Overview

URL ouo.io/JOWwmxs
IP104.22.22.162
ASNCLOUDFLARENET
Location
Report completed2022-09-21 00:32:23 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-21 2 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js Malware
2022-09-21 2 contagiousantagonizequarry.com/pixel/sbs?c=1 Phishing
2022-09-21 2 contagiousantagonizequarry.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSzWtcVRjGz20rK (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-20 2 unseenreport.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed
2022-09-20 2 contagiousantagonizequarry.com Sinkholed


Files

URL contagiousantagonizequarry.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A (...)
IP  192.243.59.20
Magic gzip compressed data, max compression\012- data
Size 660
MD5 5860c780c8e9daa4f852038f02b5bdc2
SHA1 c75c8b4db36bffe075ce493f06d011f855d5541a
SHA256 f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85
Analyzer Analysed Verdict Comment
VirusTotal 0/0


Passive DNS (60)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ad.doubleclick.net (1) 186 2013-05-06 20:24:43 UTC 2022-09-20 10:17:26 UTC 216.58.207.198
mnemonic passive DNS pixel.rubiconproject.com (1) 314 2012-10-09 03:17:38 UTC 2022-09-20 04:51:18 UTC 213.19.162.90
mnemonic passive DNS cdn.sb4you1.com (4) 22321 2021-09-16 11:26:58 UTC 2022-09-20 11:30:14 UTC 172.64.200.2
mnemonic passive DNS ouo.io (2) 50761 2015-02-15 06:06:38 UTC 2022-09-20 11:42:57 UTC 104.22.22.162
mnemonic passive DNS cdn.yourwebbars.com (1) 62037 2021-01-29 17:47:27 UTC 2022-09-20 13:49:29 UTC 104.26.6.19
mnemonic passive DNS cdn.run-syndicate.com (1) 36414 2018-01-28 18:16:24 UTC 2022-09-20 18:30:45 UTC 8.254.252.214
mnemonic passive DNS fastlane.rubiconproject.com (1) 459 2017-01-30 04:49:40 UTC 2022-09-20 10:59:56 UTC 213.19.162.41
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-20 04:47:04 UTC 34.117.237.239
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-09-20 17:05:04 UTC 142.250.74.164
mnemonic passive DNS tv.gourdycortes.com (1) 0 2022-05-16 14:48:14 UTC 2022-09-20 22:56:40 UTC 23.109.82.223 Unknown ranking
mnemonic passive DNS cdn.runative-syndicate.com (1) 34853 2019-03-18 11:54:28 UTC 2022-09-20 13:30:10 UTC 8.247.218.249
mnemonic passive DNS sync.vicodes.com (1) 0 2022-08-10 18:12:24 UTC 2022-09-20 22:56:41 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-20 04:47:45 UTC 142.250.74.3
mnemonic passive DNS prebid.a-mo.net (1) 1148 2020-07-14 17:45:55 UTC 2022-09-20 11:18:25 UTC 147.75.85.234
mnemonic passive DNS ocsp.digicert.com (8) 86 2012-05-21 07:02:23 UTC 2022-09-20 19:59:48 UTC 93.184.220.29
mnemonic passive DNS ouo.press (6) 89754 2016-07-27 01:12:12 UTC 2022-09-20 11:42:58 UTC 104.22.58.251
mnemonic passive DNS ecdn.firstimpression.io (3) 18146 2017-08-11 09:25:19 UTC 2022-09-20 22:56:40 UTC 54.230.111.73
mnemonic passive DNS ice.360yield.com (2) 1494 2018-11-08 13:23:00 UTC 2022-09-20 22:21:32 UTC 18.159.9.120
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-20 20:31:37 UTC 143.204.55.115
mnemonic passive DNS viavideo.digital (3) 0 2021-11-04 15:26:31 UTC 2022-09-20 22:56:41 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS bidder.criteo.com (1) 750 2017-01-30 05:01:16 UTC 2022-09-20 10:20:10 UTC 178.250.0.165
mnemonic passive DNS ecdn.analysis.fi (1) 22604 2021-04-26 06:44:49 UTC 2022-09-20 19:29:32 UTC 54.230.111.15
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
mnemonic passive DNS asia.hhkld.com (1) 0 2022-09-01 19:18:57 UTC 2022-09-20 22:56:40 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS c.amazon-adsystem.com (3) 300 2013-12-19 15:10:01 UTC 2022-09-20 10:59:55 UTC 143.204.46.73
mnemonic passive DNS aax-dtb-cf.amazon-adsystem.com (1) 0 2022-06-17 10:06:30 UTC 2022-09-20 10:59:57 UTC 143.204.52.189 Domain (amazon-adsystem.com) ranked at: 3190
mnemonic passive DNS hhkld.com (5) 0 2022-06-21 06:07:08 UTC 2022-09-20 22:56:40 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS sync.dmp.otm-r.com (1) 19534 2017-02-03 07:19:51 UTC 2022-09-20 12:49:26 UTC 116.202.236.228
mnemonic passive DNS sync.viavideo.digital (1) 0 2022-03-03 12:44:15 UTC 2022-09-20 22:56:41 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS hhklc.com (1) 0 2022-06-12 16:30:56 UTC 2022-09-20 22:56:40 UTC 172.67.223.102 Unknown ranking
mnemonic passive DNS simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-09-20 10:38:22 UTC 3.64.106.196 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-09-20 04:47:05 UTC 23.36.76.226
mnemonic passive DNS itineraryupper.com (1) 280787 2020-07-23 02:40:11 UTC 2022-09-20 22:56:40 UTC 192.243.59.20
mnemonic passive DNS www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-09-20 13:42:45 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS cm.adform.net (1) 1667 2015-03-30 07:47:01 UTC 2022-09-20 11:00:50 UTC 37.157.6.253
mnemonic passive DNS creepingbrings.com (1) 0 2022-05-27 14:56:26 UTC 2022-09-20 11:02:49 UTC 104.21.234.232 Unknown ranking
mnemonic passive DNS pxl.tsyndicate.com (2) 14763 2017-07-05 13:51:06 UTC 2022-09-20 12:36:12 UTC 136.243.46.156
mnemonic passive DNS ouo.io (2) 50761 2015-02-15 06:06:38 UTC 2022-09-20 11:42:57 UTC 172.67.6.151
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-20 05:19:24 UTC 143.204.55.35
mnemonic passive DNS js-sec.indexww.com (1) 663 2015-05-13 07:47:54 UTC 2022-09-20 11:18:29 UTC 23.38.200.248
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-20 10:16:44 UTC 104.18.20.226
mnemonic passive DNS widgets.outbrain.com (1) 1272 2012-05-22 16:25:59 UTC 2022-09-20 11:12:34 UTC 23.38.201.81
mnemonic passive DNS contagiousantagonizequarry.com (8) 0 2022-09-19 02:43:00 UTC 2022-09-20 19:24:04 UTC 192.243.59.20 Unknown ranking
mnemonic passive DNS e1.o.lencr.org (3) 6159 2021-08-20 07:36:30 UTC 2022-09-20 10:16:39 UTC 23.36.76.226
mnemonic passive DNS img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-09-20 17:37:01 UTC 34.120.237.76
mnemonic passive DNS cdn.firstimpression.io (2) 18692 2021-01-03 16:41:33 UTC 2022-09-20 20:14:06 UTC 54.230.111.73
mnemonic passive DNS ib.adnxs.com (2) 241 2012-05-23 22:36:14 UTC 2022-09-20 10:29:03 UTC 185.89.211.116
mnemonic passive DNS tag.1rx.io (1) 1330 2016-03-31 02:49:07 UTC 2022-09-20 19:05:26 UTC 213.19.147.43
mnemonic passive DNS run-syndicate.com (1) 35071 2017-12-01 10:35:57 UTC 2022-09-20 21:30:38 UTC 136.243.51.205
mnemonic passive DNS ocsp.sectigo.com (5) 487 2018-12-17 11:31:55 UTC 2022-09-20 19:14:14 UTC 104.18.32.68
mnemonic passive DNS lcdn.tsyndicate.com (2) 12634 2020-03-31 14:26:34 UTC 2022-09-20 11:27:23 UTC 8.247.218.249
mnemonic passive DNS rtb.viavideo.digital (1) 0 2022-09-07 09:17:46 UTC 2022-09-20 22:56:42 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-20 05:36:22 UTC 34.210.107.213
mnemonic passive DNS ru.hhkld.com (1) 0 2022-07-23 18:50:26 UTC 2022-09-20 22:56:41 UTC 141.94.202.176 Unknown ranking
mnemonic passive DNS ads.betweendigital.com (2) 1571 2012-10-30 05:08:04 UTC 2022-09-20 12:26:54 UTC 188.42.191.196
mnemonic passive DNS ap.lijit.com (1) 666 2012-05-25 18:17:20 UTC 2022-09-20 11:00:49 UTC 72.251.249.14
mnemonic passive DNS unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-09-20 11:02:49 UTC 192.243.61.225 Unknown ranking
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-20 22:15:52 UTC 216.58.211.10
mnemonic passive DNS ssum-sec.casalemedia.com (2) 509 2014-06-23 13:16:59 UTC 2022-09-20 06:47:02 UTC 104.18.18.126
mnemonic passive DNS ocsp.godaddy.com (1) 698 2012-05-20 19:28:57 UTC 2022-09-20 09:29:00 UTC 192.124.249.41


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.22.22.162

Date UQ / IDS / BL URL IP
2022-11-22 05:06:54 +0000
0 - 0 - 8 ouo.io/63G1os 104.22.22.162
2022-11-20 06:08:16 +0000
0 - 0 - 3 ouo.io/QnVMXa 104.22.22.162
2022-11-19 08:28:34 +0000
0 - 0 - 8 ouo.io/9ot4aW 104.22.22.162
2022-11-18 09:32:29 +0000
0 - 0 - 1 ouo.io/npwR6p 104.22.22.162
2022-11-18 05:38:30 +0000
0 - 0 - 1 ouo.io/thFNIG 104.22.22.162

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-28 07:36:23 +0000
0 - 0 - 3 172.67.147.76/ 172.67.147.76
2022-11-28 07:35:23 +0000
0 - 0 - 1 neuboscentsetsa.tk/page-79317 172.67.138.162
2022-11-28 07:34:48 +0000
0 - 0 - 15 luke79.top/ 104.21.89.95
2022-11-28 07:34:27 +0000
0 - 0 - 3 shbetpro.com/ 172.67.130.163
2022-11-28 07:32:39 +0000
0 - 0 - 15 tionasgeretacom.ml/ru/ozon/?subid=7120-10447- (...) 172.67.141.60

Last 5 reports on domain: ouo.io

Date UQ / IDS / BL URL IP
2022-11-27 03:28:23 +0000
0 - 0 - 10 ouo.io/1NXtwF 172.67.6.151
2022-11-26 14:08:12 +0000
0 - 0 - 10 ouo.io/ZVf2P0 172.67.6.151
2022-11-25 10:04:18 +0000
0 - 0 - 8 ouo.io/AQUMg2Y 172.67.6.151
2022-11-25 04:03:00 +0000
0 - 0 - 10 ouo.io/DwFIAol 104.22.23.162
2022-11-23 18:08:36 +0000
0 - 0 - 11 ouo.io/8t4qFu 172.67.6.151

No other reports with similar screenshot



JavaScript

Executed Scripts (24)


Executed Evals (7)

#1 JavaScript::Eval (size: 15578, repeated: 1) - SHA256: 82b81c86cdae578664003b993458bc63c9de6f989bde32d1671110605cbbb93f

