nXWqJzVd4NaEtEtWWvN2%2B9nHAFeKilzXauIbdMJMTwfVqNQ70V6eUpNIh8ilc09FC3WB%2Fr5wxtN4tqxjQycjHPSSyGsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8e5aef0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.adskeeper.co.uk/images/adskeeper_svg.svg
172.64.153.20200 OK 0 B URL HTTP/2 cdn.adskeeper.co.uk/images/adskeeper_svg.svg
IP 172.64.153.20:0
GET /images/adskeeper_svg.svg HTTP/1.1
Host: cdn.adskeeper.co.uk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: image/svg+xml
x-amz-id-2: 9+wK7//B9wiKymVhwJBS49yIWsknA1BYnHtl2rpiLd1F4bVgMRR1xL0U37+qHDuhswdKTk5XkFw=
x-amz-request-id: P23ZACW8NK08CPPP
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
x-amz-version-id: null
cf-cache-status: HIT
age: 4335
expires: Thu, 09 Feb 2023 06:07:43 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d97dba7b503-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.123.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.123.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.123.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 02:07:43 GMT
content-type: text/javascript
last-modified: Tue, 03 May 2022 11:21:03 GMT
etag: W/"6271101f-15b58"
expires: Fri, 10 Feb 2023 02:07:43 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.22.58.251200 OK 0 B URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.22.58.251:0
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/I813Wa
Cookie: ouoio_session=eyJpdiI6Ik5Bb1VcL2k5SmlzWVFIc0F1dkJsTys2bXMyWTRienVcL3BpT29VR2tyemJXTT0iLCJ2YWx1ZSI6IlRFalZtalRZNWlDenVLVzM3NXRjVzZXdUlqYnJqbjJJOHhiK3ZQM3NMNTFDb0l2MnFNUmxYbXdWUlFmK1VCR2tIVjh5cGF4OGo4WHZySHhqTUVWcVwvZz09IiwibWFjIjoiNmRkYjdhNTllOTM5NjJlMTM3M2YxN2Y4YjAwNzEwNDc5MDcxZWJmZDFmYzY4MmQ2ZjE1Y2I1MWJiOWU2YTRkNiJ9; language=eyJpdiI6IlBuV0FSNkV6eW1KM01IenlsXC9EOEZDQ2M0ZkFDaWI0ckNRWDBZK2Zlcmc0PSIsInZhbHVlIjoiTHlKRENJYzBFSm5JTEw4RFRiSnNoXC9GaHNuSkZQbkRtZWFxYW5qMmZOdjg9IiwibWFjIjoiZjc5MGEyZjA4MDgwNDNiNTljODE5NzE1ZDVkMWExNTgyNDY0NGZjYmZkY2YwYzZmOTk1MjkyNWFiMmE4MzQ0NCJ9; c9918d2ef9e0c4f3b0a64887e3b56f5d2be9236b=eyJpdiI6IkF5VVVtbDVyRUhHc0dsUHdvejU3dksyalF4ZkRlTmtBR0RHQlBDUWFDcHc9IiwidmFsdWUiOiJEUWZHYkF2S0lvQ2JIaUorRUg0QWFJU3F4aUlYeURsNDlDM0NcL2pFazRsdldVR3Z2dUFrSThDNzVzN3JOSndBZUFWMDIrZlFKTWJpZERBQWJhYjFGc2NhQllKZ2dGeWw2NHhSOUdLT0FjS09JSnR2dVhPOURFWEUyS0NYT2orUGZLXC8ySWVyandcL1hKYnhkOFNPNWgxNVNkaGJcL1ZaQTRXbVVVWnhWcHZidk54WG9jSk54cTVpTndORk5rdlVHZE9WTUJNbGtQZjNQblkxdFFyK0RWQ0VDNnduZ3lnRWptajRIVEVDb1ZXWnZjb1U1VkE1S3ZvNnV2eDNmWWdVR2pRRGpMK1lVcWRPb1VEY1BaQXVVcGJiQm44WWlEMjhPQTN2TlViVGY1ZFhLTk9oZUg4clRmYzJvK3RIVFVwOFVRc3dkc1c3bEhCZWd1amdnSXZYXC9FckdpcDB0ZmRrNzB3Zml1cng4TFZSS3F4OXhRUEowU2ZyYnBpMWJvTStUaDQzWSIsIm1hYyI6IjFmOTBmMDk3ODM0NzM3NWE5MGZjYmU1NjUyZDFhMmE3Y2ZjOGZkNDc1MDU1ZTkwYWFlY2MyNTU0MTg4ZTViNjAifQ%3D%3D; __cf_bm=p24i.ZpUGxaeAbWZ_nSLf7gxYjEHP.ZYqPtqrqAptG0-1675908461-0-AWQ5h0DFuirSiuTrBsUwVk3ACWAR0IKcL1AvGZVkiAcfyYX2E40g4VgSeXajVrE+4nZ2qVUsHx1ANRnu+LRV2YI=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 02:07:41 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 18:52:43 GMT
etag: W/"63e14c7b-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 79690d8c9c08b4f4-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 11 Feb 2023 02:07:41 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.89200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.89:0
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 09 Feb 2023 01:25:26 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 01:25:26 UTC
etag: W/"b974eeb18510b3a4a59774ea97162f37"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nD7T5hX7GBnAwwnO4GnAamLroKG1UOa9sTA1Z1Qo6A6tvIU6jX3sFg==
age: 2535
X-Firefox-Spdy: h2