Report - orcd.co/fejl40

Report Overview

Submitted URL
orcd.co/fejl40
IP
52.42.154.92
ASN
#16509 AMAZON-02
Submitted
2023-01-30 19:01:43
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
6
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	641 B	438 B	216.239.34.36
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	468 B	438 B	209.85.233.157
t.co	569	2012-07-25T21:09:44Z	2023-03-13T05:25:19Z	700 B	593 B	104.244.42.133
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	1.1 kB	1.2 kB	142.250.74.163
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	1.9 kB	2.4 kB	142.250.74.164
www.redditstatic.com	1440	2012-06-30T14:33:28Z	2023-03-13T05:12:21Z	360 B	8.2 kB	151.101.1.140
www.googleadservices.com	107	2012-06-26T16:53:06Z	2023-03-13T08:26:04Z	378 B	16 kB	142.250.74.34
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	2.3 kB	111 kB	157.240.205.35
fast-cdn.ffm.to	134508	2022-01-10T18:15:26Z	2023-03-10T15:17:31Z	6.5 kB	213 kB	54.230.111.129
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	373 B	74 kB	172.217.21.168
analytics.tiktok.com	1182	2020-02-29T14:09:05Z	2023-03-13T05:09:45Z	4.5 kB	141 kB	23.36.79.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
cloudinary-cdn.ffm.to	unknown	2022-05-18T14:51:12Z	2023-03-10T15:17:31Z	3.9 kB	151 kB	54.230.111.124
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.51.98
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	2.0 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
orcd.co	259133	2018-12-14T07:57:44Z	2023-03-09T18:39:55Z	1.8 kB	1.6 kB	54.149.145.153
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.7 kB	9.8 kB	23.36.76.226
alb.reddit.com	1521	2017-06-15T07:33:56Z	2023-03-13T05:12:21Z	670 B	276 B	151.101.129.140
static.ads-twitter.com	614	2018-06-24T00:08:39Z	2023-03-13T05:25:18Z	356 B	16 kB	151.101.244.157
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	1.3 kB	3.3 kB	142.250.74.98
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.8 kB	7.7 kB	142.250.74.131
api.ffm.to	207088	2017-10-16T17:47:31Z	2023-03-12T15:22:08Z	4.9 kB	1.2 kB	52.42.154.92
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	966 B	54.230.245.110
analytics.twitter.com	526	2013-04-10T21:53:18Z	2023-03-13T05:25:19Z	717 B	613 B	104.244.42.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-30 19:01:46	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-30 19:01:46	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-30 19:01:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-30 19:01:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-30 19:01:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-30 19:01:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (38)

	URL	Size	First Seen	Last Seen
	fast-cdn.ffm.to/68a8224.modern.js	229 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/68a8224.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:55 Times Seen1 Hash bd599f65657c294fe626dc16c208328c 615df977803f0005c920f513b0eeceb0ffe48f11 368c5c02b1dca15f6427b056cf72caa01d15985103ccd41a6276cdb012abb728 Loading...

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=CDIHSBBC77U5MH0KCOL0&lib=ttq	3.7 kB	2023-03-13	2023-03-13
Pretty URL analytics.tiktok.com/i18n/pixel/events.js?sdkid=CDIHSBBC77U5MH0KCOL0&lib=ttq IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:52 Last Seen2023-03-13 12:38:52 Times Seen1 Hash eff1653dd2ac54016778c53d0c022e99 ae0b3458c5718558abb8fc3a1b99ca70dffa441a 241cc2b00b1e5534c149bb024455f9c977e262aff7cc74bdecff0b2d6ddd2728 Loading...

	fast-cdn.ffm.to/464545f.modern.js	4.2 kB	2023-03-12	2023-03-14
Pretty URL fast-cdn.ffm.to/464545f.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-14 10:19:02 Times Seen1 Hash 47ec83efe0c8d1730468a7ccb5eeaff3 222127002c031635ba32788bedfe3eb23728e1bd b8d0639983658d6770fcbce4214fff753c5f58bea04abce0231bb364cfdb83e2 Loading...

	fast-cdn.ffm.to/46ffb52.modern.js	9.6 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/46ffb52.modern.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:55 Times Seen1 Hash e402102d8e366a449b711a55b7b8d182 0c79d3b05a81a71e7da73d9157a342d866f02c5c 27017c96c9af1b9e350737b2d400746000c120e0d81033628f0cbbcccce0edc2 Loading...

	orcd.co/fejl40	115 B	2023-03-10	2023-03-14
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:55:09 Last Seen2023-03-14 08:48:54 Times Seen1 Hash cf30b3154f96e42be60cc892f208bf24 c68cc843e8c37015b47c84179ad5efab63b05c70 cbae907dfe40f5eaebb24e82f28dc4d6af9bef874a2e6b7e423f8031c09b8ee3 Loading...

	connect.facebook.net/signals/config/683127435041827?v=2.9.92&r=stable	386 kB	2023-03-13	2023-03-13
Pretty URL connect.facebook.net/signals/config/683127435041827?v=2.9.92&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:52 Last Seen2023-03-13 12:46:26 Times Seen1 Hash b5f8989b9868b0fd42dbe079f5897c58 60aac5f231a543a7b2b981b4409bf0ce8f1a0069 b006c55f9916b51fc703684b8079dfae3651fd1dd0393832ee254db5b3aa8466 Loading...

	fast-cdn.ffm.to/4c4b4d2.modern.js	3.8 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/4c4b4d2.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:55 Times Seen1 Hash e2ae49690880e9d42eb337b11e0630b7 3398270d61c069780c721403ba70cee0db098b32 e631d988799d5566144389c8d4c3db8836d8eb4f05768771e295abbfb3603aef Loading...

	fast-cdn.ffm.to/db8b58e.modern.js	6.3 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/db8b58e.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash 7ac156bb1eb506839a160d4b58f26a4c 2b653c11a82feef95a48e850d3cf340903a0ec70 efc1579ce63857c3ef5961963a58d9669903e36c38847a3d867f7681aeed32b0 Loading...

	fast-cdn.ffm.to/364028a.modern.js	4.2 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/364028a.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash c62757d3ffe74633aa08987c277929dd dc7e3dd555e0981767f804c3de5eddf4144095bb 164b2fb1df22558cc2cac33e74eed983f4455e591d6fb6aa1f384d3fd2d8d279 Loading...

	orcd.co/fejl40	887 B	2023-03-10	2023-06-19
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:55:09 Last Seen2023-06-19 07:30:04 Times Seen3 Hash 472969dacdd642d0d1e2bafa08ff1389 a6dd996a05c6d537e1f35c245eacd0d342d01e68 994db6408142de2446af14113bf8e07e5c2f2e21c0d93b1451ddf704e3269a77 Loading...

	fast-cdn.ffm.to/5b9acec.modern.js	3.1 kB	2023-03-13	2023-03-14
Pretty URL fast-cdn.ffm.to/5b9acec.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 00:04:04 Last Seen2023-03-14 08:14:49 Times Seen1 Hash 17419d9265b86d3cf6adcc4ae355e185 2b35efc8dc026a1a20cf7c3c98c8b47edfefbf34 48385a436b43c0d945207974986ab8b45d12bd2280f6a051bce1493ad1c9e913 Loading...

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC7HUHBC77U2G64PMP90&lib=ttq	3.3 kB	2023-03-13	2023-03-13
Pretty URL analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC7HUHBC77U2G64PMP90&lib=ttq IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:52 Last Seen2023-03-13 12:38:52 Times Seen1 Hash 1631e7477d860250117b3e3bd69c2605 20c7fcd0f1336a3ac490cea2f49dd486ffcada62 88439f4e8c1aa1197cb7e02b54c7ef0c83512b78eaa5e62bf6d50023b3c33be1 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-13	2023-03-13
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.34 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:55:33 Last Seen2023-03-13 14:33:50 Times Seen1 Hash 9869ed40940fff5fbbae533b74c90335 e1428d611ecc1883039167058e9e8bf1c2082a54 8b6cfa8b0b7462dae0971788ab188c8da08f386b9f0e7a428855de529ba5a012 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/971960849/?random=1675105307657&cv=11&fst=1675105307657&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4	1.8 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/971960849/?random=1675105307657&cv=11&fst=1675105307657&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:52 Last Seen2023-03-13 12:38:52 Times Seen1 Hash 634effb6f8ce068f8232817a2387a992 7422d29b41c1663bbf799976a83c5014269c1146 3169379dbb3d25346f779c063ffde8ff2ca98b9e76093a00c41b38d4a0992b11 Loading...

	orcd.co/fejl40	1.0 kB	2023-03-12	2023-03-13
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash 0cd1616ce1d6040cb0e26cbd3c9c5b41 ac33bd2eec3277dd2b7e36f1b094236d1c8113c4 834647813e81e5b5ad8f025fe1ddb136c3dbe197d9e035bb64bc69a9405bfd18 Loading...

	orcd.co/fejl40	25 kB	2023-03-13	2023-03-13
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:52 Last Seen2023-03-13 12:38:52 Times Seen1 Hash 3e659438af2a992062fe3d0251312440 d85308589b9e644806cc1b5a423f9ed52f89017b 845c8cebdf29f8276ccd51045cbf07a873583c8a8f9898f2ff20377948dee50e Loading...

	fast-cdn.ffm.to/d5b411e.modern.js	21 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/d5b411e.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:56 Times Seen1 Hash df02780b6afd5ee29e55d13fbcf20870 925eaf22d977fb96b447766fe75230122b8e22f5 70b9aa18c1a502d79dd510e0bba97fba4f6f671ed0c42759053465f530288fba Loading...

	fast-cdn.ffm.to/05ed5b9.modern.js	6.4 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/05ed5b9.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash 906de9bdb8739f58fcf6f3b720fe4719 c9598f0a72b9089b3e67263dd70378462bb25b42 86b043592f1c1bfbf2dd38568ac6b4aef7112e908560b526f5250e7a14ce7f3f Loading...

	orcd.co/fejl40	542 B	2023-03-13	2023-03-13
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:53 Last Seen2023-03-13 12:46:26 Times Seen1 Hash ed8ac93d27f43be9cc66bb1933b7441f dca0ec92b8688e2a63a7ed3548ce57ba0a97ea40 bde6ef1ba430ba8ffb8000d5658f1748123b0e27fd1957d400a42d04023e3127 Loading...

	orcd.co/fejl40	887 B	2023-03-10	2023-06-19
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:55:09 Last Seen2023-06-19 07:30:04 Times Seen3 Hash 6bc1f6cd915f216eb1c2e588350901bd 873e0f29140319e5330ee9fb19341d4c3765066e 96b0e9c12e32406cf7609dc87fafeacfd74d1a934ddf46072c357c6834bd3201 Loading...