                                        /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var c = function(h) {
            return h
        },
        Y = this || self,
        y = function(h, U) {
            if (h = (U = Y.trustedTypes, null), !U || !U.createPolicy) return h;
            try {
                h = U.createPolicy("bg", {
                    createHTML: c,
                    createScript: c,
                    createScriptURL: c
                })
            } catch (w) {
                Y.console && Y.console.error(w.message)
            }
            return h
        };
    (0, eval)(function(h, U) {
        return (U = y()) && 1 === h.eval(U.createScript("1")) ? function(w) {
            return U.createScript(w)
        } : function(w) {
            return "" + w
        }
    }(Y)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var p=function(h,U){if(h.v)return hi(h,h.P);return(U=v(true,8,h),U)&128&&(U^=128,h=v(true,2,h),U=(U<<2)+(h|0)),U},T=function(h,U,c){c=this;try{Uu(U,this,h)}catch(Y){E(this,Y),U(function(A){A(c.F)})}},X=function(h,U,c,Y,A,w){if(!U.S){if(3<(h=m(419,((0==(Y=m((A=void 0,h&&h[0]===R&&(A=h[2],c=h[1],h=void 0),418),U),Y.length)&&(w=m(168,U)>>3,Y.push(c,w>>8&255,w&255),void 0!=A&&Y.push(A&255)),c="",h)&&(h.message&&(c+=h.message),h.stack&&(c+=":"+h.stack)),U)),h)){c=(h-=(c=c.slice(0,(h|0)-3),(c.length|0)+3),wH(c)),A=U.j,U.j=U;try{q(U,23,u(c.length,2).concat(c),9)}finally{U.j=A}}I(419,U,h)}},YC=function(h,U){if(U=(h=f.trustedTypes,null),!h||!h.createPolicy)return U;try{U=h.createPolicy("bg",{createHTML:cv,createScript:cv,createScriptURL:cv})}catch(c){f.console&&f.console.error(c.message)}return U},zq=function(h,U,c,Y,A,w){function y(){if(Y.j==Y){if(Y.K){var z=[D,c,U,void 0,A,w,arguments];if(2==h)var g=V(Y,(H(z,Y),false),false);else if(1==h){var r=!Y.h.length;H(z,Y),r&&V(Y,false,false)}else g=yF(Y,z);return g}A&&w&&A.removeEventListener(w,y,Z)}}return y},Ai=function(h,U){return h(function(c){c(U)}),[function(){return U}]},E=function(h,U){h.F=((h.F?h.F+"~":"E:")+U.message+":"+U.stack).slice(0,2048)},i4=function(h,U,c,Y){for(c=(Y=p(U),0);0<h;h--)c=c<<8|N(U);I(Y,U,c)},pl=function(h,U,c,Y){return m(408,(I(108,(vv(h,((Y=m(108,h),h.W)&&Y<h.Z?(I(108,h,h.Z),rH(h,U)):I(108,h,U),c)),h),Y),h))},wH=function(h,U,c,Y,A){for(A=(U=(h=h.replace(/\\r\\n/g,"\\n"),[]),c=0);c<h.length;c++)Y=h.charCodeAt(c),128>Y?U[A++]=Y:(2048>Y?U[A++]=Y>>6|192:(55296==(Y&64512)&&c+1<h.length&&56320==(h.charCodeAt(c+1)&64512)?(Y=65536+((Y&1023)<<10)+(h.charCodeAt(++c)&1023),U[A++]=Y>>18|240,U[A++]=Y>>12&63|128):U[A++]=Y>>12|224,U[A++]=Y>>6&63|128),U[A++]=Y&63|128);return U},Eu=function(h,U){return h[U]<<24|h[(U|0)+1]<<16|h[(U|0)+2]<<8|h[(U|0)+3]},Tq=function(h,U,c,Y){function A(){}return{invoke:(Y=xC(h,function(w){A&&(U&&K(U),c=w,A(),A=void 0)},(c=void 0,!!U))[0],function(w,y,z,g){function r(){c(function(x){K(function(){w(x)})},z)}if(!y)return y=Y(z),w&&w(y),y;c?r():(g=A,A=function(){(g(),K)(r)})})}},e=function(h,U){for(U=[];h--;)U.push(255*Math.random()|0);return U},I=function(h,U,c){if(108==h||168==h)U.K[h]?U.K[h].concat(c):U.K[h]=M9(U,c);else{if(U.S&&142!=h)return;158==h||23==h||190==h||418==h||77==h?U.K[h]||(U.K[h]=SD(U,c,h,38)):U.K[h]=SD(U,c,h,41)}142==h&&(U.U=v(false,32,U),U.J=void 0)},b=function(h,U,c){c[I(U,h,c),Ou]=2796},q=function(h,U,c,Y,A,w){if(h.j==h)for(w=m(U,h),23==U?(U=function(y,z,g,r){if(r=((z=w.length,z)|0)-4>>3,w.eN!=r){r=[0,0,(w.eN=r,g=(r<<3)-4,A)[1],A[2]];try{w.kR=Ri(Eu(w,(g|0)+4),r,Eu(w,g))}catch(x){throw x;}}w.push(w.kR[z&7]^y)},A=m(77,h)):U=function(y){w.push(y)},Y&&U(Y&255),h=c.length,Y=0;Y<h;Y++)U(c[Y])},k,mu=function(h,U,c){return U.g(function(Y){c=Y},false,h),c},Uu=function(h,U,c,Y,A){for((U.Qc=((U.qI=su,U).Zs=(U.dd=q9,U[n]),u4)(U.H,{get:function(){return this.concat()}}),U).Hs=W[U.H](U.Qc,{value:{value:{}}}),Y=[],A=0;128>A;A++)Y[A]=String.fromCharCode(A);V(U,true,(H((H([(H((b(U,(b((b(U,(I(((b(U,(b(U,(b(U,(U.br=(b(U,(I(335,U,(I(190,(b(U,103,(I(158,U,[160,(b((b(U,318,(b(U,436,(b((b(U,114,(b(U,33,(I((b(U,260,(b(U,222,(b(U,242,(I((b(U,133,(b((b(U,215,(b(U,398,(b(U,(b((b(U,(I(23,(b(U,(I(418,U,((I(168,U,(I(108,(U.tZ=((U.Fu=false,A=window.performance||{},U).S=((U.N=(U.G=8001,U.D=void 0,U.X=[],0),U.hZ=(U.h=[],function(w){this.j=w}),U.Y=1,U).F=(U.Z=0,U.B=25,U.j=(U.J=void 0,U),(U.u=0,U).L=null,void 0),false),(U.s=(U.yc=[],0),(U.P=(U.i=false,void 0),U).W=(U.OB=0,[]),U).U=(U.V=[],U.C=(U.o=0,U.K=[],U.v=void 0,0),U.R=void 0,void 0),A.timeOrigin||(A.timing||{}).navigationStart||0),U),0),0)),b)(U,91,function(w,y,z,g){z=(g=(z=p(w),p(w)),y=p(w),g=m(g,w),m(z,w)==g),I(y,w,+z)}),[])),179),function(w,y,z,g,r){I((z=(y=p((z=(g=(r=p(w),p(w)),p)(w),w)),y=m(y,w),m(z,w)),g=m(g,w),r),w,zq(y,z,g,w))}),U),e(4)),486),function(w){QF(w,4)}),U),507,function(w){l4(w,4)}),462),function(w,y,z){J(false,y,true,w)||(y=p(w),z=p(w),I(z,w,function(g){return eval(g)}(oi(m(y,w.j)))))}),function(w,y,z,g){I((z=(y=p(w),g=N(w),p)(w),z),w,m(y,w)>>>g)})),function(w,y,z,g,r){0!==(z=(y=m((r=(g=m((z=p((r=p(w),w)),y=p(w),g=p(w),g),w),m)(r,w.j),y),w),m(z,w)),r)&&(g=zq(1,g,y,w,r,z),r.addEventListener(z,g,Z),I(246,w,[r,z,g]))})),I(385,U,0),U),266,function(w,y,z,g,r,x,M,O,S,C,Q,F){function a(l,G){for(;S<l;)g|=N(w)<<S,S+=8;return S-=l,G=g&(1<<l)-1,g>>=l,G}for(x=(Q=(C=(S=(z=p(w),g=0),(a(3)|0)+1),a(5)),r=M=0,[]);r<Q;r++)y=a(1),x.push(y),M+=y?0:1;for(O=(M=((M|0)-1).toString(2).length,[]),r=0;r<Q;r++)x[r]||(O[r]=a(M));for(M=0;M<Q;M++)x[M]&&(O[M]=p(w));for(F=[];C--;)F.push(m(p(w),w));b(w,z,function(l,G,P,L,gH){for(G=(gH=[],0),L=[];G<Q;G++){if(!x[P=O[G],G]){for(;P>=L.length;)L.push(p(l));P=L[P]}gH.push(P)}l.P=M9(l,(l.v=M9(l,F.slice()),gH))})}),function(w,y,z,g,r,x){J(false,y,true,w)||(z=Ii(w.j),y=z.KJ,x=z.jN,r=z.A,z=z.O,g=z.length,x=0==g?new x[r]:1==g?new x[r](z[0]):2==g?new x[r](z[0],z[1]):3==g?new x[r](z[0],z[1],z[2]):4==g?new x[r](z[0],z[1],z[2],z[3]):2(),I(y,w,x))})),77),U,[0,0,0]),function(){})),U.LJ=0,I(419,U,2048),function(w,y,z,g,r,x,M){for(y=(M=(x=m(237,(z=(g=(r=p(w),X$)(w),""),w)),x.length),0);g--;)y=((y|0)+(X$(w)|0))%M,z+=Y[x[y]];I(r,w,z)})),function(w,y,z,g,r){for(g=(r=(y=X$((z=p(w),w)),0),[]);r<y;r++)g.push(N(w));I(z,w,g)})),296),U,U),function(w,y,z,g){y=(z=(g=(z=(y=p(w),p)(w),p)(w),m)(z,w),m)(y,w),I(g,w,y in z|0)})),function(w,y,z,g){I((z=m((y=(g=(y=(z=p(w),p)(w),p)(w),m(y,w)),z),w),g),w,z[y])})),U),76,function(w,y,z){(z=0!=(y=(z=p(w),p(w)),m(z,w)),y=m(y,w),z)&&I(108,w,y)}),function(w){QF(w,1)})),function(w,y,z,g){I((z=(g=(y=p(w),p(w)),p(w)),z),w,m(y,w)||m(g,w))})),U),510,function(w,y,z,g){if(y=w.yc.pop()){for(z=N(w);0<z;z--)g=p(w),y[g]=w.K[g];w.K=(y[419]=(y[418]=w.K[418],w).K[419],y)}else I(108,w,w.Z)}),b(U,113,function(w,y,z,g,r){r=(z=p((y=p(w),w)),p)(w),w.j==w&&(g=m(y,w),r=m(r,w),z=m(z,w),g[z]=r,142==y&&(w.J=void 0,2==z&&(w.U=v(false,32,w),w.J=void 0)))}),0),0]),function(w){i4(4,w)})),I(369,U,477),U),[]),f)),I(408,U,{}),397),function(w,y,z,g,r,x){if(!J(true,y,true,w)){if("object"==(w=(g=(r=m((y=m((x=p((g=(r=(y=p(w),p(w)),p(w)),w)),y),w),r),w),m)(g,w),m(x,w)),fl(y))){for(z in x=[],y)x.push(z);y=x}for(x=0,z=y.length,g=0<g?g:1;x<z;x+=g)r(y.slice(x,(x|0)+(g|0)),w)}}),0),85),function(w,y,z){(y=fl((y=m((z=(y=p(w),p(w)),y),w),y)),I)(z,w,y)}),431),function(w,y,z,g){!J(false,y,true,w)&&(y=Ii(w),z=y.jN,g=y.A,w.j==w||g==w.hZ&&z==w)&&(I(y.KJ,w,g.apply(z,y.O)),w.o=w.T())}),254),function(w,y){rH((y=m(p(w),w),w.j),y)}),U).IO=0,246),U,0),71),function(w,y){w=m((y=p(w),y),w.j),w[0].removeEventListener(w[1],w[2],Z)}),b(U,468,function(w,y,z){z=(y=p(w),p(w)),I(z,w,""+m(y,w))}),U),58,function(w,y,z,g){g=(y=m((z=(g=p(w),p(w)),z),w),m(g,w)),I(z,w,y+g)}),449),function(w){l4(w,3)}),[Ou]),U),d),c],U),[jD,h]),U),true))},hi=function(h,U){return U=U.create().shift(),h.v.create().length||h.P.create().length||(h.v=void 0,h.P=void 0),U},SD=function(h,U,c,Y,A,w,y,z){return(z=W[h.H]((U=[-74,93,-46,-30,9,-35,U,-89,(w=Gq,y=Y&7,40),87],h.Qc)),z)[h.H]=function(g){A=(y+=6+7*Y,y&=7,g)},z.concat=function(g){return(g=(A=(g=(g=c%16+1,3*c*c*g+U[y+27&7]*c*g+(w()|0)*g+54*A*A-162*c*c*A-5022*c*A)-g*A- -4752*A+y,void 0),U[g]),U)[(y+45&7)+(Y&2)]=g,U[y+(Y&2)]=93,g},z},rH=function(h,U){I(108,h,(h.yc.push(h.K.slice()),h.K[108]=void 0,U))},m=function(h,U){if(void 0===(U=U.K[h],U))throw[R,30,h];if(U.value)return U.create();return U.create(3*h*h+93*h+-88),U.prototype},Ii=function(h,U,c,Y,A,w){for(Y=p((c=((A=(w=h[F$]||{},p)(h),w.KJ=p(h),w).O=[],h.j==h?(N(h)|0)-1:1),h)),U=0;U<c;U++)w.O.push(p(h));for(;c--;)w.O[c]=m(w.O[c],h);return(w.jN=m(Y,h),w).A=m(A,h),w},v=function(h,U,c,Y,A,w,y,z,g,r,x,M,O,S){if(y=m(108,c),y>=c.Z)throw[R,31];for(O=(g=(S=y,c).Zs.length,U),z=0;0<O;)A=S>>3,M=S%8,w=c.W[A],r=8-(M|0),r=r<O?r:O,h&&(Y=c,Y.J!=S>>6&&(Y.J=S>>6,x=m(142,Y),Y.D=Ri(Y.J,[0,0,x[1],x[2]],Y.U)),w^=c.D[A&g]),S+=r,z|=(w>>8-(M|0)-(r|0)&(1<<r)-1)<<(O|0)-(r|0),O-=r;return I(108,c,(h=z,(y|0)+(U|0))),h},DN=function(h,U,c,Y){for(;h.h.length;){c=(h.L=null,h.h.pop());try{Y=yF(h,c)}catch(A){E(h,A)}if(U&&h.L){(U=h.L,U)(function(){V(h,true,true)});break}}return Y},V=function(h,U,c,Y,A,w){if(h.h.length){h.i=(h.i&&0(),true),h.Fu=c;try{w=h.T(),h.C=w,h.o=w,h.R=0,Y=DN(h,c),A=h.T()-h.C,h.s+=A,A<(U?0:10)||0>=h.B--||(A=Math.floor(A),h.V.push(254>=A?A:254))}finally{h.i=false}return Y}},Hv=function(h,U){(U.push(h[0]<<24|h[1]<<16|h[2]<<8|h[3]),U).push(h[4]<<24|h[5]<<16|h[6]<<8|h[7]),U.push(h[8]<<24|h[9]<<16|h[10]<<8|h[11])},M9=function(h,U,c){return(c=W[h.H](h.Hs),c)[h.H]=function(){return U},c.concat=function(Y){U=Y},c},Ri=function(h,U,c,Y,A){for(A=(U=U[Y=U[2]|0,3]|0,0);14>A;A++)h=h>>>8|h<<24,h+=c|0,c=c<<3|c>>>29,h^=Y+1890,U=U>>>8|U<<24,U+=Y|0,c^=h,Y=Y<<3|Y>>>29,U^=A+1890,Y^=U;return[c>>>24&255,c>>>16&255,c>>>8&255,c>>>0&255,h>>>24&255,h>>>16&255,h>>>8&255,h>>>0&255]},J=function(h,U,c,Y,A,w,y,z,g){if(((((w=(g=(A=(c||Y.R++,0<Y.N&&Y.i&&Y.Fu&&1>=Y.u&&!Y.v&&!Y.L&&(!c||1<Y.G-U)&&0==document.hidden),z=(y=4==Y.R)||A?Y.T():Y.o,z)-Y.o,g>>14),Y).U&&(Y.U^=w*(g<<2)),Y).Y+=w,Y).j=w||Y.j,y)||A)Y.o=z,Y.R=0;if(!A||z-Y.C<Y.N-(h?255:c?5:2))return false;return!(((I((h=m(c?168:108,(Y.G=U,Y)),108),Y,Y.Z),Y.h).push([VF,h,c?U+1:U]),Y).L=K,0)},xC=function(h,U,c,Y){return(Y=t[h.substring(0,3)+"_"])?Y(h.substring(3),U,c):Ai(U,h)},l4=function(h,U,c,Y,A){q(h,((c=m((Y=(c=p((A=U&3,U&=4,h)),p(h)),c),h),U)&&(c=wH(""+c)),A&&q(h,Y,u(c.length,2)),Y),c)},ai=function(h,U,c){if(3==h.length){for(c=0;3>c;c++)U[c]+=h[c];for(c=[13,8,13,12,16,(h=0,5),3,10,15];9>h;h++)U[3](U,h%3,c[h])}},t,f=this||self,Z={passive:true,capture:true},QF=function(h,U,c,Y){q(h,(c=p((Y=p(h),h)),c),u(m(Y,h),U))},cv=function(h){return h},fl=function(h,U,c){if((c=typeof h,"object")==c)if(h){if(h instanceof Array)return"array";if(h instanceof Object)return c;if("[object Window]"==(U=Object.prototype.toString.call(h),U))return"object";if("[object Array]"==U||"number"==typeof h.length&&"undefined"!=typeof h.splice&&"undefined"!=typeof h.propertyIsEnumerable&&!h.propertyIsEnumerable("splice"))return"array";if("[object Function]"==U||"undefined"!=typeof h.call&&"undefined"!=typeof h.propertyIsEnumerable&&!h.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==c&&"undefined"==typeof h.call)return"object";return c},u4=function(h,U){return W[h](W.prototype,{call:U,console:U,floor:U,replace:U,stack:U,splice:U,document:U,pop:U,propertyIsEnumerable:U,length:U,prototype:U,parent:U})},K=f.requestIdleCallback?function(h){requestIdleCallback(function(){h()},{timeout:4})}:f.setImmediate?function(h){setImmediate(h)}:function(h){setTimeout(h,0)},X$=function(h,U){return(U=N(h),U)&128&&(U=U&127|N(h)<<7),U},N=function(h){return h.v?hi(h,h.P):v(true,8,h)},u=function(h,U,c,Y){for(c=(Y=(U|0)-1,[]);0<=Y;Y--)c[(U|0)-1-(Y|0)]=h>>8*Y&255;return c},H=function(h,U){U.h.splice(0,0,h)},ZN=function(h,U,c,Y){try{Y=h[((U|0)+2)%3],h[U]=(h[U]|0)-(h[((U|0)+1)%3]|0)-(Y|0)^(1==U?Y<<c:Y>>>c)}catch(A){throw A;}},vv=function(h,U,c,Y,A,w){if(!h.F){h.u++;try{for(A=(Y=(c=0,h.Z),void 0);--U;)try{if((w=void 0,h).v)A=hi(h,h.v);else{if((c=m(108,h),c)>=Y)break;A=(w=(I(168,h,c),p(h)),m(w,h))}J(false,(A&&A[N9]&2048?A(h,U):X([R,21,w],h,0),U),false,h)}catch(y){m(369,h)?X(y,h,22):I(369,h,y)}if(!U){if(h.vs){vv(h,(h.u--,446149057662));return}X([R,33],h,0)}}catch(y){try{X(y,h,22)}catch(z){E(h,z)}}h.u--}},yF=function(h,U,c,Y,A){if(c=U[0],c==B)h.B=25,h.I(U);else if(c==n){Y=U[1];try{A=h.F||h.I(U)}catch(w){E(h,w),A=h.F}Y(A)}else if(c==VF)h.I(U);else if(c==d)h.I(U);else if(c==jD){try{for(A=0;A<h.X.length;A++)try{Y=h.X[A],Y[0][Y[1]](Y[2])}catch(w){}}catch(w){}(0,U[1])((h.X=[],function(w,y){h.g(w,true,y)}),function(w){(w=!h.h.length,H([N9],h),w)&&V(h,false,true)})}else{if(c==D)return A=U[2],I(371,h,U[6]),I(408,h,A),h.I(U);c==N9?(h.W=[],h.K=null,h.V=[]):c==Ou&&"loading"===f.document.readyState&&(h.L=function(w,y){function z(){y||(y=true,w())}(y=false,f).document.addEventListener("DOMContentLoaded",z,Z),f.addEventListener("load",z,Z)})}},F$=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),d=((T.prototype.oO=void 0,(T.prototype.vs=false,T).prototype).Ws=void 0,[]),Ou=(T.prototype.l="toString",[]),B=[],n=[],VF=[],N9=[],R={},D=[],jD=[],W=((Hv,e,ZN,function(){})(ai),R.constructor),Gq=((((k=(T.prototype.H="create",T.prototype),k).EB=function(){return Math.floor(this.s+(this.T()-this.C))},k).T=(window.performance||{}).now?function(){return this.tZ+window.performance.now()}:function(){return+new Date},k).pJ=function(h,U,c){return((U=(U^=U<<13,U^=U>>17,(U^U<<5)&c))||(U=1),h)^U},k.JZ=function(){return Math.floor(this.T())},void 0),q9=(((k.g=function(h,U,c,Y,A){if((c="array"===fl(c)?c:[c],this).F)h(this.F);else try{Y=[],A=!this.h.length,H([B,Y,c],this),H([n,h,Y],this),U&&!A||V(this,true,U)}catch(w){E(this,w),h(this.F)}},k.Ps=function(h,U,c,Y,A,w){for(Y=w=0,c=[];Y<h.length;Y++)for(w+=U,A=A<<U|h[Y];7<w;)w-=8,c.push(A>>w&255);return c},k).UB=function(h,U,c,Y,A){for(A=Y=0;Y<h.length;Y++)A+=h.charCodeAt(Y),A+=A<<10,A^=A>>6;return Y=new (h=(A+=A<<3,A^=A>>11,A)+(A<<15)>>>0,Number)(h&(1<<U)-1),Y[0]=(h>>>U)%c,Y},T.prototype).I=function(h,U){return U=(h={},Gq=function(){return h==U?-88:-31},{}),function(c,Y,A,w,y,z,g,r,x,M,O,S,C,Q,F){h=(z=h,U);try{if(M=c[0],M==d){C=c[1];try{for(w=(Y=(S=atob(C),Q=[],0),0);w<S.length;w++)g=S.charCodeAt(w),255<g&&(Q[Y++]=g&255,g>>=8),Q[Y++]=g;I(142,this,(this.Z=(this.W=Q,this.W).length<<3,[0,0,0]))}catch(a){X(a,this,17);return}vv(this,8001)}else if(M==B)c[1].push(m(419,this),m(23,this).length,m(158,this).length,m(190,this).length),I(408,this,c[2]),this.K[366]&&pl(this,m(366,this),8001);else{if(M==n){this.j=(F=u((m(158,(Y=c[2],this)).length|0)+2,2),x=this.j,this);try{A=m(418,this),0<A.length&&q(this,158,u(A.length,2).concat(A),10),q(this,158,u(this.Y,1),109),q(this,158,u(this[n].length,1)),S=0,S+=m(385,this)&2047,y=m(23,this),S-=(m(158,this).length|0)+5,4<y.length&&(S-=(y.length|0)+3),0<S&&q(this,158,u(S,2).concat(e(S)),15),4<y.length&&q(this,158,u(y.length,2).concat(y),156)}finally{this.j=x}if(O=(((w=e(2).concat(m(158,this)),w)[1]=w[0]^6,w)[3]=w[1]^F[0],w[4]=w[1]^F[1],this.wd(w)))O="!"+O;else for(S=0,O="";S<w.length;S++)r=w[S][this.l](16),1==r.length&&(r="0"+r),O+=r;return m((m(158,(m(23,(I(419,this,(Q=O,Y.shift())),this)).length=Y.shift(),this)).length=Y.shift(),190),this).length=Y.shift(),Q}if(M==VF)pl(this,c[1],c[2]);else if(M==D)return pl(this,c[1],8001)}}finally{h=z}}}(),/./),su,Kl=(T.prototype[T.prototype.wd=(T.prototype.cs=0,T.prototype.T3=0,function(h,U,c,Y){if(c=window.btoa){for(Y="",U=0;U<h.length;U+=8192)Y+=String.fromCharCode.apply(null,h.slice(U,U+8192));h=c(Y).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else h=void 0;return h}),jD]=[0,0,1,1,0,1,1],d).pop.bind(T.prototype[B]),oi=function(h,U){return(U=YC())&&1===h.eval(U.createScript("1"))?function(c){return U.createScript(c)}:function(c){return""+c}}((su=u4((q9[T.prototype.l]=Kl,T.prototype).H,{get:Kl}),T.prototype.rd=void 0,f));(40<(t=f.botguard||(f.botguard={}),t).m||(t.m=41,t.bg=Tq,t.a=xC),t).YBO_=function(h,U,c){return c=new T(h,U),[function(Y){return mu(Y,c)}]};}).call(this);'));
}).call(this);
                                    

