www.hooyu.com/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded
34.248.96.238301 Moved Permanently 291 B URL HTTP/1.1 www.hooyu.com/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded
IP 34.248.96.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a3b5cb42608227ce0f57c66fe30a11a5
484797c91f87128623606d132421e7646e3bf315
4377c1a4e6361a209fa34fdd07e3f5d110f559fbd8da42b4c8ea185aa7c632dd
GET /checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded HTTP/1.1
Host: www.hooyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 31 Jan 2023 07:03:43 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 291
Connection: keep-alive
Server: HooYu Server
Location: https://www.hooyu.com/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16022
Expires: Tue, 31 Jan 2023 11:30:46 GMT
Date: Tue, 31 Jan 2023 07:03:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15665
Expires: Tue, 31 Jan 2023 11:24:49 GMT
Date: Tue, 31 Jan 2023 07:03:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6971
Expires: Tue, 31 Jan 2023 08:59:55 GMT
Date: Tue, 31 Jan 2023 07:03:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 06:35:52 GMT
content-type: application/json
age: 1672
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 05MmJUQT42aWMG0PPoWXxVg6QOkOAZNuKfTsrBNQEqtE1Zu7N5rU39cjjeCLuD22VM5SsnFhiiFq16aT6LjMJQ==
x-amz-request-id: 4MPQMYC6Y5P1AA6Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 06:22:06 GMT
age: 2498
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:03:44 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1159ba7c8a513a46e704f4933818da33
da74dbc96e303b8d253ca7158605cffa9fe634ab
93c7a6915b28cc18d686eb2b1a4b1f7d7c674af12c987e56b616c72838ca6993
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:44 GMT
Server: ECS (amb/6B92)
Content-Length: 471
www.hooyu.com/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded
34.248.96.238302 Found 0 B URL HTTP/2 www.hooyu.com/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded
IP 34.248.96.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded HTTP/1.1
Host: www.hooyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 31 Jan 2023 07:03:44 GMT
content-length: 0
location: https://www.hooyu.com/en-us/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded=
server: HooYu Server
X-Firefox-Spdy: h2
www.hooyu.com/en-us/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded=
34.248.96.238302 Found 0 B URL HTTP/2 www.hooyu.com/en-us/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded=
IP 34.248.96.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/checkid/request/4676fef1-afbe-4564-8f8f-33a3b7d1a443?embedded= HTTP/1.1
Host: www.hooyu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
date: Tue, 31 Jan 2023 07:03:44 GMT
content-length: 0
location: https://mrq.com/secure/lobby?modals=hooyu&link=https%3A%2F%2Fwww.hooyu.com%2Fen-us%2Fcheckid%2Frequest%2F4676fef1-afbe-4564-8f8f-33a3b7d1a443
server: HooYu Server
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-store
content-security-policy: frame-ancestors 'none'
x-frame-options: deny
content-language: en-US
set-cookie: CUSTOMERCOOKIEID=43c65470-9392-4979-b971-124d33ffb9bb; Max-Age=946080000; Expires=Thu, 23-Jan-2053 07:03:44 GMT; Domain=www.hooyu.com; Path=/; Secure; HttpOnly
JSESSIONID=YzQ4Y2I1NmQtZTgxNy00ODEwLTlmZjAtZGFiZDBlODY2Y2Yw; Path=/; Secure; HttpOnly; SameSite=Lax
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 06:41:42 GMT
age: 1322
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8ed6b984effd867fdfefc8f6b79d4f52
fc8fe1a89c338ab07124328f566a245716375037
4a33ef6e92d2ed727e87c17655230bbb8859bec773115ee6c6a32c182a204c6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=151036
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:44 GMT
Etag: "63d8684c-118"
Expires: Thu, 02 Feb 2023 01:01:00 GMT
Last-Modified: Tue, 31 Jan 2023 01:01:00 GMT
Server: nginx
Content-Length: 280
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5207
Expires: Tue, 31 Jan 2023 08:30:31 GMT
Date: Tue, 31 Jan 2023 07:03:44 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8ed6b984effd867fdfefc8f6b79d4f52
fc8fe1a89c338ab07124328f566a245716375037
4a33ef6e92d2ed727e87c17655230bbb8859bec773115ee6c6a32c182a204c6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=151036
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:44 GMT
Etag: "63d8684c-118"
Expires: Thu, 02 Feb 2023 01:01:00 GMT
Last-Modified: Tue, 31 Jan 2023 01:01:00 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5LRGCV
172.217.21.168200 OK 82 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5LRGCV
IP 172.217.21.168:0
File type ASCII text, with very long lines (25734)
Hash 1b4f9be8c19e5a3d7874ac51a1544be9
90f9fa0fb2a5ff0f9e718985aff4efe0d98b68f8
ad6529a1a4a33ef3da2c7df9e29a81bbd19f40223ed0cf0ba854bf32f28c27a0
GET /gtm.js?id=GTM-5LRGCV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 07:03:45 GMT
expires: Tue, 31 Jan 2023 07:03:45 GMT
cache-control: private, max-age=900
last-modified: Tue, 31 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81880
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.110.92101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.110.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6RGpOx0RmJvIBzOhSQAfSQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FBCNoU7IcIr2kTL+VXgJxtRS4rk=
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 53b967e28ad36a49460570616ac95aae
24bb8132cb386cb0262eea75b21047df85ad329d
6bff15e21b5cb09877ce2400a097a6f45aec467121c6e0bd3ae1dedcfd464189
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 31 Jan 2023 07:03:45 GMT
Last-Modified: Tue, 31 Jan 2023 05:28:14 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9JQH5iZ2beIiOg8DZ8mMMnoVcARRWbEDDQwbDvF_Qcm6xbuhJ6E9Nw==
Age: 5731
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f7d440e76b088c61d262a0d328050802
24124f583d4d7987fd68c80b6d145132646558ea
5ee6e96bc292bbc0bdc4efad9890f7f1015abf043e7fb4b3b40ce6f650050f78
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 31 Jan 2023 07:03:45 GMT
Last-Modified: Tue, 31 Jan 2023 05:56:27 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: E2FszgrOdyRhC1hIpTVSy08LyrJlt0sIk8l6HzniA8Z9509BZ8ymxw==
Age: 4038
euromero.ediemidnightzombies.com/sxp/i/160bf5a000f677bf90ef12f6b702e5e4.js
54.230.111.33200 OK 32 kB URL HTTP/2 euromero.ediemidnightzombies.com/sxp/i/160bf5a000f677bf90ef12f6b702e5e4.js
IP 54.230.111.33:0
File type Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Hash b4417b9b0d46e94114a5cf28aac84ede
21284601866cec18150ccc1eadf69da61a8ed5ee
353e39707d50472d4dc3ec56c149b3fdf4ea4061c4b008c51a24ed76a32f5a3d
GET /sxp/i/160bf5a000f677bf90ef12f6b702e5e4.js HTTP/1.1
Host: euromero.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 31933
content-encoding: gzip
server: Caddy
date: Mon, 30 Jan 2023 19:26:51 GMT
cache-control: max-age=43200
expires: Tue, 31 Jan 2023 07:26:33 GMT
etag: "1576e-kAsZWBbw/4vk79E3z9PCxrM5sZ0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kYbIRbsT5qGkcwjFSMzQa_oFO36uUG5OdFVgGzJHoUyLYeueZ9QPXw==
age: 41832
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Muli:400,400i,600,700,900&display=swap
142.250.74.74200 OK 985 B URL HTTP/2 fonts.googleapis.com/css?family=Muli:400,400i,600,700,900&display=swap
IP 142.250.74.74:0
Hash 98112f7b67bf46db4bba9c80f599b27d
e6ff5f83e12d769c06805743786165643187f8a9
c74ed670df8be777faa60a5745eb3e3945a2a0cd69e14380d3ad69d6e600818c
GET /css?family=Muli:400,400i,600,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 31 Jan 2023 07:03:45 GMT
date: Tue, 31 Jan 2023 07:03:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googleoptimize.com/optimize.js?id=GTM-57WF62N
142.250.74.78200 OK 44 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=GTM-57WF62N
IP 142.250.74.78:0
File type ASCII text, with very long lines (1759)
Hash 9953f8e7e38e7f45cdce28766e1a9141
ccecedc37cb5da897c6f4bdcd0c629dfa91cb748
a22227938fc10d016e55e2a8a2d347de26dc4f87283c138a12d933f1591055b9
GET /optimize.js?id=GTM-57WF62N HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 07:03:45 GMT
expires: Tue, 31 Jan 2023 07:03:45 GMT
cache-control: private, max-age=900
last-modified: Tue, 31 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tgtag.io/tg.js?pid=tg-g-006992-001
34.120.230.83200 OK 24 kB URL HTTP/2 tgtag.io/tg.js?pid=tg-g-006992-001
IP 34.120.230.83:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c628eff9519700ae8202b21350fa3090
311e19f661862898c69d70c5f6e1832e1758036b
8e60c8e943a0928ccab469f8f596e3f88c3e9ea97f53e3daacf6f01a31e296f6
GET /tg.js?pid=tg-g-006992-001 HTTP/1.1
Host: tgtag.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdstrgoyMfmLK3KY98oiC_EJoAYlNcGlNVZt5UDDrTh7kYdlv-JVBHu0Rr9zauwo3QNMF3k88_Pa4uqJI9MvS9yZalV9wDQF
vary: X-Goog-Allowed-Resources
x-goog-generation: 1674208871933571
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 23485
content-encoding: gzip
x-goog-hash: crc32c=8ExYDw==, md5=xijv+VGXAK6CArITUPowkA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 23485
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
server: UploadServer
date: Tue, 31 Jan 2023 01:58:17 GMT
expires: Wed, 01 Feb 2023 01:58:17 GMT
cache-control: public, no-transform, max-age=86400, s-maxage=86400
age: 18328
last-modified: Fri, 20 Jan 2023 10:01:12 GMT
etag: "c628eff9519700ae8202b21350fa3090"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/1vmhpXYvMQg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/1vmhpXYvMQg
IP 142.250.74.131:0
Hash 19bfd8a6d0be05e1b881403297434757
fcdd5be3a7f72d29c6babb721f06b5386bbdcc75
50340f0009b0e4bb14d78e207821438efbfba4dd2e1a058ccf243d52b1105eb8
POST /s/gts1d4/1vmhpXYvMQg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/dVi66-kaLJo
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/dVi66-kaLJo
IP 142.250.74.131:0
Hash 0903c9579e69bb3e7ac24b026a28fa73
fc9c0da4c45e093a76d59f8a65e894db3c32f589
aa6a410242193d17379067000f33d29f804bbc219cd02e421342bb56d8dd5713
POST /s/gts1p5/dVi66-kaLJo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 277 B IP 93.184.220.29:0
Hash bb49657ab5c9975abe6234ee359fb129
73ef31d1253b13eb74a8b36e5d8cacfed79b1d55
fa71175a52e60628b437a2fa2d0062e7ccdc378d08365f1ca40d1177b54e97a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5955
Cache-Control: max-age=157012
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:45 GMT
Etag: "63d86862-115"
Expires: Thu, 02 Feb 2023 02:40:37 GMT
Last-Modified: Tue, 31 Jan 2023 01:01:22 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 277
perfalytics.com/event-definitions/15edbcb5-4190-440d-9e23-cd154dadd5ef
54.230.111.64200 OK 4.3 kB URL HTTP/2 perfalytics.com/event-definitions/15edbcb5-4190-440d-9e23-cd154dadd5ef
IP 54.230.111.64:0
Hash 76d90f9070ebc0a54f09038d53c44c0f
66c6a79a6f6a561520d2ddf8f1a08cdc43d5aaf7
6bf084d57f6c3410dc0660f4aed8f33d13061662f4d04d9d5a3aafa9b5a1cd0b
GET /event-definitions/15edbcb5-4190-440d-9e23-cd154dadd5ef HTTP/1.1
Host: perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 09 Dec 2022 12:14:18 GMT
x-amz-version-id: .WJIyRJNso51Hb50W._VKyZDCf31hGZ2
server: AmazonS3
content-encoding: gzip
date: Tue, 31 Jan 2023 07:03:45 GMT
cache-control: max-age=60,s-max-age=60
etag: W/"d876f11327f5e721a663f5fd03469098"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rkbjbUpwtMn85lkSow_CU0EaSSqUKITKKcHdx7t27IgcAw0XF8KAgw==
age: 27
X-Firefox-Spdy: h2
cdn.seondf.com/js/v5/agent.js
188.114.97.1200 OK 142 kB URL HTTP/2 cdn.seondf.com/js/v5/agent.js
IP 188.114.97.1:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 142 kB (142014 bytes)
Hash 2c08b5bdeaad8189876cebed3df82f92
a6e17fbfcf3b75326d926fe37166fcf3c782564d
f6f0f9d665b442b8d06e20c52ce2fd3e1429b98c0acc28bc61f6c89908011af0
GET /js/v5/agent.js HTTP/1.1
Host: cdn.seondf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:45 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 24 Jan 2023 08:41:17 GMT
etag: W/"29f73e6942684f02d1b713b78d62e53e"
cache-control: max-age=14400
x-amz-version-id: _oM_sjPzNvsHqZ5UQNijBMDtiQudwIIC
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fax9O0rGbLZTuNyAu-J5oBRcsnWqRrkcB2q49TVFQhU7Sld1idxr4Q==
cf-cache-status: HIT
age: 365
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oi8lvBAQbhzNgdHfrI00iWNMOWV7IAr1ixszCPykgcLa28a0xifD%2B2a84Lf4Pg33w%2BdRr1x7p4hvE12u4yGKkH390HUh9PRzHzSQVpbGnxSs5loRqNrKzG8C8bNZt8glkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792096de5c72b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
eor.ediemidnightzombies.com/ct?id=22030&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1675148641309&hl=1&op=0&ag=1317291471&rand=636907766712068169267080110900079197229116927508787277720796905109752809261&fs=1280x939&fst=1280x939&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE2NTddLFsxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFsiY2IiLCIwLDAsMCwwLDIsMCwwLDAsMCwyLDQsMCwzLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0yLCI4LElMSFlMQjlCTFRhMkpxUWczRm9lZWwyd1liRTJvZ0JJS0o2Y1IwMDBNSkhRd1lUREdZYWh2M3V0NzFWcFhSOU84K001clZTS3Mxa1BCZS8vOTlzblZKR3BVZFBmZHp6bjNPZmMiXSxbLTMsIltdIl0sWy00LCItIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiX3BpbkVsZW1lbnRcIixcImRhdGFMYXllclwiLFwiZnJlc2hwYWludFwiLFwiZ29vZ2xlX3RhZ19tYW5hZ2VyXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVfdGFnX2RhdGFcIixcIkdvb2dsZUFuYWx5dGljc09iamVjdFwiLFwiZ2FcIixcIl9fdGZhX3BpeGVsX2luaXRcIixcIl90ZmFcIixcImZicVwiLFwiX2ZicVwiLFwiX3JmaVwiLFwidHdxXCIsXCJkYXRhVHJhZmZpY0d1YXJkXCIsXCJ3ZWJwYWNrQ2h1bmttcnFfZnJvbnRcIixcIl9fY29yZS1qc19zaGFyZWRfX1wiLFwiX19TRU5UUllfX1wiLFwiX19jb3ZlcmFnZV9fXCIsXCJIb3dsZXJHbG9iYWxcIixcIkhvd2xlclwiLFwiSG93bFwiLFwiU291bmRcIixcInpFU2V0dGluZ3NcIixcIl9mc19ob3N0XCIsXCJfZnNfc2NyaXB0XCIsXCJfZnNfb3JnXCIsXCJfZnNfbmFtZXNwYWNlXCIsXCJGU1wiLFwiX2ZzX2luaXRpYWxpemVkXCIsXCJfX2N0Y2dfY3RfMjIwMzBfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTksIisiXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiYXBwbGUtbW9iaWxlLXdlYi1hcHAtdGl0bGVcIl19Il0sWy0xMiwiXCJ1bnNwZWNpZmllZFwiIl0sWy0xMywiLSJdLFstMTQsIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMTcsIjE2Il0sWy0xOCwiWzEsMCwwLDBdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCwxMDAyLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCw5MzksMCwwLDAsMCxcIi1cIixcIi1cIl0iXSxbLTIwLCItIl0sWy0yMSwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTIzLCIrIl0sWy0yNCwiW10iXSxbLTI1LCItIl0sWy0yNiwiLSJdLFstMjcsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIjAiXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjc1MTQ4NjQxMjk2LDBdIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy0zOCwiaSwtMSwtMSw3MDcsMCwyLDAsMiwyMDMsODIsLTEsMCwsLDE3NzQsMTc3NCJdLFstMzksIltcIjIwMTAwMTAxXCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjM3Il0sWy00MSwiLSJdLFstNDIsIjE3NzAwNTAwODEiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDExMTEwMDEwMCJdLFstNDQsIjAsNSwwLDUiXSxbLTQ1LCIwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ2LCIwIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCItIl0sWy01MSwiLSJdLFstNTIsIi0iXSxbLTUzLCIwMTAiXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4MTYxNTcyODJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTU1LCIxIl0sWyJkZGIiLCIxLDgsMCwwLDEsMiwwLDEsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDEsMiwwLDIsMCwxLDAsMCwwLDEsMCwwIl0sWyJibmNoIiw1N10sWyJhYm5jaCIsNTddXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=QLybS0KWI6&pto=1787&ver=50&gac=-&mei=&ap=&duid=1.1675148641.Mbf1gVeJSdeRrJj2&suid=1.1675148641.aDQW4Rm4EWkZJz6X&tuid=1.1675148641.X0CniFPghLNFR6MM&fbc=->m=WyJwYWdldmlldyJd&it=18%2C1027%2C362&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0