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=BSC3AMO16HBE43RL04F0&lib=ttq	6.7 kB	2023-03-13	2023-03-13
Pretty URL analytics.tiktok.com/i18n/pixel/events.js?sdkid=BSC3AMO16HBE43RL04F0&lib=ttq IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:53 Last Seen2023-03-13 12:38:53 Times Seen1 Hash 993c01e5dd78e173be0bf297377ca339 3dcfe52170c6c91a18f5e9b3218660a541650bc4 2ec2f904a7913971aab1e9b886af2836053c3b11ec7e8a2d7f16444b23407d34 Loading...

	fast-cdn.ffm.to/53a9bc3.modern.js	26 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/53a9bc3.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash e602a58583f96797b64b6d34beb03010 3cbfa0ead84d400b07cca23697908f40b327a01d 3ff22e171f3ebc1c3cbef16c73bc69d4070fa35a3cbfc6ed8fe41f29b56e79a0 Loading...

	fast-cdn.ffm.to/9f9ef7a.modern.js	14 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/9f9ef7a.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:55 Times Seen1 Hash 2927d85352369ab30bd4e8e442dbca0f 43d45d175a263530c2709c5c2cce2a55eb9fb103 ffae432cf3d570c64dbfa3a52434f08e24413d3cd5f2123a53ee56ab394b9c03 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MGLCCKJ	206 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MGLCCKJ IP 172.217.21.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:53 Last Seen2023-03-13 12:38:53 Times Seen1 Hash 2e36bce0d4d96063247fd4998303643a d5b1614915e3f7fec78d2e9f0d082e9d1330a6a3 dba5a246863a370165703fa5cb0b2bac45df35d8a91b96e168d3ae521ca34f5d Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/992293137/?random=1675105307642&cv=11&fst=1675105307642&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4	1.8 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/992293137/?random=1675105307642&cv=11&fst=1675105307642&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:53 Last Seen2023-03-13 12:38:53 Times Seen1 Hash f23d4c52fae412126ded13fba3bf92a8 c3ed04307b9a74769a3573094b493d658bf1f244 39fa85da24319768beefe73606079c39271fb9c2ebb81afb75a2f02d896e9c65 Loading...

	www.google.com/pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-20
Pretty URL www.google.com/pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-20 17:48:03 Times Seen63949 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	fast-cdn.ffm.to/668f598.modern.js	57 kB	2023-03-12	2023-03-14
Pretty URL fast-cdn.ffm.to/668f598.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-14 10:19:02 Times Seen1 Hash b0113c9fe02b27d5bd78b3361797e2f1 428e20c2695fed32937c290a8f74b38a46e9d986 a2c94e8942d12eb07af0c672f77c8b1d423d735342f5d65099c7ecd149c3930b Loading...

	fast-cdn.ffm.to/4fece43.modern.js	12 kB	2023-03-12	2023-03-14
Pretty URL fast-cdn.ffm.to/4fece43.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-14 10:19:02 Times Seen1 Hash 8e3a4477d0db991ad7946a4ab8366b32 4e02177d8173d9c95787bf72d309a3b581de72ab a5d53b41aa22b57089ea073e496144cf057132c458c58c50bc94ea42194c4f0f Loading...

	fast-cdn.ffm.to/b6d4a34.modern.js	22 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/b6d4a34.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash 501578ff05b0799be81a8b2185ef9a15 472acd19097a2d1a950157f16f58083f638c7bbb 43dc5c63612fbddd1ff185151e0d98734483f44be3aa2f805c0200338f23205e Loading...

	fast-cdn.ffm.to/d44e0de.modern.js	8.9 kB	2023-03-12	2023-03-14
Pretty URL fast-cdn.ffm.to/d44e0de.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-14 10:19:02 Times Seen1 Hash 167ca1afb1d7b0e0006c897b03dcbbf3 21b2cb008f59b7a26893b910890f3280f43d29f2 5bfc6405a6b356259b8ac1954ec2e81c545632ff5293949ce5294720bfea691f Loading...

	www.googletagmanager.com/gtag/js?id=G-6VTRLSCR4X&l=dataLayer&cx=c	235 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-6VTRLSCR4X&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:38:53 Last Seen2023-03-13 12:38:53 Times Seen1 Hash e2124ceede7036be505cff459d7b8aa9 2a599d97e980668375fc65ce3ba2352e4ae8eeff 9a2b7b8cf0fff498733f3873653d6937f6b7e5ce563bcaea873b25cdb645f70f Loading...

	www.redditstatic.com/ads/pixel.js	23 kB	2023-03-13	2023-06-29
Pretty URL www.redditstatic.com/ads/pixel.js IP 151.101.1.140 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:44:04 Last Seen2023-06-29 12:58:50 Times Seen3944 Hash 2f8f8ed0aadaeea502f259bea040c3df 083c9973a5d73d2a72f0412ccce717250926ebe8 cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 11:27:00 Times Seen37090598 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.ads-twitter.com/uwt.js	58 kB	2023-03-08	2024-04-20
Pretty URL static.ads-twitter.com/uwt.js IP 151.101.244.157 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:46 Last Seen2024-04-20 17:48:03 Times Seen4329 Hash 32ad004436155ec972bc50e6238b5b67 9b2cdb645c2fa5b98a9d05dcdca521fed4a17b7b cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Loading...

	fast-cdn.ffm.to/d30286c.modern.js	32 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/d30286c.modern.js IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:02 Last Seen2023-03-13 14:19:55 Times Seen1 Hash d10ae3e061922a3b896db0c35fc87ba6 eb1327afb785c84af35c04c7c1ef6de7b8e3926a 399308239450f5d05406985748215f073a7b2030422837d2ca91eb3b9fe74e67 Loading...

	fast-cdn.ffm.to/850384c.modern.js	10 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/850384c.modern.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash 5582dd7d1d12926f3a6450da3d405b9d 6c62c3b8f89c40f346c94cf9cc7549eed61cc441 9c0df8c9e480a46acb916e81d55bf30c01df3dda76e40385d18c42ab84264bd7 Loading...

	fast-cdn.ffm.to/016a9b4.modern.js	6.1 kB	2023-03-12	2023-03-13
Pretty URL fast-cdn.ffm.to/016a9b4.modern.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 20:41:45 Last Seen2023-03-13 13:16:56 Times Seen1 Hash f6b6977e9dd0257bc4c85305d946aebe fba147bf326b8f5c66b476d25660cb46ae1bddf1 a16cbc19e7b3b49d0453c7b4c41a30890ee899d022af8c16507889832668017b Loading...

	orcd.co/fejl40	887 B	2023-03-10	2023-06-19
Pretty URL orcd.co/fejl40 IP 54.149.145.153 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:55:09 Last Seen2023-06-19 07:30:04 Times Seen3 Hash 92ee31a212021195130b9a25f3aeca61 b7f414302769aaf5f6a045a74a012b36e5e27d17 ae4c0d6844dd20093b089818908eb7a68d5d432ac6ed4f30159b2c5bfca5bf03 Loading...

HTTP Transactions (99)

	URL	IP	Response	Size
	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash d2e72d45afe3d391c204b5391599607c 149d68b9d00a720b6f380fa2324779dca9dbe26d f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4599 Expires: Mon, 30 Jan 2023 20:18:11 GMT Date: Mon, 30 Jan 2023 19:01:32 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 0c35c3ec659d3a26ea97e68d787bb043 d97e3672244efec5b7814f2d8a734cd1a9387854 4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=17047 Expires: Mon, 30 Jan 2023 23:45:39 GMT Date: Mon, 30 Jan 2023 19:01:32 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 302c7548412192add063ad6c8b99cf3b e5d178931a27db036ce8daae302594d3ff7050b8 fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D" Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=18346 Expires: Tue, 31 Jan 2023 00:07:18 GMT Date: Mon, 30 Jan 2023 19:01:32 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 B (939 bytes) Hash dcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459 HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Mon, 30 Jan 2023 18:43:12 GMT content-type: application/json age: 1100 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain	34.160.144.191	200 OK	5.3 kB
URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP 34.160.144.191:0 ASN #15169 GOOGLE File type PEM certificate\012- , ASCII text Size 5.3 kB (5348 bytes) Hash 7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK x-amz-id-2: em1hcM99gPsbm+VZN5cOOfYbRhRyxfSgT2474ekcsec3YPp7zQRokyhZhwiyc5ABPxYT9h3iAM0= x-amz-request-id: JHTCH22Y6S8D2D83 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Mon, 30 Jan 2023 18:21:54 GMT age: 2378 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2`

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12 B
URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with no line terminators Size 12 B (12 bytes) Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Mon, 30 Jan 2023 19:01:32 GMT content-type: application/json content-length: 12 access-control-allow-credentials: true access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	orcd.co/fejl40	54.149.145.153	308 Permanent Redirect	177 B
URL HTTP/1.1 orcd.co/fejl40 IP 54.149.145.153:0 ASN #16509 AMAZON-02 File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size 177 B (177 bytes) Hash 18c5383e2ad3240bfbb048bc7e49d1c1 0311daa1f37353d5ec20273650944c3e45cba853 6fcf110ca8fcb6ae4484690ccb1e0dfc2485e66562328cbcdcbfc9df45206d3e HTTP Headers `GET /fejl40 HTTP/1.1 Host: orcd.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1` `HTTP/1.1 308 Permanent Redirect Server: openresty/1.15.8.1 Date: Mon, 30 Jan 2023 19:01:32 GMT Content-Type: text/html Content-Length: 177 Connection: keep-alive Location: https://orcd.co/fejl40`

	firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US	35.241.9.150	200 OK	329 B
URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP 35.241.9.150:0 ASN #15169 GOOGLE File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size 329 B (329 bytes) Hash 0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 HTTP Headers `GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Mon, 30 Jan 2023 18:41:41 GMT age: 1192 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" content-type: application/json cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 5405b1b034291f3f698e79c9c6d3d3d2 305339938a32c4b5dae4abcf39fccf8f5fb2cf21 ab98b43f92b6cdaf06f9de3f036c6ff5773d0194fd57f9309f2e1e0a3ecc28c1 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "AB98B43F92B6CDAF06F9DE3F036C6FF5773D0194FD57F9309F2E1E0A3ECC28C1" Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15861 Expires: Mon, 30 Jan 2023 23:25:54 GMT Date: Mon, 30 Jan 2023 19:01:33 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a 86f640e134a741a0f906a8e3a0f5c6659dd0e394 a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E" Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14802 Expires: Mon, 30 Jan 2023 23:08:15 GMT Date: Mon, 30 Jan 2023 19:01:33 GMT Connection: keep-alive`