#2 JavaScript::Eval (size: 64, repeated: 1) - SHA256: 3755a8c0633fef887d8f3e30674dfbef87ddb8b872bf69663731ed531f6a6ed0

                                        0,
function(w, y, z) {
    I((z = (y = (z = p(w), p)(w), w.K[z] && m(z, w)), y), w, z)
}
                                    

#3 JavaScript::Eval (size: 154, repeated: 1) - SHA256: 5b74ca7f2f7320a7821eedeecfc6bc9cf4c5b0364ae656e62b66657c227aae7e

                                        apstag.punt({
    "cmp": "https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain",
    "cb": "0"
})
                                    

#4 JavaScript::Eval (size: 22228, repeated: 1) - SHA256: 7a958b029fbb18e3d83138ef0415611c516cf655c928dd32d2b44f2a6430f74a

                                        (function() {
    var p = function(h, U) {
            if (h.v) return hi(h, h.P);
            return (U = v(true, 8, h), U) & 128 && (U ^= 128, h = v(true, 2, h), U = (U << 2) + (h | 0)), U
        },
        T = function(h, U, c) {
            c = this;
            try {
                Uu(U, this, h)
            } catch (Y) {
                E(this, Y), U(function(A) {
                    A(c.F)
                })
            }
        },
        X = function(h, U, c, Y, A, w) {
            if (!U.S) {
                if (3 < (h = m(419, ((0 == (Y = m((A = void 0, h && h[0] === R && (A = h[2], c = h[1], h = void 0), 418), U), Y.length) && (w = m(168, U) >> 3, Y.push(c, w >> 8 & 255, w & 255), void 0 != A && Y.push(A & 255)), c = "", h) && (h.message && (c += h.message), h.stack && (c += ":" + h.stack)), U)), h)) {
                    c = (h -= (c = c.slice(0, (h | 0) - 3), (c.length | 0) + 3), wH(c)), A = U.j, U.j = U;
                    try {
                        q(U, 23, u(c.length, 2).concat(c), 9)
                    } finally {
                        U.j = A
                    }
                }
                I(419, U, h)
            }
        },
        YC = function(h, U) {
            if (U = (h = f.trustedTypes, null), !h || !h.createPolicy) return U;
            try {
                U = h.createPolicy("bg", {
                    createHTML: cv,
                    createScript: cv,
                    createScriptURL: cv
                })
            } catch (c) {
                f.console && f.console.error(c.message)
            }
            return U
        },
        zq = function(h, U, c, Y, A, w) {
            function y() {
                if (Y.j == Y) {
                    if (Y.K) {
                        var z = [D, c, U, void 0, A, w, arguments];
                        if (2 == h) var g = V(Y, (H(z, Y), false), false);
                        else if (1 == h) {
                            var r = !Y.h.length;
                            H(z, Y), r && V(Y, false, false)
                        } else g = yF(Y, z);
                        return g
                    }
                    A && w && A.removeEventListener(w, y, Z)
                }
            }
            return y
        },
        Ai = function(h, U) {
            return h(function(c) {
                c(U)
            }), [function() {
                return U
            }]
        },
        E = function(h, U) {
            h.F = ((h.F ? h.F + "~" : "E:") + U.message + ":" + U.stack).slice(0, 2048)
        },
        i4 = function(h, U, c, Y) {
            for (c = (Y = p(U), 0); 0 < h; h--) c = c << 8 | N(U);
            I(Y, U, c)
        },
        pl = function(h, U, c, Y) {
            return m(408, (I(108, (vv(h, ((Y = m(108, h), h.W) && Y < h.Z ? (I(108, h, h.Z), rH(h, U)) : I(108, h, U), c)), h), Y), h))
        },
        wH = function(h, U, c, Y, A) {
            for (A = (U = (h = h.replace(/\r\n/g, "\n"), []), c = 0); c < h.length; c++) Y = h.charCodeAt(c), 128 > Y ? U[A++] = Y : (2048 > Y ? U[A++] = Y >> 6 | 192 : (55296 == (Y & 64512) && c + 1 < h.length && 56320 == (h.charCodeAt(c + 1) & 64512) ? (Y = 65536 + ((Y & 1023) << 10) + (h.charCodeAt(++c) & 1023), U[A++] = Y >> 18 | 240, U[A++] = Y >> 12 & 63 | 128) : U[A++] = Y >> 12 | 224, U[A++] = Y >> 6 & 63 | 128), U[A++] = Y & 63 | 128);
            return U
        },
        Eu = function(h, U) {
            return h[U] << 24 | h[(U | 0) + 1] << 16 | h[(U | 0) + 2] << 8 | h[(U | 0) + 3]
        },
        Tq = function(h, U, c, Y) {
            function A() {}
            return {
                invoke: (Y = xC(h, function(w) {
                    A && (U && K(U), c = w, A(), A = void 0)
                }, (c = void 0, !!U))[0], function(w, y, z, g) {
                    function r() {
                        c(function(x) {
                            K(function() {
                                w(x)
                            })
                        }, z)
                    }
                    if (!y) return y = Y(z), w && w(y), y;
                    c ? r() : (g = A, A = function() {
                        (g(), K)(r)
                    })
                })
            }
        },
        e = function(h, U) {
            for (U = []; h--;) U.push(255 * Math.random() | 0);
            return U
        },
        I = function(h, U, c) {
            if (108 == h || 168 == h) U.K[h] ? U.K[h].concat(c) : U.K[h] = M9(U, c);
            else {
                if (U.S && 142 != h) return;
                158 == h || 23 == h || 190 == h || 418 == h || 77 == h ? U.K[h] || (U.K[h] = SD(U, c, h, 38)) : U.K[h] = SD(U, c, h, 41)
            }
            142 == h && (U.U = v(false, 32, U), U.J = void 0)
        },
        b = function(h, U, c) {
            c[I(U, h, c), Ou] = 2796
        },
        q = function(h, U, c, Y, A, w) {
            if (h.j == h)
                for (w = m(U, h), 23 == U ? (U = function(y, z, g, r) {
                        if (r = ((z = w.length, z) | 0) - 4 >> 3, w.eN != r) {
                            r = [0, 0, (w.eN = r, g = (r << 3) - 4, A)[1], A[2]];
                            try {
                                w.kR = Ri(Eu(w, (g | 0) + 4), r, Eu(w, g))
                            } catch (x) {
                                throw x;
                            }
                        }
                        w.push(w.kR[z & 7] ^ y)
                    }, A = m(77, h)) : U = function(y) {
                        w.push(y)
                    }, Y && U(Y & 255), h = c.length, Y = 0; Y < h; Y++) U(c[Y])
        },
        k, mu = function(h, U, c) {
            return U.g(function(Y) {
                c = Y
            }, false, h), c
        },
        Uu = function(h, U, c, Y, A) {
            for ((U.Qc = ((U.qI = su, U).Zs = (U.dd = q9, U[n]), u4)(U.H, {get: function() {
                        return this.concat()
                    }
                }), U).Hs = W[U.H](U.Qc, {
                    value: {
                        value: {}
                    }
                }), Y = [], A = 0; 128 > A; A++) Y[A] = String.fromCharCode(A);
            V(U, true, (H((H([(H((b(U, (b((b(U, (I(((b(U, (b(U, (b(U, (U.br = (b(U, (I(335, U, (I(190, (b(U, 103, (I(158, U, [160, (b((b(U, 318, (b(U, 436, (b((b(U, 114, (b(U, 33, (I((b(U, 260, (b(U, 222, (b(U, 242, (I((b(U, 133, (b((b(U, 215, (b(U, 398, (b(U, (b((b(U, (I(23, (b(U, (I(418, U, ((I(168, U, (I(108, (U.tZ = ((U.Fu = false, A = window.performance || {}, U).S = ((U.N = (U.G = 8001, U.D = void 0, U.X = [], 0), U.hZ = (U.h = [], function(w) {
                this.j = w
            }), U.Y = 1, U).F = (U.Z = 0, U.B = 25, U.j = (U.J = void 0, U), (U.u = 0, U).L = null, void 0), false), (U.s = (U.yc = [], 0), (U.P = (U.i = false, void 0), U).W = (U.OB = 0, []), U).U = (U.V = [], U.C = (U.o = 0, U.K = [], U.v = void 0, 0), U.R = void 0, void 0), A.timeOrigin || (A.timing || {}).navigationStart || 0), U), 0), 0)), b)(U, 91, function(w, y, z, g) {
                z = (g = (z = p(w), p(w)), y = p(w), g = m(g, w), m(z, w) == g), I(y, w, +z)
            }), [])), 179), function(w, y, z, g, r) {
                I((z = (y = p((z = (g = (r = p(w), p(w)), p)(w), w)), y = m(y, w), m(z, w)), g = m(g, w), r), w, zq(y, z, g, w))
            }), U), e(4)), 486), function(w) {
                QF(w, 4)
            }), U), 507, function(w) {
                l4(w, 4)
            }), 462), function(w, y, z) {
                J(false, y, true, w) || (y = p(w), z = p(w), I(z, w, function(g) {
                    return eval(g)
                }(oi(m(y, w.j)))))
            }), function(w, y, z, g) {
                I((z = (y = p(w), g = N(w), p)(w), z), w, m(y, w) >>> g)
            })), function(w, y, z, g, r) {
                0 !== (z = (y = m((r = (g = m((z = p((r = p(w), w)), y = p(w), g = p(w), g), w), m)(r, w.j), y), w), m(z, w)), r) && (g = zq(1, g, y, w, r, z), r.addEventListener(z, g, Z), I(246, w, [r, z, g]))
            })), I(385, U, 0), U), 266, function(w, y, z, g, r, x, M, O, S, C, Q, F) {
                function a(l, G) {
                    for (; S < l;) g |= N(w) << S, S += 8;
                    return S -= l, G = g & (1 << l) - 1, g >>= l, G
                }
                for (x = (Q = (C = (S = (z = p(w), g = 0), (a(3) | 0) + 1), a(5)), r = M = 0, []); r < Q; r++) y = a(1), x.push(y), M += y ? 0 : 1;
                for (O = (M = ((M | 0) - 1).toString(2).length, []), r = 0; r < Q; r++) x[r] || (O[r] = a(M));
                for (M = 0; M < Q; M++) x[M] && (O[M] = p(w));
                for (F = []; C--;) F.push(m(p(w), w));
                b(w, z, function(l, G, P, L, gH) {
                    for (G = (gH = [], 0), L = []; G < Q; G++) {
                        if (!x[P = O[G], G]) {
                            for (; P >= L.length;) L.push(p(l));
                            P = L[P]
                        }
                        gH.push(P)
                    }
                    l.P = M9(l, (l.v = M9(l, F.slice()), gH))
                })
            }), function(w, y, z, g, r, x) {
                J(false, y, true, w) || (z = Ii(w.j), y = z.KJ, x = z.jN, r = z.A, z = z.O, g = z.length, x = 0 == g ? new x[r] : 1 == g ? new x[r](z[0]) : 2 == g ? new x[r](z[0], z[1]) : 3 == g ? new x[r](z[0], z[1], z[2]) : 4 == g ? new x[r](z[0], z[1], z[2], z[3]) : 2(), I(y, w, x))
            })), 77), U, [0, 0, 0]), function() {})), U.LJ = 0, I(419, U, 2048), function(w, y, z, g, r, x, M) {
                for (y = (M = (x = m(237, (z = (g = (r = p(w), X$)(w), ""), w)), x.length), 0); g--;) y = ((y | 0) + (X$(w) | 0)) % M, z += Y[x[y]];
                I(r, w, z)
            })), function(w, y, z, g, r) {
                for (g = (r = (y = X$((z = p(w), w)), 0), []); r < y; r++) g.push(N(w));
                I(z, w, g)
            })), 296), U, U), function(w, y, z, g) {
                y = (z = (g = (z = (y = p(w), p)(w), p)(w), m)(z, w), m)(y, w), I(g, w, y in z | 0)
            })), function(w, y, z, g) {
                I((z = m((y = (g = (y = (z = p(w), p)(w), p)(w), m(y, w)), z), w), g), w, z[y])
            })), U), 76, function(w, y, z) {
                (z = 0 != (y = (z = p(w), p(w)), m(z, w)), y = m(y, w), z) && I(108, w, y)
            }), function(w) {
                QF(w, 1)
            })), function(w, y, z, g) {
                I((z = (g = (y = p(w), p(w)), p(w)), z), w, m(y, w) || m(g, w))
            })), U), 510, function(w, y, z, g) {
                if (y = w.yc.pop()) {
                    for (z = N(w); 0 < z; z--) g = p(w), y[g] = w.K[g];
                    w.K = (y[419] = (y[418] = w.K[418], w).K[419], y)
                } else I(108, w, w.Z)
            }), b(U, 113, function(w, y, z, g, r) {
                r = (z = p((y = p(w), w)), p)(w), w.j == w && (g = m(y, w), r = m(r, w), z = m(z, w), g[z] = r, 142 == y && (w.J = void 0, 2 == z && (w.U = v(false, 32, w), w.J = void 0)))
            }), 0), 0]), function(w) {
                i4(4, w)
            })), I(369, U, 477), U), []), f)), I(408, U, {}), 397), function(w, y, z, g, r, x) {
                if (!J(true, y, true, w)) {
                    if ("object" == (w = (g = (r = m((y = m((x = p((g = (r = (y = p(w), p(w)), p(w)), w)), y), w), r), w), m)(g, w), m(x, w)), fl(y))) {
                        for (z in x = [], y) x.push(z);
                        y = x
                    }
                    for (x = 0, z = y.length, g = 0 < g ? g : 1; x < z; x += g) r(y.slice(x, (x | 0) + (g | 0)), w)
                }
            }), 0), 85), function(w, y, z) {
                (y = fl((y = m((z = (y = p(w), p(w)), y), w), y)), I)(z, w, y)
            }), 431), function(w, y, z, g) {
                !J(false, y, true, w) && (y = Ii(w), z = y.jN, g = y.A, w.j == w || g == w.hZ && z == w) && (I(y.KJ, w, g.apply(z, y.O)), w.o = w.T())
            }), 254), function(w, y) {
                rH((y = m(p(w), w), w.j), y)
            }), U).IO = 0, 246), U, 0), 71), function(w, y) {
                w = m((y = p(w), y), w.j), w[0].removeEventListener(w[1], w[2], Z)
            }), b(U, 468, function(w, y, z) {
                z = (y = p(w), p(w)), I(z, w, "" + m(y, w))
            }), U), 58, function(w, y, z, g) {
                g = (y = m((z = (g = p(w), p(w)), z), w), m(g, w)), I(z, w, y + g)
            }), 449), function(w) {
                l4(w, 3)
            }), [Ou]), U), d), c], U), [jD, h]), U), true))
        },
        hi = function(h, U) {
            return U = U.create().shift(), h.v.create().length || h.P.create().length || (h.v = void 0, h.P = void 0), U
        },
        SD = function(h, U, c, Y, A, w, y, z) {
            return (z = W[h.H]((U = [-74, 93, -46, -30, 9, -35, U, -89, (w = Gq, y = Y & 7, 40), 87], h.Qc)), z)[h.H] = function(g) {
                A = (y += 6 + 7 * Y, y &= 7, g)
            }, z.concat = function(g) {
                return (g = (A = (g = (g = c % 16 + 1, 3 * c * c * g + U[y + 27 & 7] * c * g + (w() | 0) * g + 54 * A * A - 162 * c * c * A - 5022 * c * A) - g * A - -4752 * A + y, void 0), U[g]), U)[(y + 45 & 7) + (Y & 2)] = g, U[y + (Y & 2)] = 93, g
            }, z
        },
        rH = function(h, U) {
            I(108, h, (h.yc.push(h.K.slice()), h.K[108] = void 0, U))
        },
        m = function(h, U) {
            if (void 0 === (U = U.K[h], U)) throw [R, 30, h];
            if (U.value) return U.create();
            return U.create(3 * h * h + 93 * h + -88), U.prototype
        },
        Ii = function(h, U, c, Y, A, w) {
            for (Y = p((c = ((A = (w = h[F$] || {}, p)(h), w.KJ = p(h), w).O = [], h.j == h ? (N(h) | 0) - 1 : 1), h)), U = 0; U < c; U++) w.O.push(p(h));
            for (; c--;) w.O[c] = m(w.O[c], h);
            return (w.jN = m(Y, h), w).A = m(A, h), w
        },
        v = function(h, U, c, Y, A, w, y, z, g, r, x, M, O, S) {
            if (y = m(108, c), y >= c.Z) throw [R, 31];
            for (O = (g = (S = y, c).Zs.length, U), z = 0; 0 < O;) A = S >> 3, M = S % 8, w = c.W[A], r = 8 - (M | 0), r = r < O ? r : O, h && (Y = c, Y.J != S >> 6 && (Y.J = S >> 6, x = m(142, Y), Y.D = Ri(Y.J, [0, 0, x[1], x[2]], Y.U)), w ^= c.D[A & g]), S += r, z |= (w >> 8 - (M | 0) - (r | 0) & (1 << r) - 1) << (O | 0) - (r | 0), O -= r;
            return I(108, c, (h = z, (y | 0) + (U | 0))), h
        },
        DN = function(h, U, c, Y) {
            for (; h.h.length;) {
                c = (h.L = null, h.h.pop());
                try {
                    Y = yF(h, c)
                } catch (A) {
                    E(h, A)
                }
                if (U && h.L) {
                    (U = h.L, U)(function() {
                        V(h, true, true)
                    });
                    break
                }
            }
            return Y
        },
        V = function(h, U, c, Y, A, w) {
            if (h.h.length) {
                h.i = (h.i && 0(), true), h.Fu = c;
                try {
                    w = h.T(), h.C = w, h.o = w, h.R = 0, Y = DN(h, c), A = h.T() - h.C, h.s += A, A < (U ? 0 : 10) || 0 >= h.B-- || (A = Math.floor(A), h.V.push(254 >= A ? A : 254))
                } finally {
                    h.i = false
                }
                return Y
            }
        },
        Hv = function(h, U) {
            (U.push(h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3]), U).push(h[4] << 24 | h[5] << 16 | h[6] << 8 | h[7]), U.push(h[8] << 24 | h[9] << 16 | h[10] << 8 | h[11])
        },
        M9 = function(h, U, c) {
            return (c = W[h.H](h.Hs), c)[h.H] = function() {
                return U
            }, c.concat = function(Y) {
                U = Y
            }, c
        },
        Ri = function(h, U, c, Y, A) {
            for (A = (U = U[Y = U[2] | 0, 3] | 0, 0); 14 > A; A++) h = h >>> 8 | h << 24, h += c | 0, c = c << 3 | c >>> 29, h ^= Y + 1890, U = U >>> 8 | U << 24, U += Y | 0, c ^= h, Y = Y << 3 | Y >>> 29, U ^= A + 1890, Y ^= U;
            return [c >>> 24 & 255, c >>> 16 & 255, c >>> 8 & 255, c >>> 0 & 255, h >>> 24 & 255, h >>> 16 & 255, h >>> 8 & 255, h >>> 0 & 255]
        },
        J = function(h, U, c, Y, A, w, y, z, g) {
            if (((((w = (g = (A = (c || Y.R++, 0 < Y.N && Y.i && Y.Fu && 1 >= Y.u && !Y.v && !Y.L && (!c || 1 < Y.G - U) && 0 == document.hidden), z = (y = 4 == Y.R) || A ? Y.T() : Y.o, z) - Y.o, g >> 14), Y).U && (Y.U ^= w * (g << 2)), Y).Y += w, Y).j = w || Y.j, y) || A) Y.o = z, Y.R = 0;
            if (!A || z - Y.C < Y.N - (h ? 255 : c ? 5 : 2)) return false;
            return !(((I((h = m(c ? 168 : 108, (Y.G = U, Y)), 108), Y, Y.Z), Y.h).push([VF, h, c ? U + 1 : U]), Y).L = K, 0)
        },
        xC = function(h, U, c, Y) {
            return (Y = t[h.substring(0, 3) + "_"]) ? Y(h.substring(3), U, c) : Ai(U, h)
        },
        l4 = function(h, U, c, Y, A) {
            q(h, ((c = m((Y = (c = p((A = U & 3, U &= 4, h)), p(h)), c), h), U) && (c = wH("" + c)), A && q(h, Y, u(c.length, 2)), Y), c)
        },
        ai = function(h, U, c) {
            if (3 == h.length) {
                for (c = 0; 3 > c; c++) U[c] += h[c];
                for (c = [13, 8, 13, 12, 16, (h = 0, 5), 3, 10, 15]; 9 > h; h++) U[3](U, h % 3, c[h])
            }
        },
        t, f = this || self,
        Z = {
            passive: true,
            capture: true
        },
        QF = function(h, U, c, Y) {
            q(h, (c = p((Y = p(h), h)), c), u(m(Y, h), U))
        },
        cv = function(h) {
            return h
        },
        fl = function(h, U, c) {
            if ((c = typeof h, "object") == c)
                if (h) {
                    if (h instanceof Array) return "array";
                    if (h instanceof Object) return c;
                    if ("[object Window]" == (U = Object.prototype.toString.call(h), U)) return "object";
                    if ("[object Array]" == U || "number" == typeof h.length && "undefined" != typeof h.splice && "undefined" != typeof h.propertyIsEnumerable && !h.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == U || "undefined" != typeof h.call && "undefined" != typeof h.propertyIsEnumerable && !h.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == c && "undefined" == typeof h.call) return "object";
            return c
        },
        u4 = function(h, U) {
            return W[h](W.prototype, {
                call: U,
                console: U,
                floor: U,
                replace: U,
                stack: U,
                splice: U,
                document: U,
                pop: U,
                propertyIsEnumerable: U,
                length: U,
                prototype: U,
                parent: U
            })
        },
        K = f.requestIdleCallback ? function(h) {
            requestIdleCallback(function() {
                h()
            }, {
                timeout: 4
            })
        } : f.setImmediate ? function(h) {
            setImmediate(h)
        } : function(h) {
            setTimeout(h, 0)
        },
        X$ = function(h, U) {
            return (U = N(h), U) & 128 && (U = U & 127 | N(h) << 7), U
        },
        N = function(h) {
            return h.v ? hi(h, h.P) : v(true, 8, h)
        },
        u = function(h, U, c, Y) {
            for (c = (Y = (U | 0) - 1, []); 0 <= Y; Y--) c[(U | 0) - 1 - (Y | 0)] = h >> 8 * Y & 255;
            return c
        },
        H = function(h, U) {
            U.h.splice(0, 0, h)
        },
        ZN = function(h, U, c, Y) {
            try {
                Y = h[((U | 0) + 2) % 3], h[U] = (h[U] | 0) - (h[((U | 0) + 1) % 3] | 0) - (Y | 0) ^ (1 == U ? Y << c : Y >>> c)
            } catch (A) {
                throw A;
            }
        },
        vv = function(h, U, c, Y, A, w) {
            if (!h.F) {
                h.u++;
                try {
                    for (A = (Y = (c = 0, h.Z), void 0); --U;) try {
                        if ((w = void 0, h).v) A = hi(h, h.v);
                        else {
                            if ((c = m(108, h), c) >= Y) break;
                            A = (w = (I(168, h, c), p(h)), m(w, h))
                        }
                        J(false, (A && A[N9] & 2048 ? A(h, U) : X([R, 21, w], h, 0), U), false, h)
                    } catch (y) {
                        m(369, h) ? X(y, h, 22) : I(369, h, y)
                    }
                    if (!U) {
                        if (h.vs) {
                            vv(h, (h.u--, 446149057662));
                            return
                        }
                        X([R, 33], h, 0)
                    }
                } catch (y) {
                    try {
                        X(y, h, 22)
                    } catch (z) {
                        E(h, z)
                    }
                }
                h.u--
            }
        },
        yF = function(h, U, c, Y, A) {
            if (c = U[0], c == B) h.B = 25, h.I(U);
            else if (c == n) {
                Y = U[1];
                try {
                    A = h.F || h.I(U)
                } catch (w) {
                    E(h, w), A = h.F
                }
                Y(A)
            } else if (c == VF) h.I(U);
            else if (c == d) h.I(U);
            else if (c == jD) {
                try {
                    for (A = 0; A < h.X.length; A++) try {
                        Y = h.X[A], Y[0][Y[1]](Y[2])
                    } catch (w) {}
                } catch (w) {}(0, U[1])((h.X = [], function(w, y) {
                    h.g(w, true, y)
                }), function(w) {
                    (w = !h.h.length, H([N9], h), w) && V(h, false, true)
                })
            } else {
                if (c == D) return A = U[2], I(371, h, U[6]), I(408, h, A), h.I(U);
                c == N9 ? (h.W = [], h.K = null, h.V = []) : c == Ou && "loading" === f.document.readyState && (h.L = function(w, y) {
                    function z() {
                        y || (y = true, w())
                    }(y = false, f).document.addEventListener("DOMContentLoaded", z, Z), f.addEventListener("load", z, Z)
                })
            }
        },
        F$ = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        d = ((T.prototype.oO = void 0, (T.prototype.vs = false, T).prototype).Ws = void 0, []),
        Ou = (T.prototype.l = "toString", []),
        B = [],
        n = [],
        VF = [],
        N9 = [],
        R = {},
        D = [],
        jD = [],
        W = ((Hv, e, ZN, function() {})(ai), R.constructor),
        Gq = ((((k = (T.prototype.H = "create", T.prototype), k).EB = function() {
            return Math.floor(this.s + (this.T() - this.C))
        }, k).T = (window.performance || {}).now ? function() {
            return this.tZ + window.performance.now()
        } : function() {
            return +new Date
        }, k).pJ = function(h, U, c) {
            return ((U = (U ^= U << 13, U ^= U >> 17, (U ^ U << 5) & c)) || (U = 1), h) ^ U
        }, k.JZ = function() {
            return Math.floor(this.T())
        }, void 0),
        q9 = (((k.g = function(h, U, c, Y, A) {
            if ((c = "array" === fl(c) ? c : [c], this).F) h(this.F);
            else try {
                Y = [], A = !this.h.length, H([B, Y, c], this), H([n, h, Y], this), U && !A || V(this, true, U)
            } catch (w) {
                E(this, w), h(this.F)
            }
        }, k.Ps = function(h, U, c, Y, A, w) {
            for (Y = w = 0, c = []; Y < h.length; Y++)
                for (w += U, A = A << U | h[Y]; 7 < w;) w -= 8, c.push(A >> w & 255);
            return c
        }, k).UB = function(h, U, c, Y, A) {
            for (A = Y = 0; Y < h.length; Y++) A += h.charCodeAt(Y), A += A << 10, A ^= A >> 6;
            return Y = new(h = (A += A << 3, A ^= A >> 11, A) + (A << 15) >>> 0, Number)(h & (1 << U) - 1), Y[0] = (h >>> U) % c, Y
        }, T.prototype).I = function(h, U) {
            return U = (h = {}, Gq = function() {
                    return h == U ? -88 : -31
                }, {}),
                function(c, Y, A, w, y, z, g, r, x, M, O, S, C, Q, F) {
                    h = (z = h, U);
                    try {
                        if (M = c[0], M == d) {
                            C = c[1];
                            try {
                                for (w = (Y = (S = atob(C), Q = [], 0), 0); w < S.length; w++) g = S.charCodeAt(w), 255 < g && (Q[Y++] = g & 255, g >>= 8), Q[Y++] = g;
                                I(142, this, (this.Z = (this.W = Q, this.W).length << 3, [0, 0, 0]))
                            } catch (a) {
                                X(a, this, 17);
                                return
                            }
                            vv(this, 8001)
                        } else if (M == B) c[1].push(m(419, this), m(23, this).length, m(158, this).length, m(190, this).length), I(408, this, c[2]), this.K[366] && pl(this, m(366, this), 8001);
                        else {
                            if (M == n) {
                                this.j = (F = u((m(158, (Y = c[2], this)).length | 0) + 2, 2), x = this.j, this);
                                try {
                                    A = m(418, this), 0 < A.length && q(this, 158, u(A.length, 2).concat(A), 10), q(this, 158, u(this.Y, 1), 109), q(this, 158, u(this[n].length, 1)), S = 0, S += m(385, this) & 2047, y = m(23, this), S -= (m(158, this).length | 0) + 5, 4 < y.length && (S -= (y.length | 0) + 3), 0 < S && q(this, 158, u(S, 2).concat(e(S)), 15), 4 < y.length && q(this, 158, u(y.length, 2).concat(y), 156)
                                } finally {
                                    this.j = x
                                }
                                if (O = (((w = e(2).concat(m(158, this)), w)[1] = w[0] ^ 6, w)[3] = w[1] ^ F[0], w[4] = w[1] ^ F[1], this.wd(w))) O = "!" + O;
                                else
                                    for (S = 0, O = ""; S < w.length; S++) r = w[S][this.l](16), 1 == r.length && (r = "0" + r), O += r;
                                return m((m(158, (m(23, (I(419, this, (Q = O, Y.shift())), this)).length = Y.shift(), this)).length = Y.shift(), 190), this).length = Y.shift(), Q
                            }
                            if (M == VF) pl(this, c[1], c[2]);
                            else if (M == D) return pl(this, c[1], 8001)
                        }
                    } finally {
                        h = z
                    }
                }
        }(), /./),
        su, Kl = (T.prototype[T.prototype.wd = (T.prototype.cs = 0, T.prototype.T3 = 0, function(h, U, c, Y) {
            if (c = window.btoa) {
                for (Y = "", U = 0; U < h.length; U += 8192) Y += String.fromCharCode.apply(null, h.slice(U, U + 8192));
                h = c(Y).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else h = void 0;
            return h
        }), jD] = [0, 0, 1, 1, 0, 1, 1], d).pop.bind(T.prototype[B]),
        oi = function(h, U) {
            return (U = YC()) && 1 === h.eval(U.createScript("1")) ? function(c) {
                return U.createScript(c)
            } : function(c) {
                return "" + c
            }
        }((su = u4((q9[T.prototype.l] = Kl, T.prototype).H, {get: Kl
        }), T.prototype.rd = void 0, f));
    (40 < (t = f.botguard || (f.botguard = {}), t).m || (t.m = 41, t.bg = Tq, t.a = xC), t).YBO_ = function(h, U, c) {
        return c = new T(h, U), [function(Y) {
            return mu(Y, c)
        }]
    };
}).call(this);
                                    