3.248.162.96200 OK 1.2 kB URL HTTP/2 eor.ediemidnightzombies.com/ct?id=22030&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1675148641309&hl=1&op=0&ag=1317291471&rand=636907766712068169267080110900079197229116927508787277720796905109752809261&fs=1280x939&fst=1280x939&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE2NTddLFsxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFsiY2IiLCIwLDAsMCwwLDIsMCwwLDAsMCwyLDQsMCwzLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0yLCI4LElMSFlMQjlCTFRhMkpxUWczRm9lZWwyd1liRTJvZ0JJS0o2Y1IwMDBNSkhRd1lUREdZYWh2M3V0NzFWcFhSOU84K001clZTS3Mxa1BCZS8vOTlzblZKR3BVZFBmZHp6bjNPZmMiXSxbLTMsIltdIl0sWy00LCItIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiX3BpbkVsZW1lbnRcIixcImRhdGFMYXllclwiLFwiZnJlc2hwYWludFwiLFwiZ29vZ2xlX3RhZ19tYW5hZ2VyXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVfdGFnX2RhdGFcIixcIkdvb2dsZUFuYWx5dGljc09iamVjdFwiLFwiZ2FcIixcIl9fdGZhX3BpeGVsX2luaXRcIixcIl90ZmFcIixcImZicVwiLFwiX2ZicVwiLFwiX3JmaVwiLFwidHdxXCIsXCJkYXRhVHJhZmZpY0d1YXJkXCIsXCJ3ZWJwYWNrQ2h1bmttcnFfZnJvbnRcIixcIl9fY29yZS1qc19zaGFyZWRfX1wiLFwiX19TRU5UUllfX1wiLFwiX19jb3ZlcmFnZV9fXCIsXCJIb3dsZXJHbG9iYWxcIixcIkhvd2xlclwiLFwiSG93bFwiLFwiU291bmRcIixcInpFU2V0dGluZ3NcIixcIl9mc19ob3N0XCIsXCJfZnNfc2NyaXB0XCIsXCJfZnNfb3JnXCIsXCJfZnNfbmFtZXNwYWNlXCIsXCJGU1wiLFwiX2ZzX2luaXRpYWxpemVkXCIsXCJfX2N0Y2dfY3RfMjIwMzBfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTksIisiXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiYXBwbGUtbW9iaWxlLXdlYi1hcHAtdGl0bGVcIl19Il0sWy0xMiwiXCJ1bnNwZWNpZmllZFwiIl0sWy0xMywiLSJdLFstMTQsIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMTcsIjE2Il0sWy0xOCwiWzEsMCwwLDBdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCwxMDAyLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCw5MzksMCwwLDAsMCxcIi1cIixcIi1cIl0iXSxbLTIwLCItIl0sWy0yMSwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTIzLCIrIl0sWy0yNCwiW10iXSxbLTI1LCItIl0sWy0yNiwiLSJdLFstMjcsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIjAiXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjc1MTQ4NjQxMjk2LDBdIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy0zOCwiaSwtMSwtMSw3MDcsMCwyLDAsMiwyMDMsODIsLTEsMCwsLDE3NzQsMTc3NCJdLFstMzksIltcIjIwMTAwMTAxXCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjM3Il0sWy00MSwiLSJdLFstNDIsIjE3NzAwNTAwODEiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDExMTEwMDEwMCJdLFstNDQsIjAsNSwwLDUiXSxbLTQ1LCIwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ2LCIwIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCItIl0sWy01MSwiLSJdLFstNTIsIi0iXSxbLTUzLCIwMTAiXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4MTYxNTcyODJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTU1LCIxIl0sWyJkZGIiLCIxLDgsMCwwLDEsMiwwLDEsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDEsMiwwLDIsMCwxLDAsMCwwLDEsMCwwIl0sWyJibmNoIiw1N10sWyJhYm5jaCIsNTddXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=QLybS0KWI6&pto=1787&ver=50&gac=-&mei=&ap=&duid=1.1675148641.Mbf1gVeJSdeRrJj2&suid=1.1675148641.aDQW4Rm4EWkZJz6X&tuid=1.1675148641.X0CniFPghLNFR6MM&fbc=->m=WyJwYWdldmlldyJd&it=18%2C1027%2C362&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0
IP 3.248.162.96:0
File type ASCII text, with very long lines (3251), with no line terminators
Hash 4e78e607199d3f6300a2307227e32b12
59b50c1cf4e471f7242617cfe48acdd425504ef4
57af43e0a88a2394e97b0f1052c58406ebd21dc6f97bf08a1d2def5c5513eb72
GET /ct?id=22030&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1675148641309&hl=1&op=0&ag=1317291471&rand=636907766712068169267080110900079197229116927508787277720796905109752809261&fs=1280x939&fst=1280x939&np=linux%20x86_64&nv=&ref=&ss=1280x1024&nc=0&at=&di=W1siZWYiLDE2NTddLFsxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFsiY2IiLCIwLDAsMCwwLDIsMCwwLDAsMCwyLDQsMCwzLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDAsMCwwLDAsMCwyLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsNSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0yLCI4LElMSFlMQjlCTFRhMkpxUWczRm9lZWwyd1liRTJvZ0JJS0o2Y1IwMDBNSkhRd1lUREdZYWh2M3V0NzFWcFhSOU84K001clZTS3Mxa1BCZS8vOTlzblZKR3BVZFBmZHp6bjNPZmMiXSxbLTMsIltdIl0sWy00LCItIl0sWy01LCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiX3BpbkVsZW1lbnRcIixcImRhdGFMYXllclwiLFwiZnJlc2hwYWludFwiLFwiZ29vZ2xlX3RhZ19tYW5hZ2VyXCIsXCJOb3RpZnlQYWludEV2ZW50XCIsXCJnb29nbGVfdGFnX2RhdGFcIixcIkdvb2dsZUFuYWx5dGljc09iamVjdFwiLFwiZ2FcIixcIl9fdGZhX3BpeGVsX2luaXRcIixcIl90ZmFcIixcImZicVwiLFwiX2ZicVwiLFwiX3JmaVwiLFwidHdxXCIsXCJkYXRhVHJhZmZpY0d1YXJkXCIsXCJ3ZWJwYWNrQ2h1bmttcnFfZnJvbnRcIixcIl9fY29yZS1qc19zaGFyZWRfX1wiLFwiX19TRU5UUllfX1wiLFwiX19jb3ZlcmFnZV9fXCIsXCJIb3dsZXJHbG9iYWxcIixcIkhvd2xlclwiLFwiSG93bFwiLFwiU291bmRcIixcInpFU2V0dGluZ3NcIixcIl9mc19ob3N0XCIsXCJfZnNfc2NyaXB0XCIsXCJfZnNfb3JnXCIsXCJfZnNfbmFtZXNwYWNlXCIsXCJGU1wiLFwiX2ZzX2luaXRpYWxpemVkXCIsXCJfX2N0Y2dfY3RfMjIwMzBfZXhlY1wiXSxcIm5cIjpbXSxcImRcIjpbXX0iXSxbLTcsIi0iXSxbLTgsIi0iXSxbLTksIisiXSxbLTEwLCItIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiYXBwbGUtbW9iaWxlLXdlYi1hcHAtdGl0bGVcIl19Il0sWy0xMiwiXCJ1bnNwZWNpZmllZFwiIl0sWy0xMywiLSJdLFstMTQsIi0iXSxbLTE1LCItIl0sWy0xNiwiMCJdLFstMTcsIjE2Il0sWy0xOCwiWzEsMCwwLDBdIl0sWy0xOSwiWzAsMCwwLDAsMCwwLDEsMjQsMjQsXCItXCIsMTI4MCwxMDAyLDEyODAsMTAyNCwxMjgwLDEwMjQsMTI4MCw5MzksMCwwLDAsMCxcIi1cIixcIi1cIl0iXSxbLTIwLCItIl0sWy0yMSwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTIzLCIrIl0sWy0yNCwiW10iXSxbLTI1LCItIl0sWy0yNiwiLSJdLFstMjcsIi0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIjAiXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjc1MTQ4NjQxMjk2LDBdIl0sWy0zNiwiW1wiNS80XCIsXCI1LzRcIl0iXSxbLTM3LCItIl0sWy0zOCwiaSwtMSwtMSw3MDcsMCwyLDAsMiwyMDMsODIsLTEsMCwsLDE3NzQsMTc3NCJdLFstMzksIltcIjIwMTAwMTAxXCIsMCxcIkdlY2tvXCIsXCJOZXRzY2FwZVwiLFwiTW96aWxsYVwiLFwiMjAxODEwMDEwMDAwMDBcIixudWxsLGZhbHNlLG51bGwsZmFsc2UsbnVsbCwwXSJdLFstNDAsIjM3Il0sWy00MSwiLSJdLFstNDIsIjE3NzAwNTAwODEiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDExMTEwMDEwMCJdLFstNDQsIjAsNSwwLDUiXSxbLTQ1LCIwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTQ2LCIwIl0sWy00NywiVVRDLGVuLVVTLGxhdG4sZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbLTUwLCItIl0sWy01MSwiLSJdLFstNTIsIi0iXSxbLTUzLCIwMTAiXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4MTYxNTcyODJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTU1LCIxIl0sWyJkZGIiLCIxLDgsMCwwLDEsMiwwLDEsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDEsMiwwLDIsMCwxLDAsMCwwLDEsMCwwIl0sWyJibmNoIiw1N10sWyJhYm5jaCIsNTddXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=QLybS0KWI6&pto=1787&ver=50&gac=-&mei=&ap=&duid=1.1675148641.Mbf1gVeJSdeRrJj2&suid=1.1675148641.aDQW4Rm4EWkZJz6X&tuid=1.1675148641.X0CniFPghLNFR6MM&fbc=->m=WyJwYWdldmlldyJd&it=18%2C1027%2C362&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0 HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/javascript
date: Tue, 31 Jan 2023 07:03:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
set-cookie: cg_uuid=ae68405d178db63e99259972133bd335; Max-Age=29030400; Path=/; Expires=Tue, 02 Jan 2024 07:03:45 GMT; HttpOnly; Secure; SameSite=None
content-length: 1194
X-Firefox-Spdy: h2
perfalytics.com/static/js/freshpaint.js
54.230.111.64200 OK 33 kB URL HTTP/2 perfalytics.com/static/js/freshpaint.js
IP 54.230.111.64:0
Hash 2296edc75527ac922788f56217250cc1
84f2c4949399ae73069bb606408526f8640bf3e8
b497267a1fc0d27d75e6d1a010d4394fbf1594105d054c88db1353fc9f4a337f
GET /static/js/freshpaint.js HTTP/1.1
Host: perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 30 Jan 2023 22:40:14 GMT
last-modified: Thu, 19 Jan 2023 22:11:01 GMT
x-amz-version-id: _ZQGl3NSY8qc3RoNQAK_Jt9m4v3PELuq
etag: W/"b95de0119b82e789ff844e053514dd0a"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uorL0P_vITS5CJKDPkEsem9ygQq_sqkNdg741Z1gZ70OrjbaO19CKw==
age: 30212
X-Firefox-Spdy: h2
eor.ediemidnightzombies.com/tracker/tc_imp.gif?e=37dfbd8ee84e00136debc631e24188989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5c138d6e2717071a10acf9f29f6718d78581032c3a4fff7f7f50d53ddc37ce0d32002a9a55025e36070d92bd684a77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebcf179ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b127537a30ca946c75ca92560c7846715303a58a78677e03a0f8407dd9a3a628c3e95a204e2bfaf2f4c59d74ebcfc248b5038e523c64ceec86a7b376cccee879cf774a91bac333074bb52071fbcf497bad8da831cd53e01aedd64a8b4096902b9564769bc178872cd5c4b4aad1b4ee416eb26ff5aef9584436cac661e6f305f45b1e5e88141f9b838ec786aca137c465c78ff2d85cef767c358d732dd3c4b55e20c3ff74ba17a0c369c023fa29464c509f79bc09dcc0e129efd36e8846e3d5d89436df5a156da8584750281f2f87e223b2429494d46ae58e62fe8121d6c2b1af2edefea75e2626c8c5730495f7091a5aa4a2a223f52890ee40fda27be429e273c011c61ec5ba20d5497ff6a48035676a21076a4b0f05b6f3d23d945be0140a1a76a6a645cdc60a10ecef8ec9e03597b3a085d2eaa5e3565d20e911d4c50537d61d21628371576371e467bd3445d0e1aa609663d62697b62acdb811847809253c0b7c10f1dcf68f79220188125794cdd8bdb7cf520196b6b97c88b2212dd9857469139ac58c3463cd7d874d8308a07ac246c9c201f9a433e49c8dd39c4f64ebe12532f617c189d2f612e90b6f7c7fde6e2b42adb11bcab540d89389c94acc8180360f334fb839aa1bc255c1df30e05214793d440b1de727f3932f47fb2f96b5ff5eb4d35fce302abd1b7d308db192731a9c2daadd4b8359661240ea6a70c1fa9a&cri=QLybS0KWI6&ts=341&cb=1675148641650
3.248.162.96200 OK 43 B URL HTTP/2 eor.ediemidnightzombies.com/tracker/tc_imp.gif?e=37dfbd8ee84e00136debc631e24188989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5c138d6e2717071a10acf9f29f6718d78581032c3a4fff7f7f50d53ddc37ce0d32002a9a55025e36070d92bd684a77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebcf179ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b127537a30ca946c75ca92560c7846715303a58a78677e03a0f8407dd9a3a628c3e95a204e2bfaf2f4c59d74ebcfc248b5038e523c64ceec86a7b376cccee879cf774a91bac333074bb52071fbcf497bad8da831cd53e01aedd64a8b4096902b9564769bc178872cd5c4b4aad1b4ee416eb26ff5aef9584436cac661e6f305f45b1e5e88141f9b838ec786aca137c465c78ff2d85cef767c358d732dd3c4b55e20c3ff74ba17a0c369c023fa29464c509f79bc09dcc0e129efd36e8846e3d5d89436df5a156da8584750281f2f87e223b2429494d46ae58e62fe8121d6c2b1af2edefea75e2626c8c5730495f7091a5aa4a2a223f52890ee40fda27be429e273c011c61ec5ba20d5497ff6a48035676a21076a4b0f05b6f3d23d945be0140a1a76a6a645cdc60a10ecef8ec9e03597b3a085d2eaa5e3565d20e911d4c50537d61d21628371576371e467bd3445d0e1aa609663d62697b62acdb811847809253c0b7c10f1dcf68f79220188125794cdd8bdb7cf520196b6b97c88b2212dd9857469139ac58c3463cd7d874d8308a07ac246c9c201f9a433e49c8dd39c4f64ebe12532f617c189d2f612e90b6f7c7fde6e2b42adb11bcab540d89389c94acc8180360f334fb839aa1bc255c1df30e05214793d440b1de727f3932f47fb2f96b5ff5eb4d35fce302abd1b7d308db192731a9c2daadd4b8359661240ea6a70c1fa9a&cri=QLybS0KWI6&ts=341&cb=1675148641650
IP 3.248.162.96:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /tracker/tc_imp.gif?e=37dfbd8ee84e00136debc631e24188989225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5c138d6e2717071a10acf9f29f6718d78581032c3a4fff7f7f50d53ddc37ce0d32002a9a55025e36070d92bd684a77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebcf179ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b127537a30ca946c75ca92560c7846715303a58a78677e03a0f8407dd9a3a628c3e95a204e2bfaf2f4c59d74ebcfc248b5038e523c64ceec86a7b376cccee879cf774a91bac333074bb52071fbcf497bad8da831cd53e01aedd64a8b4096902b9564769bc178872cd5c4b4aad1b4ee416eb26ff5aef9584436cac661e6f305f45b1e5e88141f9b838ec786aca137c465c78ff2d85cef767c358d732dd3c4b55e20c3ff74ba17a0c369c023fa29464c509f79bc09dcc0e129efd36e8846e3d5d89436df5a156da8584750281f2f87e223b2429494d46ae58e62fe8121d6c2b1af2edefea75e2626c8c5730495f7091a5aa4a2a223f52890ee40fda27be429e273c011c61ec5ba20d5497ff6a48035676a21076a4b0f05b6f3d23d945be0140a1a76a6a645cdc60a10ecef8ec9e03597b3a085d2eaa5e3565d20e911d4c50537d61d21628371576371e467bd3445d0e1aa609663d62697b62acdb811847809253c0b7c10f1dcf68f79220188125794cdd8bdb7cf520196b6b97c88b2212dd9857469139ac58c3463cd7d874d8308a07ac246c9c201f9a433e49c8dd39c4f64ebe12532f617c189d2f612e90b6f7c7fde6e2b42adb11bcab540d89389c94acc8180360f334fb839aa1bc255c1df30e05214793d440b1de727f3932f47fb2f96b5ff5eb4d35fce302abd1b7d308db192731a9c2daadd4b8359661240ea6a70c1fa9a&cri=QLybS0KWI6&ts=341&cb=1675148641650 HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Cookie: cg_uuid=ae68405d178db63e99259972133bd335
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
date: Tue, 31 Jan 2023 07:03:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 43
X-Firefox-Spdy: h2
sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
35.188.42.15200 OK 863 B URL HTTP/1.1 sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
IP 35.188.42.15:0
Hash 58f36903da09f703b76f90eee2a82fef
b3f67959b9f3d989e7dd9500d505c0c7d7c33354
7ef31939b8741d8e6f632732154599da7f9f180528747b62ba45c53521ced4da
POST /api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mrq.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://mrq.com
Content-Length: 432
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 31 Jan 2023 07:03:46 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://mrq.com
access-control-expose-headers: x-sentry-rate-limits, x-sentry-error, retry-after
vary: Origin
x-envoy-upstream-service-time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15824
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:03:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15824
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:03:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15824
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:03:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15824
Expires: Tue, 31 Jan 2023 11:27:30 GMT
Date: Tue, 31 Jan 2023 07:03:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 00:33:02 GMT
age: 23444
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63486f2a937aa8fd013fc2c2d1b32f2d
e8868de34c2f79348c1edad764259eb70bebd7a6
fa6e5ce374031c0df3b3f2d6de823cf1fe08fdaf9957a0722770867cfdec0ed1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13639