	push.services.mozilla.com/	54.149.51.98	101 Switching Protocols	0 B
URL HTTP/1.1 push.services.mozilla.com/ IP 54.149.51.98:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: SGRfTU8vdh5Sf/e+nn2kqg== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket `HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: m6wAGMbqw98Kl9bZd/Vt0cYhxkE=`

	cloudinary-cdn.ffm.to/s--uf3wpRWG--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_amazon.png	54.230.111.124	200 OK	3.1 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--uf3wpRWG--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_amazon.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 3.1 kB (3138 bytes) Hash 8005ec5c70a1a86dede351b7ad2d9011 15499b77355af41c307bfb3b70610d3724c1f214 a298039ca49310380f999065ec9986340388a97192806aa8e395ef18e484d554 HTTP Headers `GET /s--uf3wpRWG--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_amazon.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: image/webp content-length: 3138 content-disposition: inline; filename="music-service_amazon.webp" last-modified: Mon, 01 Nov 2021 00:11:36 GMT strict-transport-security: max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options date: Sat, 28 Jan 2023 00:41:17 GMT cache-control: public, no-transform, immutable, max-age=604800 etag: "8005ec5c70a1a86dede351b7ad2d9011" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 34slWuZ7SjgcFY_GMzS7CxjkVSJIAuQTjAxOGnGrhNwyXI0_7OLJYg== age: 238816 X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--wJHSivtl--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_tidal.png	54.230.111.124	200 OK	4.5 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--wJHSivtl--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_tidal.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 4.5 kB (4530 bytes) Hash 4574b1be5469e4280c3ffafcb04f6eeb 91521006193e6e76ad705cfebd629f5e75402d32 a05af27187cec434d6adbc5b7489d0d073cce15b0fc374b4e8365596c8fd4d0f HTTP Headers `GET /s--wJHSivtl--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_tidal.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: image/webp content-length: 4530 content-disposition: inline; filename="music-service_tidal.webp" last-modified: Mon, 01 Nov 2021 00:11:37 GMT strict-transport-security: max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options date: Thu, 26 Jan 2023 03:15:48 GMT cache-control: public, no-transform, immutable, max-age=604800 etag: "4574b1be5469e4280c3ffafcb04f6eeb" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: f6g9Z5TnWqKJE5w092Ba_q-Yx2e21G6V1CCetHn7xGVjBlULD5QkNw== age: 402345 X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--LpZFcfe0--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_applemusic_listen.png	54.230.111.124	200 OK	3.8 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--LpZFcfe0--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_applemusic_listen.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 3.8 kB (3760 bytes) Hash cf7872a715b204eaaae3bd6587935b09 c1538affb361eb00d7eba230de63d800d1dafc4c f0edd93908f2e5d4f0721774bf5f4c66996f2f6ce7b16490b98f486674795007 HTTP Headers `GET /s--LpZFcfe0--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_applemusic_listen.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: image/webp content-length: 3760 content-disposition: inline; filename="music-service_applemusic_listen.webp" etag: "cf7872a715b204eaaae3bd6587935b09" last-modified: Thu, 20 Jan 2022 17:36:07 GMT date: Tue, 24 Jan 2023 06:56:27 GMT strict-transport-security: max-age=604800 cache-control: public, no-transform, immutable, max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: _8xxtKZF4DxVVNDLNDiCt7HfLRPsG8AgEXYS13Q1Ep44Wo29osAApA== age: 561906 X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--e_GXTT_B--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_spotify.png	54.230.111.124	200 OK	4.2 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--e_GXTT_B--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_spotify.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 4.2 kB (4202 bytes) Hash 044598182cc6532d4a9cd5e5251a085a 6aa6758c6cae3a9185da995765c3b441a6d2f16e 435e91822f3cbfa88f6d400a4a292ce0261221c52efd3407aa5e8fa9bd95c684 HTTP Headers `GET /s--e_GXTT_B--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_spotify.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: image/webp content-length: 4202 content-disposition: inline; filename="music-service_spotify.webp" etag: "044598182cc6532d4a9cd5e5251a085a" last-modified: Mon, 01 Nov 2021 00:11:36 GMT date: Tue, 24 Jan 2023 06:36:52 GMT strict-transport-security: max-age=604800 cache-control: public, no-transform, immutable, max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 2sb5RjnASxI8Mhn1nKS9asP7COrS5h5g8L3tms1pk2fm03DMim8dYg== age: 563081 X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--40s9zDd5--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_itunes.png	54.230.111.124	200 OK	2.0 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--40s9zDd5--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_itunes.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 2.0 kB (1976 bytes) Hash 1c9777fde10b9654f2c13b587c54675e 0790e6ed53cdea00f3deb66a46b76a5ff02def84 ff4614f63d59af625ed6c218558edb5505d8840470c5e1f61f5c01974c8feeb9 HTTP Headers `GET /s--40s9zDd5--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_itunes.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: image/webp content-length: 1976 content-disposition: inline; filename="music-service_itunes.webp" last-modified: Mon, 01 Nov 2021 00:11:36 GMT strict-transport-security: max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options date: Sun, 29 Jan 2023 03:55:39 GMT cache-control: public, no-transform, immutable, max-age=604800 etag: "1c9777fde10b9654f2c13b587c54675e" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: RceVzidD6rfrVaGn7zDexvyaOi3QwLepzuJ1Krffp0Erqpv6eGF9Eg== age: 140754 X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--BuOsZiLg--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_deezer.png	54.230.111.124	200 OK	2.2 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--BuOsZiLg--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_deezer.png IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image\012- data Size 2.2 kB (2156 bytes) Hash 384e664e3d0c1c076e8e5bb85195c454 5d16e05c7b3e0e7c48d660d4b809cc10bcbd56d5 cc7ff09e6bb13be3504bd037eb11a8463c91d48cbb5f419c596a0855f902bfcf HTTP Headers `GET /s--BuOsZiLg--/h_64,c_scale/f_webp/https%3A%2F%2Fassets.ffm.to%2Fimages%2Flogo%2Fmusic-service_deezer.png HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: image/webp content-length: 2156 content-disposition: inline; filename="music-service_deezer.webp" last-modified: Mon, 01 Nov 2021 16:56:13 GMT strict-transport-security: max-age=604800 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options date: Sun, 29 Jan 2023 00:45:39 GMT cache-control: public, no-transform, immutable, max-age=604800 etag: "384e664e3d0c1c076e8e5bb85195c454" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 8phZSpfPOR3RLy3dx1mqlh34rIrlUDwEXwx035DUBF6A5vACohfcjQ== age: 152154 X-Firefox-Spdy: h2

	ocsp.sca1b.amazontrust.com/	54.230.245.110	200 OK	471 B
URL HTTP/1.1 ocsp.sca1b.amazontrust.com/ IP 54.230.245.110:0 ASN #16509 AMAZON-02 File type data Size 471 B (471 bytes) Hash d6226c92d5ee80e38137c00b85839733 231e2512de14d75324412117a0f01b3077316673 5e76b181800be122b78b3b55a28ce81871f86a3bc050f39388b79d33c6da6ddd HTTP Headers `POST / HTTP/1.1 Host: ocsp.sca1b.amazontrust.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Content-Length: 471 Connection: keep-alive Accept-Ranges: bytes Cache-Control: 'max-age=158059' Date: Mon, 30 Jan 2023 19:01:33 GMT Etag: "63d7410d-1d7" Last-Modified: Mon, 30 Jan 2023 18:19:20 GMT Server: ECS (dcb/7ECA) X-Cache: Miss from cloudfront Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: xYSY-WLVapN3oUwCFRFIPy6iO4_P_ATVCGEPifDajIGpJfNOP3FYTQ== Age: 2533`

	cloudinary-cdn.ffm.to/s--mS3DPaeK--/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg	54.230.111.124	200 OK	120 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--mS3DPaeK--/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1000x1000, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 120 kB (120094 bytes) Hash 8d0d5aff6ad6766f71dd07a6ad57aa92 6d862af8c6d578c5db25cee768dc72f7ea9a576e 83a406e2cef0f5f66be4ed1e4268ba274877e71cf87ec00c536255a1d7fcf5e9 HTTP Headers `GET /s--mS3DPaeK--/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: image/webp content-length: 120094 content-disposition: inline; filename="99699a7b0558d4029957f6553f6bcf28.webp" etag: "8d0d5aff6ad6766f71dd07a6ad57aa92" last-modified: Fri, 18 Nov 2022 11:54:36 GMT date: Mon, 30 Jan 2023 19:01:33 GMT strict-transport-security: max-age=604800 cache-control: public, no-transform, immutable, max-age=604800 server-timing: fastly;dur=3;cpu=0;start=2023-01-30T19:01:33.854Z;desc=hit,rtt;dur=1 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options x-cache: Miss from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: pxv2P9pEAWMw-KiW3huWcfILL9hPU3nKKZcT0R2Pdl9Y7nqEkW1UMQ== X-Firefox-Spdy: h2

	cloudinary-cdn.ffm.to/s--hmzjJIqX--/w_424,h_424,c_lfill/c_scale,fl_relative,w_1.1/e_blur_region:800/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg	54.230.111.124	200 OK	3.8 kB
URL HTTP/2 cloudinary-cdn.ffm.to/s--hmzjJIqX--/w_424,h_424,c_lfill/c_scale,fl_relative,w_1.1/e_blur_region:800/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg IP 54.230.111.124:0 ASN #16509 AMAZON-02 File type RIFF (little-endian) data, Web/P image, VP8 encoding, 466x466, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 3.8 kB (3778 bytes) Hash 10a79308e39f2aff0f2bf30da13baab6 cb3b1769132e9e2bde158a89ca93975952a4cbdb 21c8abdc0b7a3c4088209bd349461faad3734ce6a916b48c88d8af1f5afabbe1 HTTP Headers GET /s--hmzjJIqX--/w_424,h_424,c_lfill/c_scale,fl_relative,w_1.1/e_blur_region:800/f_webp/https%3A%2F%2Fimagestore.ffm.to%2Flink%2F99699a7b0558d4029957f6553f6bcf28.jpeg HTTP/1.1 Host: cloudinary-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK content-type: image/webp content-length: 3778 content-disposition: inline; filename="99699a7b0558d4029957f6553f6bcf28.webp" etag: "10a79308e39f2aff0f2bf30da13baab6" last-modified: Fri, 18 Nov 2022 11:54:36 GMT date: Mon, 30 Jan 2023 19:01:33 GMT strict-transport-security: max-age=604800 cache-control: public, no-transform, immutable, max-age=604800 server-timing: fastly;dur=5;cpu=1;start=2023-01-30T19:01:33.917Z;desc=hit,rtt;dur=1 server: Cloudinary timing-allow-origin: * access-control-allow-origin: * accept-ranges: bytes x-content-type-options: nosniff access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,X-Content-Type-Options x-cache: Miss from cloudfront via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: sLKp08tHIF7_2cVZMGAsVBNXfX0qgrquv13ugfZIkoa2Z6wJLLfDsQ== X-Firefox-Spdy: h2

	fast-cdn.ffm.to/b6d4a34.modern.js	54.230.111.129	200 OK	6.6 kB
URL HTTP/2 fast-cdn.ffm.to/b6d4a34.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 6.6 kB (6572 bytes) Hash a2dd6d7c51173ab144ce9564060c8cfb 13b0ce55860f6e376f7487b02ffe248cf2982d21 b42ad16910c5428ffc0bb8fdb3ac5d51360d4a6311f24c03474834236d7ca5ac HTTP Headers `GET /b6d4a34.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Sat, 21 Jan 2023 01:25:11 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"549c-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: vWBNvt5BtRdIbLhd5MN4AO4UreVmuozIRcyB_xFxrvasYjE0loawJA== age: 840983 X-Firefox-Spdy: h2