#5 JavaScript::Eval (size: 6482, repeated: 1) - SHA256: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

                                        var amzn_aps_csm = amzn_aps_csm || {};
amzn_aps_csm.errors = [], amzn_aps_csm.reportErrors = function(a) {
        var b, c;
        for (/^https?:\/\//.test(a) === !1 && (a = document.location.protocol + "//" + a), "/" !== a.substr(a.length - 1) && (a += "/"), b = 0; b < amzn_aps_csm.errors.length; b++) c = '{"adViewability":[{"error": {"m": "' + amzn_aps_csm.errors[b] + '"}}], "c": "aps_communicator", "api": "RTB", "error": 1}', "https:" === document.location.protocol && /^http:\/\//.test(a) === !0 && (a = a.replace("http://", "https://")), (new Image).src = a + c + "?cb=" + Math.round(1e7 * Math.random());
        amzn_aps_csm.errors = []
    },
    function(a) {
        function b(a) {
            return a ? a.replace(/^\s+|\s+$/g, "") : a
        }

        function c(a) {
            if (a && a.s) {
                var b, c = a.s.length > 0 ? a.s[0] : "",
                    d = a.s.length > 1 ? a.s[1] : "";
                c && (b = c.match(j)), b && 3 === b.length || !d || (b = d.match(i)), b && 3 === b.length && (a.f = b[1], a.l = b[2])
            }
        }

        function d(a, d) {
            if (d = d || {}, !a) return {};
            a.m && a.m.message && (a = a.m);
            var i, j, k, l, m, n = {
                    m: e(a, d),
                    c: a.c ? "" + a.c : a.c,
                    s: [],
                    l: a.l || a.line || a.lineno || a.lineNumber,
                    name: a.name,
                    type: a.type
                },
                o = 0,
                p = 0;
            if (i = a.stack || (a.err ? a.err.stack : ""), i && i.split)
                for (j = i.split("\n"); o < j.length && n.s.length < g;) k = j[o++], k && n.s.unshift(b(k));
            else
                for (l = f(a.args || arguments, "callee"), o = 0, p = 0; l && g > o;) m = h, l.skipTrace || (k = l.toString(), k && k.substr && (m = 0 === p ? 4 * h : m, m = 1 === p ? 2 * h : m, n.s.unshift(k.substr(0, m)), p++)), l = f(l, "caller"), o++;
            return !n.f && n.s.length > 0 && c(n), n
        }

        function e(a, b) {
            var c = b.m || b.message || "";
            return c += a.m && a.m.message ? a.m.message : a.m && a.m.target && a.m.target.tagName ? "Error handler invoked by " + a.m.target.tagName + " tag" : a.m ? a.m : a.message ? a.message : "Unknown error"
        }