x-amzn-requestid: 8131c878-620a-4972-ba8f-1456859acae2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcJSF0SIAMFe1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340a1-18c7280940d508c440c0182c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L6MnX0h8Bn9-ufqI6yOzQAPhqc4SoJKySgzlm756NaiVrfJpnftIWQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 06:29:38 GMT
age: 2048
etag: "e8868de34c2f79348c1edad764259eb70bebd7a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83d9e98a4575077e7400343c7f2038d2
6ac3ca84e97fa35afff9045f35d45499c0b34a23
da6d6d90a5ea8f5a864f3739591693b5f4b9793f2c4bb971486572f6bf2e940c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5965fef2-c5a7-4a82-bcdc-41aebc355aff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7334
x-amzn-requestid: e62c149b-ca5f-4d0c-8d2d-e8bb2a7f9d8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbvSzH2soAMFiYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d49278-1214fc750a312e46527b2fd7;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 03:11:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: e9kVyPl84SxMlIqs-0wE831KRF1kg1HOPTgntElaEp1RGOsgqB19ZA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 04:10:37 GMT
age: 10389
etag: "6ac3ca84e97fa35afff9045f35d45499c0b34a23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b43468b05cd1fd11c398263a80e4edb2
02e964ea5a88c866267ac6c5601bfcde26ffd42b
19783f05297f7ed5d7ca8cec0fc0e1676831275ac48f1510a4f410dbe2802314
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4634
x-amzn-requestid: 2941da94-203c-47d1-99ee-d864bdbf6993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCAHF9kIAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e39a-78bb7189351d830a7ef70c67;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hWONP8eVA6h5VMyREx_CgRY2zeb9KUxipWiXdx9dHBtU2YDV07lGXQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 05:35:57 GMT
age: 5269
etag: "02e964ea5a88c866267ac6c5601bfcde26ffd42b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 36E3JCGqpkeMmb_fzM0DTb24ElUMGDdikE1IdqQABDlbT28XRs7B-w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 11:52:37 GMT
age: 69069
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Mono&text=0123456789%3A
142.250.74.74200 OK 6.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Mono&text=0123456789%3A
IP 142.250.74.74:0
Hash 000aef60cd2913f1039aa8ecf04b0296
a47705f3fdb611c66920d8befdd1da077f977034
dddcec8fd7af009a3d09898bb0a8e0306319520ba9eefabb10b598360f3d8f95
GET /css?family=Roboto+Mono&text=0123456789%3A HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 31 Jan 2023 07:03:45 GMT
date: Tue, 31 Jan 2023 07:03:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
platform-api.mrq.com/api/user/profile
104.22.40.88200 OK 0 B URL HTTP/2 platform-api.mrq.com/api/user/profile
IP 104.22.40.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/user/profile HTTP/1.1
Host: platform-api.mrq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-length: 0
x-trace: 2B3053F92E303B0B1301D463E0770D790C488C897E000000000000000000
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://mrq.com
access-control-allow-methods: GET
access-control-allow-headers: x-requested-with
access-control-allow-credentials: true
access-control-max-age: 1800
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792096e27c201600-ARN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LVVSBNERK6>m=2oe1p0&_p=693825376&cid=604824412.1675148641&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675148641&sct=1&seg=0&dl=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&dt=MrQ&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LVVSBNERK6>m=2oe1p0&_p=693825376&cid=604824412.1675148641&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675148641&sct=1&seg=0&dl=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&dt=MrQ&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LVVSBNERK6>m=2oe1p0&_p=693825376&cid=604824412.1675148641&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675148641&sct=1&seg=0&dl=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&dt=MrQ&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mrq.com
date: Tue, 31 Jan 2023 07:03:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
widget.getblue.io/event/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=e%3Dvp&p3=e%3Ddis&adce=1&dtycbr=87954&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&if=0&nocache=3611418266576.9546
54.207.115.216200 OK 13 B URL HTTP/2 widget.getblue.io/event/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=e%3Dvp&p3=e%3Ddis&adce=1&dtycbr=87954&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&if=0&nocache=3611418266576.9546
IP 54.207.115.216:0
File type exported SGML document, ASCII text
Hash 365db0225d53bbc9ccd23fdf5c704caa
719e41ad1d8198dc13f0aa2c416f42389c2c56ae
eb99134542c987f687360d120213eeec049a290d73d2302ee1b74a01ce279f4d
GET /event/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=e%3Dvp&p3=e%3Ddis&adce=1&dtycbr=87954&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&if=0&nocache=3611418266576.9546 HTTP/1.1
Host: widget.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-type: text/javascript;charset=UTF-8
content-length: 13
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/unip/1464003/tfa.js
151.101.129.44200 OK 18 kB URL HTTP/2 cdn.taboola.com/libtrc/unip/1464003/tfa.js
IP 151.101.129.44:0
File type ASCII text, with very long lines (59647)
Hash 9bf41f64fb7f3197ef7398e7d6af9ede
d0e553df2ac1d51e8518ede384b2f8b0945abac8
9e538b57c0ddbacf59cd084a96351dff76f0ff36043c6cf4412e7e0aaa688f61
GET /libtrc/unip/1464003/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FPgdxKnij/KJE/EsHM/axEZ99YrbWPUrLScvqSE7dhXd4qByDHXnF8soT3ExkRCPzP5WEoq5pS8=
x-amz-request-id: SH36NQBRT5F0JV6Y
x-amz-replication-status: COMPLETED
last-modified: Sun, 29 Jan 2023 11:06:01 GMT
etag: "e76470fe12ac2e17cc7f3425aea68f7b"
x-amz-version-id: NFEw6peLy4ZBpOXWiNFyEP_ssf.G5m38
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:03:46 GMT
via: 1.1 varnish
age: 110
x-served-by: cache-bma1646-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675148627.658477,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 55
content-length: 18339
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5173
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Last-Modified: Tue, 31 Jan 2023 05:37:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
bat.bing.com/bat.js
204.79.197.200200 OK 12 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39395), with no line terminators
Hash 4f378a725368a42971cd69e29f75db89
2a1cdf193b346d9281c6e04a9b3775e7fc1ae11e
6a2a9d238501343cb3f25e0f54f4ecc4ec2c4e0fa6b228cc72dc3fff90502078
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11552
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ranges: bytes
etag: "076bc30652fd91:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F72AD58AFFB74F1FA96546694666D6CE Ref B: OSL30EDGE0407 Ref C: 2023-01-31T07:03:46Z
date: Tue, 31 Jan 2023 07:03:46 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Hq1Kz8ZiT_Y
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Hq1Kz8ZiT_Y
IP 142.250.74.131:0
Hash d07ae3d03b4bdba9dee5ff7c1e0c44cc
53df858ff8963b4492eda235ca3e4b431b7669dc
0c3c2c4dfdeb0a9eb1a3352cede5d6911df266fd1c25ca610275edf30c5ac0d4
POST /s/gts1d4/Hq1Kz8ZiT_Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ac1bcdceabf1fc4e07017906aa8a815
ba00b737325fc50b35af8d851ced0fe13d1cba22
c6c54f5dbbfc40b454b9c67a7972827f500d83b10a1594f7cb56c69158278c08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.ads-twitter.com/uwt.js
151.101.244.157200 OK 15 kB URL HTTP/2 static.ads-twitter.com/uwt.js
IP 151.101.244.157:0
File type ASCII text, with very long lines (57596), with no line terminators
Hash 573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 27 Oct 2022 18:55:37 GMT
cache-control: no-cache
content-type: application/javascript; charset=utf-8
content-encoding: gzip
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:03:46 GMT
x-served-by: cache-iad-kjyo7100147-IAD, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding,Host
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
content-length: 15375
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
216.239.36.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.36.178:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 31 Jan 2023 05:46:59 GMT
expires: Tue, 31 Jan 2023 07:46:59 GMT
cache-control: public, max-age=7200
age: 4607
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.205.11200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.205.11:0
File type ASCII text, with very long lines (64348)
Hash dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 0jwt3fk2tMFab8TfJqry19OTguB8ndg416y+inXViZpJv2ey4tpVAIL9RY/FKmkv6ob1eNqdb1S/K3Q4vXZqdw==
priority: u=3,i
content-length: 27843
x-fb-trip-id: 1679558926
date: Tue, 31 Jan 2023 07:03:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
edge.fullstory.com/s/fs.js
35.201.112.186200 OK 68 kB URL HTTP/2 edge.fullstory.com/s/fs.js
IP 35.201.112.186:0
File type ASCII text, with very long lines (65250)
Hash dc3f910e0af37ddb3d53bc1d3d3f2ea9
0c5232a24ecd2e688f62f234728778ae3478173b
0375ff4fc4f01c75ad73dde9bfde1148ac1d86afc35a85e671fda7929334bedd
GET /s/fs.js HTTP/1.1
Host: edge.fullstory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvK_Kp_hx85OFaL7Bi6kl4zgmLWG9JVXB0fo57GoIIlGE0DMH5fDsoRzJk7Uq6c2MpwQc9efcQ6cIFi1_Ac9ZY7fKmQjFXB
x-goog-generation: 1675088304466373
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
x-goog-stored-content-length: 67579
content-encoding: br
x-goog-hash: crc32c=Wv8NXA==, md5=3D+RDgrzfds9U7wdPT8uqQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 67579
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
server: UploadServer
date: Tue, 31 Jan 2023 06:43:34 GMT
expires: Tue, 31 Jan 2023 07:43:34 GMT
cache-control: public, max-age=3600,no-transform
age: 1212
last-modified: Mon, 30 Jan 2023 14:18:24 GMT
etag: "dc3f910e0af37ddb3d53bc1d3d3f2ea9"
content-type: application/javascript
vary: X-Goog-Allowed-Resources,Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.zdassets.com/ekr/snippet.js?key=6a2a9db2-aa17-412b-bf39-711ce0d6ce39
104.18.72.113200 OK 29 kB URL HTTP/2 static.zdassets.com/ekr/snippet.js?key=6a2a9db2-aa17-412b-bf39-711ce0d6ce39
IP 104.18.72.113:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash c435f51b3618f61a0eaafe79a774a065
9805cf067af64b582538186b90bc1c4a34a3c76a
5c0dc59f230ed88443263b703736b8930d6fa8c28fcc01a216362bd0820baa52
GET /ekr/snippet.js?key=6a2a9db2-aa17-412b-bf39-711ce0d6ce39 HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:45 GMT
content-type: application/javascript
x-amz-id-2: VYKORFZEK8ncQjbBiiAK6oiTYdRdkzwPfaxRM/jinB20cI8N0LqXAF6x6uRMZJVhRKA1YH5Ltb2qBhbqYLdq5g==
x-amz-request-id: EBZ4ZRD66V3TGNXR
x-amz-replication-status: COMPLETED
last-modified: Thu, 28 Jul 2022 23:44:02 GMT
etag: W/"5cae6ce528dce0c327b2bcbaad459fdb"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
cf-cache-status: HIT
age: 32
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pK%2FPr86gjv4qgS0tmyLaD9CfQNtinLoE7uqbF6yfQ4%2Fv9Rp95ASUcFVKBgLiRUR4Stnvvg0cJwjsubM62fjjehdiwd9t%2F65kxtf5NQTg6dSTE9jkvyQUWpz5ztKVUZRfsfju2PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096de5ba1b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/953627164/?random=1675148641791&cv=11&fst=1675148641791&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&auid=774635133.1675148641&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.2200 OK 948 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/953627164/?random=1675148641791&cv=11&fst=1675148641791&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&auid=774635133.1675148641&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.2:0
File type ASCII text, with very long lines (2085), with no line terminators
Hash ac60c337630996c4edf49caeb0a71bf6
9418cb109dde5909db5d273c809e8e79f84af1eb
ef1689a9836f1280bb6da361eeae195383e0fe636014b07735a0e420687e387a
GET /pagead/viewthroughconversion/953627164/?random=1675148641791&cv=11&fst=1675148641791&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&auid=774635133.1675148641&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 07:03:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 948
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 07:18:46 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&fmt=3&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&ct_cookie_present=1
142.250.74.2200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&fmt=3&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&fmt=3&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 07:03:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 07:18:46 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.rfihub.net/js/tc.min.js
54.230.111.62200 OK 6.2 kB URL HTTP/2 c1.rfihub.net/js/tc.min.js
IP 54.230.111.62:0
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6162
date: Tue, 31 Jan 2023 06:17:16 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
expires: Tue, 31 Jan 2023 07:17:16 GMT
last-modified: Tue, 31 Jan 2023 06:17:06 GMT
content-encoding: gzip
server: Jetty(9.3.29.v20201019)
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LZ-hTmEYv3W2ICDNPwngmYKcZQXFxD9IZ1DH13idSKtWbsBN9YDyww==
age: 2790
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fa4e3a6c0ea0d843f6f77af6a290fca
965944af181e8d47677e5b428e8a3233c942cf99
801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5173
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Last-Modified: Tue, 31 Jan 2023 05:37:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/Hq1Kz8ZiT_Y
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Hq1Kz8ZiT_Y
IP 142.250.74.131:0
Hash d07ae3d03b4bdba9dee5ff7c1e0c44cc
53df858ff8963b4492eda235ca3e4b431b7669dc
0c3c2c4dfdeb0a9eb1a3352cede5d6911df266fd1c25ca610275edf30c5ac0d4
POST /s/gts1d4/Hq1Kz8ZiT_Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/M7vREfWOEdc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/M7vREfWOEdc
IP 142.250.74.131:0
Hash 83fcb15a00c5d92c2369e53255bbe874
7442952a12c80857f5733c14173b6ff070f7013a
ac6bcfef1da0c0805daf56d4943b46fe3978b1cab67b131cf7361674b74d4f6c
POST /s/gts1d4/M7vREfWOEdc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ff07b9b81cdf319f4a57d8d6dbbd6d
736ae15d0ed2068580d35a7cff8b33c0ec87af52
24406eda914ef8f78e1f60d6b54237ea6311f2fdf54b2b63647d84b397b41de0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 6061660d0c8c8a3292454cb1c819259e
54ac533237acc8ff7624f460b91d50657322bdcf
2d7e1e8fe3615783905c47576f05b5cd9189a3cc4e15996dbe66e4388dac190c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2301
Cache-Control: max-age=106155
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Etag: "63d7b000-13a"
Expires: Wed, 01 Feb 2023 12:33:01 GMT
Last-Modified: Mon, 30 Jan 2023 11:54:40 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 61f0191a24989967cf0eb7b7a0e00052
830955d96a2170b469ac4fd9fff99309a9f7737a
0d3d753518611ef9587765c4a5f8bbfd61ab826e7ce833b5db4da2738abf0a29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D3D753518611EF9587765C4A5F8BBFD61AB826E7CE833B5DB4DA2738ABF0A29"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6438
Expires: Tue, 31 Jan 2023 08:51:04 GMT
Date: Tue, 31 Jan 2023 07:03:46 GMT
Connection: keep-alive
api.trafficguard.ai/tg-g-006992-001/api/v4/client-side/validate/event
34.120.121.20200 OK 61 B URL HTTP/2 api.trafficguard.ai/tg-g-006992-001/api/v4/client-side/validate/event
IP 34.120.121.20:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1ee7cd02b35c7097455eca23d537d40b
f95ae0ab0201aaef86698c9ac66d680fd4e046a0
18cccf9f3ae615df065ef20111e050bb202254d4cf780c150927f51d00d6bffc
POST /tg-g-006992-001/api/v4/client-side/validate/event HTTP/1.1
Host: api.trafficguard.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 2071
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expect-ct: max-age=0, report-uri="https://trafficguard.report-uri.com/r/d/ct/reportOnly"
x-xss-protection: 0
x-content-type-options: nosniff
access-control-allow-origin: https://mrq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-Requested-With, Access-Control-Allow-Origin, Access-Control-Allow-Credentials
set-cookie: geid=09010028-7b4b-4f81-9400-1eff63d8bd52; Domain=.trafficguard.ai; Path=/; Expires=Wed, 31 Jan 2024 07:03:46 GMT; HttpOnly; Secure; SameSite=None
geid-legacy=09010028-7b4b-4f81-9400-1eff63d8bd52; Domain=.trafficguard.ai; Path=/; Expires=Wed, 31 Jan 2024 07:03:46 GMT; HttpOnly
content-type: application/json; charset=utf-8
content-length: 61
etag: W/"3d-+VrgqwIBqu+GaYyaxm1oD9TgRqA"
date: Tue, 31 Jan 2023 07:03:46 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=coveny_limited&google_cm&&google_sc&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75
142.250.74.98302 Found 546 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=coveny_limited&google_cm&&google_sc&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (369), with CRLF, LF line terminators
Hash cb78141c4dc7e2bb59fa62b89e1a817e
63df0ee81f6d8c4877c29c0c2b238b48e9b052e5
55609aeacdbd648e036ca50db57e8afeef98a88b1adb75df95cabdf4bb6cd33f
GET /pixel?google_nid=coveny_limited&google_cm&&google_sc&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=coveny_limited&google_cm=&google_sc=&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_tc=
date: Tue, 31 Jan 2023 07:03:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 546
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 07:18:46 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=coveny_limited&google_cm=&google_sc=&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_tc=
142.250.74.98302 Found 423 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=coveny_limited&google_cm=&google_sc=&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_tc=
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ba9dcc4d25934bb93c22739b9ebdadcd
edd5c397a86a3d466ee4e1312c95e38740bc50c0
aed0bfb83ec8d437b28ba1cfea57e3b4302a560f6fad8304d2ed4eca42ea7cda
GET /pixel?google_nid=coveny_limited&google_cm=&google_sc=&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&google_ula=6572934421&ula=6572934421&google_hm=NDBCRDUzRjMtMTI2OC00Q0YxLThCN0JENENBM0IzNkNERkU&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://cms.getblue.io/cm/?src=adx&child=europe&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&ula=6572934421&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_error=3
date: Tue, 31 Jan 2023 07:03:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 423
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ib.adnxs.com/setuid?entity=449&code=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE
185.89.210.20307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/setuid?entity=449&code=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE
IP 185.89.210.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?entity=449&code=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:03:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D449%26code%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE
AN-X-Request-Uuid: 31fd1cba-8d49-45be-9029-fa34c6da51cf
Set-Cookie: uuid2=3486804816708172540; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:03:46 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.pki.goog/s/gts1d4/M7vREfWOEdc
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/M7vREfWOEdc
IP 142.250.74.131:0
Hash 83fcb15a00c5d92c2369e53255bbe874
7442952a12c80857f5733c14173b6ff070f7013a
ac6bcfef1da0c0805daf56d4943b46fe3978b1cab67b131cf7361674b74d4f6c
POST /s/gts1d4/M7vREfWOEdc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:46 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ekr.zdassets.com/compose/6a2a9db2-aa17-412b-bf39-711ce0d6ce39
104.18.70.113200 OK 236 B URL HTTP/2 ekr.zdassets.com/compose/6a2a9db2-aa17-412b-bf39-711ce0d6ce39
IP 104.18.70.113:0
File type JSON data\012- , ASCII text, with very long lines (369), with no line terminators
Hash 29a2d5f14bbdec4d25c8b90e83d523c0
3d86fcf0eaef0efe2907001e47e3ada8484befea
8beb62bbccfc2593fe5ffda93a5b259bcdf967c54f881a06dafbce09c7666ea4
GET /compose/6a2a9db2-aa17-412b-bf39-711ce0d6ce39 HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers:
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
cache-control: max-age=600, public, stale-while-revalidate=600, stale-if-error=21600
etag: W/"abf2647257a0dc4b8ee36058a83baedf"
x-request-id: 78fd1901fece9938-ARN, 78fd1901fece9938-ARN
x-runtime: 0.002743
vary: Origin, Accept-Encoding
x-zendesk-zorg: yes
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwXr5gl0IVj1aB8Lf6DoXha5MELM0VE4mO3J8S7En1tiFS5BWz5pWn%2BCxYU06oMMNEaPcihMFnMZ1aLxzLMQTf5fLCqfjjf86%2B%2F%2F6q1Ps1ut%2B9%2Ff%2FvHU9mO1hsefy1bct20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096e21a1fb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
t.co/i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29
104.244.42.133200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29
IP 104.244.42.133:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=64667720-7390-4915-81df-da9dc9350445; Max-Age=63072000; Expires=Thu, 30 Jan 2025 07:03:46 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 9cbe5a71c08441ad
strict-transport-security: max-age=0
x-response-time: 106
x-connection-hash: c12b4890fe6cdc1408294139259253dd537e0edac13db7e6b78d97c6f50e58e6
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D449%26code%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE
185.89.210.20200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D449%26code%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE
IP 185.89.210.20:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D449%26code%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 109514e0-0219-488b-887e-596a43289d4a
Set-Cookie: anj=dTM7k!M4.FD>6NRF']wIg2GVSqi@G1!]tbPl@/8LQ0[eC=E1<!fn5hcgznXIfRV!(e:eG6kBB^gfn56SiJhVsgm=y`@X-KS<.^D^*bpRz*qF1`*bc@7**uXM; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:03:47 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcms.getblue.io%2Fcm%2F%3Fsrc%3Dappnexus%26ckid%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE%26cid%3DFE234AE0-B17A-69ED-DFDDD90C731389A6%26blueID%3Db357b6f4-1a8b-47cc-a54c-e5c1d30c1b75%26appnexusid%3D%24UID
185.89.210.20302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcms.getblue.io%2Fcm%2F%3Fsrc%3Dappnexus%26ckid%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE%26cid%3DFE234AE0-B17A-69ED-DFDDD90C731389A6%26blueID%3Db357b6f4-1a8b-47cc-a54c-e5c1d30c1b75%26appnexusid%3D%24UID
IP 185.89.210.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcms.getblue.io%2Fcm%2F%3Fsrc%3Dappnexus%26ckid%3D40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE%26cid%3DFE234AE0-B17A-69ED-DFDDD90C731389A6%26blueID%3Db357b6f4-1a8b-47cc-a54c-e5c1d30c1b75%26appnexusid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://cms.getblue.io/cm/?src=appnexus&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&appnexusid=0
AN-X-Request-Uuid: ac6320b7-f0dc-4356-b71f-63d1554aba07
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
eor.ediemidnightzombies.com/mon
3.248.162.96200 OK 0 B URL HTTP/2 eor.ediemidnightzombies.com/mon
IP 3.248.162.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1567
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Cookie: cg_uuid=ae68405d178db63e99259972133bd335
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://mrq.com
content-type: application/json
date: Tue, 31 Jan 2023 07:03:47 GMT
content-length: 0
X-Firefox-Spdy: h2
eor.ediemidnightzombies.com/mon
3.248.162.96200 OK 0 B URL HTTP/2 eor.ediemidnightzombies.com/mon
IP 3.248.162.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1562
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Cookie: cg_uuid=ae68405d178db63e99259972133bd335
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://mrq.com
content-type: application/json
date: Tue, 31 Jan 2023 07:03:47 GMT
content-length: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 61f0191a24989967cf0eb7b7a0e00052
830955d96a2170b469ac4fd9fff99309a9f7737a
0d3d753518611ef9587765c4a5f8bbfd61ab826e7ce833b5db4da2738abf0a29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D3D753518611EF9587765C4A5F8BBFD61AB826E7CE833B5DB4DA2738ABF0A29"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6437
Expires: Tue, 31 Jan 2023 08:51:04 GMT
Date: Tue, 31 Jan 2023 07:03:47 GMT
Connection: keep-alive
sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
35.188.42.15200 OK 2 B URL HTTP/1.1 sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
IP 35.188.42.15:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mrq.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://mrq.com
Content-Length: 437
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://mrq.com
access-control-expose-headers: x-sentry-rate-limits, retry-after, x-sentry-error
vary: Origin
x-envoy-upstream-service-time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
api.perfalytics.com/track
54.230.111.127200 OK 0 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 0
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: a46113c3-3bcc-4b9c-8278-4d4fcf8cc9ea
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFCE5pvHcF2Ig=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-max-age: 86400
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7nsG5kHT_B4bHt1u56VkU0iVL8kBQDG23yjtMe1tE-yDhwkvGHudew==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 942 B IP 172.64.155.188:0
Hash 261cb8337759cf8bd4c975240974895a
159fd7700ab2854dfff2ff29b12447a59e7a61c3
bb83c865107c4f316029b45f406fd44479dbd9fd90259943acd80ccfadaaa5f3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 14:15:46 GMT
Expires: Sat, 04 Feb 2023 14:15:45 GMT
Etag: "c781815e336ed98a2db32d16164fdf9d76a0d698"
Cache-Control: max-age=370917,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792096e91ae01c12-OSL
20823188p.rfihub.com/ca.html?ver=9&rb=40950&ca=20823188&_o=40950&_t=20823188&pe=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&pf=&ra=9338488378145213
193.0.160.129200 OK 2.6 kB URL HTTP/1.1 20823188p.rfihub.com/ca.html?ver=9&rb=40950&ca=20823188&_o=40950&_t=20823188&pe=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&pf=&ra=9338488378145213
IP 193.0.160.129:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2638), with no line terminators
Hash f86080c90284d0173ba8c0e5896a2970
bfeff3e3c7405184b7b210487580964e8d91807d
741db0929d37aeb974915b0def81a8d98ae4b46842e5fae22caeb36998911637
GET /ca.html?ver=9&rb=40950&ca=20823188&_o=40950&_t=20823188&pe=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&pf=&ra=9338488378145213 HTTP/1.1
Host: 20823188p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:47 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjMwMDA1NTA0MBDiM9R1s8zUrYgyN9fNSfMFAKZ9srQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_5vFyGtoZm5qaGJhZmRuYmK5C41_Co3_Co3_C40_iQmVPwuNvwiNvwqNvwmNvwtdPQsq_xYafxMrmn5uNPt50fjCqPxHaHwATSMqEyABAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:47 GMT; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjMwMDA1NTA0MBDiM9R1s8zUrYgyN9fNSfMFAKZ9srQlAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:47 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2638
Server: Jetty(9.3.29.v20201019)
sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
35.188.42.15200 OK 2 B URL HTTP/1.1 sentry.io/api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7
IP 35.188.42.15:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/1826374/envelope/?sentry_key=435d3c55a67d491dabe2ca3941ac46bf&sentry_version=7 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mrq.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://mrq.com
Content-Length: 432
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://mrq.com
access-control-expose-headers: x-sentry-rate-limits, x-sentry-error, retry-after
vary: Origin
x-envoy-upstream-service-time: 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
event.getblue.io/p/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=&p3=&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&nocache=6949527529971.483
54.207.115.216200 OK 15 kB URL HTTP/2 event.getblue.io/p/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=&p3=&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&nocache=6949527529971.483
IP 54.207.115.216:0
Hash 39305a64462d9839a2535c7685f21db9
63a95f4c5f41e524a8d122b7ac08c0a2ce6dd9a0
3bb96068d98d8dac8ad3ce6ffe5b7284b6585720983f602c13944eda72937599
GET /p/?cId=FE234AE0-B17A-69ED-DFDDD90C731389A6&tName=visit&pId=&revenue=&orderId=&p1=&p2=&p3=&fp=&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&v=13072020-1328&nocache=6949527529971.483 HTTP/1.1
Host: event.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-type: text/html;charset=UTF-8
tagcontainer-version: 1185-25112022-1130
cache-control: no-cache
set-cookie: ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE; expires=Wed, 31 Jan 2024 07:03:46 -0000; domain=.getblue.io; path=/; secure; samesite=None
JSESSIONID=19E510300CC19619D31F056BE4BFEB89; Path=/; HttpOnly
hash=34e0b4a2efc5d44a2804059794ec5bedd8d009d340ff208928b6f820091a0a60fd8e594dc818832232; expires=Thu, 02 Feb 2023 07:03:46 -0000; domain=.getblue.io; path=/; secure; samesite=None
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 0 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: 50c8882a-0316-497a-8606-c75ccd581bd3
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFEExoPHcFd3w=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-max-age: 86400