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash 8bd257053b3c801a62da8f829616d846 06c555c649631e5e86e20d7b3a59e0e0d2470f43 d88fc1d52fe9b1d8527abd66b2c24b565dbc4ec6f3eb7c3b68e6112942ed812d HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D88FC1D52FE9B1D8527ABD66B2C24B565DBC4EC6F3EB7C3B68E6112942ED812D" Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6366 Expires: Mon, 30 Jan 2023 20:47:40 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	fast-cdn.ffm.to/d44e0de.modern.js	54.230.111.129	200 OK	2.9 kB
URL HTTP/2 fast-cdn.ffm.to/d44e0de.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 2.9 kB (2913 bytes) Hash 845d68bf579b6f271f2667f610c2bcf1 ef4b5637b3892e3b6c9125d778ae98e338bc48af bab63d733440bb7ff182cf28b1e84142c4fa00dd6e64b3b00d0fe5f3ccce0a9f HTTP Headers `GET /d44e0de.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Mon, 16 Jan 2023 07:25:48 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"22d8-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: Dt5EyL2v7S63IxEHIF0anhvXAHL9If_wE4u0oFCls326GwBKgLI4GQ== age: 1251346 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtm.js?id=GTM-MGLCCKJ	172.217.21.168	200 OK	73 kB
URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MGLCCKJ IP 172.217.21.168:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (7942) Size 73 kB (73370 bytes) Hash a2eb26ef596e850d14bd224932d66310 83994790d0dbc0f027d9569da5430950a4d6532d ee6bf0fa051ecaa0370f265b384934072c21af2864bf596c68424d0119e8b058 HTTP Headers `GET /gtm.js?id=GTM-MGLCCKJ HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Mon, 30 Jan 2023 19:01:34 GMT expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: private, max-age=900 last-modified: Mon, 30 Jan 2023 18:25:37 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 73370 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash ba2ca6af7b23ce2e11aa4f9d86e66269 212aef55d64b6add292dcf6241b16e7c93d1bae2 f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fast-cdn.ffm.to/5b9acec.modern.js	54.230.111.129	200 OK	82 kB
URL HTTP/2 fast-cdn.ffm.to/5b9acec.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 82 kB (82446 bytes) Hash 6264a4ab7a543f39a5bf320b42dfc6b5 18b736b5d3604ddfc45df204164f44f7baa2d54e 1d1d9bba3c2c2a321599c179029e7abbf3ed31bdc0d7c2ec52ddc1c00857bc0e HTTP Headers `GET /5b9acec.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Fri, 20 Jan 2023 02:24:10 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"c36-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: nB-1LZs9P7h1SHKW79Z7rXWT-isHxKqMqZRO4RCPqRZUf7SNwjf4rA== age: 923844 X-Firefox-Spdy: h2

	www.redditstatic.com/ads/pixel.js	151.101.1.140	200 OK	7.4 kB
URL HTTP/2 www.redditstatic.com/ads/pixel.js IP 151.101.1.140:0 ASN #54113 FASTLY File type ASCII text, with very long lines (23347) Size 7.4 kB (7356 bytes) Hash 03d5db9dfd00a5719bb4c9261e6fa1bb be9899225f59b4d3ef6fefcf0e66b72568353a94 e90f19642062e4311b58ede732592e8f29b7799661086a0bbfc68e259fd81398 HTTP Headers `GET /ads/pixel.js HTTP/1.1 Host: www.redditstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK last-modified: Mon, 23 Jan 2023 21:56:14 GMT etag: "03d5db9dfd00a5719bb4c9261e6fa1bb" cache-control: public, max-age=60 content-encoding: gzip content-type: application/javascript via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Mon, 30 Jan 2023 19:01:34 GMT vary: Accept-Encoding,Origin server: snooserv report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]} nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-length: 7356 X-Firefox-Spdy: h2

	api.ffm.to/sl/e/i/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0	52.42.154.92	200 OK	35 B
URL HTTP/2 api.ffm.to/sl/e/i/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 IP 52.42.154.92:0 ASN #16509 AMAZON-02 File type GIF image data, version 89a, 1 x 1\012- data Size 35 B (35 bytes) Hash c2196de8ba412c60c22ab491af7b1409 5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 HTTP Headers GET /sl/e/i/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 HTTP/1.1 Host: api.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:34 GMT content-type: image/gif content-length: 35 x-powered-by: Express vary: Origin access-control-allow-credentials: true cache-control: public, max-age=0 etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis" strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	api.ffm.to/sl/e/r/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0	52.42.154.92	200 OK	35 B
URL HTTP/2 api.ffm.to/sl/e/r/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 IP 52.42.154.92:0 ASN #16509 AMAZON-02 File type GIF image data, version 89a, 1 x 1\012- data Size 35 B (35 bytes) Hash c2196de8ba412c60c22ab491af7b1409 5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 HTTP Headers GET /sl/e/r/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 HTTP/1.1 Host: api.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:34 GMT content-type: image/gif content-length: 35 x-powered-by: Express vary: Origin access-control-allow-credentials: true cache-control: public, max-age=0 etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis" strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	api.ffm.to/sl/e/v/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0	52.42.154.92	200 OK	35 B
URL HTTP/2 api.ffm.to/sl/e/v/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 IP 52.42.154.92:0 ASN #16509 AMAZON-02 File type GIF image data, version 89a, 1 x 1\012- data Size 35 B (35 bytes) Hash c2196de8ba412c60c22ab491af7b1409 5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 HTTP Headers GET /sl/e/v/fejl40?cd=eyJ1YSI6eyJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwiYnJvd3NlciI6eyJuYW1lIjoiRmlyZWZveCIsInZlcnNpb24iOiIxMDUuMCIsIm1ham9yIjoiMTA1In0sImVuZ2luZSI6eyJuYW1lIjoiR2Vja28iLCJ2ZXJzaW9uIjoiMTA1LjAifSwib3MiOnsibmFtZSI6IldpbmRvd3MiLCJ2ZXJzaW9uIjoiMTAifSwiZGV2aWNlIjp7fSwiY3B1Ijp7ImFyY2hpdGVjdHVyZSI6ImFtZDY0In19LCJjbGllbnQiOnsicmlkIjoiYzQzNTJhOTQtZDlmNy00MGUyLWFhNjUtMDJhNDA5NjI3ZGY1Iiwic2lkIjoiMjgyODI3NDgtNDExMy00YWM3LTk4ZGItMDFmODY3NDA0ZmRjIiwiaXAiOiI5MS45MC40Mi4xNTQiLCJyZWYiOiIiLCJob3N0Ijoib3JjZC5jbyIsImxhbmciOiJlbi1VUyIsImlwQ291bnRyeSI6Ik5PIn0sImlzV2VicFN1cHBvcnRlZCI6dHJ1ZSwiaXNGcm9tRVUiOmZhbHNlLCJjb3VudHJ5Q29kZSI6Ik5PIiwidXNlQWZmIjoib3JpZ2luIiwiaWQiOiI2MzVhOTFmZjM0MDAwMDEwMDAwOTE3NzEiLCJ0em8iOi0xMjAsImNoIjpudWxsLCJhbiI6bnVsbCwiZGVzdFVybCI6InVwYzoxOTcxODcwMjQyMTY_Y3Q9RkZNX2UxZDAzNWQ2NjAyZDZlZGM4NTMyZWEyMzE0Y2EyMWY2JmxzPTEmYXQ9MTAwMGxOQ1MiLCJ2aWQiOiI0M2YyYmJlMy0xNTIzLTQ0MzYtYjQyOS1jMDkzOWQ4MDczNzMiLCJzcnZjIjpudWxsLCJwcm9kdWN0Ijoic21hcnRsaW5rIiwic2hvcnRJZCI6ImZlamw0MCIsImlzQXV0aG9yaXphdGlvblJlcXVpcmVkIjpmYWxzZSwib3duZXIiOiI2MzU5MWJjMTI2MDAwMDJjMDBiNTU5NWQiLCJ0ZW5hbnQiOiI1YmQ5ZTM0MDc4ZjRmMDNmYTcyYTlmYjEiLCJhciI6IjYyNGVhMjIxMmQwMDAwYjc2Y2Q3ODBhNiIsImlzU2hvcnRMaW5rIjpmYWxzZX0 HTTP/1.1 Host: api.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:34 GMT content-type: image/gif content-length: 35 x-powered-by: Express vary: Origin access-control-allow-credentials: true cache-control: public, max-age=0 etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis" strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=BSC3AMO16HBE43RL04F0&lib=ttq	23.36.79.32	200 OK	1.6 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=BSC3AMO16HBE43RL04F0&lib=ttq IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (6173) Size 1.6 kB (1550 bytes) Hash 922e0d37cfb2fe085d3b0007cc9e54f4 9c5a444ae387510fd1a2f3b84f9c397a39168d12 5617445ecc26ba99ae23d42c2e2f37288f6a3a3481433f63d5c4063408f2c8c6 HTTP Headers `GET /i18n/pixel/events.js?sdkid=BSC3AMO16HBE43RL04F0&lib=ttq HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 x-tt-logid: 2023013019013480AE477272E6BE8DC2E1 x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60787dee798e7afc9c5500f386c65d6ca158668faafb2de8fae4fbd0e6bb1f48e702f388521a785359e49507d121d0ce779363c65ab0b51fb21966a18405b0e9c69d47db7fdd56d8f19e366b24a8a4248e content-encoding: gzip expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 1550 x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding set-cookie: _ttp=2L3ggwBwRe6k9eupuybyXwyNsTt; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=105 x-origin-response-time: 105,23.36.79.28 x-akamai-request-id: 5b4d26be X-Firefox-Spdy: h2