        function f(a, b) {
            try {
                return a[b]
            } catch (c) {
                return ""
            }
        }
        var g = 20,
            h = 256,
            i = /\(?([^\s]*):(\d+):\d+\)?/,
            j = /.*@(.*):(\d*)/;
        a.constructErrorMessage = d
    }(amzn_aps_csm), window.JSON || (window.JSON = {
        parse: function(sJSON) {
            return eval("(" + sJSON + ")")
        },
        stringify: function() {
            var a = Object.prototype.toString,
                b = Array.isArray || function(b) {
                    return "[object Array]" === a.call(b)
                },
                c = {
                    '"': '\\"',
                    "\\": "\\\\",
                    "\b": "\\b",
                    "\f": "\\f",
                    "\n": "\\n",
                    "\r": "\\r",
                    "	": "\\t"
                },
                d = function(a) {
                    return c[a] || "\\u" + (a.charCodeAt(0) + 65536).toString(16).substr(1)
                },
                e = /[\\"\u0000-\u001F\u2028\u2029]/g;
            return function f(c) {
                var g, h, i, j;
                if (null == c) return "null";
                if ("number" == typeof c) return isFinite(c) ? c.toString() : "null";
                if ("boolean" == typeof c) return c.toString();
                if ("object" == typeof c) {
                    if ("function" == typeof c.toJSON) return f(c.toJSON());
                    if (b(c)) {
                        for (g = "[", h = 0; h < c.length; h++) g += (h ? ", " : "") + f(c[h]);
                        return g + "]"
                    }
                    if ("[object Object]" === a.call(c)) {
                        i = [];
                        for (j in c) c.hasOwnProperty(j) && i.push(f(j) + ": " + f(c[j]));
                        return "{" + i.join(", ") + "}"
                    }
                }
                return '"' + c.toString().replace(e, d) + '"'
            }
        }()
    }), amzn_aps_csm = amzn_aps_csm || {}, amzn_aps_csm.log = function(a) {
        try {
            -1 !== window.location.href.indexOf("csm_debug_mode") && window.console && window.console.log(a)
        } catch (b) {
            b.message && amzn_aps_csm.errors.push(b.message)
        }
    }, amzn_aps_csm.loadModules = function(a) {
        var b, c, d;
        try {
            for (b = 0; b < a.length; b++) {
                if (c = a[b].name, d = a[b].params || [], window.performance && window.performance.mark && "function" == typeof window.performance.mark && window.performance.mark("loadStart" + c), "[object Array]" !== Object.prototype.toString.call(d) && amzn_aps_csm.log("Params passed in the amzn_aps_csm.loadModules methods must be an array"), amzn_aps_csm[c]) {
                    if (void 0 === amzn_aps_csm[c].shortName) throw new amzn_aps_csm.invalidModuleException("Module shortName not defined for module " + c + ". ");
                    amzn_aps_csm[c].init.apply(amzn_aps_csm[c], d), amzn_aps_csm.log("Initiated " + c + " module")
                } else amzn_aps_csm.log("Undefined module " + c);
                window.performance && window.performance.mark && "function" == typeof window.performance.mark && (window.performance.mark("loadEnd" + c), window.performance.measure("lt" + amzn_aps_csm[c].shortName, "loadStart" + c, "loadEnd" + c))
            }
        } catch (e) {
            e.message && amzn_aps_csm.errors.push(e.message)
        }
    }, amzn_aps_csm.define = function(a) {
        var b, c, d, e, f, g, h, i;
        try {
            for (b = function(a) {
                    return "string" == typeof a ? amzn_aps_csm[a] : a
                }, c = Array.prototype.slice.call(arguments), d = c[0], e = c.length > 2 ? c[1] : [], f = c[c.length - 1], g = [], h = 0, i = e.length; i > h; h++) g.push(b(e[h]));
            amzn_aps_csm[d] = f.apply(f, g)
        } catch (j) {
            j.message && amzn_aps_csm.errors.push(j.message)
        }
    }, amzn_aps_csm.invalidModuleException = function(a) {
        this.value = a, this.message = "does not conform to the expected format of a module", this.toString = function() {
            return this.value + this.message
        }
    }, amzn_aps_csm = amzn_aps_csm || {}, amzn_aps_csm.define("eventUtils", [], function() {
        var a = {
            shortName: "eu"
        };
        return a.init = function() {
            amzn_aps_csm.log("Initializing eventUtils"), a.eventHandlers = []
        }, a.addEvent = function(b, c, d, e) {
            b.addEventListener ? b.addEventListener(c, d, e) : b.attachEvent && b.attachEvent("on" + c, d);
            var f = {
                elem: b,
                eventName: c,
                cb: d
            };
            a.eventHandlers.push(f)
        }, a.registerPostMessageHandler = function(a) {
            var b = window.addEventListener ? "addEventListener" : "attachEvent",
                c = window[b],
                d = "attachEvent" == b ? "onmessage" : "message";
            c(d, function(b) {
                a(b)
            }, !1)
        }, a
    }), amzn_aps_csm = amzn_aps_csm || {}, amzn_aps_csm.define("pixelQueue", [], function() {
        var a = {
            shortName: "pq"
        };
        return a.init = function() {}, a.firePixel = function(a, b, c) {
            if ("" !== b) {
                /^https?:\/\//.test(b) === !1 && (b = document.location.protocol + "//" + b), "/" != b.substr(b.length - 1) && (b += "/"), "https:" === document.location.protocol && /^http:\/\//.test(b) === !0 && (b = b.replace("http://", "https://"));
                try {
                    var d = JSON.parse(a);
                    d.ver = amzn_aps_csm.version, a = JSON.stringify(d)
                } catch (e) {}
                void 0 !== c && "" !== c && (b += c), (new Image).src = b + a + "?cb=" + Math.round(1e7 * Math.random())
            } else amzn_aps_csm.log("instrURL is empty")
        }, a
    }), amzn_aps_csm = amzn_aps_csm || {},
    function() {
        var a, b;
        amzn_aps_csm.loadModules([{
            name: "eventUtils",
            params: []
        }]);
        for (a in amzn_aps_csm.eventUtils) amzn_aps_csm.eventUtils.hasOwnProperty(a) && (amzn_aps_csm[a] = amzn_aps_csm.eventUtils[a]);
        amzn_aps_csm.loadModules([{
            name: "pixelQueue",
            params: []
        }]), b = 5, amzn_aps_csm.registerPostMessageHandler(function(a) {
            var c, d, e, f, g, h, i, j, k, l, m;
            if (amzn_aps_csm.log("parent received message!: ", a.data), amzn_aps_csm.log(a.origin), /pixelId/.test(a.data)) {
                for (c = a.source, d = 0; c.parent !== top && b > d;) c = c.parent, d++;
                for (e = {}, "object" == typeof apstag && null !== apstag && "function" == typeof apstag._getSlotIdToNameMapping && null !== apstag._getSlotIdToNameMapping() && (e = apstag._getSlotIdToNameMapping()), f = "", g = document.getElementsByTagName("iframe"), h = 0; h < g.length; h++)
                    if (g[h].contentWindow === c) {
                        i = g[h].parentElement;
                        do j = i.id, i = i.parentElement; while (e.hasOwnProperty(j) === !1 && "body" !== i.tagName.toLowerCase());
                        f = e[j] || j
                    }
                k = JSON.parse(a.data), l = decodeURIComponent(k.instrURL), m = {
                    sn: encodeURIComponent(f),
                    pixelId: k.pixelId
                }, /amazon-adsystem\.com/.test(l) && amzn_aps_csm.pixelQueue.firePixel(JSON.stringify(m), l, "")
            }
        })
    }();
                                    

#6 JavaScript::Eval (size: 22, repeated: 1) - SHA256: e305e4a9f1526070c2c93d1248512d6460115b8db421e150919978d6f2df61a2

                                        0,
function(w) {
    i4(1, w)
}
                                    

#7 JavaScript::Eval (size: 22, repeated: 1) - SHA256: 45f5e5195f57ae43fbd3dacdbdf1de261f7a716f6241be91b64b0a1e990cdc75

                                        0,
function(w) {
    i4(2, w)
}
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 173, repeated: 1) - SHA256: 642f9705ec7d8c7b0f907d5fecc582d31d93a78c244f05c938e36bf016fe9d3c

                                        < body style = "background-color:white;margin:0px;padding:0px;" > < div id = "c" > < /div><script src="https:/ / ecdn.firstimpression.io / static / js / fiamp.js "></script></body>
                                    


HTTP Transactions (127)


Request Response
                                        
                                            GET /JOWwmxs HTTP/1.1 
Host: ouo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.6.151
HTTP/1.1 301 Moved Permanently
                                        
Date: Wed, 21 Sep 2022 00:32:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 01:32:11 GMT
Location: https://ouo.io/JOWwmxs
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74deb3c8e9c6b4eb-OSL

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 00:13:22 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ITXm7BawX28jFvKho8BKMVTAT6Ug7MGVxO1fIxPg9ylBnHI7tdwP8g==
Age: 1129


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5520
Expires: Wed, 21 Sep 2022 02:04:11 GMT
Date: Wed, 21 Sep 2022 00:32:11 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QYYmdL5U2C_hfpuYwOxMkLDCdlr3XqotAiFRcrrfng4IC1CFe_vQiA==
age: 71818
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:11 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 21 Sep 2022 00:03:22 GMT
Expires: Wed, 21 Sep 2022 00:34:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FmbHOV7GMHcLV4X8C68yrK3HhgLUyZwefRJxxKUqC11Y6Ua9OanFzw==
Age: 1730


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3911
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:12 GMT
Last-Modified: Tue, 20 Sep 2022 23:27:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /images/world.png HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/JOWwmxs
Cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Tue, 04 Oct 2022 22:31:44 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1389628
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3cfae470b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size:   5692
Md5:    4eea420a8830a6d695114427bf52b556
Sha1:   35579e7f1a656beb3a07a7093166ff37c634bade
Sha256: 70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5344
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:12 GMT
Last-Modified: Tue, 20 Sep 2022 23:03:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/JOWwmxs
Cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
last-modified: Thu, 15 Sep 2022 13:38:19 GMT
etag: W/"63232acb-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3cfae480b06-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 23 Sep 2022 00:32:12 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1127
Md5:    051878765c31a386a02617ea81233aa6
Sha1:   ea356dfcc537a8f443810350a8d40dc68b4f1a03
Sha256: 5147fd2392291c1569606baa8f44a9dde95080ae2b500421c45284c6d95414b3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5344
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:12 GMT
Last-Modified: Tue, 20 Sep 2022 23:03:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iXav7pPzrYxqJfHNLIIP/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.210.107.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ua0LGAx5L9cVl+gajgcYrFdtM18=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1FFC87DF24CE9EE290CDE09274AA9940C2293D5DB5DB4A2E9116A6C04F183543"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3482
Expires: Wed, 21 Sep 2022 01:30:14 GMT
Date: Wed, 21 Sep 2022 00:32:12 GMT
Connection: keep-alive

                                        
                                            GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
expires: Wed, 21 Sep 2022 00:32:12 GMT
date: Wed, 21 Sep 2022 00:32:12 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (884), with no line terminators
Size:   585
Md5:    ffc0e5974b36df4fbf86044645f56feb
Sha1:   582d8833edc2dab0f78d8f3a368dd36479481348
Sha256: 51fe629ea38f998cc3139171392cbae2a1348d03c75074cd60ae1fc03be69997
                                        
                                            GET /static/js/fab.js HTTP/1.1 
Host: ecdn.analysis.fi
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.15
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 4240
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
accept-ranges: bytes
date: Tue, 20 Sep 2022 23:38:48 GMT
expires: Wed, 21 Sep 2022 00:38:44 GMT
cache-control: max-age=3600
etag: "61b8b8ab-1090"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uzJc6Gzk_KkORk84WTT2yEjnou8r88wCjMml7eRNW8U5-dON_4rxyw==
age: 3208
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (574)
Size:   4240
Md5:    28a0bef1ecb63168106f97b637ab3414
Sha1:   e577575dd115f6a95aea8c2ae87d2c30c8464728
Sha256: d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
                                        
                                            GET /1clkn/16562 HTTP/1.1 
Host: tv.gourdycortes.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.109.82.223
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Wed, 21 Sep 2022 00:32:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Thu, 22-Sep-2022 00:32:12 GMT; Max-Age=86400; path=/; secure; SameSite=None GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Thu, 22-Sep-2022 00:32:12 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   26
Md5:    414a242a6fee8464282857e475d3ef61
Sha1:   f669890350347f53aa9bd19c1a355692e8d17d2f
Sha256: d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "44C21040D1D46E3C39588650DC604D357FDE69349D9A53FB111FDCACF361C9DE"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=991
Expires: Wed, 21 Sep 2022 00:48:43 GMT
Date: Wed, 21 Sep 2022 00:32:12 GMT
Connection: keep-alive

                                        
                                            GET /um/ixmatch.html HTTP/1.1 
Host: js-sec.indexww.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         23.38.200.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: Apache
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1387
Date: Wed, 21 Sep 2022 00:32:13 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2920), with no line terminators
Size:   1387
Md5:    d41805aed22c3b9731d56a19244e6b8a
Sha1:   7e5da0bdf4db3f38f1590b5020750a93d1a174b5
Sha256: 46aa57bbee28a5fa9e4352e856a1d3a0485613234232d0b3de27adc74d8fac26
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:13 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 20:45:59 GMT
Expires: Mon, 26 Sep 2022 20:45:58 GMT
Etag: "ce9e04917a4525b562b81b42e58cec55700ddabd"
Cache-Control: max-age=504225,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74deb3d048c0b515-OSL

                                        
                                            GET /sdk/v1/n.js HTTP/1.1 
Host: cdn.runative-syndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.247.218.249
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 5220
last-modified: Wed, 23 Mar 2022 15:25:35 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"623b3bef-3202"
age: 3425575
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (591)
Size:   5220
Md5:    e6b953ae4edfbe129269f196fe87eee9
Sha1:   eb99511c1d23000bc72b2c640bbcd5792eb431f2
Sha256: eb6d42f0cdeddc023b69947db248be42bc66aa2da8c59178b7f22b528c4dd60f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E666E5F16EFAB20876F06451B40FA8F1E596218DBB174F1B09289B0A8ADE06BA"
Last-Modified: Tue, 20 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7347
Expires: Wed, 21 Sep 2022 02:34:40 GMT
Date: Wed, 21 Sep 2022 00:32:13 GMT
Connection: keep-alive

                                        
                                            GET /cchain/0?gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D26%26uid%3D HTTP/1.1 
Host: prebid.a-mo.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         147.75.85.234
HTTP/2 302 Found
                                        
cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Wed, 21 Sep 2022 00:32:12 GMT
location: https://sync.viavideo.digital/tools/sync?dsp=26&uid=40f1ad91-c7ce-4e6b-b6f8-c31c564889a7&gdpr=0&gdpr_consent=&us_privacy=
server: envoy
x-envoy-upstream-service-time: 1
X-Firefox-Spdy: h2

                                        
                                            GET /css?family=Questrial HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 00:32:12 GMT
date: Wed, 21 Sep 2022 00:32:12 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1811
Md5:    02db8046e17edd75e8c3d92e705189c4
Sha1:   cb3d288424e9b0f81783297f8f4b6207d1839967
Sha256: e830cd0c4556db165acc6d14c9bb23d6b860afd3b4b8b0716671a39d907bf9f4
                                        
                                            GET /usermatch?d=https%3A%2F%2Fouo.press%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP/1.1 
Host: ssum-sec.casalemedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.18.18.126
HTTP/2 302 Found
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 0
location: /usermatch?d=https%3A%2F%2Fouo.press%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
cf-ray: 74deb3d198c2b50b-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YypbjUunUCXrsgv8VaGrDQAA; Path=/; Domain=casalemedia.com; Expires=Thu, 21 Sep 2023 00:32:13 GMT; Max-Age=31536000; Secure; SameSite=None CMPS=4453; Path=/; Domain=casalemedia.com; Expires=Tue, 20 Dec 2022 00:32:13 GMT; Max-Age=7776000; Secure; SameSite=None CMPRO=4453; Path=/; Domain=casalemedia.com; Expires=Tue, 20 Dec 2022 00:32:13 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIsMYKbuS3ebI3Cm9qyFgsIabBIggc%2FeNlVpNzHLXgnwCJR%2BgQFtgo6HZ3k5AsmqeZTiOOn4GvkQL35YMjswOEY8uiAN2wlUVh%2F6ixzw%2FLIWD8na4Nf4hnkMJFDmrp8pcwRQRqittB5lPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET /logs/req/site?sid=105641&uid=&event=playerLoaded&v=206231&cb=1663720333034 HTTP/1.1 
Host: hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 43
last-modified: Tue, 28 Jun 2022 15:48:44 GMT
etag: "62bb22dc-2b"
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /match/vibe HTTP/1.1 
Host: sync.dmp.otm-r.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         116.202.236.228
HTTP/2 204 No Content
                                        
server: nginx/1.17.10
date: Wed, 21 Sep 2022 00:32:13 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6CB14216D2419B84AD222C3D88B3876A15C80D2192B5DB03776332DA2037CE25"
Last-Modified: Tue, 20 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3726
Expires: Wed, 21 Sep 2022 01:34:19 GMT
Date: Wed, 21 Sep 2022 00:32:13 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "363A085025BBCC1176A2C9CB25828B54B6DB5F832A0365F5FB59DA7C63CDA1F3"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6121
Expires: Wed, 21 Sep 2022 02:14:14 GMT
Date: Wed, 21 Sep 2022 00:32:13 GMT
Connection: keep-alive

                                        
                                            GET /usermatch?d=https%3A%2F%2Fouo.press%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1 HTTP/1.1 
Host: ssum-sec.casalemedia.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://js-sec.indexww.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.18.126
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
cf-ray: 74deb3d1d8e0b50b-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQRv2U%2BcdmEYcIVM2C3RzD26478DTWpv68MTsR320SC%2BZQWQF7W%2F1srEZcp%2B%2F0tt2jV%2BkyAwrow43wgX%2BtN6O6229avpnjTPkxqfcw58Ye%2BGZlejzRwp2%2BudgsWodESpOy3iIc8phdA5Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size:   159
Md5:    42d89b06f47930fb009c9fd039fccc3b
Sha1:   bb3bd21173c43535095756757b6fa49f488df476
Sha256: a4e6bdcd4a7cc5707c98962900de3c437cbc8249c003e765b55c5920e1c54561
                                        
                                            GET /tools/sync?dsp=26&uid=40f1ad91-c7ce-4e6b-b6f8-c31c564889a7&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1 
Host: sync.viavideo.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         141.94.202.176
HTTP/2 301 Moved Permanently
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 0
location: https://sync.hhkld.com/tools/sync?dsp=26&uid=40f1ad91-c7ce-4e6b-b6f8-c31c564889a7&gdpr=0&gdpr_consent=&us_privacy=&viads_uid=ccl5n3f2tal5fc1aig3gXx
set-cookie: uid=ccl5n3f2tal5fc1aig3gXx; expires=Thu, 21 Sep 2023 00:32:13 GMT; domain=.viavideo.digital; path=/
X-Firefox-Spdy: h2

                                        
                                            GET /fi_client.js HTTP/1.1 
Host: ecdn.firstimpression.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.73
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Tue, 20 Sep 2022 23:34:42 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Tue, 20 Sep 2022 23:34:42 UTC
etag: W/"6d466b58ca4b1e8950f29c29f033053c"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qxAMnOi4rYM85KU_mZ7UxCKEERJ3JuqqmN6l2Wy8NY-iKKfV3xh_5Q==
age: 3450
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (618)
Size:   93277
Md5:    3d4d73cd5b77fb0322d4ec87e9ffe175
Sha1:   08af0991167249836aa5ab9dd476b2fea77409a2
Sha256: b92ed81400e16739f6cbebb8ef3208a4fe83031bb02741069ba9f0da4d9f9702
                                        
                                            GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1 
Host: itineraryupper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1e992fdb6c54598b6e1f7b8118295241
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (37188), with no line terminators
Size:   13436
Md5:    1e48c00c09d042db4f7193634131b186
Sha1:   bcfecf02cb911a745aadadb9a4bc5c80fe1375c8
Sha256: 21debf932206f513c143920d342f336c31c495ac7cde1dd4366f06bcf5452357