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6jT6eOJdFgpEfpeUwUadRR2pMgqxdMMXBGwd2KYR9PzVrO1ZhsIF-A==
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 0 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: 5e8ff560-f58c-4e54-8027-1d743324abf0
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFEFXIPHcF-5g=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-max-age: 86400
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2yZOv6QAANKH2KJzKCAH_tbNa2juIKwi4NqEd86ABE_rkNvtwYDHhA==
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 0 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: c1efaebe-93ab-4ffe-bd53-c30b46bd3956
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFEHhCvHcFr3A=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-max-age: 86400
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WDiQ1PjLcpgcfR0fpEj2SllNDawMHCyLfMOLB0VcY-gOiE_z-xsOkQ==
X-Firefox-Spdy: h2
widget.intercom.io/widget/r6jgo2rq
54.230.111.53200 OK 6.0 kB URL HTTP/2 widget.intercom.io/widget/r6jgo2rq
IP 54.230.111.53:0
File type Unicode text, UTF-8 text, with very long lines (18637), with no line terminators
Hash 24aab96aff3343df9e7467a79e7eec9d
47b6f98b6f6b78486a6af662516b87e5b784f305
13dea13d5b7c3e74a5a3965cc47a14c6d7255b5fff485c757153d2f28c7bb574
GET /widget/r6jgo2rq HTTP/1.1
Host: widget.intercom.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 6045
last-modified: Mon, 30 Jan 2023 15:40:32 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: DIbeuJuxxULyYbi.xge5eXKeR7Dxq8PO
accept-ranges: bytes
server: AmazonS3
date: Tue, 31 Jan 2023 06:58:35 GMT
cache-control: max-age=900, s-maxage=900, public
etag: "24aab96aff3343df9e7467a79e7eec9d"
x-cache: Error from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: oYloOMybmvpoCNCrlYZouMmDv6pZCQ3TtLVVFqTwWIGnEQhwBiXAvQ==
age: 589
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5109685626000550100&referrer=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
54.230.111.51302 Found 657 B URL HTTP/2 live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5109685626000550100&referrer=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
IP 54.230.111.51:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (571)
Hash 4da947b0b18c5b836d60887f87ed4684
68b1d0ac1291b51a698a5512238769e288fd17a5
e528a3a335b41e8b8562e26d9b8f54555f7ce9f810f4ce7d73feebbfe1fac4ca
GET /pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5109685626000550100&referrer=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443 HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 657
location: https://p.rfihub.com/cm?pub=39342&in=0&userid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D192759dc-9673-4a8c-ae7a-35e642aa392e%253A1675148627.644222
date: Tue, 31 Jan 2023 07:03:47 GMT
set-cookie: zync-uuid=192759dc-9673-4a8c-ae7a-35e642aa392e:1675148627.644222; Domain=rezync.com; Expires=Sat, 29 Jul 2023 23:03:47 GMT; Path=/; SameSite=None; Secure
sd-session-id=.eJwNysEOgyAMANB_6VmWUmgRfsY02APZZIu4y4z_Po8veScsH9s37dYPKMf-tQnqq90aUE4Y7bfZEwqwxywzCwkiMqNHhGuCYWO0d1_aeh-fKXFeq8uSgos6V6eW1AU2iaQaMlnxktjHWSg9JEYigusPezolLg.Y9i9Uw.KR6jaeMQ9p8S0uLMkh08AuNvV2Q; Expires=Sun, 30 Jul 2023 07:03:47 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KH95N4z5MgeZhLVZ4r2WgHrQyo1v3oO0X5apgj8M7HSBkwzpE5l49g==
X-Firefox-Spdy: h2
ib.adnxs.com/setuid?entity=18&code=5109685626000550100
185.89.210.20307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/setuid?entity=18&code=5109685626000550100
IP 185.89.210.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /setuid?entity=18&code=5109685626000550100 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5109685626000550100
AN-X-Request-Uuid: 056f5c5d-cbc3-41db-a0f9-6444f0d0cfe0
Set-Cookie: uuid2=5261715776414831663; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:03:47 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash d0c88d4ca0a601b2a09197abd6faba67
be41920cbed1fe45a7f1e4047278822b3d15d05a
ab16af78775ccd03ed01485d1d5c1ca3da0ce922ee78d552fd2cd6d741ed3138
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=123075
Date: Tue, 31 Jan 2023 07:03:47 GMT
Etag: "63d7ef66-1d7"
Expires: Wed, 01 Feb 2023 17:15:02 GMT
Last-Modified: Mon, 30 Jan 2023 16:25:10 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Iyi6y8OqF1Q1guPID3hNnReqLt05vXKomayUv3etxt-_onsFM7w0DA==
Age: 2992
contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5109685626000550100
2.18.172.23200 OK 45 B URL HTTP/2 contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5109685626000550100
IP 2.18.172.23:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 99cceceaed4d575484b69ddaf9ed66a7
1e3a3b15296b585833a22d987a387aa58aa1642d
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
GET /cksync.php?cs=3&type=rkt&ovsid=5109685626000550100 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 45
content-type: image/gif
set-cookie: visitor-id=3181502273580283000V10; Expires=Wed, 31 Jan 2024 07:03:47 GMT; domain=.media.net; Path=/;
data-rk=5109685626000550100~~3;Expires=Tue, 30 Jan 2024 07:03:47 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E
expires: Tue, 31 Jan 2023 07:03:47 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Jan 2023 07:03:47 GMT
X-Firefox-Spdy: h2
js.intercomcdn.com/frame.fbb34ef6.js
54.230.111.33200 OK 140 kB URL HTTP/2 js.intercomcdn.com/frame.fbb34ef6.js
IP 54.230.111.33:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 140 kB (139558 bytes)
Hash ea3c12adaa12bd8fb5867282760e2cdd
495b1d4287d7e711466a39798619d6fcc5b031a5
9a562ebf81c89d45037ce28c17a355c9ba927da022773034610df99b0b9ea075
GET /frame.fbb34ef6.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 139558
date: Tue, 31 Jan 2023 05:40:49 GMT
last-modified: Mon, 30 Jan 2023 15:38:45 GMT
etag: "ea3c12adaa12bd8fb5867282760e2cdd"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, s-maxage=7200, public
content-encoding: gzip
x-amz-version-id: 7K6VqwgzK_n3ve6z1HwUeE_tIW2SDzf9
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2Ti9c-1IsN_KYWUi5xSh0EDmjjajdGY4Hddyh6DKKlvkyhm1_EZ-TA==
age: 4979
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 056a7184e306ca6517d15131da3c29f4
d2893dbdf37109b9c6fccaa17d72f71d097830c5
a82cbaf1dff1d999212b6a9a8ef5d125909096976f99ede1a7a7041875ffbfb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=162889
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Etag: "63d8969c-117"
Expires: Thu, 02 Feb 2023 04:18:36 GMT
Last-Modified: Tue, 31 Jan 2023 04:18:36 GMT
Server: nginx
Content-Length: 279
js.intercomcdn.com/vendor.093ba5d6.js
54.230.111.33200 OK 108 kB URL HTTP/2 js.intercomcdn.com/vendor.093ba5d6.js
IP 54.230.111.33:0
Size 108 kB (108456 bytes)
Hash 0d70fe07a5f4ecde6c0c3a3a871eea7b
ae2c21a97db20501fbdd2fa099398c5a7a773d95
4d31d3f153872fa5fb58f79a947f7d915bf9e81ae5335bf51d2813a35b0306ce
GET /vendor.093ba5d6.js HTTP/1.1
Host: js.intercomcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 108273
last-modified: Mon, 30 Jan 2023 15:38:46 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-amz-version-id: 68hR4SddAYJ4YSqUMfba8rnYV7YKVEHn
accept-ranges: bytes
server: AmazonS3
date: Tue, 31 Jan 2023 05:40:46 GMT
cache-control: max-age=31536000, s-maxage=7200, public
etag: "b07617332a2da4edc9e0f73e8c835864"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ZLjsDfIAyxyUmY_OfoVZCcd8T-raht0G8QuGyG53HU483KbXm-YOsA==
age: 4981
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 723 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
Hash f21a115e346a385f3cbc368d201c8d96
774aebf86d3bcff9fbda1205731a996d2c5e28e4
13965de843a344579ed2a67a16ba3dcc5f213a568ae1e59d32ba8e02fdff7923
POST /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1004
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 133
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: ca3ce00c-aa29-4bbe-bbd1-ab38d5a8217d
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFHHgAvHcFyRQ=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-trace-id: Root=1-63d8bd53-3eeb7b5c4881991f079bd4f7
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UrnKK7AAK5uXUzbpWubmlkVtk5p8qNWqILsIDnsbuTR4ZTfW4HI16g==
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 369b6c75025aa9b1338cf2d004c654be
47c416c47902454a7003f8fcf88d7c405e235a55
1a43cee532d632a72d4ce548f68e47b115dcb0d8c1de480d0caf4b02204e3996
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4123
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:55:04 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash b30a79973405ce99d7aa1284a368c0cb
0d6423bc16fed73e76f6c809670e34e687fc7d98
ef1339dbf9539c1cfae73015e3b6d64c04b12730e496726d14af2bf15a46182b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:53:01 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: joQLJ9s7QJtDbijJg1RaAyX8dY60U97DtgY3Lxak5RpsJUBIMEACVw==
Age: 4246
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 81552288bbf68d56287235714f4ff5ab
ce6ce06b1e15f76ef30296a54e2b4520f5d861a8
8a39a876a49e880f31cb2c92563213de594b823302fbf945a737fd7787a19dd6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6530
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:14:57 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5109685626000550100
185.89.210.20200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5109685626000550100
IP 185.89.210.20:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D18%26code%3D5109685626000550100 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 388bf81d-5079-4036-9628-c3eda8a01e7b
Set-Cookie: anj=dTM7k!M4/YErk#WF']wIg2GVSqi@G1!]tbPl1MNu::wpAk`W=eiekW]gkN$HcvjMPcxOpcn>A)EtDT@-!_6-zQEVk`!*W4I:O@Hl; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:03:47 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
p.rfihub.com/cm?pub=24472&in=1
193.0.160.129302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?pub=24472&in=1
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?pub=24472&in=1 HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 07:03:47 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjEwNzI3MzW0tBTiM9RNy3KNzC13yc2ICjYGAHMfpWklAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_7vFwmtoZm5qaGJhZmRuYWEJAMpcx7oQAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:47 GMT; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjEwNzI3MzW0tBTiM9RNy3KNzC13yc2ICjYGAHMfpWklAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:47 GMT; Secure; SameSite=None
Location: https://ps.eyeota.net/match?uid=5133329524072765199&bid=omt9pi0
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43a447387148b75f5503a83f635d9400
86f60e01606fad3663720e331d6efa0f124d8bb8
9567b0cb367c7788892733ba0fef1b2a00a04e1f3e23b2717dc6391009ea6e86
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6209
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:20:18 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5109685626000550100
23.38.201.22200 OK 43 B URL HTTP/2 x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5109685626000550100
IP 23.38.201.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /e/rocketfuel_sync?na_exid=5109685626000550100 HTTP/1.1
Host: x.dlx.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 43
expires: Tue, 31 Jan 2023 07:03:47 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Tue, 31 Jan 2023 07:03:47 GMT
strict-transport-security: max-age=2628000
X-Firefox-Spdy: h2
us-u.openx.net/w/1.0/sd?id=537073062&val=5109685626000550100&r=
35.244.159.8200 OK 43 B URL HTTP/2 us-u.openx.net/w/1.0/sd?id=537073062&val=5109685626000550100&r=
IP 35.244.159.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /w/1.0/sd?id=537073062&val=5109685626000550100&r= HTTP/1.1
Host: us-u.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: image/gif
content-length: 43
cache-control: private, max-age=0, no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=1121&dpuuid=5109685626000550100&redir=
3.248.89.226302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=1121&dpuuid=5109685626000550100&redir=
IP 3.248.89.226:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=1121&dpuuid=5109685626000550100&redir= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0cc0feb7f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5109685626000550100&redir=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=03405289841277869792348368571253281682; Max-Age=15552000; Expires=Sun, 30 Jul 2023 07:03:48 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: cmO3x6AwSr0=
Content-Length: 0
Connection: keep-alive
sync.search.spotxchange.com/partner?adv_id=7180&uid=5109685626000550100&img=1
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7180&uid=5109685626000550100&img=1
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?adv_id=7180&uid=5109685626000550100&img=1 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=68a456fd-a135-11ed-8275-1d7abbad0506; expires=Tue, 28-Feb-2023 07:03:47 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?adv_id=7180&uid=5109685626000550100&img=1&__user_check__=1&sync_id=68a45753-a135-11ed-8275-1d7abbad0506
X-fe: 28
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 05a315290fb127dcface8d662f77b745
3fafc6a308f752df3ec5a2881aa122174c6f79c9
728f2fb87fd9a12b997498e65eb9c50b8266a3d5e9e83cc6f6366ed941a1292f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6389
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:17:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 727
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 8ef1dbe04ff3834735b0659e7ae82c62
56d86283c8861f679162e92c70bbea59f819b8dc
a41623bee3b144f94362b7351bf88236e4291f113068361be33209f550fb3373
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 01:42:55 GMT
Expires: Sun, 05 Feb 2023 01:42:54 GMT
Etag: "56d86283c8861f679162e92c70bbea59f819b8dc"
Cache-Control: max-age=412146,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792096eb8c4a1c12-OSL
cms.getblue.io/cm/?src=appnexus&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&appnexusid=0
18.228.55.190200 OK 2 B URL HTTP/2 cms.getblue.io/cm/?src=appnexus&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&appnexusid=0
IP 18.228.55.190:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
GET /cm/?src=appnexus&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&appnexusid=0 HTTP/1.1
Host: cms.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE; hash=34e0b4a2efc5d44a2804059794ec5bedd8d009d340ff208928b6f820091a0a60fd8e594dc818832232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: Express
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 61dea6157a05806089a1de6794c639a5
9c693faa2a6c2ab612ad4f94d8376985dd960202
de2603c5c56d0b5d342947f06890c93bbf3ac28bb18cab30974ce812624c03cf
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 30 Jan 2023 21:27:39 GMT
Expires: Tue, 31 Jan 2023 21:27:39 GMT
ETag: "9c693faa2a6c2ab612ad4f94d8376985dd960202"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 0d1b26461090383d9ba96d73c5a730c2
1a68f8dcc3b9f1cb170632562b5e0047900d0e07
6bc8b223fbdbccd55fa6d3269fd33e60a63b9fc33259b564740b33d485a2acfb
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 31 Jan 2023 07:03:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 31 Jan 2023 03:23:12 GMT
Expires: Wed, 01 Feb 2023 03:23:12 GMT
ETag: "1a68f8dcc3b9f1cb170632562b5e0047900d0e07"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cms.getblue.io/cm/?src=adx&child=europe&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&ula=6572934421&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_error=3
18.228.55.190200 OK 2 B URL HTTP/2 cms.getblue.io/cm/?src=adx&child=europe&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&ula=6572934421&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_error=3
IP 18.228.55.190:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
GET /cm/?src=adx&child=europe&ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE&cid=FE234AE0-B17A-69ED-DFDDD90C731389A6&ula=6572934421&blueID=b357b6f4-1a8b-47cc-a54c-e5c1d30c1b75&google_error=3 HTTP/1.1
Host: cms.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE; hash=34e0b4a2efc5d44a2804059794ec5bedd8d009d340ff208928b6f820091a0a60fd8e594dc818832232
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: Express
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 954ddfa155b1b28103c20d8e6d90a95c
831cec47e90aaff02a1df6379478029c5b5d0608
890eb42f42bb6250ae79b37a5ec3c3b69e5011ce4c680327e55ca89e20f2b57d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5868
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:47 GMT
Last-Modified: Tue, 31 Jan 2023 05:25:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5109685626000550100
52.58.71.199200 OK 43 B URL HTTP/2 aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5109685626000550100
IP 52.58.71.199:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /adscores/g.pixel?sid=9212192898&rf=5109685626000550100 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: image/gif
content-length: 43
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 369b6c75025aa9b1338cf2d004c654be
47c416c47902454a7003f8fcf88d7c405e235a55
1a43cee532d632a72d4ce548f68e47b115dcb0d8c1de480d0caf4b02204e3996
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4714
Cache-Control: max-age=119381
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:48 GMT
Etag: "63d7da3f-1d7"
Expires: Wed, 01 Feb 2023 16:13:29 GMT
Last-Modified: Mon, 30 Jan 2023 14:54:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
bpi.rtactivate.com/tag/?id=11017&user_id=5109685626000550100
3.231.172.211200 OK 43 B URL HTTP/2 bpi.rtactivate.com/tag/?id=11017&user_id=5109685626000550100
IP 3.231.172.211:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /tag/?id=11017&user_id=5109685626000550100 HTTP/1.1
Host: bpi.rtactivate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: image/gif
content-length: 43
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js
104.18.72.113200 OK 50 kB URL HTTP/2 static.zdassets.com/web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js
IP 104.18.72.113:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash a85b606cac6a1bce6c90e866dbd3051c
beb40af417d8fb3e22d0f2d7e0f99fa8ee9838e9
ba7b3119dfa5b75cce2c740d4554e0853ef621f872a94e262ccbd19a732038e2
GET /web_widget/latest/web-widget-framework-59b8a859ce8a473d961c.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:47 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: eqi5IJQsZltOEPYX18LZfa9yHAtGFvEXQO7zmTiGIn0VvD4F0CwBVgdFmBuHSbbKdhbjAWDPQGE=
x-amz-request-id: JT3WC3ZCPKE9H3EG
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:03:21 GMT
etag: W/"6337d08bfec6eec8c5e9f218e1ca6471"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:03:19 GMT
x-amz-version-id: .eV5Z5rLMQLzZziY1JqjOEi.7xRQkb6M
cf-cache-status: HIT
age: 372654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUY%2BlufFa8GeosOeCDuO4uw8kWWvPipY5vZrodm%2FVjVTqXkmvr57rpJO9q4iALS40H4yRm%2FepGSdwytHxGIw74Ybf0aL0ImVy5h%2FqaJKIwb2qRkhjjsSS4iHqu7fNrnArcJLXAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096e9f804b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
idsync.rlcdn.com/360947.gif?partner_uid=5109685626000550100
35.244.174.68200 OK 42 B URL HTTP/2 idsync.rlcdn.com/360947.gif?partner_uid=5109685626000550100
IP 35.244.174.68:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /360947.gif?partner_uid=5109685626000550100 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: rlas3=HwTR2lJIYIZzMgbN0CPHaTgfUa/nSbBnKpShLnrO/74=; Path=/; Domain=rlcdn.com; Expires=Wed, 31 Jan 2024 07:03:47 GMT; Secure; SameSite=None
pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Sat, 01 Apr 2023 07:03:47 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Tue, 31 Jan 2023 07:03:47 GMT
content-length: 42
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=
185.80.36.245302 Found 0 B URL HTTP/1.1 dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=
IP 185.80.36.245:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward= HTTP/1.1
Host: dsum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 07:03:47 GMT
Server: Apache
Cache-Control: no-cache
Expires: 0
Location: /rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Content-Length: 0
Set-Cookie: CMID=Y9i9U2fNdQ3EHjP.QxnUTwAA; Path=/; Domain=casalemedia.com; Expires=Wed, 31 Jan 2024 07:03:47 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=1830; Path=/; Domain=casalemedia.com; Expires=Mon, 01 May 2023 07:03:47 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=1830; Path=/; Domain=casalemedia.com; Expires=Mon, 01 May 2023 07:03:47 GMT; Max-Age=7776000; Secure; SameSite=None
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 61fca20c48f76c99be770c330932e1ff
e6a52723f21b357bc4ea0f1e5e4f0dcfe9e28e19
96fdb3fd6eea1a0013763a862160098b54b9efdc06004f7ad0967c146e368ef5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101324
Date: Tue, 31 Jan 2023 07:03:47 GMT
Etag: "63d79112-1d7"
Expires: Wed, 01 Feb 2023 11:12:31 GMT
Last-Modified: Mon, 30 Jan 2023 09:42:42 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FgYZj0DlMTPJyTtzcW27pffnILvRtHVM2IJ_6Gr0_YH2Ik08W0UNzg==
Age: 5389
e1.emxdgt.com/put?d=d16&uid=5109685626000550100
3.75.3.113204 No Content 0 B URL HTTP/2 e1.emxdgt.com/put?d=d16&uid=5109685626000550100
IP 3.75.3.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /put?d=d16&uid=5109685626000550100 HTTP/1.1
Host: e1.emxdgt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
content-type: text/html
date: Tue, 31 Jan 2023 07:03:47 GMT
content-length: 0
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 133 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bd7f040a29b544cccf3f3d11497e2179
e5e12b1049e98bb9812d3bcfabd1a55008c7060a
4ccf7fb3be6602e6d09924d955e5c5ea86ed7c9fc951a8a58369edcf343cddb8
POST /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 848
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 133
date: Tue, 31 Jan 2023 07:03:47 GMT
x-amzn-requestid: 11b7889b-09c6-4287-848a-d2afc8ca0116
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFJF0cvHcFm-A=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-trace-id: Root=1-63d8bd53-6518bbcd172bc64c04731f41
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LrCEy4vlrgoCLtmASoBKmhd6XS3W_QFLn7oBWwkZyqDJf6w9mYOLXA==
X-Firefox-Spdy: h2
p.rfihub.com/cm?pub=39342&in=0&userid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D192759dc-9673-4a8c-ae7a-35e642aa392e%253A1675148627.644222
193.0.160.129302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?pub=39342&in=0&userid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D192759dc-9673-4a8c-ae7a-35e642aa392e%253A1675148627.644222
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?pub=39342&in=0&userid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D192759dc-9673-4a8c-ae7a-35e642aa392e%253A1675148627.644222 HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 07:03:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MDcxNrYwMjMytTQzNDUysRTiM9QNK_D1isp3rcwoDzIFAAKUiqolAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:48 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MDcxNrYwMjMytTQzNDUysRTiM9QNK_D1isp3rcwoDzIFAAKUiqolAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
euds=H4sIAAAAAAAA_wXBwQ3AMAgEsE_XoRIHHCHboJRFOnns_6EWMuo7UkwT73WkJ1ssho5uK8xWZqgvIl-6A7ggQ4DyOQAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_z3IuRGAMAwEwAqIXIcY-_TTjcaoIUKqJWPDfYathGvem9KcSSo2VXsRa5ugihN9LXNdEgY_TQTAO47_Ys78AMnEjoBJAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:48 GMT; Secure; SameSite=None
Location: https://idsync.rlcdn.com/501709.gif?partner_uid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
a.rfihub.com/cm?pub=445&in=0&forward=&google_error=3
193.0.160.129200 OK 42 B URL HTTP/1.1 a.rfihub.com/cm?pub=445&in=0&forward=&google_error=3
IP 193.0.160.129:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /cm?pub=445&in=0&forward=&google_error=3 HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:48 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAA_-MSNjU0NjExNTUxMrA0MDe0NDI0NxDiM9R1KXQLTIsoNsos9nIFAH0qbVklAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_-NicjUO4jU0Mzc1NLEwM7IwMDQBAAj_-rATAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:48 GMT; Secure; SameSite=None
euds=H4sIAAAAAAAA_-NicjUGAEAxo38EAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0NjExNTUxMrA0MDe0NDI0NxDiM9R1KXQLTIsoNsos9nIFAH0qbVklAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 25 Feb 2024 07:03:48 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 42
Server: Jetty(9.3.29.v20201019)
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5c00a6b71849e1f63887d38333830003
274723ffd4a062e1997a213ceeeab8a56ac83141
5e15ea6950fd4aa51af37519ac391c2c95cfd74ded6ac6e35432ccf68c70cb23
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 01:56:49 GMT
Expires: Sat, 04 Feb 2023 01:56:48 GMT
Etag: "274723ffd4a062e1997a213ceeeab8a56ac83141"
Cache-Control: max-age=326579,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792096eced191c12-OSL
beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5109685626000550100
18.203.108.155204 No Content 0 B URL HTTP/2 beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5109685626000550100
IP 18.203.108.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch.gif?partner_id=rfuel&partner_user_id=5109685626000550100 HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 31 Jan 2023 07:03:48 GMT
set-cookie: _kuid_=PWeHahMV; Expires=Sun, 30-Jul-23 07:03:48 GMT; Max-Age=15552000; Domain=.krxd.net; Path=/
cache-control: private, no-cache, no-store
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n014-dub-prod.krxd.net
x-request-time: D=30 t=1675148628
X-Firefox-Spdy: h2
dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=&C=1
185.80.36.245200 OK 43 B URL HTTP/1.1 dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=&C=1
IP 185.80.36.245:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /rum?cm_dsp_id=57&external_user_id=5109685626000550100&forward=&C=1 HTTP/1.1
Host: dsum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:48 GMT
Server: Apache
Cache-Control: no-cache
Content-Type: image/gif
Expires: 0
Pragma: no-cache
Content-Length: 43
Keep-Alive: timeout=1, max=499
Connection: Keep-Alive
x.bidswitch.net/sync?dsp_id=119&user_id=5109685626000550100&expires=30
18.196.140.228302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=119&user_id=5109685626000550100&expires=30
IP 18.196.140.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=119&user_id=5109685626000550100&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 31 Jan 2023 07:03:48 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5109685626000550100&expires=30
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=2940f641-d3fd-42fb-8d30-e0ee648fc834; path=/; expires=Wed, 31-Jan-2024 07:03:48 GMT; domain=.bidswitch.net; samesite=none; secure
c=1675148628; path=/; expires=Wed, 31-Jan-2024 07:03:48 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1675148628; path=/; expires=Wed, 31-Jan-2024 07:03:48 GMT; domain=.bidswitch.net; samesite=none; secure
c=1675148628; path=/; expires=Wed, 31-Jan-2024 07:03:48 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5109685626000550100&redir=
3.248.89.226200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5109685626000550100&redir=
IP 3.248.89.226:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5109685626000550100&redir= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-0f45dc272.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: BZxd0K/rQrc=
Content-Length: 59
Connection: keep-alive
sync.search.spotxchange.com/partner?adv_id=7180&uid=5109685626000550100&img=1&__user_check__=1&sync_id=68a45753-a135-11ed-8275-1d7abbad0506
185.94.180.125200 OK 43 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7180&uid=5109685626000550100&img=1&__user_check__=1&sync_id=68a45753-a135-11ed-8275-1d7abbad0506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /partner?adv_id=7180&uid=5109685626000550100&img=1&__user_check__=1&sync_id=68a45753-a135-11ed-8275-1d7abbad0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 31 Jan 2023 07:03:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: audience=68b7064c-a135-11ed-8296-19bfd3920506; expires=Tue, 28-Feb-2023 07:03:48 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 52
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash fb0c2f49d8e08a71cb4230295f8a51db
36f4811435eb46f5e03e8e7ba5ad987f8f4f63a0
6bd7ae5e8ad67dabf77278542ff528f8cf2bceb1bbad102fb5f5985ae01523cd
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 21:01:06 GMT
Expires: Sat, 04 Feb 2023 21:01:05 GMT
Etag: "36f4811435eb46f5e03e8e7ba5ad987f8f4f63a0"
Cache-Control: max-age=600879,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 777
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792096ed6bf8b50f-OSL
idsync.rlcdn.com/501709.gif?partner_uid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222
35.244.174.68307 Temporary Redirect 0 B URL HTTP/2 idsync.rlcdn.com/501709.gif?partner_uid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /501709.gif?partner_uid=192759dc-9673-4a8c-ae7a-35e642aa392e%3A1675148627.644222 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
cache-control: no-cache, no-store
location: https://idsync.rlcdn.com/1000.gif?memo=CM3PHhJACjwIARAFGjYxOTI3NTlkYy05NjczLTRhOGMtYWU3YS0zNWU2NDJhYTM5MmU6MTY3NTE0ODYyNy42NDQyMjIQABoNCNT64p4GEgUI6AcQAEIASgA
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Sat, 01 Apr 2023 07:03:48 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Tue, 31 Jan 2023 07:03:48 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
151.101.130.49302 Found 0 B URL HTTP/2 sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
IP 151.101.130.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
set-cookie: everest_g_v2=g_surferid~Y9i9VAAABdkfYABh; Path=/; Domain=.everesttech.net; Expires=Wed, 31-Jan-2024 07:03:48 GMT; Max-Age=31536000
location: https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=Y9i9VAAABdkfYABh
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:03:48 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675148628.990492,VS0,VE91
cache-control: no-cache
pragma: no-cache
content-length: 0
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 74be048cae4a81b12cbf7fc643928693
b7c2113780c088beb77f9f84e0226a1d6f7175fa
b28d19a792836850ec81eddd1f8c1d22122b1f454977ba5b3e65ef4b2c25fb5f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 31 Jan 2023 07:03:48 GMT
Last-Modified: Tue, 31 Jan 2023 05:23:16 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6v-axxJ7FfLOzJ5OJ0dN9LhNKeSNc0EZVCiiplsD2cuzoslvLtnlog==
Age: 6032
x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5109685626000550100&expires=30
18.196.140.228200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5109685626000550100&expires=30
IP 18.196.140.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=119&user_id=5109685626000550100&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ps.eyeota.net/match?uid=5133329524072765199&bid=omt9pi0
3.125.70.222200 OK 0 B URL HTTP/1.1 ps.eyeota.net/match?uid=5133329524072765199&bid=omt9pi0
IP 3.125.70.222:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?uid=5133329524072765199&bid=omt9pi0 HTTP/1.1
Host: ps.eyeota.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Set-Cookie: SERVERID=23721~DM; Domain=eyeota.net; Path=/; Expires=Tue, 31 Jan 2023 07:13:48 GMT; Secure; SameSite=None;
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Content-Length: 0
Date: Tue, 31 Jan 2023 07:03:48 GMT
sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=Y9i9VAAABdkfYABh
151.101.130.49200 OK 85 B URL HTTP/2 sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=Y9i9VAAABdkfYABh
IP 151.101.130.49:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 5bec6606b8392065f9da9898ca6f7b14
73ac5b01b5e3293fb792179626e7f8369cdb944d
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
GET /ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=Y9i9VAAABdkfYABh HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:03:48 GMT
via: 1.1 varnish
age: 20
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 32
x-timer: S1675148628.096400,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 85
X-Firefox-Spdy: h2
idsync.rlcdn.com/1000.gif?memo=CM3PHhJACjwIARAFGjYxOTI3NTlkYy05NjczLTRhOGMtYWU3YS0zNWU2NDJhYTM5MmU6MTY3NTE0ODYyNy42NDQyMjIQABoNCNT64p4GEgUI6AcQAEIASgA
35.244.174.68307 Temporary Redirect 0 B URL HTTP/2 idsync.rlcdn.com/1000.gif?memo=CM3PHhJACjwIARAFGjYxOTI3NTlkYy05NjczLTRhOGMtYWU3YS0zNWU2NDJhYTM5MmU6MTY3NTE0ODYyNy42NDQyMjIQABoNCNT64p4GEgUI6AcQAEIASgA
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1000.gif?memo=CM3PHhJACjwIARAFGjYxOTI3NTlkYy05NjczLTRhOGMtYWU3YS0zNWU2NDJhYTM5MmU6MTY3NTE0ODYyNy42NDQyMjIQABoNCNT64p4GEgUI6AcQAEIASgA HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
cache-control: no-cache, no-store
location: https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: pxrc=CNT64p4GEgUI6AcQABIGCLrqARAA; Path=/; Domain=rlcdn.com; Expires=Sat, 01 Apr 2023 07:03:48 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Tue, 31 Jan 2023 07:03:48 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=0&msclkid=N&ec=CHEQ&el=Invalid_Users&ev=0&ea=Invalid_Users&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=568387
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=0&msclkid=N&ec=CHEQ&el=Invalid_Users&ev=0&ea=Invalid_Users&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=568387
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=0&msclkid=N&ec=CHEQ&el=Invalid_Users&ev=0&ea=Invalid_Users&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=568387 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0A07ACA41B3A64B709D2BE0E1A6D6509; domain=.bing.com; expires=Sun, 25-Feb-2024 07:03:48 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 24FF5B21921E4EF09CF1AFC15252DB6E Ref B: OSL30EDGE0407 Ref C: 2023-01-31T07:03:48Z
date: Tue, 31 Jan 2023 07:03:47 GMT
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=MrQ&p=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&r=<=2354&evt=pageLoad&sv=1&rn=423327
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=MrQ&p=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&r=<=2354&evt=pageLoad&sv=1&rn=423327
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=27021427&Ver=2&mid=03f30028-f59d-432c-93a5-adcfad2b6a32&sid=71408dd0a13511ed921fbdf38f227411&vid=71408ea0a13511ed845f652bdbf57cab&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=MrQ&p=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&r=<=2354&evt=pageLoad&sv=1&rn=423327 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=03EF813C955B6B7523E89396940C6ACE; domain=.bing.com; expires=Sun, 25-Feb-2024 07:03:48 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1CF05860FBCE4987A19C7B96492301BC Ref B: OSL30EDGE0407 Ref C: 2023-01-31T07:03:48Z
date: Tue, 31 Jan 2023 07:03:47 GMT
X-Firefox-Spdy: h2
api.perfalytics.com/track
54.230.111.127200 OK 133 B URL HTTP/2 api.perfalytics.com/track
IP 54.230.111.127:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7f9ff0d12687fa73da392bf98d92e317
a23eddb0e3bd536129f3cf9af9269ac95c888c81
13d61a1e0c3d3bf93f2982e72da9bdb94339a43b5f202e11d8d06050a0d24962
POST /track HTTP/1.1
Host: api.perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1017
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 133
date: Tue, 31 Jan 2023 07:03:48 GMT
x-amzn-requestid: 1cb62578-fa29-477d-9eaa-8090cc26d47c
access-control-allow-origin: *
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: fmKFKHsJPHcFjHA=
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-trace-id: Root=1-63d8bd54-7beaa0be6b8a01274c0fc9d2
access-control-allow-credentials: true
x-cache: Miss from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NxC22m8LVW9SXcAB1dAc-z9XytTj6jjnrkDQbONIaijV8ILzkynIJw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 73d6f94eec5f7bf78dc11951011af215
2d7941713a82a83c174bf782b618a6f86a8ab2d7
9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 73d6f94eec5f7bf78dc11951011af215
2d7941713a82a83c174bf782b618a6f86a8ab2d7
9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.67200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.67:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/953627164/?random=1675148641798&cv=11&fst=1675148641798&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&label=EJOFCMCMtcIDEJzk3MYD&hn=www.google.com&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ>m_ee=1&auid=774635133.1675148641&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mrq.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 07:03:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
idsync.rlcdn.com/362358.gif?google_error=3
35.244.174.68200 OK 42 B URL HTTP/2 idsync.rlcdn.com/362358.gif?google_error=3
IP 35.244.174.68:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /362358.gif?google_error=3 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20823188p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Sat, 01 Apr 2023 07:03:48 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Tue, 31 Jan 2023 07:03:48 GMT
content-length: 42
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/953627164/?random=1675148641791&cv=11&fst=1675148400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=774460933&rmt_tld=1&ipr=y
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/953627164/?random=1675148641791&cv=11&fst=1675148400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=774460933&rmt_tld=1&ipr=y
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/953627164/?random=1675148641791&cv=11&fst=1675148400000&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tiba=MrQ&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=774460933&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 07:03:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash beba92ff0bc5737791ba6982e7b0dba5
712af102d8a29ef26a49a16f95e8e90e3d9067b6
a778a2a369102dfbf4c67d64ff337d136f1ae79b4c1f72d0d4d7c0cfb3704e37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5752
Cache-Control: max-age=150637
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:48 GMT
Etag: "63d85049-139"
Expires: Thu, 02 Feb 2023 00:54:25 GMT
Last-Modified: Mon, 30 Jan 2023 23:18:33 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 8ef1dbe04ff3834735b0659e7ae82c62
56d86283c8861f679162e92c70bbea59f819b8dc
a41623bee3b144f94362b7351bf88236e4291f113068361be33209f550fb3373
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:03:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 01:42:55 GMT
Expires: Sun, 05 Feb 2023 01:42:54 GMT
Etag: "56d86283c8861f679162e92c70bbea59f819b8dc"
Cache-Control: max-age=412145,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792096ed6d681c12-OSL
bat.bing.com/p/action/27021427.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/27021427.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/27021427.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B04060C06BF54E5EAC300224F74E83B7 Ref B: OSL30EDGE0407 Ref C: 2023-01-31T07:03:48Z
date: Tue, 31 Jan 2023 07:03:47 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 7.9 kB IP 142.250.74.131:0
Hash 70eb5dcd8310f0f685ded62411093398
815b02fe678644593b41247cb9c482c858d135a6
1e7d182f074ada86f3e35d3b5f4181b953c2313a441970982731009642a920f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:03:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58708780-1&cid=604824412.1675148641&jid=206646713&gjid=1157159130&_gid=1759075711.1675148642&_u=YADAAEAAQAAAACAAI~&z=1689150869
173.194.220.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58708780-1&cid=604824412.1675148641&jid=206646713&gjid=1157159130&_gid=1759075711.1675148642&_u=YADAAEAAQAAAACAAI~&z=1689150869
IP 173.194.220.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-58708780-1&cid=604824412.1675148641&jid=206646713&gjid=1157159130&_gid=1759075711.1675148642&_u=YADAAEAAQAAAACAAI~&z=1689150869 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://mrq.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 31 Jan 2023 07:03:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29
104.244.42.131200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29
IP 104.244.42.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=b3706f46-5c16-4306-b4da-42c2c64491ab&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c1bcf64b-2ee1-4a98-b608-ef5f54d5370d&tw_document_href=https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o75ni&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:47 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_9byQ/qanGF7IElAwVGItIg=="; Max-Age=63072000; Expires=Thu, 30 Jan 2025 07:03:48 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: fa3039573aeab5bb
strict-transport-security: max-age=631138519
x-response-time: 111
x-connection-hash: c8757a7fe6ed21a60633b97bba3f223e9c6273922c36d5314f91b873ff377d6c
X-Firefox-Spdy: h2
trc.taboola.com/1464003/trc/3/json?tim=1675148642355&data=%7B%22id%22%3A949%2C%22ii%22%3A%22%2Fsecure%2Flobby%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1675148642348%2C%22cv%22%3A%2220230129-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dmadfoxmrq-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1675148642355%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
151.101.129.44200 OK 1.4 kB URL HTTP/2 trc.taboola.com/1464003/trc/3/json?tim=1675148642355&data=%7B%22id%22%3A949%2C%22ii%22%3A%22%2Fsecure%2Flobby%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1675148642348%2C%22cv%22%3A%2220230129-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dmadfoxmrq-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1675148642355%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP 151.101.129.44:0
File type ASCII text, with very long lines (2440), with no line terminators
Hash 3f04c3bcecb2f5b7cda881eeb5f1fbab
a6d04e2a810ff238926b45f8df8372f9c96ebba1
1e5d95f5ea25b6b18b334010efd1b8fed090bfc9c7803df655ca5e1b6de0849a
GET /1464003/trc/3/json?tim=1675148642355&data=%7B%22id%22%3A949%2C%22ii%22%3A%22%2Fsecure%2Flobby%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1675148642348%2C%22cv%22%3A%2220230129-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dmadfoxmrq-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1675148642355%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fmrq.com%2Fsecure%2Flobby%3Fmodals%3Dhooyu%26link%3Dhttps%253A%252F%252Fwww.hooyu.com%252Fen-us%252Fcheckid%252Frequest%252F4676fef1-afbe-4564-8f8f-33a3b7d1a443%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:03:48 GMT
via: 1.1 varnish
x-served-by: cache-bma1646-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675148628.132205,VS0,VE94
vary: Accept-Encoding
x-vcl-time-ms: 94
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=489309081211540&ev=CHEQ&dl=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&rl=&if=false&ts=1675148643987&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1675148643982.742373190&it=1675148642468&coo=false&rqm=GET
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=489309081211540&ev=CHEQ&dl=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&rl=&if=false&ts=1675148643987&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1675148643982.742373190&it=1675148642468&coo=false&rqm=GET
IP 157.240.205.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=489309081211540&ev=CHEQ&dl=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443&rl=&if=false&ts=1675148643987&sw=1280&sh=1024&v=2.9.95&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1675148643982.742373190&it=1675148642468&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 31 Jan 2023 07:03:48 GMT
X-Firefox-Spdy: h2
trc-events.taboola.com/1464003/log/3/unip?en=pre_d_eng_tb&tos=1670&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1675148644023&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1464003/log/3/unip?en=pre_d_eng_tb&tos=1670&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1675148644023&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1464003/log/3/unip?en=pre_d_eng_tb&tos=1670&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1675148644023&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 31 Jan 2023 07:03:48 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mrq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