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC7HUHBC77U2G64PMP90&lib=ttq	23.36.79.32	200 OK	1.3 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC7HUHBC77U2G64PMP90&lib=ttq IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (2741) Size 1.3 kB (1349 bytes) Hash 7f71f105153eab773426655a08499141 1613105206cddee64fc25d36b08d05b6da635787 da46267610e81a21ac8aab721ee4549f0879bb21e4c732ad3b657698dcfcd5e1 HTTP Headers `GET /i18n/pixel/events.js?sdkid=CC7HUHBC77U2G64PMP90&lib=ttq HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 x-tt-logid: 20230130190134C6F1F61FC576A97D12DD x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60787dee798e7afc9c5500f386c65d6ca16bacaab748040882dc7f0918665c1c0d09781dda13ca45fafc04fe8958c608622da3fa01df7d37f6105814b2ffb38f4351f64e6cd96dfafd10a35b1135f7b54c content-encoding: gzip expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 1349 x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding set-cookie: _ttp=2L3gguasbW8AiG8cJfq1rEJjPos; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=100 x-origin-response-time: 100,23.36.79.28 x-akamai-request-id: 5b4d26f1 X-Firefox-Spdy: h2

	analytics.tiktok.com/i18n/pixel/events.js?sdkid=CDIHSBBC77U5MH0KCOL0&lib=ttq	23.36.79.32	200 OK	1.4 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CDIHSBBC77U5MH0KCOL0&lib=ttq IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (3228) Size 1.4 kB (1439 bytes) Hash ab01549927b7c0be0e24f36875dc3ebe 6b49dff213d34c7836f48d8294b6c2f7000e7feb d43da4b61be31b2613606ca39fec0481cfc8cd43864e550e013f3c4c72b1f327 HTTP Headers `GET /i18n/pixel/events.js?sdkid=CDIHSBBC77U5MH0KCOL0&lib=ttq HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 x-tt-logid: 20230130190134CF5EBD5C60DA77B77001 x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60787dee798e7afc9c5500f386c65d6ca1a2c14dfef804779df4040f30358c65a15075431a2ad2b9f57a3e13ac16976b04bdc2ecfc1a0ab675d10720df76b7ed4601dede0431513a2ff72e5001dec2c247 content-encoding: gzip expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 1439 x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding set-cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=97 x-origin-response-time: 97,23.36.79.28 x-akamai-request-id: 5b4d26ac X-Firefox-Spdy: h2

	analytics.tiktok.com/i18n/pixel/static/main.MWE2YWY2YTgzMA.js	23.36.79.32	200 OK	69 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/main.MWE2YWY2YTgzMA.js IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (21891) Size 69 kB (68605 bytes) Hash 09e9bdc02bd94387901641c0b3a1f8f0 7bf30498ae27e11f7fc60b438b090f15b67ca113 d8f79f755ae4e42d98623589e5e6420342ce199553a3b7b7713caaaec65117e9 HTTP Headers `GET /i18n/pixel/static/main.MWE2YWY2YTgzMA.js HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggwBwRe6k9eupuybyXwyNsTt Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 cache-control: public, max-age=31536000, immutable x-tt-logid: 2023011217582238FCAA3D419588756972 x-tt-trace-host: 01e57b2566233939c0b7a614d728f3c137bda4b6e8ffed077a25e96861feda11fa551f058721a274fc4605886b55ca626730a56b385a942b4129028dfc561d0b618d751524aad0a4ae27ef533e55d2e8e40a3ad2aaa7ba995375ace641e8e6ae3a content-encoding: gzip date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 68605 x-cache: TCP_MEM_HIT from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding x-tt-trace-tag: id=16;cdn-cache=hit;type=static server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4 x-akamai-request-id: 5b4d28a3 X-Firefox-Spdy: h2

	analytics.tiktok.com/i18n/pixel/static/identify_c4832.js	23.36.79.32	200 OK	31 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/identify_c4832.js IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (65536), with no line terminators Size 31 kB (30917 bytes) Hash 85bd96a56a6a7f09e3e7dadc7980152e 37590c595abeb315046a293a9e53632ae2128ac4 c27be18eef006f48310fb2b0c456d6bcb1f3b0298dcb6e580724923323cb48a7 HTTP Headers `GET /i18n/pixel/static/identify_c4832.js HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 cache-control: public, max-age=31536000, immutable x-tt-logid: 20230112175825D19F86481431D6BBCCFF x-tt-trace-host: 012b38305f60bfa8a9f04bdd846fde846b507e69fff233d9a114d447ebe9f93c0f827e6bc0806bd5a24cf0439744099e1e4bba0637571d8edb56c6009f69fe5018b8e38bd5b93708ee64c377fa97874d18ceefbea8a477a7fa2bec40c3b56c69b1 content-encoding: gzip date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 30917 x-cache: TCP_MEM_HIT from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding x-tt-trace-tag: id=16;cdn-cache=hit;type=static server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3 x-akamai-request-id: 5b4d2a34 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 2aeb375d07c6797557862a1e95e25902 8d9a4232f162756acee686c8bc130f96b9800889 80b36ee610a970ba64d36a42cfb9ee93f44c1eea03b7da2257f5a85e68055bf8 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fast-cdn.ffm.to/d5b411e.modern.js	54.230.111.129	200 OK	7.7 kB
URL HTTP/2 fast-cdn.ffm.to/d5b411e.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 7.7 kB (7700 bytes) Hash 8c7a4b5cdccf3a96d9f1e1f9ff3a42d2 de144a044bbb9e6178f25d7457b3d0ef4fba2ef5 0f6cf484c3057686800573a482048217544d5867ffcfd8bc049a18f062152297 HTTP Headers `GET /d5b411e.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Sun, 22 Jan 2023 20:28:25 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"518e-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: VDHLfsYeXw1xErJIp3z6Lh1Wedwv95LMFKc9w1pI5yM-Lfas0P_Ykw== age: 685988 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash e9eba61fbe87bc53d60d0fdd1ba6adb4 8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07 9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash b67335a8e235eacf68e4b7f98cc5dc40 887a9b34cf2ba9371bbe8c93e362c174668cf812 1ad2f6328af6d819acd85f4e4646afcafd945e17e555d5eeb54244db83cd48fa HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash e9eba61fbe87bc53d60d0fdd1ba6adb4 8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07 9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash e9eba61fbe87bc53d60d0fdd1ba6adb4 8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07 9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 73d6f94eec5f7bf78dc11951011af215 2d7941713a82a83c174bf782b618a6f86a8ab2d7 9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.googleadservices.com/pagead/conversion_async.js	142.250.74.34	200 OK	15 kB
URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.34:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (1654) Size 15 kB (15164 bytes) Hash 22eaa6491556c40c984bed61ff9892b5 253ec7921f896fab2d49656208b10d2a227c82de f690af44bc7bb9724442c2f52648ce1c8365cc6010cc0af574f5e0dcddf7ee7f HTTP Headers `GET /pagead/conversion_async.js HTTP/1.1 Host: www.googleadservices.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin vary: Accept-Encoding date: Mon, 30 Jan 2023 19:01:34 GMT expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: private, max-age=3600 content-type: text/javascript; charset=UTF-8 etag: 8608601048380966470 x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: br server: cafe content-length: 15164 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	analytics.tiktok.com/i18n/pixel/static/main.MWE2YWY2YTgzMQ.js	23.36.79.32	200 OK	28 kB
URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/main.MWE2YWY2YTgzMQ.js IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type ASCII text, with very long lines (64348) Size 28 kB (27815 bytes) Hash 541db4f3f0ba067bfb58cdac34cb86f4 20e6883f068568888ce37c6b9ef8f5d12be257c0 83898f3b2da2a11996d2eb3a5115ef301255030fdf231b8bf7971916769bc7be HTTP Headers `GET /i18n/pixel/static/main.MWE2YWY2YTgzMQ.js HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=UTF-8 cache-control: public, max-age=31536000, immutable x-tt-logid: 20230112175829D91E25D7003EA9A803DC x-tt-trace-host: 01f6175df718ab226765794aaab21df67154f0b53b7f693af896ad93db0deb0ef832d63bb31438f0c5e0aa4878e941bb88c0976593910f5ab417b5ca255605e18e5e0fd52686d843afbd593b8bd0d366fe4ffb20082da9c196e6db1f01a9ce8992 content-encoding: gzip date: Mon, 30 Jan 2023 19:01:34 GMT content-length: 70411 x-cache: TCP_MEM_HIT from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) vary: Accept-Encoding x-tt-trace-tag: id=16;cdn-cache=hit;type=static server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3 x-akamai-request-id: 5b4d28c3 X-Firefox-Spdy: h2

	www.google.com/pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	142.250.74.164	302 Found	63 B
URL HTTP/2 www.google.com/pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.164:0 ASN #15169 GOOGLE File type ASCII text, with no line terminators Size 63 B (63 bytes) Hash 0339f8f57d1bf75003db591e28957e45 ae2286e497c9f76a02cb40c40a674b73bd293b76 609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26 HTTP Headers GET /pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 302 Found p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate location: https://www.google.no/pagead/1p-conversion/971960849/?random=1675105307649&cv=11&fst=1675105307649&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&label=GXZmCITJkIwCEJHku88D&hn=www.google.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&value=0&bttype=purchase&auid=180941151.1675105308&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 content-type: text/javascript; charset=UTF-8 content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip server: cafe content-length: 63 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	static.ads-twitter.com/uwt.js	151.101.244.157	200 OK	15 kB
URL HTTP/2 static.ads-twitter.com/uwt.js IP 151.101.244.157:0 ASN #54113 FASTLY File type ASCII text, with very long lines (57596), with no line terminators Size 15 kB (15375 bytes) Hash 573e6a7f86f6f3063763360ef0672c01 b12eab3b4ac8872d49ac6e15f9cd17741765c0cf 02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7 HTTP Headers `GET /uwt.js HTTP/1.1 Host: static.ads-twitter.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK last-modified: Thu, 27 Oct 2022 18:55:37 GMT cache-control: no-cache content-type: application/javascript; charset=utf-8 content-encoding: gzip etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip" accept-ranges: bytes date: Mon, 30 Jan 2023 19:01:34 GMT x-served-by: cache-iad-kjyo7100147-IAD, cache-hel1410024-HEL x-cache: HIT, HIT vary: Accept-Encoding,Host p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn: FT content-length: 15375 X-Firefox-Spdy: h2