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /rucdn/static/report.svg HTTP/1.1 
Host: hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 3025
last-modified: Wed, 22 Jun 2022 05:10:01 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, no-transform
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2042)
Size:   3025
Md5:    c12dad0e0d31548287471223d9118b54
Sha1:   d40516c15ebc64ab96d309a7c0e2e49443d04bb2
Sha256: 8f03524fcc1c423e5375ee91780af2493c8f24426b5b85b058d0a3fbf76fcb34
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6ECFFE1177051A970BB0688C29F4EAAFE675701F764172519E90D9C840598C88"
Last-Modified: Sun, 18 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2340
Expires: Wed, 21 Sep 2022 01:11:13 GMT
Date: Wed, 21 Sep 2022 00:32:13 GMT
Connection: keep-alive

                                        
                                            GET /tools/sync?dsp=26&uid=40f1ad91-c7ce-4e6b-b6f8-c31c564889a7&gdpr=0&gdpr_consent=&us_privacy=&viads_uid=ccl5n3f2tal5fc1aig3gXx HTTP/1.1 
Host: sync.vicodes.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 43
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
last-modified: Wed, 21 Sep 2022 00:32:13 GMT
expires: Wed, 11 Nov 1998 11:11:11 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: uid=ccl5n3f2tal5fc1aig3gXx; expires=Thu, 21 Sep 2023 00:32:13 GMT; domain=.vicodes.com; path=/
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /c.js HTTP/1.1 
Host: hhklc.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.223.102
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
last-modified: Mon, 19 Sep 2022 19:48:44 GMT
etag: W/"6328c79c-2088"
server-asp-net: Asp Net
expires: Wed, 21 Sep 2022 00:40:59 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2173
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGJ0g9v8NlrbPFeKNZtG2QuXyV6iCRHsNlg21ozhVeKpVEtaXIe30nPUcu1D1KfmLMt8SVQRPl%2BcBurRuCjBgO%2Bk3BpT6C1V8DWcg72s%2Fmiv%2Fe1a7nKPnLUyrpY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3cfdc4db51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8328), with no line terminators
Size:   2443
Md5:    cf34fea55f97a0b449857c6670abb56d
Sha1:   3dcb1d2fc39996603876303afddb284e8b6fc7d6
Sha256: ec6ab142701835d085703b15a58635d88634b105b0857b88ab812ca86eece30e
                                        
                                            GET /rucdn/js/player/hls2.js HTTP/1.1 
Host: hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
last-modified: Wed, 22 Jun 2022 03:32:17 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, no-transform
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   112917
Md5:    a465d0b2fd653dd5ee65fb9fd3e23652
Sha1:   5831c56aab5fd980e4710ce8b519ec1d9edadefc
Sha256: 907e2ffdee5475a44affb0422c30f5aff045e8a2603b1e1988ea19345d24d128
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /tag/sync.php HTTP/1.1 
Host: ru.hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
set-cookie: uid=jV7KsGMqW42NwpGlTclYAg==; expires=Thu, 21-Sep-23 00:32:13 GMT; domain=.hhkld.com; path=/
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   19325
Md5:    72567cdf2338f3fdeb60b5231c2f5e56
Sha1:   486faeeac111a432f4022706816934a222f9517f
Sha256: b2f9e70dfdce00cc0635584632309214950d3d4df52979a27869ea7746605fb0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:13 GMT
Last-Modified: Tue, 20 Sep 2022 23:14:09 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _-dYliO0OH_1jiphM3yxntudRhE9b8IVnrDYzd-ARkdVggU-s04cuA==
Age: 4684

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.64.106.196
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; expires=Sat, 18 Sep 2032 00:32:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    6fb4849a9b5ebcc95a9f735c6435d1e6
Sha1:   674a7b7405bda0d3736f3881540b4529925edd29
Sha256: 202cce62a217bd7bb04a39682354bed256d012bcbfbcbea630ee361f22f48ef6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2985
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:13 GMT
Last-Modified: Tue, 20 Sep 2022 23:42:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /vi/19_ENG0.ts HTTP/1.1 
Host: viavideo.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: video/mp2t
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 515308
last-modified: Sun, 26 Jun 2022 07:47:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, no-transform
access-control-allow-origin: https://ouo.press
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   515308
Md5:    c5a2a11a945751cdc42d2f10b12d9a92
Sha1:   ccf7adaff9640202056b64dc54a66daac236c48e
Sha256: 6787c997fd3be922e3a09fea77ecd244b9f9f381a953cc4bb3ea738045906eff
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:13 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 12:01:34 GMT
Expires: Tue, 27 Sep 2022 12:01:33 GMT
Etag: "1c38543b534fe648aaa669d26f520a8ecc7f0403"
Cache-Control: max-age=559159,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74deb3d4fb2cb515-OSL

                                        
                                            GET /sdk/v1/n.css HTTP/1.1 
Host: cdn.run-syndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.254.252.214
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 8277
etag: "6114dd75-2055"
last-modified: Thu, 12 Aug 2021 08:36:05 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 17373121
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8277), with no line terminators
Size:   8277
Md5:    37ebbc4b85fb5383d08547f5fe9d8d9f
Sha1:   99dac34980b1fd00028f76e782444bdf948724c5
Sha256: 24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:13 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 15:56:19 GMT
Expires: Sat, 24 Sep 2022 15:56:18 GMT
Etag: "9c308637cae3f6cf1e7cae6a57e3a315990dcafe"
Cache-Control: max-age=314044,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74deb3d6fc0fb515-OSL

                                        
                                            GET /logs/event/dsp?event=rtb&event2=request&sid=105641&tids=17504%2C17503&v=206231&cb=1663720333922 HTTP/1.1 
Host: viavideo.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 43
last-modified: Tue, 28 Jun 2022 15:48:44 GMT
etag: "62bb22dc-2b"
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /images/7/d/f375f0fa268eab59da40c2b3e5ddb631e37811/300x250.webp HTTP/1.1 
Host: lcdn.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.247.218.249
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
content-length: 6121
last-modified: Wed, 07 Jul 2021 15:16:45 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"60e5c55d-17d2"
age: 12201801
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 284x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6121
Md5:    34132dc24f05339d248b08dc558ebd12
Sha1:   abc790698dd2822b8b7d571c58525881b33a6397
Sha256: b843111bfa946ab447f2e7e71d9fc99fa0e6e61a2d6ed37018390b9495e54d1a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8859
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Wed, 21 Sep 2022 00:32:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8859
Expires: Wed, 21 Sep 2022 02:59:53 GMT
Date: Wed, 21 Sep 2022 00:32:14 GMT
Connection: keep-alive

                                        
                                            GET /tag/load-105641.js HTTP/1.1 
Host: asia.hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:12 GMT
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
set-cookie: sync6=%7B%22adform%22%3A1663720332%2C%22otm%22%3A1663720332%2C%22indexww%22%3A1663720332%2C%22adapt%22%3A1663720332%2C%22improve%22%3A1663720332%2C%22sovrn%22%3A1663720332%2C%22between%22%3A1663720332%2C%22magnite%22%3A1663720332%7D; expires=Thu, 29-Sep-2022 00:32:12 GMT; Max-Age=691200 uid=jV7KsGMqW4yNwpGlTclOAg==; expires=Thu, 21-Sep-23 00:32:12 GMT; domain=.hhkld.com; path=/
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26606)
Size:   13149
Md5:    9e8291398b9cef417fbc2ebc7540fcd0
Sha1:   66a193574424d93b928ebb7405203b7b5f482785
Sha256: aee4c49b1edc30c08e1cf68b55091aec0818d77a984b9a0b8134f9deb95a902b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6897
x-amzn-requestid: 509dc368-dd1c-4be7-94ff-64dbd53c199f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YoqoRG2WIAMFw6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63268b01-1cb916c251fd5f2f3cf10435;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 03:05:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JB1bt_R_dtA1cgaQinaQjtvsvxI8URaFudTBsF5IA0itMeTng3ERhA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 04:14:21 GMT
age: 73073
etag: "91df60162a8322469cada0dd8eb93619f28aec1a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6897
Md5:    8bae3a7a80ff40df1d701dfc925ddeff
Sha1:   91df60162a8322469cada0dd8eb93619f28aec1a
Sha256: fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8861
x-amzn-requestid: 873e88ab-7afc-4b14-b428-d90ec2079741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO2wuE0AoAMF7Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3804-0d25ab397a16c78907914e23;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:08:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E3CxTY9UbUKfKS16_Os-lp6w8b_bIIbWqcIzaGOOc0iwrSOzj6NNqQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 03:10:54 GMT
age: 76880
etag: "56f228d7358ba9deef000f53214dc7c1dc358109"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8861
Md5:    a504981ee10d8341b64f19001464ae8a
Sha1:   56f228d7358ba9deef000f53214dc7c1dc358109
Sha256: 0ea3b6ed12f3adf9d56e7d9b61f284d28107d99f28ee4e66b4c078a9a1a0cbee
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c472fe6-fe9b-4742-98f4-b71f53839315.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4789
x-amzn-requestid: 36ce3b9d-d2aa-4975-86e5-22875944d707
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YiqljEIKoAMFhPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63242489-1a31957361790e766b8355c6;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:23:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uNmY94pnSglVwSsx4oEaFrQqFI0bxeVzH8o8PYApgHQk_CSrkk2R1g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:20:09 GMT
age: 7925
etag: "0850ed5db509f8a75439eca5866c2bb6ca3195d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4789
Md5:    4df06b3e4176e8f080c997bfae578142
Sha1:   0850ed5db509f8a75439eca5866c2bb6ca3195d3
Sha256: 43e8bfd931d778ac5ebf2d4a8c9915cb05394b6499f9a8575cfc8ce93edd7d92
                                        
                                            GET /static/js/prebidamp.js HTTP/1.1 
Host: ecdn.firstimpression.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.73
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Wed, 21 Sep 2022 00:00:29 GMT
expires: Wed, 21 Sep 2022 01:00:04 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jCHSkcsHqPEVYEDtqsKMV-2CmUWq4AkT9XD7-5LGhHcMuw1XckH-fQ==
age: 1929
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   108997
Md5:    cd77ee16e90855847421f64dc3c4e505
Sha1:   8e14aeaf5cd795bbf1072b1759bc8fb8340f19e7
Sha256: 787e4422ac6d14ffe640cf1b567a487f8f30cbcf7402b21e70e6388f6d42e56d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24bb3042-6621-4dd2-99f1-4b50cc7da808.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9399
x-amzn-requestid: 44705828-c137-4ab5-8538-5d4595a2b058
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvkJGjxoAMF6-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c80-3cb542a303a59002480c82b2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:08:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: PIZx2S4HyPokzOhbut6yFxH_-32I3SvT1jbeo2rSxQtkgYZGcqjBJA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:00:12 GMT
age: 9122
etag: "63252bd8cc72452c4c6be84593d704ae9bf97d1f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9399
Md5:    10ad73e887b57566c4ba3ae763552a2e
Sha1:   63252bd8cc72452c4c6be84593d704ae9bf97d1f
Sha256: 7d58d096045066af053eb1a1fc3878d3e2080aa50b71aa30fa5b7929693ab004
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28c514e2-3b27-42b0-a913-853081b33d5b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7722
x-amzn-requestid: 4be82a2f-b4a3-4222-8a44-788b5bbc62b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YioKtFH_IAMF8Qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632420aa-28ede63e19dd73c661519eff;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:07:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YcU4eGMn81unbZk5gRr9rYlxYU7DS4_a-arNBheZH5PbBVytegLG2g==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:09:08 GMT
age: 44586
etag: "690f537d16ce17adeeb72246418f13795b08ea67"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7722
Md5:    8718016fd606d22c29d7d781f0bdd1db
Sha1:   690f537d16ce17adeeb72246418f13795b08ea67
Sha256: 43d3d95e47ef25b0b823c7242cf872ada8e789547fc3df8c1f85d65fcd407818
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9B13546879A672E6B247E662F9060179F2CF6AF0"
Expires: Wed, 21 Sep 2022 11:00:00 GMT
Last-Modified: Tue, 20 Sep 2022 23:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2866
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74deb3d82f1efac8-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    3716d11a3127a83be51634b2339e0017
Sha1:   7f633dff9811cfea5e7ef4788e9c57b6c655d05c
Sha256: fe2e10833a0d16abbbe61a0748e654d3e694af05bee49b971674a94d2fa4db71
                                        
                                            GET /delivery/spc_fi.php?id=7419&url=%2FJOWwmxs&charset=UTF-8&ch=0&ref=ouo.press&viewerId=null&referer=&_firid=54599361 HTTP/1.1 
Host: cdn.firstimpression.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.73
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Thu, 21-Sep-2023 00:32:13 GMT; Max-Age=31536000; path=/; secure; SameSite=none
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mdmx99lRv8q8F7DFkaztIhRbTyPdBxV-vsSZo4xjANVOuhIVZdfj1g==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6160
Md5:    8d07eade6aa87682fc6b1a8233f2b12b
Sha1:   d00c8370fbb5aca0e077c33e1b0bbb1f1f1ec28b
Sha256: 3d522c23c49b6ee10ee37a354f15aa3186ad5281d317a53c28eb6a7c97a0f197
                                        
                                            GET /images/8/f/18ec6958f14e3d5a99f82f59431b3f9a6c5b8d/300x250.webp HTTP/1.1 
Host: lcdn.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         8.247.218.249
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 6919
last-modified: Wed, 07 Jul 2021 15:16:38 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"60e5c556-1af0"
age: 12201815
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x244, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6919
Md5:    10f75e4fdeb33f12c10092904d59aa24
Sha1:   8e17c24bb06fe71f09eb4d1fefdc489f99499181
Sha256: bd8a0f87fdca35c8b5c031210caf311ec8593589ce3221e9ea32306a2f9d91e5
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/JOWwmxs
Cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ae2531c0-b896-4a7f-9b93-27b4bdf16ded%3A2%3A1; sb_page_ed36014633829dc70a42dccaefdf3f11=1; sb_idelay_ed36014633829dc70a42dccaefdf3f11=1; sb_onpage_ed36014633829dc70a42dccaefdf3f11=0; sb_main_ed36014633829dc70a42dccaefdf3f11=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 5348
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3d858de0b06-OSL
X-Firefox-Spdy: h2

                                        
                                            GET /images/widgetIcons/achoice.svg HTTP/1.1 
Host: widgets.outbrain.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.201.81
HTTP/2 200 OK
content-type: image/svg+xml
                                        
accept-ranges: bytes
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Fri, 21 Oct 2022 00:32:14 GMT
date: Wed, 21 Sep 2022 00:32:14 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Size:   2735
Md5:    9d26fa4e7238ed94f1d0d92afb453b3e
Sha1:   ae18efe7d09337bf2f580b3f5bc912284aad7821
Sha256: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
                                        
                                            GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:37:29 GMT
expires: Thu, 14 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
age: 586485
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (581)
Size:   157726
Md5:    6519c7c04cf32a57b1c5ee45a73c233e
Sha1:   4939bb921988e9eb13780cc2244f3099776e9bfb
Sha256: 8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5089
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:14 GMT
Last-Modified: Tue, 20 Sep 2022 23:07:25 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3759
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:14 GMT
Last-Modified: Tue, 20 Sep 2022 23:29:35 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1 
Host: ad.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.198
HTTP/2 200 OK
content-type: image/x-icon
                                        
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 19:35:31 GMT
expires: Wed, 21 Sep 2022 19:35:31 GMT
cache-control: public, max-age=86400
age: 17803
last-modified: Tue, 08 May 2012 13:08:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Size:   104
Md5:    32ac8a9b81788b981a3a7e13c14082d4
Sha1:   fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
Sha256: 00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
                                        
                                            GET /cookie?redirect_url=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D30%26uid%3D%24UID HTTP/1.1 
Host: cm.adform.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         37.157.6.253
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 43
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    325472601571f31e1bf00674c368d335
Sha1:   2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
Sha256: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
                                        
                                            GET /exchange/sync.php?p=pbs-viads&gdpr=0&gdpr_consent=&us_privacy=0 HTTP/1.1 
Host: pixel.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         213.19.162.90
HTTP/1.1 204 No Content
Content-Type: image/gif
                                        
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 04:09:18 GMT
Expires: Tue, 27 Sep 2022 04:09:17 GMT
Etag: "c0bbb9ac61662fda8781947855cf7074484ac540"
Cache-Control: max-age=530822,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74deb3d8dd05b515-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.godaddy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         192.124.249.41
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 20 Sep 2022 21:59:08 GMT
Expires: Wed, 21 Sep 2022 21:59:08 GMT
ETag: "f03bbd382caad559c48fe23bc082ae14c87bc60c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1778
Md5:    8c92455701b09e42442e3525a304301b
Sha1:   f03bbd382caad559c48fe23bc082ae14c87bc60c
Sha256: 3ca1e8a5af6486aa3c63c8661474c4378fba1ce0210621a7c82cddaaa9f39972
                                        
                                            GET /match?bidder_id=44738&callback_url=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D39%26uid%3D%24%7BUSER_ID%7D HTTP/1.1 
Host: ads.betweendigital.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         188.42.191.196
HTTP/2 302 Found
                                        
location: /match?bidder_id=44738&callback_url=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D39%26uid%3D%24%7BUSER_ID%7D&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com tuuid=c15d2a89-2070-5208-8ad9-9fb5e9f3c43b; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com ut=YypbjgAEXTD1PEzF35IMWtXiKmIY1EW57vOyeg==; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:14 GMT
Last-Modified: Tue, 20 Sep 2022 23:18:59 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aRcOFpVJhErF57IFdnpGB1l6E4_E8ebV_ZD24Sifumj3qoZl5Y_Fbg==
Age: 4395

                                        
                                            GET /server_match?partner_id=2046&r=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D53%26uid%3D{PUB_USER_ID} HTTP/1.1 
Host: ice.360yield.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.159.9.120
HTTP/2 302 Found
content-type: text/plain
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 0
location: https://ice.360yield.com/ul_cb/server_match?partner_id=2046&r=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D53%26uid%3D%7BPUB_USER_ID%7D
set-cookie: tuuid=b8bd412e-7498-4712-b8aa-4f3aba68c837; Expires=Tue, 20 Dec 2022 00:32:14 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure tuuid_lu=1663720334; Expires=Tue, 20 Dec 2022 00:32:14 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2

                                        
                                            GET /pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D38%26uid%3D%24UID HTTP/1.1 
Host: ap.lijit.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         72.251.249.14
HTTP/1.1 204 No Content
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
X-Sovrn-Pod: ad_ap1ams1