nexus-websocket-a.intercom.io/pubsub/5-hunmfCLh9sVuqasy_iiiuFzFFCBRADjtEnwsL1s6pEyRqICLOSGHdJeQqnRsjDcLvC0OEXH_-Ixur6deJGnmn8T4TJ4TH3rRtGcl?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
34.237.73.95101 Switching Protocols 110 kB URL HTTP/1.1 nexus-websocket-a.intercom.io/pubsub/5-hunmfCLh9sVuqasy_iiiuFzFFCBRADjtEnwsL1s6pEyRqICLOSGHdJeQqnRsjDcLvC0OEXH_-Ixur6deJGnmn8T4TJ4TH3rRtGcl?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined
IP 34.237.73.95:0
File type gzip compressed data, from Unix\012- data
Size 110 kB (110254 bytes)
Hash 3dcbe50ae5b38018db1a19c92b0303f3
ba5b4bf7862e06954161467d4c140e0945d19522
0cede076ce7bfd5687562e9c0813789b0cca696fdd08adf236dae3a97afe2de2
GET /pubsub/5-hunmfCLh9sVuqasy_iiiuFzFFCBRADjtEnwsL1s6pEyRqICLOSGHdJeQqnRsjDcLvC0OEXH_-Ixur6deJGnmn8T4TJ4TH3rRtGcl?X-Nexus-New-Client=true&X-Nexus-Version=0.9.0&user_role=undefined HTTP/1.1
Host: nexus-websocket-a.intercom.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://mrq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gCi+s9djZl774f9bk6S/Wg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 31 Jan 2023 07:03:49 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: S09TwjGRzovgLLQkrY9m7Tx2dFg=
Sec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover
eor.ediemidnightzombies.com/mon
3.248.162.96200 OK 0 B URL HTTP/2 eor.ediemidnightzombies.com/mon
IP 3.248.162.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1562
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Cookie: cg_uuid=ae68405d178db63e99259972133bd335
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://mrq.com
content-type: application/json
date: Tue, 31 Jan 2023 07:03:49 GMT
content-length: 0
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-5324-3789e01.js
104.18.72.113200 OK 111 kB URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-5324-3789e01.js
IP 104.18.72.113:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 111 kB (111234 bytes)
Hash d45d4a54d9373ff165ba5e7185ddc406
ea7badc4b7ec9f3e79f51db88b240cabcfc1d751
c12af3bb5020b71012377118cb6ff81c57cb6a41f19954a0816de3dcdda637a7
GET /web_widget/latest/classic/web-widget-5324-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 5iEbvRNjpo2HmT4W8W8hFe7XYYzerZGVBZIzH0czqdD7jh+Yk56/4A4Nv4FXTOQ5ijvn38d10mg=
x-amz-request-id: NQRPZ93Y070WT5KM
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:06:01 GMT
etag: W/"a0d9b904197466a0a807d792b0b139b6"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:06:00 GMT
x-amz-version-id: wdUhzTP_PBU4zLulSlUyuH.2qRiLFsd2
cf-cache-status: HIT
age: 372654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CvHWzsxPMThI34o5QsKwXww1bnyeXMgmyGBnHgUA89JbfyP8t0p31U6IrWeTHAvnDrYXrYI9Py1EjUN0fyp%2FjlkFQWjS7a2Sn4PXMrfTaqtQeYdxWkXPujInudxuJML8d4WrBkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096f0de8eb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
widget-mediator.zopim.com/s/W/ws/T+EqxMDeQAWRjRWr/c/1675148644709
3.124.14.98101 Switching Protocols 0 B URL HTTP/1.1 widget-mediator.zopim.com/s/W/ws/T+EqxMDeQAWRjRWr/c/1675148644709
IP 3.124.14.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/W/ws/T+EqxMDeQAWRjRWr/c/1675148644709 HTTP/1.1
Host: widget-mediator.zopim.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://mrq.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5CHYchLL3s065iIxxLvvpA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Tue, 31 Jan 2023 07:03:49 GMT
Connection: upgrade
Set-Cookie: AWSALB=/TWFvB45eIE5cEws3grFdVBtZJ8wfJ1GwHFOu4lfttVAxaH1SWzpfZY65pkMPfTVUXQG4KuwXkMoXKKRxDRPOcK6zzi5DNim+phvoeIcwWX+RZpxLApVzYJkIy4o; Expires=Tue, 07 Feb 2023 07:03:49 GMT; Path=/
AWSALBCORS=/TWFvB45eIE5cEws3grFdVBtZJ8wfJ1GwHFOu4lfttVAxaH1SWzpfZY65pkMPfTVUXQG4KuwXkMoXKKRxDRPOcK6zzi5DNim+phvoeIcwWX+RZpxLApVzYJkIy4o; Expires=Tue, 07 Feb 2023 07:03:49 GMT; Path=/; SameSite=None; Secure
Upgrade: websocket
Sec-WebSocket-Accept: ONRhpHMMUrolIPE+5+mGy2Pw+kM=
Sec-WebSocket-Version: 13
WebSocket-Server: uWebSockets
static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-3789e01.js
104.18.72.113200 OK 20 kB URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-3789e01.js
IP 104.18.72.113:0
File type ASCII text, with no line terminators
Hash 7ecbeb9fbae3abfe6ebd258f7d0b9ad3
c51d653cfe5d82402b6d029ad66022cc42cbe190
5dc737f70ad8bc7f9aa0e601985b1c5fba3120f71f3bb29387c12b1df54b5059
GET /web_widget/latest/classic/web-widget-chat-incoming-message-notification-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:49 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: bWjsovKjRCekYYLQbkX5CJqj4I4RdaBrb2p4amftObEwQibIuAVIZZCi5lDVCSxXoyuK2wNuGfo=
x-amz-request-id: XZJWHCF5Q7CG9GTG
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:06:01 GMT
etag: W/"659635f5ad1b6653645380f46aa42236"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:06:00 GMT
x-amz-version-id: PTkQfFoeUt2llEzxwBYnSfB39O35UzsZ
cf-cache-status: HIT
age: 372653
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVTrdIzPNs0Wh3SZjh9goCJfRGICZ%2BI%2FMjuqu8SAf4f%2B3x34omCGJCzZ6FrM15tcxqg5BX9ANjQ7hJZthJg4pd0aQmJD8GjekdhN9p9B0KN7O8cUlrscyYLaA4sxdvyJGtLmKrw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096f6bc9db4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
eor.ediemidnightzombies.com/mon
3.248.162.96200 OK 0 B URL HTTP/2 eor.ediemidnightzombies.com/mon
IP 3.248.162.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /mon HTTP/1.1
Host: eor.ediemidnightzombies.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1562
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Cookie: cg_uuid=ae68405d178db63e99259972133bd335
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://mrq.com
content-type: application/json
date: Tue, 31 Jan 2023 07:03:51 GMT
content-length: 0
X-Firefox-Spdy: h2
trc-events.taboola.com/1464003/log/3/unip?en=pre_d_eng_tb&tos=4672&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1675148647025&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1464003/log/3/unip?en=pre_d_eng_tb&tos=4672&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1675148647025&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1464003/log/3/unip?en=pre_d_eng_tb&tos=4672&scd=0&ssd=2&est=1675148642352&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1675148647025&vi=1675148642348&ri=ed8ae64e702102a49b0ea4d3e03e251d&ref=null&cv=20230129-6-RELEASE&item-url=https%3A%2F%2Fmrq.com%2Flogin%3Fredirect%3D%252Fsecure%252Flobby%253Fmodals%253Dhooyu%2526link%253Dhttps%25253A%25252F%25252Fwww.hooyu.com%25252Fen-us%25252Fcheckid%25252Frequest%25252F4676fef1-afbe-4564-8f8f-33a3b7d1a443 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 31 Jan 2023 07:03:51 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://mrq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
mrq.com/secure/lobby?modals=hooyu&link=https%3A%2F%2Fwww.hooyu.com%2Fen-us%2Fcheckid%2Frequest%2F4676fef1-afbe-4564-8f8f-33a3b7d1a443
172.67.10.181200 OK 0 B URL HTTP/2 mrq.com/secure/lobby?modals=hooyu&link=https%3A%2F%2Fwww.hooyu.com%2Fen-us%2Fcheckid%2Frequest%2F4676fef1-afbe-4564-8f8f-33a3b7d1a443
IP 172.67.10.181:0
GET /secure/lobby?modals=hooyu&link=https%3A%2F%2Fwww.hooyu.com%2Fen-us%2Fcheckid%2Frequest%2F4676fef1-afbe-4564-8f8f-33a3b7d1a443 HTTP/1.1
Host: mrq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:44 GMT
content-type: text/html
last-modified: Mon, 30 Jan 2023 13:41:26 GMT
vary: Accept-Encoding
cache-control: no-store, max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792096d90d29b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.getblue.io/js/blue-tag.min.js
54.207.115.216200 OK 0 B URL HTTP/2 event.getblue.io/js/blue-tag.min.js
IP 54.207.115.216:0
GET /js/blue-tag.min.js HTTP/1.1
Host: event.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
etag: W/"7716-1675133404240"
last-modified: Tue, 31 Jan 2023 02:50:04 GMT
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
partners.tremorhub.com/sync?UIRF=5109685626000550100&r=eAubGHxY5jm6
184.73.162.215200 OK 0 B URL HTTP/2 partners.tremorhub.com/sync?UIRF=5109685626000550100&r=eAubGHxY5jm6
IP 184.73.162.215:0
GET /sync?UIRF=5109685626000550100&r=eAubGHxY5jm6 HTTP/1.1
Host: partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20823188p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-classic-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-classic-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-classic-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: eLswCNR3+snNcmV5ZA7Ixw7RaFFn72sxVkOTwb5i9yiZY1h6sRTeKvt92DowGYacQvMhKNBkx/g=
x-amz-request-id: JT3Y1BVRACV79AY6
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:06:01 GMT
etag: W/"d1e5f0b356064ff6680a59d127c5d617"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:06:00 GMT
x-amz-version-id: m2N7HE7DqdZwJoIBBUB1awf6lJoYOXK8
cf-cache-status: HIT
age: 372654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u7FiO1F6HQmAw52hfoKpSvwfmhL3kmzy9m7VuFc%2BXPk7jJ4nBhHN6pMqG4i%2FGwK8XJSKcUNh%2FvhnaptN8xBT4mZrtZv5D7RrVTzlNAZ2ZDP%2B5m8s46I6abRG71KevqqN8M7L5us%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096f0ae5fb4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-iam.intercom.io/messenger/web/ping
54.156.44.158200 OK 0 B URL HTTP/2 api-iam.intercom.io/messenger/web/ping
IP 54.156.44.158:0
POST /messenger/web/ping HTTP/1.1
Host: api-iam.intercom.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 669
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/json; charset=utf-8
status: 200 OK
cache-control: max-age=0, private, must-revalidate
x-ratelimit-limit: 13333
x-ratelimit-reset: 1675148630
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-ratelimit-remaining: 13289
access-control-allow-origin: https://mrq.com
vary: Accept,Accept-Encoding
x-intercom-version: bd233b7eb410a22f85d87b88ae293e0f0a445685
x-xss-protection: 1; mode=block
content-encoding: gzip
x-request-id: 0002d8a7rou5jg1ilek0
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
etag: W/"0b7f6c0b86d63731062d4bd351b516e9"
x-runtime: 0.302966
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
server: nginx
x-ami-version: ami-0c75d874912a7b35f
X-Firefox-Spdy: h2
rs.fullstory.com/rec/page
35.186.194.58200 OK 0 B URL HTTP/2 rs.fullstory.com/rec/page
IP 35.186.194.58:0
POST /rec/page HTTP/1.1
Host: rs.fullstory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 411
Origin: https://mrq.com
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://mrq.com
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 31 Jan 2023 07:03:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
event.getblue.io/r/audience-pixel-std.min.js?v=22
54.207.115.216200 OK 0 B URL HTTP/2 event.getblue.io/r/audience-pixel-std.min.js?v=22
IP 54.207.115.216:0
GET /r/audience-pixel-std.min.js?v=22 HTTP/1.1
Host: event.getblue.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: ckid=40BD53F3-1268-4CF1-8B7BD4CA3B36CDFE; hash=34e0b4a2efc5d44a2804059794ec5bedd8d009d340ff208928b6f820091a0a60fd8e594dc818832232
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:46 GMT
content-type: application/javascript
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
etag: W/"11099-1675146652474"
last-modified: Tue, 31 Jan 2023 06:30:52 GMT
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
perfalytics.com/static/js/integrations.js
54.230.111.64200 OK 0 B URL HTTP/2 perfalytics.com/static/js/integrations.js
IP 54.230.111.64:0
GET /static/js/integrations.js HTTP/1.1
Host: perfalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 30 Jan 2023 22:40:15 GMT
last-modified: Wed, 21 Dec 2022 14:49:49 GMT
x-amz-version-id: vy8YBJyHh3YdSxs1zcx5.F53Z1LNuBia
etag: W/"44227cff6f42b81f9be75e88d2c0bdf2"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hxZjrHAyvPnZM2u1hUob8mkleeoX7dlRnaVDmMeD5qtczI_j-AT_xA==
age: 30212
X-Firefox-Spdy: h2
mrq.zendesk.com/embeddable/config
104.16.51.111200 OK 0 B URL HTTP/2 mrq.zendesk.com/embeddable/config
IP 104.16.51.111:0
GET /embeddable/config HTTP/1.1
Host: mrq.zendesk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mrq.com/
Origin: https://mrq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers:
access-control-max-age: 7200
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
x-zendesk-origin-server: embeddable-app-server-78d4df54f-8xthj
x-request-id: 792096ebdb551c0e-ARN
x-runtime: 0.002390
vary: Origin, Accept-Encoding
x-cached: MISS
last-modified: Tue, 31 Jan 2023 05:42:32 GMT
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYlzsMXHhjooApT0i64okz5xiyglLxicyZZXXsxKSh2HYZBszxXsLopGoJovLFAcWbPypX%2B4V0Qgz2Blbm1EbU9cJIJ0eQIQcAtCgmGlPvj5H9dFagKFoYwxZ1n4r%2Bd2%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=6b397b42702044847a070460ec6f784a94e2046c-1675148628; path=/; domain=.mrq.zendesk.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 792096ebdb551c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-8165-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-8165-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-8165-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 3l2QEFjOGn7gb5wcEFZ79CHuLKV6LBOJqsvqW7I3b1li7jGSnO5id5UI8PWsvDT0+Je8O5wuQp0=
x-amz-request-id: NQRJJAQT92KAX1GC
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:06:01 GMT
etag: W/"d519ea27f763cb6ec80aeec5b45213a7"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:06:00 GMT
x-amz-version-id: XkgxmNKTmDVQU4edOT7cokqmxhL.gbuw
cf-cache-status: HIT
age: 372654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qBjJLA64C509Kw0lm0WyyGdk3GdIHwaBgwB%2FXHxNIPDPpFsStem2lY3sOGwHnQRQ5%2FDoGpuQoUEwYB0o3QZDXSKEDPkeqNcqYggodGhThUlJele%2BqVAbRDRjFDY9rOdAOtefg8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096f0ce85b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/en-us-json-3789e01.js
104.18.72.113200 OK 0 B URL HTTP/2 static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/en-us-json-3789e01.js
IP 104.18.72.113:0
GET /web_widget/latest/classic/web-widget-locales/classic/en-us-json-3789e01.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:03:48 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: jfwJvHHzFgjdja4+CPMSOxBkcjcXp795SI8fDTNhhhGYiIrVlnyHYidESYBPHtzkgUtkSQf1rIQ=
x-amz-request-id: NQRHHVX9JX9FQGXW
x-amz-replication-status: COMPLETED
last-modified: Tue, 24 Jan 2023 07:06:03 GMT
etag: W/"89b68f56c96d15075b04b0ea633eabf1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Wed, 24 Jan 2024 07:06:02 GMT
x-amz-version-id: o.UUg_NpAHuxy6_PcLSLI7hLSFjsoUT1
cf-cache-status: HIT
age: 372652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYdTse6eRd1%2BxVtfYQK5WvwpsCYlPtGixjoSZ0%2Fj%2F%2BNLT8qr6kv2kCBluQ3XnaTrIyYW0WzXgS9SCp93WqbGfLKsBKHZhQ214hlvcMYeN8fCYh3eC5GwBHt2HQUOWTnWfpYgqY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 792096f2d88ab4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2