	googleads.g.doubleclick.net/pagead/viewthroughconversion/971960849/?random=1675105307657&cv=11&fst=1675105307657&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4	142.250.74.98	200 OK	860 B
URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/971960849/?random=1675105307657&cv=11&fst=1675105307657&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 IP 142.250.74.98:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (1779), with no line terminators Size 860 B (860 bytes) Hash 2f6baf2c9ffbd7491f1d4d73eb6f3cb0 465687e49bb5063da77cdcae127c022a92f96daf b1f472949002fd64cf8ef071a18bf655e61e6f4b0fb10c8687a55619076d2c85 HTTP Headers GET /pagead/viewthroughconversion/971960849/?random=1675105307657&cv=11&fst=1675105307657&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 HTTP/1.1 Host: googleads.g.doubleclick.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate content-type: text/javascript; charset=UTF-8 x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: br server: cafe content-length: 860 x-xss-protection: 0 set-cookie: test_cookie=CheckForPermission; expires=Mon, 30-Jan-2023 19:16:34 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/68a8224.modern.js	54.230.111.129	200 OK	78 kB
URL HTTP/2 fast-cdn.ffm.to/68a8224.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 78 kB (78207 bytes) Hash fad45ea2a5fada8fda6f3f57bfed8a89 8aa9f509577ca46039e6e0d187e5250c5d159a0c ee84f7908c00c207b16f823fad9db4d800151ff56d643ffadc2053eecdfd043d HTTP Headers `GET /68a8224.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 10 Jan 2023 10:07:47 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"37e6c-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: X3oUkGaopBapo3MGd5DKgpn0dIiPCXMzPI00ry62CcVA9ob4L8XKJg== age: 1760026 X-Firefox-Spdy: h2

	www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1&z=1541101326	142.250.74.163	200 OK	42 B
URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1&z=1541101326 IP 142.250.74.163:0 ASN #15169 GOOGLE File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers `GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1&z=1541101326 HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: image/gif x-content-type-options: nosniff server: cafe content-length: 42 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	googleads.g.doubleclick.net/pagead/viewthroughconversion/992293137/?random=1675105307642&cv=11&fst=1675105307642&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4	142.250.74.98	200 OK	862 B
URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/992293137/?random=1675105307642&cv=11&fst=1675105307642&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 IP 142.250.74.98:0 ASN #15169 GOOGLE File type ASCII text, with very long lines (1781), with no line terminators Size 862 B (862 bytes) Hash 554c7bb24454855ec3769b2563147a0e b243f113ed52ae55aa8f2d8c6453cf77d9281f0c 7c2e53ceffc3ec7d9bdc46ad76b87c936ba9a330adf6c4b104a58ce38d76fcee HTTP Headers GET /pagead/viewthroughconversion/992293137/?random=1675105307642&cv=11&fst=1675105307642&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&auid=180941151.1675105308&rfmt=3&fmt=4 HTTP/1.1 Host: googleads.g.doubleclick.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate content-type: text/javascript; charset=UTF-8 x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: br server: cafe content-length: 862 x-xss-protection: 0 set-cookie: test_cookie=CheckForPermission; expires=Mon, 30-Jan-2023 19:16:34 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.digicert.com/	93.184.220.29	200 OK	471 B
URL HTTP/1.1 ocsp.digicert.com/ IP 93.184.220.29:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash 4fa4e3a6c0ea0d843f6f77af6a290fca 965944af181e8d47677e5b428e8a3233c942cf99 801765bb2eb7f84e39a58691c4798b32ccd9e6ed22e924754d26277f4f2e0b11 HTTP Headers `POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 1763 Cache-Control: 'max-age=158059' Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Last-Modified: Mon, 30 Jan 2023 18:32:11 GMT Server: ECS (ska/F70C) X-Cache: HIT Content-Length: 471`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 3cdf7a37df5fd660125c11f6c7f44064 929c5ec370ad00ff0508f86174d450407ac680bd 22ffbbc922da324c956478cfd8cb5bcc269831ac5c85e22ef6ecdd69e3512a7c HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 69ffc0a3f7ca2b025a6b99f9c38889be 1b436bda66cd246a1024f8c3d8e91e3aeef31eaa 9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	analytics.tiktok.com/api/v2/pixel	23.36.79.32	200 OK	0 B
URL HTTP/2 analytics.tiktok.com/api/v2/pixel IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /api/v2/pixel HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 763 Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-length: 0 access-control-allow-origin: * x-tt-logid: 20230130190134097FA07DDCDBE381249B x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ea3bd74341822a8ce8788001e62d18d2f098ca7d435db259897decadeabcc9d3a726e42c6826e7fef50f2b3df1f062a4b2793c7c61039f208aca1053f9641d3c68002da50591afb9239d040b0e4529df3eb880aea1123b859c2d506e71fcd8bf8bc229dbbca32b486f132f8c637c5e23 x-origin-response-time: 18,23.201.31.157 x-akamai-request-id: 843450ea.69bf562c.5b4d2a66 expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-cache-remote: TCP_MISS from a95-101-10-204.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: cdn-cache; desc=MISS, edge; dur=98, origin; dur=18, inner; dur=15 x-parent-response-time: 110,95.101.10.204, 112,23.36.79.28 X-Firefox-Spdy: h2

	analytics.tiktok.com/api/v2/pixel	23.36.79.32	200 OK	0 B
URL HTTP/2 analytics.tiktok.com/api/v2/pixel IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /api/v2/pixel HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 779 Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-length: 0 access-control-allow-origin: * x-tt-logid: 20230130190134F4AA47EB02B31696E5D3 x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ea3bd74341822a8ce8788001e62d18d27d1687dcf4caf9f68643f730cdf38c19108af991d22e01ec354a16a5c347532ea4bd01ec28b5a17836eff16168c25e13e4e53e25faf2d157e6f7635396f6ad661fb0093002661b8a2374601bbda96893ffbdace1a5402175adf6901f94acbef2 x-origin-response-time: 19,23.201.31.205 x-akamai-request-id: 9795f9be.428a3a12.5b4d2a62 expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-cache-remote: TCP_MISS from a95-101-10-109.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: cdn-cache; desc=MISS, edge; dur=98, origin; dur=19, inner; dur=14 x-parent-response-time: 110,95.101.10.109, 113,23.36.79.28 X-Firefox-Spdy: h2

	analytics.tiktok.com/api/v2/pixel	23.36.79.32	200 OK	0 B
URL HTTP/2 analytics.tiktok.com/api/v2/pixel IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /api/v2/pixel HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 763 Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-length: 0 access-control-allow-origin: * x-tt-logid: 20230130190134444F82EBC2702B7F8AD2 x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60ea3bd74341822a8ce8788001e62d18d271552022ff2467a5aecc481b555e1454fdf3f9ec30390d3bb20c4422b25d49ff5c6940c4f360de4d577b7f38c92ebb1aa4ddd05562569b00e039bdfd557373b6da7562db370b84ca8d84a057b36afeb94f34e6aa5c64a132d7d06531c09aa216 x-origin-response-time: 21,23.201.31.182 x-akamai-request-id: 2d54d6bd.3c8a766a.5b4d2a84 expires: Mon, 30 Jan 2023 19:01:34 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:34 GMT x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-cache-remote: TCP_MISS from a95-101-10-124.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: cdn-cache; desc=MISS, edge; dur=104, origin; dur=21, inner; dur=17 x-parent-response-time: 112,95.101.10.124, 117,23.36.79.28 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	471 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash a369a4445d1fccf2ce045c3c4c3f3d67 d6f618e6150a4f9ac6eb5df4a503141a635605a2 d62c7913686c10d4c4b8d691d533256534da77cecc9fcf3f8aa885380dcc148b HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fast-cdn.ffm.to/4fece43.modern.js	54.230.111.129	200 OK	4.8 kB
URL HTTP/2 fast-cdn.ffm.to/4fece43.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type data Size 4.8 kB (4847 bytes) Hash 4529862c9885f1da7920dff99e2c114d 46c0a11ddd7978583bd22d21ce3da8dc5c264ae1 71f32c794c8a3cbb5e3fd7c944716d2cea16a3bb2a8040cd03c84ae898a85606 HTTP Headers `GET /4fece43.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 10 Jan 2023 10:07:47 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"304f-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: s4D92EDME5UdeMxNndCEcPhMiGOL5lBAqDhBuKJSpv9mw9Izc5qDdw== age: 1760026 X-Firefox-Spdy: h2

	www.google.com/pagead/1p-user-list/971960849/?random=1675105307657&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=522486201&rmt_tld=0&ipr=y	142.250.74.164	200 OK	42 B
URL HTTP/2 www.google.com/pagead/1p-user-list/971960849/?random=1675105307657&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=522486201&rmt_tld=0&ipr=y IP 142.250.74.164:0 ASN #15169 GOOGLE File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /pagead/1p-user-list/971960849/?random=1675105307657&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=522486201&rmt_tld=0&ipr=y HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: image/gif content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff server: cafe content-length: 42 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google.com/pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=0&ipr=y	142.250.74.164	200 OK	42 B
URL HTTP/2 www.google.com/pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=0&ipr=y IP 142.250.74.164:0 ASN #15169 GOOGLE File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=0&ipr=y HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: image/gif content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff server: cafe content-length: 42 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google.no/pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=1&ipr=y	142.250.74.163	200 OK	42 B
URL HTTP/2 www.google.no/pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=1&ipr=y IP 142.250.74.163:0 ASN #15169 GOOGLE File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /pagead/1p-user-list/992293137/?random=1675105307642&cv=11&fst=1675105200000&bg=ffffff&guid=ON&async=1&gtm=2wg1p0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Forcd.co%2Ffejl40&tiba=Styrtdyk%20-%20Fejl%2040&fmt=3&is_vtc=1&random=3665414251&rmt_tld=1&ipr=y HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Mon, 30 Jan 2023 19:01:34 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: image/gif content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff server: cafe content-length: 42 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	alb.reddit.com/rp.gif?ts=1675105307752&id=t2_5eroavy6&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=959b8ac4-5135-42a5-a33f-e32da6ceb765&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4	151.101.129.140	200 OK	42 B
URL HTTP/2 alb.reddit.com/rp.gif?ts=1675105307752&id=t2_5eroavy6&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=959b8ac4-5135-42a5-a33f-e32da6ceb765&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4 IP 151.101.129.140:0 ASN #54113 FASTLY File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /rp.gif?ts=1675105307752&id=t2_5eroavy6&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=959b8ac4-5135-42a5-a33f-e32da6ceb765&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_65e23bc4 HTTP/1.1 Host: alb.reddit.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK server: Varnish retry-after: 0 cross-origin-resource-policy: cross-origin content-type: image/gif accept-ranges: bytes date: Mon, 30 Jan 2023 19:01:34 GMT via: 1.1 varnish content-length: 42 X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	472 B
URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 1141ae65ad448fb3438690d5042af728 aa8b236bb1099c9440bfe3e98530939623250c03 e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:34 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash dfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A" Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4943 Expires: Mon, 30 Jan 2023 20:23:57 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash dfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A" Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4943 Expires: Mon, 30 Jan 2023 20:23:57 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash dfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A" Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4943 Expires: Mon, 30 Jan 2023 20:23:57 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash dfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A" Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4943 Expires: Mon, 30 Jan 2023 20:23:57 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	r3.o.lencr.org/	23.36.76.226	200 OK	503 B
URL HTTP/1.1 r3.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 503 B (503 bytes) Hash dfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A" Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4943 Expires: Mon, 30 Jan 2023 20:23:57 GMT Date: Mon, 30 Jan 2023 19:01:34 GMT Connection: keep-alive`