                                        
                                            GET /match?bidder_id=44738&callback_url=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D39%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP/1.1 
Host: ads.betweendigital.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         188.42.191.196
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com tuuid=3ecbe470-dff4-5208-81dd-9ae0e2f7c16e; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com ut=YypbjgAFVzCkhZUgNIClObYRfXwAvz7bic7w8w==; Max-Age=31536000; Expires=Thu, 21 Sep 2023 00:32:14 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size:   68
Md5:    c4a2b870062c2bb98c500bc1526c0498
Sha1:   528666ccdb12997358077bc8fcdbfb6b825c7788
Sha256: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
                                        
                                            GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XYkCHDDI0xOMy0MCNGBo4WNGKQORlGTBkxI8XMgHGDTJgyN8bEiCHiYZg6YzLOICOmBo4cOG60oDkmB0ozN5TiIAMD5gwxNmAghWEDB4wZPH2SsbPQZAyuD-HUEbNwhoyGDiHCgVO2hg23D-fAmahjRo6sG208HNOGrg4aNWLIsCvWzMKND8W4cVM2B4waN8A-bOMGow4ZmW3kSMvZcwzLMwSLqCOHTdsYN2AkVV1HRkY0dOjAmaPjxQs7ZPKYYXNGzZg8eNyYcVHHTZoxb-S4gSMnzUHFM1xAb_OCjQs4aOD8gNNjjI41MmDEuFMHTY73Z758uXHmjg0udWDAkGGDTI-sZdQgxkE3xGBQDmaMUUMNM4whA1EglYGffvzN0YNfgPE34X42iNGDDJZhBtaG_IlhXQ8wuKAeiTbAcSIZTDQxwxlyTGHHEGbI0UQcRchhRQ5WxNBGE27EMUQUVkChhRF0DPEGHXPgQAcZVOTRxhRpTCElHHmIYQQSNqxhxRE3UKEHEkdoscQbT7jRwhJ1FLHEDEpEAccaNMBQBRp1ZKFFGFqcMYUUbeQwxRh2nBGFHVWYcQcUcVyJwxFUZAHFGFAchUYVa1RBQxplRFrDp3m8YccdX5xRRRJESFFFGiwSRh5iitnF4hpl5HFHdP69UccbJcgwBHVlzDFHsEPMgUZ0dCDLRhpurHGssM9Gi6yyzJbhBkLI5lhGGchWIQUT1y4rBx3aciusEXJ8G-645WbrxrUI2fEcuML6CqywxBqLrBJPXHFHG3jMwSIZMvwnw8Ex9EDrYvflxyEZM6B4MA0f2uXWwTX04MQTB9vQg77ftWvswTeM_GvJxc6xghNh0JGGHWWs0IR1ZLAhocT8rfRhTyLA0UZZD70hNNEikPHG0DqIQHK_Cg0W80JbpNRFWnIEpUOK6qUVhpVvkLGQV5E5trWKFYkghx2GpfdQHXWkkREZJMkwxgxmiEQGYk7REOBJOdSQQxkt5BCDVwbiIMMMed4AdBqGiWC4C5a5QIMMLjREA9ByfAF5RpNXfnnmowJdRxgZNfGGHmmwwUYYL9SgIggoYLHTDiAwAW0deICABw42fGEDDbivrcNfKqYAwhFljLHGGy-kd5Z66oFgRBrtmvEGHi8gDwPQY2gtwsdAR_dF-BmR_xAb4hfhBNAH2fFFu64xhNkNOKTmFQwPyXEGZZ8xyg0eEr8viEEOY8MBAcsgvzaErSzASxsZ5PCGthRNIZ_B2vbysBAa9K8MZhtIbnbTmxc8zWRzeAHQ7pARxXgFaGho4X42l5e1ZYSCdIhZdFrQnDTQoQXpcQEZdGIbAorvIF8YomKARgemxcAGd7lBemZARYu0wTYMgeIMpPgVKmbGgxAhw_yKBYcvTC2LUZxiFSEiBr4kDYQ_YcNE0sI-igxGaPKTQ8zSUMGzpQQ2qhmDaWTQBwUEBA%3D%3D&r=1&s=adca79d9095cbdc77838f9801ac6de81073677a47ce66e5aec3fda54099a56691663720333&w=t&ir=245x208 HTTP/1.1 
Host: pxl.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         136.243.46.156
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6493
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:14 GMT
Last-Modified: Tue, 20 Sep 2022 22:44:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313

                                        
                                            GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkkFGDxowaY8S0yDFDjEgaYcTUaBHGBskWNmzMGFNGhpkZOMyMySHiYZg6YzLOIKMSRw4cN1rAuLGzBQ0zN5LiIANDZEkbMI7CsIEDxowYPSGSsbNQBo4YWx_CqSNm4QwZDR1ChAOnbA2ZMh7OgTNRx4wcWG3IsPFwTJu6OmjQ6IrWJxkzCwU_FOPGTVkcmDfmFdHGDUYdMm7McKm28-cYObwSFlFHDhu3DWnkoLG6joyMaOjQgTNHx4sXdsjkMcPmjJoxefC4MeOijps0Y97IcQNHTpqDMWTMcBG9zQs2LuCggfMDTo8xOtbIgBHjTh00OeKf-fLlxpk7NrjUgQFjMJkeWJVRgxgH3RCDQTnoVEMNM8lA1Bg4lKEff4PN0cNfgQ02YX82iNGDWZnJIMOGg4lxXQ8wuMAeiTbAcaIMNAyRRhJwZCFHEEiQkYUbWaRhRxZTUDHFDWQcd4MYNpxxhQxQ3CBFC3fccQUdQTQxBg1i2JEEFjfAkMQYdsghxBxVFIEFFGVg8QYRSdDghhZ1NNECGkIkcYYNdBwh2g1D2GHFEDEYIQQVcqiBwxdCfFFEGGF8oQQOacBABhFMuKFHHmuMEYQcUORgxRo2yMEEG3SoEcQaWQgx3xlVJEGEFFWkwaJh5inGGAwsrlFGHndI998bdbxRggxDVFfGHHMMO8QcaEhHh7JspOHGGskSG-20yjLrbBluIKSsGXKUUYayVUjBRLbNykEHt94Sa0S44xJb7rnEaqsut9kiZAd08Q4BrLDEGoussko8ccUdbeAxB4tkyADgiPtxSEYMPdjKHq4R-zcDigzT8OFdbzFcQw9OPMGwDT38G164yDJ8Q8rBrnzsHCs4EQYdPpaxQhPXkcGGhBnbQAYOH4YFRxtlPfTG0UmLQMYbSOsggsoCK1TYzQttQUMMXaglR1A6pMieWmHk0cYbZCzU1WSQha1iRSLIYQdi6z1URx1pZPSYGDKMMYMZZrRABg015OCUgDiMVHgZI8XAWBg4aEfDUmGlgZhGMbiQmgs0yOBCbGHJ8YXlGeWQ-eadf95RWHWEkVETb-iRBhtshPFCDSqCgAIWMcSwAwhMSFsHHiDggYMNX9hAw-9y6wCYiimAcEQZY6zxxgvroXVxDCAYkUa4ZryBxwvPwxDWGGCLUHJY0n2BfkbrP8RG-kU4EdZBdnwR7msM1RAVDqPpCgweIoczWAY0NUDKQ_D3BTHIQW04WGAZ8ne2tIHmeHAjgxze4BalKQQ0XhNfHhZCAwKWoW0D0Q1vfPMCqrFsDi8Iyx0ykp2uhAUNNOwPDcIyB7llZIN0uJl0WuCcNNChBetxARnGkJ37pe8gX1hiEy0StRjEZAY3WM8MtkjF2zDkiln0yhZFMwPH6O9YcPgC1r4okzBusYwQEUNfnHbCn5DKaPNbyABFMIaj5U8ON0sDB93WORnk4AaFOY0M-qCAgAA%3D&r=1&s=39629db4b5ceb3d17fd39109b08fe8734ed2ac9c7f20365b981edbd531b068ee1663720333&w=t&ir=245x208 HTTP/1.1 
Host: pxl.tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         136.243.46.156
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            POST /ut/v3/prebid HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 685
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         185.89.211.116
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 3b12a906-81e8-484f-a949-3b3de5392ae8
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   145
Md5:    44f9bc0beb6feacb8f8ffc324d8bd5a1
Sha1:   daf26b4c28a1956020602886fe2bef9559f8d2b9
Sha256: a605559a7ce3f412b10937b25dd1ef3e41d8a15d029d7251711a5f05c16c53bc
                                        
                                            POST /ut/v3/prebid HTTP/1.1 
Host: ib.adnxs.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 564
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         185.89.211.116
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx/1.21.3
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 144
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: ef870f96-1337-43ab-af20-31a263f3e5e0
Set-Cookie: icu=ChgIw6tREAoYASABKAEwjrepmQY4AUABSAEQjrepmQYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 20-Dec-2022 00:32:14 GMT; Domain=.adnxs.com; Secure; HttpOnly uuid2=7415079682037129136; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 20-Dec-2022 00:32:14 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   144
Md5:    581704ba11c959cea46ddedef72181fb
Sha1:   a1e9a0ab586b05615c288f8a513ba0b274551c00
Sha256: ba149e61e981235c7f910662cde171bafbbe83aaf094b29a287f88886e881e33
                                        
                                            GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FJOWwmxs&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FJOWwmxs&tg_i.page=https%3A%2F%2Fouo.press%2FJOWwmxs&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=54246aee-296b-43a8-a9dd-966a9891d0a3&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2879788071509918 HTTP/1.1 
Host: fastlane.rubiconproject.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         213.19.162.41
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx/1.21.4
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 350
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: khaos=L8AW4PYP-L-9LFZ; Domain=.rubiconproject.com; Path=/; Expires=Thu, 21-Sep-2023 00:32:14 GMT; Max-Age=31536000; SameSite=None; Secure audit=1|naVuGyos1qoO6SAVj2lErO9DtVM30fCgGqbmm5tu4sjnXiradH8p45ZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Thu, 21-Sep-2023 00:32:14 GMT; Max-Age=31536000; SameSite=None; Secure
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (350), with no line terminators
Size:   350
Md5:    49bd4ec9410125d992d2542763b10321
Sha1:   0c247dfc612a518b6b6107fb9af63caa1bf5a326
Sha256: f535261cd5b1b28bdf123579d53773137766e0c425ae1430371b17a136f93cf9
                                        
                                            GET /ul_cb/server_match?partner_id=2046&r=https%3A%2F%2Fsync.viavideo.digital%2Ftools%2Fsync%3Fdsp%3D53%26uid%3D%7BPUB_USER_ID%7D HTTP/1.1 
Host: ice.360yield.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         18.159.9.120
HTTP/2 200 OK
content-type: image/gif
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
content-length: 43
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /cdb?profileId=207&av=34&wv=6.2.0&cb=9546962106 HTTP/1.1 
Host: bidder.criteo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 490
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         178.250.0.165
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   44
Md5:    5f1dcf53824ce88cdb7941d34db3f19d
Sha1:   4164a13e3f53e1f002606a807d64a92620720fb0
Sha256: 3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 21 Sep 2022 00:32:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 13:55:53 GMT
Expires: Sat, 24 Sep 2022 13:55:52 GMT
Etag: "05887d14acc84f5be553260dd81282be67d349e8"
Cache-Control: max-age=306817,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74deb3da0d2bb503-OSL

                                        
                                            POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1 
Host: tag.1rx.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 607
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         213.19.147.43
HTTP/2 204 No Content
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2

                                        
                                            GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1 
Host: c.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.46.73
HTTP/2 204 No Content
                                        
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Tue, 20 Sep 2022 22:56:42 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1yyVQcTBrmkzpaOgKtc1daa5IcgB00Nu0DxnrdF9EXQVJNrKGXmbVA==
age: 5731
X-Firefox-Spdy: h2

                                        
                                            GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FJOWwmxs&pid=dG7sq5f0ZL1hf&cb=0&ws=728x90&v=22.9.81452&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1 
Host: aax-dtb-cf.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.52.189
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
content-length: 154
server: Server
date: Wed, 21 Sep 2022 00:32:14 GMT
x-amz-rid: Y2ZDB0AVY2M79DKPPBW0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rJSBtKDT_Tcu6q1vAZKtBjO-KOvw1LSMNjEYUpzyKAmbxDnH5bNRgA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   154
Md5:    bb7b4ee21d41485b3c8d171a7bf8b853
Sha1:   04fdbd451ad2cf3aceb697a99ea093fa4c7b4522
Sha256: 5b74ca7f2f7320a7821eedeecfc6bc9cf4c5b0364ae656e62b66657c227aae7e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F2F4B9CB192ABA52569B22FA34A39420113C1AE958B17B6B59652182FFA10EED"
Last-Modified: Sun, 18 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12953
Expires: Wed, 21 Sep 2022 04:08:08 GMT
Date: Wed, 21 Sep 2022 00:32:15 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=ae2531c0-b896-4a7f-9b93-27b4bdf16ded&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=0 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Wed, 21 Sep 2022 00:32:15 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81d68c86242b2fd59ba48a327ee9d1bf
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B18AFDD83CECAA125B787DB84E90AF0460A4F9AE5B0644DA80BF3590ED2ABFE4"
Last-Modified: Mon, 19 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=713
Expires: Wed, 21 Sep 2022 00:44:08 GMT
Date: Wed, 21 Sep 2022 00:32:15 GMT
Connection: keep-alive

                                        
                                            GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=ae2531c0-b896-4a7f-9b93-27b4bdf16ded%3A2%3A1 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Thu, 22 Sep 2022 00:32:15 GMT; secure; SameSite=None uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; expires=Wed, 28 Sep 2022 00:32:15 GMT; secure; SameSite=None pdhtkv=true; expires=Thu, 22 Sep 2022 00:32:15 GMT; secure; SameSite=None uncs=1; expires=Thu, 22 Sep 2022 00:32:15 GMT; secure; SameSite=None pdhtkv29=true; expires=Thu, 22 Sep 2022 00:32:15 GMT; secure; SameSite=None uncs29=1; expires=Thu, 22 Sep 2022 00:32:15 GMT; secure; SameSite=None sleced36014633829dc70a42dccaefdf3f11=[3396716]; expires=Wed, 21 Sep 2022 00:32:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2872badff8953ed9fc8d0001939c74a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5621), with no line terminators
Size:   4048
Md5:    71f381c4e115baab97a0804427737986
Sha1:   e101c7d660af72e2678d064f14c3091eac38a0d0
Sha256: 4910a0fa1bde85d2d701c15a506732de490af0968045da565ce2579ce7ca201d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3696
Cache-Control: 'max-age=158059'
Date: Wed, 21 Sep 2022 00:32:15 GMT
Last-Modified: Tue, 20 Sep 2022 23:30:39 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST2skRRjGq3dXUARB2YuCMogHFTPpP5OeGfewGGMkmP3DrqKgoNVV1ZMyNV1NVdf0JKfgguzN8Rt0nkk2RBdZ0auLTBb2kFNGQQY0X8CTCJ48yMwGR9%2FL%2B771PIcfT72f77pT4sPRycoVvS2VootLdb%2F28gdBcKm2LjPXr%2FVb8cdx41LN9F5vx3X%2Fldrbgm3qxdAPfD%2Fwg9qqNCLV%2FcWpCJnfbQf1tl9vhPVgqYG%2B%2Bf9unQdLPfDeKXkGko8vPPAuQrIRsu69FWE3C52%2F9lbXKVpogx4%2FeC%2FbzHSZoTsfU%2BMhzQ7O3ND2ZPU%2BdLY%2Fw4Xu%2FWtM5Jh4D%2B8jyQ7OIJH09maciYLIkPAnUfZGEGoESUdg%2BhYkPyEA47h6DVn3zlVtSrr1SKVTdUwu%2FPUnZDkmF367iKz7zbKS%2FdpNrVwhdWbRTyvI%2FgiyM0LujlBsn4Msj8CKzyA5QdatIPnkJSrCpShg%2FkLSascLDdpMF9pJO1oIm0kj4WkQc8FnwUg5gkxHUGIAas%2FBWQ9OenCpB5d76PJJjQVB0PQ5o36rzVjEmyKJuR%2FQZhrQwI9bcGzKPkCRD8DUAMzsIDc72JQDGPcj7EYFyz3YgqDHK5SCoLQEJSUoJUFZEJS9ap8rG9rqDlfWJcFZD896VA110dml%2B7roiIzs5qfk6Vlgv3%2F0HTbFpCZ4FPtBI46iVtjmrOnTRsgZoyLlaZQGAaysIO05UOthW5489QtyefJEhYQewaojMPkiqHsetBw2Qx90Y9ho%2BdjODrXT9dwIa8F1hbx4DMWWt6tOybMzgOhnBcGOL3%2BSXBn%2Fcfg3mKmQmwqfygcEHXV7eEOXZO%2BGLi359lpeyK7cptPfvFnQQpz%2F6h2xVWrD11bs4PANNhWm4913hS3WacZl1rHk62XJuTCr2jBBfliz74vkurMby85kLl%2B%2F%2FubqWncGKHU2ApVjQh4eg8kxefz7yexQn%2Fv1HqQZwbgKXXdMzgpSH4HlO7D5nN%2Fq8zBq7klyD6WrhiZM5o9KEigx32lSwf5nT%2Bbzrr2NjnkBtLg1u8%2BeqdBTFagawLrzwyI3x5d%2FimaFRHnDRBlvL1FGffkoXCsntWYU%2BTRuLwXNJhXNpBG20jjglIaNOIxjGqGwY%2Fbqh1%2F8AwAA%2F%2F8BAAD%2F%2Fw3S3p5zBAAA HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:15 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a968b5996f11bef66874c2b722dba59
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4873
Expires: Wed, 21 Sep 2022 01:53:29 GMT
Date: Wed, 21 Sep 2022 00:32:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4873
Expires: Wed, 21 Sep 2022 01:53:29 GMT
Date: Wed, 21 Sep 2022 00:32:16 GMT
Connection: keep-alive

                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.yourwebbars.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Findex.html&l=1559&fd=59 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.200.2
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 21 Sep 2022 00:32:16 GMT
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4199261
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F3j2%2BOmBKrAI1rniyxwdk6WxM17wHyWlD7CdsWMnyucsUHPETyMpQ6OEICqu3zBgpos2F%2BmqQpy0fta98FGgCRs8Ll%2FdgUjaV6PZkQpf%2Bnm1zMC0IB6Q4PiATpm%2BW3WIRtk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3e51b86770b-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Size:   21845
Md5:    e1f754e6014f2a7636aa19acdf37eaa7
Sha1:   72ded7fb65560b2702630d5208386654f294e8e9
Sha256: 8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "18117375CC72FBA620F3E53DF7F99A61AB02C4ADF834566EB46D63BE66F1CA54"
Last-Modified: Mon, 19 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4873
Expires: Wed, 21 Sep 2022 01:53:29 GMT
Date: Wed, 21 Sep 2022 00:32:16 GMT
Connection: keep-alive

                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fstyle.css&l=3637&fd=153 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fcss%2Fanimate.css&l=79245&fd=155 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  gzip compressed data, max compression\012- data
Size:   660
Md5:    5860c780c8e9daa4f852038f02b5bdc2
Sha1:   c75c8b4db36bffe075ce493f06d011f855d5541a
Sha256: f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85

Alerts:
  Blocklists:
    - quad9: Sinkholed
  File Analyzers:
    - virustotal: 0/0
                                        
                                            GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2FProgamerage%2Fmessage_redcircle2%2F3%2Fjs%2Fscript.js&l=386&fd=153 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSzWtcVRjGz20rKIKgdKOgDOJCxUzvnTufdlGsMRJMP2gVBQU9X3dyzJl7LufcM3eSVbAg3Tn%2BBzfPJA3RIhXdWmRS6CKrjIIMaP4BVyK4ciEzDY6%2Bm%2Fd9z%2FMsfjzn%2FXzHn5AQnk6Xr5gtpTW90KiGlZc%2FiKKLlTWV%2BkFl0G5%2B3KxfrNj%2B651mNXyl8rbkG%2BZCLYzCMAqjyoqyMjGDCzMRKrvbiaqdsFqvVaNGHQP7%2F935AI4GEP0T8gyUmJx7EJyH4mOkvXvL0m3kJnvtrZ7XNDcWfbH%2FXrqRmiJFbzEmNkCS7p%2B6Ydzxyn2YdG%2BOC9P%2F18jUhAQP74Ol%2B6eQYP3dOSfTkCmYeBJFfwypx1B0DG5uQYljAnCBq9eQ9u5cNbagm49UOlMn5Nxff0IVE3Lut%2FNIe99c1mpQuWm0z5VJHQZJCTUYQ3XHyPwh8q0zUMUheP4ZlCBIeyWUmL5EZa0RRzxcYu1Oc6lOW8lSh3XipVqL1ZlIoqaQYh6MUmOoZAwth6DuDLwL4FUAnwTwWYCemFZ4FEWtUHAatjucx6IlWVOEEW0lEY3CZhuez9iHyLMhuB6C221kdhsbagjrf4RbL%2BFEAJcT9EWJQhIUjqCgBIUiKHKCol%2FuCe1qrrwjtPMsOu210x6XI5N3d%2BieybsyJTvZCXl6HtjvH32HDTmtSBE3w6jejON2rSN4K6T1muCcykQkcRJFcKqEcmdAXYAtdfzUL8jU8RMlGD2E04fg6kVQ%2FzxoMWrVQtD1Ub0dYis9MN5UMyudgzAlsvwx5JvBjj4hz84B4p81JD%2B69Am7Mvnj4G9wWyKzJT5VDwi6%2BvbohinI7g1TOPLttSxXPbVFZ795M6e5PPvVO3KzMFasLrvhwRt8JszGu%2B9Kl6%2FRVKi068jXl5UQ0q4YyyX5YdW9L9l179Yve5v6bO36myurvTmgMukYVE0IeXgEribk8e%2Bn80N97td7UHYM60v0%2FBE5LShzCJ5tw2ULfmfOwuqFh2UBCl%2BObI0tHrUi0HKxU1bC%2FWdni3nH3UbXvgCa35rfZ9%2BW6OsSVA%2Fh%2FNlRntmjSz%2FF8wLTwYhpG%2BwybfWXj8J1alqJQ9FiMpEtJuuNeiK5YI0GC3nCWSzabY7cTfirH37xDwAAAP%2F%2FAQAA%2F%2F%2BNBgt2cwQAAA%3D%3D HTTP/1.1 
Host: contagiousantagonizequarry.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=ae2531c0-b896-4a7f-9b93-27b4bdf16ded:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Wed, 21 Sep 2022 00:32:16 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62b02ed23a9a50227daf7e709eca285e
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.200.2
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 00:32:16 GMT
last-modified: Tue, 17 Aug 2021 13:04:06 GMT
etag: W/"611bb3c6-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 512224
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpIyqVfQg69o00NIwO5PzREazF%2BsReXuBXe3pF7YUxPvNUYlxr5Jz%2BrpIKVbzCGT9AmVWIuCGCZXDB2qeNRZBLVqYBGYbxzbEIZ77PJRcJnisX1PE2WzD1EsW9HjRh4%2FAEs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3e4d901007d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.200.2
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 00:32:16 GMT
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2372019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftd8PWeG2NKYITmP5hPc9KDNELL6ZbedTfNXfxjLkhinIn%2BAvHtmAHz4h6hFukahqw%2FDH61RdW%2B%2BLYo1TSPly1HQQvbGFxlGuJnjyikheSVSiePdvVb5Hr1rtFSDSlmps4w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3e4d900007d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /aax2/apstag.js HTTP/1.1 
Host: c.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.46.73
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 21 Sep 2022 00:04:59 GMT
last-modified: Thu, 15 Sep 2022 20:15:32 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront), 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
etag: W/"0b4d277527066dd35dd7c0288cb596b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-C1
x-amz-cf-id: Rj1YuIBFfGc01B8IwKAz_FXjhuvYL9WvxtObo1Ac6v_ZIbQooR9Z1A==
age: 1635
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /JOWwmxs HTTP/1.1 
Host: ouo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.22.22.162
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
location: https://ouo.press/JOWwmxs
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6IjlFUHRzSnNYbTBpNFFEU0xWVnpnRjZDTnZcL0N5REpmWnZ1ZFE5d0ttQTVFPSIsInZhbHVlIjoiY3c0K1E2RGREWGRScVUrWE4rcCtuUklSZzhwcUlwQlpWQnlrZHBPSWFUOURYbWJoYVR5YnBpVitQQVlRY1c5TGZDK3VmWWtKWEw5TUQ4bEY2R2M3Rmc9PSIsIm1hYyI6Ijc0OGQzYzNmNzQ0NWFmZjYzNDBlY2Q3YzhmMmEwYzdiMjc2MjEyMmZjYWRkODgyODk2YjIwY2I1MjU1MTFiNDEifQ%3D%3D; path=/; httponly language=eyJpdiI6IjNFcDJkcWwrMFwvU0ZlR0ZBMUVcL2t4bDViV0pubXhzODRzRXNSWWxjU3JcLzg9IiwidmFsdWUiOiJqajNVQ0dUWlcxR0pnVVRMQTlGU0dWdVBlUlFIZXFFZ215eUJkcXgxVEc0PSIsIm1hYyI6ImQ3ZDI0YWNlMDdjYzNlNjZhYTFlM2IwODQyOWRhNTU5YjJkMjBkYzIxZWQ2NWI4NTBjMTdiYTdhM2RlOGVhMzUifQ%3D%3D; expires=Mon, 20-Sep-2027 00:32:12 GMT; Max-Age=157680000; path=/; httponly 5fff87655b21b3c508efdc78d927d6db086c946e=eyJpdiI6Imo3RTdrZ21taEFSYmFxXC9leHgxNTlwRnBmR2U5SnRqYnFRdm9Zang2WVY0PSIsInZhbHVlIjoiclFQQzlaRHZKamZQOEN2anNKQmV3ejJSOVJCSEtXdGRneTVWeUVSNlwvT2kzNWVVRmw2VFJ1NFpNRXYyM3FrQmxaWXUrZFZ1ZzJrN3M3QzZUcVlQZWlEbUx6UUZhbFpRR053eWZQYytkQno5eFhpOTNiSTNKWjlHcTh0bTNLWURpenc4MXkzNk5MNjZpbWs5Q2JnRUhUVENzU2pFTVN2QllEcGF0dVQwNE9GSXVTU2NmSm5mRjlxV0RUMFBSUVFaZlJjTEQ2M0FidHRtKzNNOFE4dVZiNzd6enlncFZCMFlVSHBOb29uT0tNREtna0laaDF1UHpMSEhQZWZVQ251U1FMQ1paaUszeWRTOW1pUEdha1dZREc2R0RBWUJlMUhYRWc2RzdwSWZoeHBZVVM1elJ4b2MrSndlVTV2OTNHQjdFOG84TFZJV0RjQUE5RGNCbEN0YWRKQT09IiwibWFjIjoiNzBiMWUyODg1YmQyZDM5Y2RhNDM1ZmM5Yzc2NzEzMzE5MTBkZmRkOGJiMDc1OGU4ZDdkZTRhM2YzNGU1ZWQ3NiJ9; expires=Wed, 21-Sep-2022 02:32:12 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74deb3ca2fb1b521-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /JOWwmxs HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; path=/; httponly language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; expires=Mon, 20-Sep-2027 00:32:12 GMT; Max-Age=157680000; path=/; httponly fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; expires=Wed, 21-Sep-2022 02:32:12 GMT; Max-Age=7200; path=/; httponly __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=; path=/; expires=Wed, 21-Sep-22 01:02:12 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 74deb3ccbd5b0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,JOWwmxs&adtype=label-under&callback=callback_QaPPm HTTP/1.1 
Host: run-syndicate.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         136.243.51.205
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: 0bde3b4e34887e39
set-cookie: ts_uid=dfb2c3ff-d459-4e58-959e-91801a823407; expires=Tue, 21 Mar 2023 00:32:13 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css/link-safe.css HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/JOWwmxs
Cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
cache-control: max-age=86400
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"5d951ace-1830"
expires: Wed, 21 Sep 2022 12:22:46 GMT
last-modified: Wed, 02 Oct 2019 21:46:54 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 566
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3cf9e460b06-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sfp.js HTTP/1.1 
Host: creepingbrings.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.21.234.232
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 21 Sep 2022 00:32:13 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ea9c6d013cf57526b0d0986ea9737079
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 21 Sep 2022 00:32:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ji7syVh4siBqhRq6i99F4ufMDE1y1NtumohS%2FDGPwvKtoYqlfC3fQgs66gZY2hLgQM5pq91CtJuZz%2FHFgDRTFVBfRqe8wH3lZfLHpOLjJBPHRr%2BDL%2F53TF9CJ3adsXEPP6xpGSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3d4b93d71b1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.200.2
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 00:32:16 GMT
last-modified: Tue, 17 Aug 2021 13:04:04 GMT
etag: W/"611bb3c4-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2372019
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B87ZWnJ8yWy9SzKp2mUGo2DotYbLnVeA2rDdiQlyS5zyJ1bC1ktB42Tr4yvk7gIBscmbyNUGqMa3DMRuIHlnY3wncehQRih526AUDlt%2B69ZZmb1F2b4HqHvEpKciS%2Bfonr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3e4d8fe007d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/fiamp.js HTTP/1.1 
Host: ecdn.firstimpression.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.73
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 20 Sep 2022 23:38:53 GMT
expires: Wed, 21 Sep 2022 00:38:53 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vmygxuq1A3J-D2DT62n-pzgDY-g8winnSZyxxah-fCY_cpmQka_Wng==
age: 3201
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /vast/cs?zone=105641&w=432&h=243&vp=4&site=https://ouo.press/&cbb=1663720333926 HTTP/1.1 
Host: rtb.viavideo.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/xml; charset=utf-8
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
age: 0
cache-control: no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: https://ouo.press
set-cookie: uid=ccl5n3f2tal5fc1aik9gXx; expires=Thu, 21 Sep 2023 00:32:13 GMT; domain=.viavideo.digital; path=/
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1 
Host: cdn.firstimpression.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         54.230.111.73
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 21 Sep 2022 00:32:14 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EA4gCzwie2iABO7as4vlPPpYwoFJf5mFRImkO_rnniFDoDwYnS1Eag==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1 
Host: c.amazon-adsystem.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.46.73
HTTP/2 200 OK
content-type: application/javascript
                                        
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 19 Sep 2022 09:37:07 GMT
x-amz-version-id: I95TjGhhrR3O7F99m0mjPLrSrnJRj9o4
server: AmazonS3
content-encoding: gzip
date: Tue, 20 Sep 2022 09:37:12 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HEJ4Tbe4DDwTbN4OJWASVvNOpzRTbnk75t6r9OAG1LJML2SznWJt5g==
age: 53703
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css/bootstrap.css HTTP/1.1 
Host: ouo.press
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/JOWwmxs
Cookie: ouoio_session=eyJpdiI6IkoyczRtd1hzZ3Bya3hFMjJncDFrSjRpdE9qSTBESmJrWEc3Nmd5K2luOEk9IiwidmFsdWUiOiJzMkxHUmxxOExIUGNMZHZMdGtMQjNPbzkxZEhQMmpnQm1mYUUyRkJ3elBLbWtpcmQxMmNYb0FpNEJYTjdtXC8wY1A0XC96WUpjZnN1NlgwU2RDQWZjYmRRPT0iLCJtYWMiOiI3ZDdjZTk3OGQ2NzE1MjUwMzFiMDhlYzQ4OTEyNWU4N2JkM2NhMTc4MzQ5MzM5NWVmZTUwY2M3NzgxM2JjYjI0In0%3D; language=eyJpdiI6IlR4TlVPVjc4NFwvZWRXWEJyTTFcL0pTV1VZN1cyWWM2b2VCeUZvekFieWExaz0iLCJ2YWx1ZSI6InVRT3VqRUJ0cUxoa3FGQWRcL1pIR29GTTE3MjdxaVRYMVhFbEFMbHNrclkwPSIsIm1hYyI6IjA3YmM1NDRiNDQyNTZmOTA5ZjBkMDA5NTE2YzUyMjY2YmFjODg2YWMxYzI3ODVhNTVmNzA5NmVlYWQ1YjI4MDIifQ%3D%3D; fca28be0e975133d744c1658fcca23a8bde3f6e9=eyJpdiI6ImNudHZSTjNJMHpwT1NWU0JYa0xMTHgzc200MEhNTzk4bW1pV3dhTlhqOEE9IiwidmFsdWUiOiJ1VDVadjVcL2J1eEozeHZYcXRpMTR1M2lVSFBRTTYrSlpkMUdwcXl4KzdPaFwvTzNvdDF0b1UzaHc5VjFrV2V1SklORGNwMGZldDVWZEtOVkdvTTdlYzl3dDBKTFBtNFM0YjRrSlMzWWoxVjh0TFF6ODJuWnd5TjlMa1dSQVpYZTVrM3JnZG01eTRlR29EcUdOMTk5WEtTRDQ4SEtPWXFFaWU5cEZTNnFEXC95UThYTXk2Y2M4S09iMCt5NjJzaGsxZUVwV3lnTDQ1bEV1aExlbkpBNDIxSHpvS1k2N2tvbmVEVVpyR25cL0dLWkR0QU82VUZzK2hNNUN5bUVmMFYwMHRlVE1vbXZBeGRwRkE5VHBLV0tWa3Q1UHRSa3BBaDBCOCtQVDNDd25RQys1XC8wR0plUVp1NjlwYytkcjhjdnhXd0x3d0U3VzBFR25PV2Z3aVQwclRmelVxR2dkVGRSaFFkNXJ0a0NQZ3NIeW1rdEczNEcrazRnYWNyQldQalZzb1hrKyIsIm1hYyI6IjYxNDQzOWY0MWVlYjhmNmFlZmUzOTEwZTQwMDZkM2M5NDJmM2JlMzQ4YTdjZjRjYzhjMDgyMDVlZDg1ODBhMDUifQ%3D%3D; __cf_bm=oKPvUWU6SdPwh9v33frR0ow72yzbpnjaUyu9.SHxbgw-1663720332-0-AdYFjmOJ9csnPmxieE7rj8I7GsgC4V6i8rE0DPveb6mXFPE9/LPyJDLUN7JmyaN00QEzemgX3uNpool6hvBjd8A=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.22.58.251
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 21 Sep 2022 00:32:12 GMT
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Wed, 21 Sep 2022 08:46:09 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 13563
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3cf9e450b06-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /rucdn/js/player/220623_d44559ff.js HTTP/1.1 
Host: hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
last-modified: Tue, 13 Sep 2022 10:33:35 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public, no-transform
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /rux/abcdef/105641/?pub_sid=105641&VIA_WIDTH=432&VIA_HEIGHT=243&v=206231&rc=1&cb=1663720333803&page_url=https%3A%2F%2Fouo.press%2FJOWwmxs HTTP/1.1 
Host: viavideo.digital
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
set-cookie: uid=jV7KsGMqW42NjJGh6F3NAg==; expires=Thu, 21-Sep-23 00:32:13 GMT; domain=.viavideo.digital; path=/
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /slider-220901.php?sid=105641&tid=17503&w=432&h=243&cbb=1663720333928 HTTP/1.1 
Host: hhkld.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         141.94.202.176
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Wed, 21 Sep 2022 00:32:13 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
set-cookie: uid=jV7KsGMqW42NwpGlTclfAg==; expires=Thu, 21-Sep-23 00:32:13 GMT; domain=.hhkld.com; path=/
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1 
Host: cdn.yourwebbars.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.26.6.19
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 21 Sep 2022 00:32:15 GMT
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 469318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WnfFzZBTkGIRiCQJ2iYEeA8Qe%2FMFDYSSPHew91A%2F64mTzX0Kjw%2Fjrv0qu6dcrv6JNj2XOosol07Pc2qSdxplLEPE3mt5%2BpeyIJylBJyMUaOUrsR%2BbAn3jO5F5KU0jLnzxtRjjnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74deb3e3e9470b41-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---