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg	34.120.237.76	200 OK	11 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 11 kB (10997 bytes) Hash 65c02d8a1b0d6a210cb2a649c5c67469 027dbc7a104c922904f067ed15d696c363c11774 89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 10997 x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fhj30FX7IAMFa5w= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google date: Sun, 29 Jan 2023 22:08:57 GMT etag: "027dbc7a104c922904f067ed15d696c363c11774" content-type: image/jpeg age: 75157 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg	34.120.237.76	200 OK	8.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 8.5 kB (8464 bytes) Hash fe31ee140c2fd62e616c8a1edc9e78bb 7aa5fbdc8156514770ae620e81f1afef1c77890f 799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 8464 x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fhj3qGeboAMFzNw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ== via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Sun, 29 Jan 2023 21:59:27 GMT age: 75727 etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg	34.120.237.76	200 OK	4.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 4.5 kB (4475 bytes) Hash 4205d8106659e00fff1cbe9262918b8c ab4f6528594a1725934727dc7d834c028a79c609 31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 4475 x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fa_e6HsaIAMF5Lg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0 x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google date: Mon, 30 Jan 2023 05:47:49 GMT age: 47625 etag: "ab4f6528594a1725934727dc7d834c028a79c609" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg	34.120.237.76	200 OK	12 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 12 kB (11568 bytes) Hash b7a0759c043594fbe85af422b59b8227 a05cfaad16078f42218dae233da38f6f5dff8487 e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 11568 x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: e9T3UGA3oAMFSlQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0 x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: HvqpQI-tR9W2NwvIgoi8loQaD--rOgVYFdLdkdlaXMhe4ts9mYqahg== via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google date: Sun, 29 Jan 2023 21:50:16 GMT age: 76278 etag: "a05cfaad16078f42218dae233da38f6f5dff8487" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg	34.120.237.76	200 OK	9.5 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 9.5 kB (9457 bytes) Hash 51aa950d5eed7b90cab6632107092edc e4388ced02e5576867e77547496dec1ac2338ef7 588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 9457 x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fhkBOGHVoAMFQtw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: 3EXFa0gb46AbdZ9ZznGiPTemGZ7zWh9WLs5Yr1zmfyh_jyKA6o7xoA== via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google date: Sun, 29 Jan 2023 22:19:57 GMT age: 74498 etag: "e4388ced02e5576867e77547496dec1ac2338ef7" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg	34.120.237.76	200 OK	7.7 kB
URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg IP 34.120.237.76:0 ASN #15169 GOOGLE File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size 7.7 kB (7679 bytes) Hash 3e04b9eaf7449828136ad59e4c9d69f1 b820be4ed885dcf288eb6460c57e1fa7b1c7c476 df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936 HTTP Headers GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site HTTP/2 200 OK server: nginx content-length: 7679 x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: fhkEtEfHoAMFaNA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0 x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA== via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google date: Sun, 29 Jan 2023 21:51:22 GMT age: 76213 etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476" content-type: image/jpeg cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2

	ocsp.digicert.com/	93.184.220.29	200 OK	314 B
URL HTTP/1.1 ocsp.digicert.com/ IP 93.184.220.29:0 ASN #15133 EDGECAST File type data Size 314 B (314 bytes) Hash 6061660d0c8c8a3292454cb1c819259e 54ac533237acc8ff7624f460b91d50657322bdcf 2d7e1e8fe3615783905c47576f05b5cd9189a3cc4e15996dbe66e4388dac190c HTTP Headers `POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 4087 Cache-Control: max-age=151272 Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:35 GMT Etag: "63d7b000-13a" Expires: Wed, 01 Feb 2023 13:02:47 GMT Last-Modified: Mon, 30 Jan 2023 11:54:40 GMT Server: ECS (ska/F70C) X-Cache: HIT Content-Length: 314`

	analytics.tiktok.com/api/v2/pixel	23.36.79.32	200 OK	0 B
URL HTTP/2 analytics.tiktok.com/api/v2/pixel IP 23.36.79.32:0 ASN #20940 Akamai International B.V. File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /api/v2/pixel HTTP/1.1 Host: analytics.tiktok.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 763 Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Cookie: _ttp=2L3ggrJx62R6PeA4PQnCcEOEMAt Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: nginx content-length: 0 access-control-allow-origin: * x-tt-logid: 2023013019013467E80D0707312351F9F8 x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60787dee798e7afc9c5500f386c65d6ca1ad80079fbc3d75d9e3ef6137b31c371d6e4aa1ed1d85370bfef7fae1f72d0ee551d017849bd009cc84e499fe7da9a4f721a7c4367069e488df50984e1bd02ab6 expires: Mon, 30 Jan 2023 19:01:35 GMT cache-control: max-age=0, no-cache, no-store pragma: no-cache date: Mon, 30 Jan 2023 19:01:35 GMT x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.3-45298580) (-) x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn server-timing: inner; dur=125, cdn-cache; desc=MISS, edge; dur=4, origin; dur=233 x-origin-response-time: 233,23.36.79.28 x-akamai-request-id: 5b4d2a9a X-Firefox-Spdy: h2

	ocsp.digicert.com/	93.184.220.29	200 OK	313 B
URL HTTP/1.1 ocsp.digicert.com/ IP 93.184.220.29:0 ASN #15133 EDGECAST File type data Size 313 B (313 bytes) Hash 6d2677a268c46fe7437bc9ba7f1933f0 c4c8338d86338480d15172e8691dc9b25c9c25bf 0709a1fe6bd9156d9e98f2c986bcb486031947ce2412744efd1e0ff52f7929d2 HTTP Headers `POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 6382 Cache-Control: 'max-age=158059' Content-Type: application/ocsp-response Date: Mon, 30 Jan 2023 19:01:35 GMT Last-Modified: Mon, 30 Jan 2023 17:15:13 GMT Server: ECS (ska/F70C) X-Cache: HIT Content-Length: 313`

	region1.analytics.google.com/g/collect?v=2&tid=G-6VTRLSCR4X&gtm=2oe1p0&_p=849426467&_gaz=1&cid=1301742308.1675105308&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675105307&sct=1&seg=0&dl=https%3A%2F%2Forcd.co%2Ffejl40&dt=Styrtdyk%20-%20Fejl%2040&en=page_view&_fv=1&_nsi=1&_ss=1	216.239.34.36	204 No Content	0 B
URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-6VTRLSCR4X&gtm=2oe1p0&_p=849426467&_gaz=1&cid=1301742308.1675105308&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675105307&sct=1&seg=0&dl=https%3A%2F%2Forcd.co%2Ffejl40&dt=Styrtdyk%20-%20Fejl%2040&en=page_view&_fv=1&_nsi=1&_ss=1 IP 216.239.34.36:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /g/collect?v=2&tid=G-6VTRLSCR4X&gtm=2oe1p0&_p=849426467&_gaz=1&cid=1301742308.1675105308&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675105307&sct=1&seg=0&dl=https%3A%2F%2Forcd.co%2Ffejl40&dt=Styrtdyk%20-%20Fejl%2040&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 Host: region1.analytics.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0 `HTTP/2 204 No Content access-control-allow-origin: https://orcd.co date: Mon, 30 Jan 2023 19:01:35 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	stats.g.doubleclick.net/g/collect?v=2&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1	209.85.233.157	204 No Content	0 B
URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1 IP 209.85.233.157:0 ASN #15169 GOOGLE File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /g/collect?v=2&tid=G-6VTRLSCR4X&cid=1301742308.1675105308&gtm=2oe1p0&aip=1 HTTP/1.1 Host: stats.g.doubleclick.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0` `HTTP/2 204 No Content access-control-allow-origin: https://orcd.co date: Mon, 30 Jan 2023 19:01:35 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	t.co/i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29	104.244.42.133	200 OK	43 B
URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29 IP 104.244.42.133:0 ASN #13414 TWITTER File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash 377d257f2d2e294916143c069141c1c5 b7cae69682cf31dd670b65088db8395acda6ed3e ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 HTTP Headers GET /i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29 HTTP/1.1 Host: t.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK date: Mon, 30 Jan 2023 19:01:34 GMT perf: 7626143928 server: tsa_o set-cookie: muc_ads=36fb9ccf-c049-48c4-b4fc-3c78d2b68833; Max-Age=63072000; Expires=Wed, 29 Jan 2025 19:01:35 GMT; Path=/; Domain=t.co; Secure; SameSite=None content-type: image/gif;charset=utf-8 cache-control: no-cache, no-store, max-age=0 content-length: 43 x-transaction-id: 7aa66584a5a01f31 strict-transport-security: max-age=0 x-response-time: 109 x-connection-hash: 829453a56b517d21071a7397457009a951feb52bb5406fced58ae46589e960ba X-Firefox-Spdy: h2

	analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29	104.244.42.3	200 OK	43 B
URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29 IP 104.244.42.3:0 ASN #13414 TWITTER File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash 377d257f2d2e294916143c069141c1c5 b7cae69682cf31dd670b65088db8395acda6ed3e ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 HTTP Headers GET /i/adsct?bci=3&eci=2&event_id=451fb611-4fac-428f-a46b-26dc4be73998&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=c94788b7-be20-47b0-8548-64da1f8e2460&tw_document_href=https%3A%2F%2Forcd.co%2Ffejl40&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=test1&type=javascript&version=2.3.29 HTTP/1.1 Host: analytics.twitter.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site HTTP/2 200 OK date: Mon, 30 Jan 2023 19:01:34 GMT perf: 7626143928 server: tsa_o set-cookie: personalization_id="v1_x2gHg4juGnRVCag4XBa19g=="; Max-Age=63072000; Expires=Wed, 29 Jan 2025 19:01:35 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None content-type: image/gif;charset=utf-8 cache-control: no-cache, no-store, max-age=0 content-length: 43 x-transaction-id: a34a93840e5b78a6 strict-transport-security: max-age=631138519 x-response-time: 105 x-connection-hash: e75b1bbc1d787ba552c7e3b548e6e58b4cfd5332948791e9490770ea6ab8f0a2 X-Firefox-Spdy: h2

	www.facebook.com/tr/?id=683127435041827&ev=PageView&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308731&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET	157.240.205.35	200 OK	110 kB
URL HTTP/2 www.facebook.com/tr/?id=683127435041827&ev=PageView&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308731&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET IP 157.240.205.35:0 ASN #32934 FACEBOOK File type gzip compressed data, from Unix\012- data Size 110 kB (110022 bytes) Hash 183f2d6ee7bac008c58721705a9014d4 34db0db5929eea20886ca12c677db4a36647b9b9 5ba3bc502f120da7dc4c86a07f72e45fd132b291ff7c7a7a58c4f189793d6ca3 HTTP Headers GET /tr/?id=683127435041827&ev=PageView&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308731&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET HTTP/1.1 Host: www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK content-type: text/plain access-control-allow-origin: access-control-allow-credentials: true strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin content-length: 0 server: proxygen-bolt alt-svc: h3=":443"; ma=86400 date: Mon, 30 Jan 2023 19:01:35 GMT X-Firefox-Spdy: h2`

	www.facebook.com/tr/?id=683127435041827&ev=Outbound_Link_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308741&sw=1280&sh=1024&v=2.9.92&r=stable&ec=4&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET	157.240.205.35	200 OK	0 B
URL HTTP/2 www.facebook.com/tr/?id=683127435041827&ev=Outbound_Link_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308741&sw=1280&sh=1024&v=2.9.92&r=stable&ec=4&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET IP 157.240.205.35:0 ASN #32934 FACEBOOK File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /tr/?id=683127435041827&ev=Outbound_Link_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308741&sw=1280&sh=1024&v=2.9.92&r=stable&ec=4&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET HTTP/1.1 Host: www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK content-type: text/plain access-control-allow-origin: access-control-allow-credentials: true strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin content-length: 0 server: proxygen-bolt alt-svc: h3=":443"; ma=86400 date: Mon, 30 Jan 2023 19:01:35 GMT X-Firefox-Spdy: h2`

	fast-cdn.ffm.to/668f598.modern.js	54.230.111.129	200 OK	19 kB
URL HTTP/2 fast-cdn.ffm.to/668f598.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type ASCII text, with very long lines (57175), with no line terminators Size 19 kB (19289 bytes) Hash 86e8b6986646e9adcebbad079fbc6987 9d863a0b2d2fe50e8058881e90e3db4a31b3ebbc d7a4d6f78286582d75fa621e2e952217cf1009dda429fff4ed87912af9782678 HTTP Headers `GET /668f598.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 24 Jan 2023 01:57:37 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"df57-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: CiVwP1zv6TisOzVvM-vBpmodGI2VEwY9yLv6q4dnUuWsYw5QP1eHVw== age: 579838 X-Firefox-Spdy: h2

	www.facebook.com/tr/?id=683127435041827&ev=Action_Page_Button&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308737&sw=1280&sh=1024&v=2.9.92&r=stable&ec=2&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET	157.240.205.35	200 OK	0 B
URL HTTP/2 www.facebook.com/tr/?id=683127435041827&ev=Action_Page_Button&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308737&sw=1280&sh=1024&v=2.9.92&r=stable&ec=2&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET IP 157.240.205.35:0 ASN #32934 FACEBOOK File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /tr/?id=683127435041827&ev=Action_Page_Button&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308737&sw=1280&sh=1024&v=2.9.92&r=stable&ec=2&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET HTTP/1.1 Host: www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK content-type: text/plain access-control-allow-origin: access-control-allow-credentials: true strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin content-length: 0 server: proxygen-bolt alt-svc: h3=":443"; ma=86400 date: Mon, 30 Jan 2023 19:01:35 GMT X-Firefox-Spdy: h2`

	www.facebook.com/tr/?id=683127435041827&ev=DSP_Button_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308739&sw=1280&sh=1024&v=2.9.92&r=stable&ec=3&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET	157.240.205.35	200 OK	0 B
URL HTTP/2 www.facebook.com/tr/?id=683127435041827&ev=DSP_Button_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308739&sw=1280&sh=1024&v=2.9.92&r=stable&ec=3&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET IP 157.240.205.35:0 ASN #32934 FACEBOOK File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /tr/?id=683127435041827&ev=DSP_Button_Click&dl=https%3A%2F%2Forcd.co%2Ffejl40&rl=&if=false&ts=1675105308739&sw=1280&sh=1024&v=2.9.92&r=stable&ec=3&o=30&fbp=fb.1.1675105308730.1106317420&it=1675105308186&coo=false&rqm=GET HTTP/1.1 Host: www.facebook.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK content-type: text/plain access-control-allow-origin: access-control-allow-credentials: true strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin content-length: 0 server: proxygen-bolt alt-svc: h3=":443"; ma=86400 date: Mon, 30 Jan 2023 19:01:35 GMT X-Firefox-Spdy: h2`

	orcd.co/global.css	54.149.145.153	200 OK	0 B
URL HTTP/2 orcd.co/global.css IP 54.149.145.153:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /global.css HTTP/1.1 Host: orcd.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/fejl40 Cookie: ffmId=28282748-4113-4ac7-98db-01f867404fdc Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers` `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:33 GMT content-type: text/css; charset=UTF-8 access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=0 last-modified: Tue, 10 Jan 2023 09:57:31 GMT etag: W/"3f67-1859b1d0ef8" vary: Accept-Encoding content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	fast-cdn.ffm.to/d30286c.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/d30286c.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /d30286c.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Fri, 20 Jan 2023 01:10:59 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"7c2d-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: BjqRuqXJSy2ma-v70EDktI3VaFAUaAc4vM3NCmM8zwBJYBBsTyGDEw== age: 928234 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/53a9bc3.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/53a9bc3.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /53a9bc3.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 10 Jan 2023 10:08:12 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"668d-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: K_85gxFtVpy0kSmmVX2xtvj5Iy9pnRpNLka4A4CYBx24w0QLh82zlw== age: 1760001 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/a631a70.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/a631a70.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /a631a70.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Mon, 16 Jan 2023 22:01:39 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"18bdc-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: VdKUACnR7Fty02kTONxQBMoihSN4rtgVSvHw4sBdScnippr3P9ap3A== age: 1198794 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/db8b58e.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/db8b58e.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /db8b58e.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Sat, 14 Jan 2023 04:20:29 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"1879-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 6psQZUJfkmanuVkmExLxSwgEunnv4bzPQJykjYx4qTvEy2zi46SebA== age: 1435265 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/364028a.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/364028a.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /364028a.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Mon, 23 Jan 2023 01:28:14 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"1070-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: LAM44neFHJtTX4e2AltTxWLw1hfMCGM36c5HUL_R0Pfg9MFqyIeR4w== age: 668000 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/05ed5b9.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/05ed5b9.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /05ed5b9.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Mon, 23 Jan 2023 02:42:18 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"190c-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: VS9cVcJYYkVgYXGDQYMnUA-1AcMKq-TNj37uw7gB206DmrAIirkt6w== age: 663554 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/a736d30.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/a736d30.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /a736d30.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 10 Jan 2023 10:07:58 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"20c70-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: vq1TjHkZLIwsXkHCK-FTk0NqdhwcuWJM3Ol47tMYyDoh9tqWPe7O7w== age: 1760015 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/4c4b4d2.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/4c4b4d2.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /4c4b4d2.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://orcd.co Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Tue, 10 Jan 2023 10:08:12 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"ed3-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 9p7y8hu0_JxkgsEWXt_HdChWH5VRjQGZkMzTRQW-vI7uEkeIes8o2A== age: 1760001 X-Firefox-Spdy: h2

	orcd.co/fejl40	54.149.145.153	200 OK	0 B
URL HTTP/2 orcd.co/fejl40 IP 54.149.145.153:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /fejl40 HTTP/1.1 Host: orcd.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1` `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:33 GMT content-type: text/html; charset=utf-8 vary: User-Agent, Accept-Encoding set-cookie: ffmId=28282748-4113-4ac7-98db-01f867404fdc; Max-Age=31557600 etag: "1b9a6-oHdrVEjIt9IOGCiH+NOujksC4iA" accept-ranges: none content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	orcd.co/orchard-icon.ico	54.149.145.153	200 OK	0 B
URL HTTP/2 orcd.co/orchard-icon.ico IP 54.149.145.153:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers GET /orchard-icon.ico HTTP/1.1 Host: orcd.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/fejl40 Cookie: ffmId=28282748-4113-4ac7-98db-01f867404fdc; _gcl_au=1.1.180941151.1675105308; _rdt_uuid=1675105307752.959b8ac4-5135-42a5-a33f-e32da6ceb765; _ga_6VTRLSCR4X=GS1.1.1675105307.1.0.1675105307.60.0.0; _ga=GA1.1.1301742308.1675105308 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers `HTTP/2 200 OK server: openresty/1.15.8.1 date: Mon, 30 Jan 2023 19:01:34 GMT content-type: image/x-icon access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=0 last-modified: Tue, 10 Jan 2023 09:57:31 GMT etag: W/"47e-1859b1d0ef8" vary: Accept-Encoding content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains X-Firefox-Spdy: h2`

	fast-cdn.ffm.to/464545f.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/464545f.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /464545f.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Fri, 20 Jan 2023 04:13:58 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"1061-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: gHdjMYmzlcc37O16vmcV7k3z943lMQRH_nmzyTLYvtXHYdM5JE0HyA== age: 917256 X-Firefox-Spdy: h2

	fast-cdn.ffm.to/9f9ef7a.modern.js	54.230.111.129	200 OK	0 B
URL HTTP/2 fast-cdn.ffm.to/9f9ef7a.modern.js IP 54.230.111.129:0 ASN #16509 AMAZON-02 File type Size 0 B (0 bytes) Hash HTTP Headers `GET /9f9ef7a.modern.js HTTP/1.1 Host: fast-cdn.ffm.to User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://orcd.co/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: openresty/1.15.8.1 date: Fri, 20 Jan 2023 04:13:58 GMT access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=31536000 last-modified: Tue, 10 Jan 2023 10:00:23 GMT etag: W/"35cf-1859b1faed8" content-encoding: gzip strict-transport-security: max-age=15724800; includeSubDomains vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: A_elfrhZvkp07usyux7FDc76f2jIaMkAeklF8wkxEpzjF-RmZjNnWQ== age: 917256 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML