ouo.io/0vk0r4
104.22.22.162301 Moved Permanently 0 B IP 104.22.22.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0vk0r4 HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 26 Jan 2023 09:04:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 26 Jan 2023 10:04:31 GMT
Location: https://ouo.io/0vk0r4
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f814e70b34b524-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6433
Expires: Thu, 26 Jan 2023 10:51:45 GMT
Date: Thu, 26 Jan 2023 09:04:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13671
Expires: Thu, 26 Jan 2023 12:52:23 GMT
Date: Thu, 26 Jan 2023 09:04:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 08:42:53 GMT
content-type: application/json
age: 1299
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3372
Expires: Thu, 26 Jan 2023 10:00:44 GMT
Date: Thu, 26 Jan 2023 09:04:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Se7t3yeitnbCKJEuXrylS3O9BmIaNg4fr1Z3TjSykpFmllKPA4exg4lE+hFbAAuahu4P5oXsk3Nuu+etMmmnwA==
x-amz-request-id: 4HE1XMQ49TC4ZBJM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 08:48:54 GMT
age: 938
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f0c5d4e9e07bc1a758766fa075ff690c
b58c2101642f949f1ee6d690ce42bba124bc260e
6213343ddbfcfb0c58bb39dfb19c8dbc01a24271d2fa08b78160bdd38f7b1d4f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3366
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:32 GMT
Last-Modified: Thu, 26 Jan 2023 08:08:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 08:49:01 GMT
age: 931
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7382
Expires: Thu, 26 Jan 2023 11:07:34 GMT
Date: Thu, 26 Jan 2023 09:04:32 GMT
Connection: keep-alive
ouo.press/images/world.png
104.22.58.251200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP 104.22.58.251:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/0vk0r4
Cookie: ouoio_session=eyJpdiI6Im53czFWZ2dHbGVEaTE1MDlFQnU0dUQ4N3B6OVY5ZUVJOFJvVytpcXRLKzg9IiwidmFsdWUiOiJ1ZW02QXdVdGl4UU1KTFFhYW8ydjdpWUZZcUhhU3oyXC9mQ2c0aEk1UHZyMlBNM09ETXljVTh2dzk2V3l1VkhUQmN0Z3Uwcnc0OEFETDdKMElGaHF5NVE9PSIsIm1hYyI6IjNiNGI0OGU1NjAxZjQ0OTQ3NzUyODQ3ZTdkNGIwZjk1ZTMzNzg0N2M0YzdiOTNmNmI1M2ZhZjZlMjFmNmNkN2QifQ%3D%3D; language=eyJpdiI6InJISGVoeXVPcTJsV1VkTE8rakxTQnYyQzNpbnJzWER3bEZCM1hoT1RxQk09IiwidmFsdWUiOiJXT0haaG9vd1FCdjBiUXF3TEc3SUxcL3FHVzFSUk9cL2p0UVdQRmFVak5pUVU9IiwibWFjIjoiNGJjYTgyYmNlZjI3YjE2ODZiNzgwMTk2YjVlOWVhNTM2NzIxN2Y4YTRmZDQ1NDk3ZDc4ODc1MDViMzc4OTAwYyJ9; 6b11574f7a1ec1a5cd7d4e6cc6b064bbd2c8bac6=eyJpdiI6InB5MUlIQ2hEbVwvWVA2YU1aVzcyTDlCQXNkOXV2eklaUzNXZW5yV2lrcjc0PSIsInZhbHVlIjoicjZwTFZGMW44TWZVbzFEajljazkxRUQ5bFZoSVAzRkRCNkF0SHhmbE9UNWk0SmJCUWNPNzd5NDd5Y1BsamxKXC9EU1FBbGs5VHJYckhVWmZ6bFAyb3N2MXk1VGV4M0w5Zjh1eDBBMm5BajM0OVdUZ3BoWXNrTUNZTlJYNXdhSkl5U2N4b2JLQksyMGxcL1B1SlliXC9qVEJiN2syNmNyTG1xdmJmeEpwV0JXS3VaQ1NkTkhYdnd0QWkxVXJHVlZCU1VhMEFxMXFFeFFKT0JSdnhSWWNtb01zMUlzUGFtM2ZmNlhGMThQdXF0aThvc0pGckc0OU94b0oyUUhvVDBxZnkyRFdjUlpRN2RPbjlPaStWKytMTFdhT2J1QjlBcFpKbHZ0aG5jdDBVcTNiUGJoUnl3YkRCS1kxaFg3c21WV3NWc3p1U3VFT2hoYkxIdEk2ZHVGZzYwNTRwTzhPODE3MjJDbGE2UkJhSmpBakxDYk9ldmhhVGREellEdyt0VzlHa3llIiwibWFjIjoiOTU1Nzc0OTE2YzVlM2QwMjc4YWRkMzc1NmE4YWE3MWRkZDY1ZjM2YjNiMWQ0NWE0MzUwNmY0ODIxODZkMTk5MCJ9; __cf_bm=4X5gKU.9F_m895IJCMLOsUa0hP2Xx8Yak9G267EYD4Q-1674723872-0-AWnX/SV7jNgeSvL+1RxWDcrzBXzur/kn2zJyaSziUEhjbgGM/HFwRJNbTvM33GthD9rjwWdOu3GSh74nG2W/cJo=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Wed, 01 Feb 2023 22:39:30 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2024702
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814edf887b50c-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e53b1d8b1f244c97e073382328e5c650
d1933a186c3b5351a8539f18e3f4f74237aefccc
2b3e14ffcd8e42c946fc8a66a44a97e543849ac1fd3fdefd85f774c86839716e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
216.58.211.4200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 216.58.211.4:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 56890e7656626affdf65b9edbd8fa1a0
1449439c4478a615ee574d5feddbb0d5af0fd6d0
fb6bb78d9b8dcdb371c2146ab897fafb5ccb93a9ea8324ddab4ab6999f02880b
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 26 Jan 2023 09:04:33 GMT
date: Thu, 26 Jan 2023 09:04:33 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 04cb7fc8b1e2a65a0b198cc53eb5e5cd
6d04611612d81108e856467f0e4b0479cbb37d33
1c745d8ace7ea6f8e5d7da5e9c067b7b3427ce9c5a5e2c5c35d1c345266de518
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.39.176.227101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.176.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k9z9VCHNzap35lzilsn9xg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7UYwrf3zFF452cqh2vmMulQKxf4=
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash d7573e309a3fe2762ee3716018d5c44a
47e283ed978ee253655d0360aa113b9543fa0da2
a5997bbf8f312e64d2d196066bd29ab23879a2b9aa719e3b7c50ad9a7bc711fe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153123
Date: Thu, 26 Jan 2023 09:04:33 GMT
Etag: "63d1e479-1d7"
Expires: Sat, 28 Jan 2023 03:36:36 GMT
Last-Modified: Thu, 26 Jan 2023 02:24:57 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5SdjAgcosnljcOScgbm_L5rvdm3vcKOYfQ3VL5Rz9JE4KKmzVZWPig==
Age: 4299
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 88974a0aa855592b60084d80b4fd6ef5
ffc6356c2e3290d917b045ee8ad8891976bafffb
45267b7ada1c7b18dda5a6599663b32ccca8c434a1f3a0539c86995acfa70a50
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45267B7ADA1C7B18DDA5A6599663B32CCCA8C434A1F3A0539C86995ACFA70A50"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16025
Expires: Thu, 26 Jan 2023 13:31:38 GMT
Date: Thu, 26 Jan 2023 09:04:33 GMT
Connection: keep-alive
tv.gourdycortes.com/1clkn/16562
23.109.82.96200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 23.109.82.96:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 09:04:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Fri, 27-Jan-2023 09:04:33 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Fri, 27-Jan-2023 09:04:33 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ouo.press/css/bootstrap.css
104.22.58.251200 OK 19 kB URL HTTP/2 ouo.press/css/bootstrap.css
IP 104.22.58.251:0
File type ASCII text, with very long lines (65452)
Hash d170c293887a0f483de14a50057e0ef2
7cb33e76fac0bb93882510aff5ca391d40af0d57
a410bf520341961a502580d78f980d15f002cc607ce86c4e8acd601f88939147
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/0vk0r4
Cookie: ouoio_session=eyJpdiI6Im53czFWZ2dHbGVEaTE1MDlFQnU0dUQ4N3B6OVY5ZUVJOFJvVytpcXRLKzg9IiwidmFsdWUiOiJ1ZW02QXdVdGl4UU1KTFFhYW8ydjdpWUZZcUhhU3oyXC9mQ2c0aEk1UHZyMlBNM09ETXljVTh2dzk2V3l1VkhUQmN0Z3Uwcnc0OEFETDdKMElGaHF5NVE9PSIsIm1hYyI6IjNiNGI0OGU1NjAxZjQ0OTQ3NzUyODQ3ZTdkNGIwZjk1ZTMzNzg0N2M0YzdiOTNmNmI1M2ZhZjZlMjFmNmNkN2QifQ%3D%3D; language=eyJpdiI6InJISGVoeXVPcTJsV1VkTE8rakxTQnYyQzNpbnJzWER3bEZCM1hoT1RxQk09IiwidmFsdWUiOiJXT0haaG9vd1FCdjBiUXF3TEc3SUxcL3FHVzFSUk9cL2p0UVdQRmFVak5pUVU9IiwibWFjIjoiNGJjYTgyYmNlZjI3YjE2ODZiNzgwMTk2YjVlOWVhNTM2NzIxN2Y4YTRmZDQ1NDk3ZDc4ODc1MDViMzc4OTAwYyJ9; 6b11574f7a1ec1a5cd7d4e6cc6b064bbd2c8bac6=eyJpdiI6InB5MUlIQ2hEbVwvWVA2YU1aVzcyTDlCQXNkOXV2eklaUzNXZW5yV2lrcjc0PSIsInZhbHVlIjoicjZwTFZGMW44TWZVbzFEajljazkxRUQ5bFZoSVAzRkRCNkF0SHhmbE9UNWk0SmJCUWNPNzd5NDd5Y1BsamxKXC9EU1FBbGs5VHJYckhVWmZ6bFAyb3N2MXk1VGV4M0w5Zjh1eDBBMm5BajM0OVdUZ3BoWXNrTUNZTlJYNXdhSkl5U2N4b2JLQksyMGxcL1B1SlliXC9qVEJiN2syNmNyTG1xdmJmeEpwV0JXS3VaQ1NkTkhYdnd0QWkxVXJHVlZCU1VhMEFxMXFFeFFKT0JSdnhSWWNtb01zMUlzUGFtM2ZmNlhGMThQdXF0aThvc0pGckc0OU94b0oyUUhvVDBxZnkyRFdjUlpRN2RPbjlPaStWKytMTFdhT2J1QjlBcFpKbHZ0aG5jdDBVcTNiUGJoUnl3YkRCS1kxaFg3c21WV3NWc3p1U3VFT2hoYkxIdEk2ZHVGZzYwNTRwTzhPODE3MjJDbGE2UkJhSmpBakxDYk9ldmhhVGREellEdyt0VzlHa3llIiwibWFjIjoiOTU1Nzc0OTE2YzVlM2QwMjc4YWRkMzc1NmE4YWE3MWRkZDY1ZjM2YjNiMWQ0NWE0MzUwNmY0ODIxODZkMTk5MCJ9; __cf_bm=4X5gKU.9F_m895IJCMLOsUa0hP2Xx8Yak9G267EYD4Q-1674723872-0-AWnX/SV7jNgeSvL+1RxWDcrzBXzur/kn2zJyaSziUEhjbgGM/HFwRJNbTvM33GthD9rjwWdOu3GSh74nG2W/cJo=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Thu, 26 Jan 2023 19:03:36 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 7256
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814ede85bb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
192.243.61.225200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37165), with no line terminators
Hash c84e49b1491e6e8cba07ba149ae64093
bef59d8c19ff5137fa73c5e45c182235a1bd1514
5395678a08c84b9a2b40db75647fdf9039b04ccc25815dbdebe90dabdd7fd725
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06b8b2f80cf7fd01d424bdab8f662df8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash afeb3476c3b5b8e10f11db443b8528af
f419163f1e43fece9e428e088c49c65e145846ed
8f9bbf884ae3cddaf2f3eff5d31abf823004207b33bc925651516c60af1f37a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
142.250.74.163200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 04:31:24 GMT
expires: Fri, 26 Jan 2024 04:31:24 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:12:54 GMT
content-type: font/woff2
age: 16389
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F0vk0r4&charset=UTF-8&ch=9&ref=ouo.press&viewerId=null&referer=&_firid=25420498
54.230.111.99200 OK 5.7 kB URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2F0vk0r4&charset=UTF-8&ch=9&ref=ouo.press&viewerId=null&referer=&_firid=25420498
IP 54.230.111.99:0
File type JSON data\012- , ASCII text, with very long lines (25927), with no line terminators
Hash 802ac2c5d7a79269376721d49c0e6242
2b4adde29c14723d71b086021d1043175ce25cc6
6ede1c911abed18836a08b5e940b69ff39386d319b92db4114f403759b25c555
GET /delivery/spc_fi.php?id=7419&url=%2F0vk0r4&charset=UTF-8&ch=9&ref=ouo.press&viewerId=null&referer=&_firid=25420498 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
content-length: 5686
date: Thu, 26 Jan 2023 09:04:33 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Fri, 26-Jan-2024 09:04:33 GMT; Max-Age=31536000; path=/; secure; SameSite=none
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: frq6acLs6BfkZLd01NGHSMdGt__YR3ZTdW8d639n2VddiSKdybdq9w==
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6f95f835f7633b1b1bdb106ff851d455
93c3a188310a4ade156ccdedfea364f330a97396
33475ebf80a7ec7a0d9a8069a35a7ebf227afabd6fb44b6c37471d3ec12ba247
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "33475EBF80A7EC7A0D9A8069A35A7EBF227AFABD6FB44B6C37471D3EC12BA247"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20530
Expires: Thu, 26 Jan 2023 14:46:43 GMT
Date: Thu, 26 Jan 2023 09:04:33 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash afeb3476c3b5b8e10f11db443b8528af
f419163f1e43fece9e428e088c49c65e145846ed
8f9bbf884ae3cddaf2f3eff5d31abf823004207b33bc925651516c60af1f37a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 8c1dd36ac79191547940cd051b082c5c
4051ed0b73b2d9ef0054a6c071c793446090dc19
d8c0e5fe6793df90ba09a546f58a3f2fe0df0b286d8b78cd6f4af017ad89cf65
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 26 Jan 2023 09:04:33 GMT
Last-Modified: Thu, 26 Jan 2023 08:35:55 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tgtGD117zvMn0CHi5KoWeSucdchX5qrYqucj_fw8J2QkNDC6PqF_dg==
Age: 1718
ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
2.18.172.200200 OK 180 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/pwt/155495/4202/pwt.js
IP 2.18.172.200:0
Size 180 kB (180179 bytes)
Hash a3aaafb385b97544891f99fd2025572a
245d75161ba69b77bfa5e9ff21b68c313d929248
60eabdaaf1e8a22c1f2255eadb63b0527f7a0103492f48f5b659ca3c75d899ce
GET /AdServer/js/pwt/155495/4202/pwt.js HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 27 Oct 2021 05:33:12 GMT
etag: "1241a12-3fca8-5cf4eee137dd8"
server: Apache
unused62: 8096267
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: text/javascript
content-length: 80538
cache-control: max-age=111934
expires: Fri, 27 Jan 2023 16:10:07 GMT
date: Thu, 26 Jan 2023 09:04:33 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8210923a0cab662068be077aa20397a2
10edfce9fdfd52b761158e9df24705bfd56676ad
1931387393abac43e134000d88a671f4a92812e48cfb4e40e78e00e5b880bd17
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4501
Cache-Control: max-age=121267
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Etag: "63d16740-118"
Expires: Fri, 27 Jan 2023 18:45:41 GMT
Last-Modified: Wed, 25 Jan 2023 17:30:40 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ouo.press/css/link-safe.css
104.22.58.251200 OK 1.8 kB URL HTTP/2 ouo.press/css/link-safe.css
IP 104.22.58.251:0
Hash 050c554c9efcade570286c05ce5162c5
2304a3292935456c34b41755b5780cb2090b22af
db9c364afdbcb26d8b96cd188e2d09aac3157f2258157048077519114114b11f
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/0vk0r4
Cookie: ouoio_session=eyJpdiI6Im53czFWZ2dHbGVEaTE1MDlFQnU0dUQ4N3B6OVY5ZUVJOFJvVytpcXRLKzg9IiwidmFsdWUiOiJ1ZW02QXdVdGl4UU1KTFFhYW8ydjdpWUZZcUhhU3oyXC9mQ2c0aEk1UHZyMlBNM09ETXljVTh2dzk2V3l1VkhUQmN0Z3Uwcnc0OEFETDdKMElGaHF5NVE9PSIsIm1hYyI6IjNiNGI0OGU1NjAxZjQ0OTQ3NzUyODQ3ZTdkNGIwZjk1ZTMzNzg0N2M0YzdiOTNmNmI1M2ZhZjZlMjFmNmNkN2QifQ%3D%3D; language=eyJpdiI6InJISGVoeXVPcTJsV1VkTE8rakxTQnYyQzNpbnJzWER3bEZCM1hoT1RxQk09IiwidmFsdWUiOiJXT0haaG9vd1FCdjBiUXF3TEc3SUxcL3FHVzFSUk9cL2p0UVdQRmFVak5pUVU9IiwibWFjIjoiNGJjYTgyYmNlZjI3YjE2ODZiNzgwMTk2YjVlOWVhNTM2NzIxN2Y4YTRmZDQ1NDk3ZDc4ODc1MDViMzc4OTAwYyJ9; 6b11574f7a1ec1a5cd7d4e6cc6b064bbd2c8bac6=eyJpdiI6InB5MUlIQ2hEbVwvWVA2YU1aVzcyTDlCQXNkOXV2eklaUzNXZW5yV2lrcjc0PSIsInZhbHVlIjoicjZwTFZGMW44TWZVbzFEajljazkxRUQ5bFZoSVAzRkRCNkF0SHhmbE9UNWk0SmJCUWNPNzd5NDd5Y1BsamxKXC9EU1FBbGs5VHJYckhVWmZ6bFAyb3N2MXk1VGV4M0w5Zjh1eDBBMm5BajM0OVdUZ3BoWXNrTUNZTlJYNXdhSkl5U2N4b2JLQksyMGxcL1B1SlliXC9qVEJiN2syNmNyTG1xdmJmeEpwV0JXS3VaQ1NkTkhYdnd0QWkxVXJHVlZCU1VhMEFxMXFFeFFKT0JSdnhSWWNtb01zMUlzUGFtM2ZmNlhGMThQdXF0aThvc0pGckc0OU94b0oyUUhvVDBxZnkyRFdjUlpRN2RPbjlPaStWKytMTFdhT2J1QjlBcFpKbHZ0aG5jdDBVcTNiUGJoUnl3YkRCS1kxaFg3c21WV3NWc3p1U3VFT2hoYkxIdEk2ZHVGZzYwNTRwTzhPODE3MjJDbGE2UkJhSmpBakxDYk9ldmhhVGREellEdyt0VzlHa3llIiwibWFjIjoiOTU1Nzc0OTE2YzVlM2QwMjc4YWRkMzc1NmE4YWE3MWRkZDY1ZjM2YjNiMWQ0NWE0MzUwNmY0ODIxODZkMTk5MCJ9; __cf_bm=4X5gKU.9F_m895IJCMLOsUa0hP2Xx8Yak9G267EYD4Q-1674723872-0-AWnX/SV7jNgeSvL+1RxWDcrzBXzur/kn2zJyaSziUEhjbgGM/HFwRJNbTvM33GthD9rjwWdOu3GSh74nG2W/cJo=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"5d951ace-1830"
expires: Thu, 26 Jan 2023 13:01:49 GMT
last-modified: Wed, 02 Oct 2019 21:46:54 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 28963
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814ede85fb50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
ouo.press/favicon.ico
104.22.58.251200 OK 0 B IP 104.22.58.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/0vk0r4
Cookie: ouoio_session=eyJpdiI6Im53czFWZ2dHbGVEaTE1MDlFQnU0dUQ4N3B6OVY5ZUVJOFJvVytpcXRLKzg9IiwidmFsdWUiOiJ1ZW02QXdVdGl4UU1KTFFhYW8ydjdpWUZZcUhhU3oyXC9mQ2c0aEk1UHZyMlBNM09ETXljVTh2dzk2V3l1VkhUQmN0Z3Uwcnc0OEFETDdKMElGaHF5NVE9PSIsIm1hYyI6IjNiNGI0OGU1NjAxZjQ0OTQ3NzUyODQ3ZTdkNGIwZjk1ZTMzNzg0N2M0YzdiOTNmNmI1M2ZhZjZlMjFmNmNkN2QifQ%3D%3D; language=eyJpdiI6InJISGVoeXVPcTJsV1VkTE8rakxTQnYyQzNpbnJzWER3bEZCM1hoT1RxQk09IiwidmFsdWUiOiJXT0haaG9vd1FCdjBiUXF3TEc3SUxcL3FHVzFSUk9cL2p0UVdQRmFVak5pUVU9IiwibWFjIjoiNGJjYTgyYmNlZjI3YjE2ODZiNzgwMTk2YjVlOWVhNTM2NzIxN2Y4YTRmZDQ1NDk3ZDc4ODc1MDViMzc4OTAwYyJ9; 6b11574f7a1ec1a5cd7d4e6cc6b064bbd2c8bac6=eyJpdiI6InB5MUlIQ2hEbVwvWVA2YU1aVzcyTDlCQXNkOXV2eklaUzNXZW5yV2lrcjc0PSIsInZhbHVlIjoicjZwTFZGMW44TWZVbzFEajljazkxRUQ5bFZoSVAzRkRCNkF0SHhmbE9UNWk0SmJCUWNPNzd5NDd5Y1BsamxKXC9EU1FBbGs5VHJYckhVWmZ6bFAyb3N2MXk1VGV4M0w5Zjh1eDBBMm5BajM0OVdUZ3BoWXNrTUNZTlJYNXdhSkl5U2N4b2JLQksyMGxcL1B1SlliXC9qVEJiN2syNmNyTG1xdmJmeEpwV0JXS3VaQ1NkTkhYdnd0QWkxVXJHVlZCU1VhMEFxMXFFeFFKT0JSdnhSWWNtb01zMUlzUGFtM2ZmNlhGMThQdXF0aThvc0pGckc0OU94b0oyUUhvVDBxZnkyRFdjUlpRN2RPbjlPaStWKytMTFdhT2J1QjlBcFpKbHZ0aG5jdDBVcTNiUGJoUnl3YkRCS1kxaFg3c21WV3NWc3p1U3VFT2hoYkxIdEk2ZHVGZzYwNTRwTzhPODE3MjJDbGE2UkJhSmpBakxDYk9ldmhhVGREellEdyt0VzlHa3llIiwibWFjIjoiOTU1Nzc0OTE2YzVlM2QwMjc4YWRkMzc1NmE4YWE3MWRkZDY1ZjM2YjNiMWQ0NWE0MzUwNmY0ODIxODZkMTk5MCJ9; __cf_bm=4X5gKU.9F_m895IJCMLOsUa0hP2Xx8Yak9G267EYD4Q-1674723872-0-AWnX/SV7jNgeSvL+1RxWDcrzBXzur/kn2zJyaSziUEhjbgGM/HFwRJNbTvM33GthD9rjwWdOu3GSh74nG2W/cJo=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:34 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 4415
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814f4da11b50c-OSL
X-Firefox-Spdy: h2
widgets.outbrain.com/images/widgetIcons/achoice.svg
2.18.173.74200 OK 990 B URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 2.18.173.74:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (990), with no line terminators
Hash 5ab8e16b5f46213840bcd403e349419c
f03f6dc8e2206a94119af76f9a3b3c835390cae7
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "5ab8e16b5f46213840bcd403e349419c:1673369393.880194"
last-modified: Tue, 10 Jan 2023 16:40:08 GMT
server: AkamaiNetStorage
content-length: 990
cache-control: max-age=2592000
expires: Sat, 25 Feb 2023 09:04:34 GMT
date: Thu, 26 Jan 2023 09:04:34 GMT
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f5748fe61285ac561342d29f791caa95
590c2a121202a33abc837dd6210aaf0c8f54d3fd
69003e7446655b4935fb38652b1552e4763eab5bede555e53eba97ee304d61e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js
216.58.211.3200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (636)
Size 164 kB (163892 bytes)
Hash f2995e9cc3eedf3359420fb8d714b2ca
bdc68875ff161b35dbe9d8d85241e41c862ec8e3
fbe663b4f0f239aca19a5a2720c2b494ac58a53e0d68288155eb772ae04935c1
GET /recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163892
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 15:41:18 GMT
expires: Wed, 24 Jan 2024 15:41:18 GMT
cache-control: public, max-age=31536000
age: 148996
last-modified: Mon, 16 Jan 2023 01:02:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
95.101.11.115200 OK 344 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6f95f835f7633b1b1bdb106ff851d455
93c3a188310a4ade156ccdedfea364f330a97396
33475ebf80a7ec7a0d9a8069a35a7ebf227afabd6fb44b6c37471d3ec12ba247
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "33475EBF80A7EC7A0D9A8069A35A7EBF227AFABD6FB44B6C37471D3EC12BA247"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20529
Expires: Thu, 26 Jan 2023 14:46:43 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
142.250.74.134200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP 142.250.74.134:0
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 21:51:23 GMT
expires: Thu, 26 Jan 2023 21:51:23 GMT
cache-control: public, max-age=86400
age: 40391
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2ad8c15797af5401de410ba584244a05
5857616e2cfe5fd6a9149d5100e20dc0299c5ee3
a097e324b4707b1b425462c1b5a9f1e27dbe798f32d03ada46e395c4cb09791c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4769
Cache-Control: max-age=112181
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Etag: "63d142b6-1d7"
Expires: Fri, 27 Jan 2023 16:14:15 GMT
Last-Modified: Wed, 25 Jan 2023 14:54:46 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 04fb584bf5028a3fb1f115ed9f529ace
22f06ccfe863a5c8a695d23de11681dc3d4835e9
c7243dabf66c180561ecc8e8a49ae109768641b51357bff356d0bb5331930b19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3511
Cache-Control: max-age=100145
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Etag: "63d1189c-139"
Expires: Fri, 27 Jan 2023 12:53:39 GMT
Last-Modified: Wed, 25 Jan 2023 11:55:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e42c4bc3eb1dde3e47013119de155096
ee735e961b5844018da0625bfd2476ab70500926
689f2b20a0cac8f0b3ad9fcc34ffb152ab8e935a0fb322d8e9fcb21f1a0ae151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fptadtrue-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fouo.press%2F0vk0r4&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=7f6316a5-3317-4086-97c4-d83632f184c6&nocache=1674723871956&aus=300x250&divids=adtrue_ads_12953_2a8g1kialbf3kzvip4a&aucs=adtrue_ads_12953_2a8g1kialbf3kzvip4a&auid=558223497&aumfs=100
34.98.64.218200 OK 79 B URL HTTP/2 fptadtrue-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fouo.press%2F0vk0r4&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=7f6316a5-3317-4086-97c4-d83632f184c6&nocache=1674723871956&aus=300x250&divids=adtrue_ads_12953_2a8g1kialbf3kzvip4a&aucs=adtrue_ads_12953_2a8g1kialbf3kzvip4a&auid=558223497&aumfs=100
IP 34.98.64.218:0
File type JSON data\012- , ASCII text
Hash e5e27dde107b034c0e8fbaefcf73aaf3
54234b0907cba72590bf516ba678e917ae64b30c
ee48bce92aa2cce5429fed895b6fddcf60a6ed37b2844c45a86a980075a4502b
GET /w/1.0/arj?ju=https%3A%2F%2Fouo.press%2F0vk0r4&ch=UTF-8&res=1280x1024x24&ifr=true&tz=0&tws=1280x939&be=1&bc=hb_pb_3.0.3&dddid=7f6316a5-3317-4086-97c4-d83632f184c6&nocache=1674723871956&aus=300x250&divids=adtrue_ads_12953_2a8g1kialbf3kzvip4a&aucs=adtrue_ads_12953_2a8g1kialbf3kzvip4a&auid=558223497&aumfs=100 HTTP/1.1
Host: fptadtrue-d.openx.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept, Accept-Encoding
server: OXGW/0.0.0
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
expires: Mon, 26 Jul 1997 05:00:00 GMT
date: Thu, 26 Jan 2023 09:04:34 GMT
content-type: application/json
content-length: 79
content-encoding: gzip
cache-control: private, max-age=0, no-cache
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 78ed7b7d814d987601b30851546309b5
12a653dabfd738fef99fad2295eec55e4651bc7c
a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1531981ef9429a92d7d8b4f1cbfbf422
f8de480a953b7ea586424919c5d7cb0f4850d257
31972e06370f524818209ead030c043155d5271bca62836b9f2ef097607cbc90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6508
Cache-Control: max-age=94821
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Etag: "63d0f81c-1d7"
Expires: Fri, 27 Jan 2023 11:24:55 GMT
Last-Modified: Wed, 25 Jan 2023 09:36:28 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=22622230589&lsavail=0
178.250.0.165204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.12.0-pre&cb=22622230589&lsavail=0
IP 178.250.0.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.12.0-pre&cb=22622230589&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 406
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 26 Jan 2023 09:04:33 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2ad8c15797af5401de410ba584244a05
5857616e2cfe5fd6a9149d5100e20dc0299c5ee3
a097e324b4707b1b425462c1b5a9f1e27dbe798f32d03ada46e395c4cb09791c
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3128
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Last-Modified: Thu, 26 Jan 2023 08:12:26 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
142.250.74.168200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=GTM-NPLC9ST
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash a3d8049be6f0d9ceb94e227947ed715c
5c0dde9efaed5d59d9d32ccd32fe21899ca5a98c
182ae250c14b891552b31bed09588fea91135126a5e4a149d63d3f0e3e60fae6
GET /gtag/js?id=GTM-NPLC9ST HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Jan 2023 09:04:34 GMT
expires: Thu, 26 Jan 2023 09:04:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 47297
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0bf8fccb276521254634abcdcb4b3f0d
a5b7ffa58daf7d1ea3e312b68533d4d0271348f4
991b03387ddbe0b07a9aee23ea7a98863fa85035cb26e631e0d22a1b999ee487
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.99200 OK 58 kB URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.99:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 24c50146111b719575b473c6c38ac1dc
cdcc6803ac398d876382c49e90005f48960ac0de
a102c18c8f808b2e7d5c9b77f13f3dbf8adcc4a685538c06ba7761f96ea1d52f
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: br
date: Thu, 26 Jan 2023 08:56:04 GMT
expires: Thu, 26 Jan 2023 09:56:03 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: V7sBQuxfoTGXJ-IrDlY7WL2d2-u1zEamasbPQ39Xkag8MJpB3NN4gA==
age: 511
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
185.64.189.112204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP 185.64.189.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 868
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
cache-control: no-cache, no-store, must-revalidate
date: Thu, 26 Jan 2023 09:04:34 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3015
Expires: Thu, 26 Jan 2023 09:54:49 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3015
Expires: Thu, 26 Jan 2023 09:54:49 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3015
Expires: Thu, 26 Jan 2023 09:54:49 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3015
Expires: Thu, 26 Jan 2023 09:54:49 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3015
Expires: Thu, 26 Jan 2023 09:54:49 GMT
Date: Thu, 26 Jan 2023 09:04:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7458f7a9b2070055df6f1d496794e43e
0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9
373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12758
x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9gf1E87oAMFpsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mjK4GJ3UCEuHk4XqmXdZCWHTVvJeX8Z2HFaem2GYzqfqlPSd_h6DfA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 05:14:39 GMT
age: 13795
etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:40 GMT
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
age: 40494
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c331b0423afe4c6888533296b5f275bc
766aba1f8bb596a068f4e611161fa54616f506ed
0551882e8ba5962ca2c3a8634574e75f11321d46f9c901430614a9c73eaeae12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 1c0f08ae-9b11-4c41-a6e9-819343332f34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF-fElWIAMFg8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf838f-6cf92e9d28ec0c9727e7419a;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A9cyJReV84QegjGfuOcBlZ-T6uefiGXXKnIBXIcn3a1x0kRYQ6XI3A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:34:59 GMT
age: 5375
etag: "766aba1f8bb596a068f4e611161fa54616f506ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://track.adtrue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 26 Jan 2023 07:45:20 GMT
expires: Thu, 26 Jan 2023 09:45:20 GMT
cache-control: public, max-age=7200
age: 4754
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13cd008fb3e2739ec7caadadbd427655
c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1
a300a4fde1863c8b806d0557d9f0adaed19e1c612989d7e3f79a7bb45e6e74dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ffb1709-216c-4bf0-9b98-e3a355f000bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8822
x-amzn-requestid: e16ae781-25f3-4b7d-b62b-85b35d6571c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUYRwF2KIAMFjDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a0d7-377f24bd18dea32564b148bd;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Q-kz6GkBHp82E__crWSeqbfxme8c9y1BAAq3TW8NlwJy4eSy7gy7Q==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:07 GMT
age: 40527
etag: "c4802b06b87ab97f3ccd80d1c9bbdb4fab9886c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ed67ca9bce75476cc13c83abe463bc7
242e26653f691852678a2a32fd17d58fb4747126
a54b909a228e7ac3c6a98e553445905cac7664a2a9208af9abba149f11881d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4513
x-amzn-requestid: 4caaaf23-4e35-4a1e-983a-5c556d009ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOi2OG15IAMFxKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b5a-643a67517111200131d532f6;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jIzVB4TdGNZ2zX-NL2DuwBNVA1nLpbd_KFddr_z0B2vQPSt6mNi8Fg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 03:55:11 GMT
age: 18563
etag: "242e26653f691852678a2a32fd17d58fb4747126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CaxCPk4-9yhypamZa96f4IyujB3AMeGmpcYP1UmJtjp275dwFjVOcw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:21:33 GMT
age: 6181
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=99933894046
178.250.0.165200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=99933894046
IP 178.250.0.165:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=99933894046 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 486
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:34 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 11 kB URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (19725), with no line terminators
Hash e3c948ad8ed085aac5b489477f73ae2e
a874f47df2de0c74bbc5b22f0a1f5cd1a0b8a504
601b901fae15a99946157b6c77bbe1203dd19c74c20ff7b3bdba1fb2b5f22093
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ouo.press/
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 473064
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
37.252.171.53200 OK 144 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 37.252.171.53:0
File type JSON data\012- , ASCII text, with no line terminators
Hash bef8c0d6932ae0cd63d6e6d35af7e6ab
5809bec2bfdec2445b0f92f4877bea7f4fdd20f7
98bec8ee5161ea15a69c9530c4b1930febc326b2aa29a5975071496ac3f9289d
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 681
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 144
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: e1e30ce1-2bd7-40e6-b2f2-17271a3d80a2
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
104.18.36.64200 OK 1.0 kB URL HTTP/2 jsc.adskeeper.com/a/d/adtrue.ouo.press.991771.js
IP 104.18.36.64:0
File type ASCII text, with very long lines (2675)
Hash 3e5774cc051dee622677d79fc0487cdb
9b768db703a166a575420dcffe275947c861f990
4f296af028406b181c488fcdfa4d5c96595971396783c40006b92792fbc0490e
GET /a/d/adtrue.ouo.press.991771.js HTTP/1.1
Host: jsc.adskeeper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:34 GMT
content-type: text/javascript
content-length: 1018
x-amz-id-2: qO+VuN1YC18fPCZczj69QNAsXknPIgHcDM92e3ENuIU2bK6Ax09aBdd0Md1mVNs7YaggjOJ1efY=
x-amz-request-id: 7CAQ926Y51BVEJ35
last-modified: Wed, 18 Jan 2023 10:11:47 GMT
etag: "3e5774cc051dee622677d79fc0487cdb"
content-encoding: gzip
x-amz-version-id: _rSJ_J.YB_qzvxsQXIHnJCUoJz3t.X_7
cf-cache-status: HIT
age: 5755
expires: Thu, 26 Jan 2023 13:04:34 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814f9e9eafabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0fac328da1f996105915b748eb891f8a
ab1a16a852751b35d9b47fd5f525d9f21e47369b
6e1d7fa8bed7873094d94d20a35537e0e2f4c15b08c51c0633ca867075724380
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:04:34 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 01:55:53 GMT
Expires: Wed, 01 Feb 2023 01:55:52 GMT
Etag: "ab1a16a852751b35d9b47fd5f525d9f21e47369b"
Cache-Control: max-age=492077,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f814f8bf5db527-OSL
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.42204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 617
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 26 Jan 2023 09:04:34 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
54.230.111.210204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 54.230.111.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Thu, 26 Jan 2023 07:14:03 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UICrGP9r6PLyEuL3QkcfBp-u_c-OiGGq7kh5KLtEuIhTp7xCkrq0cA==
age: 6632
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 7a9d8afdc2039e3c57f2978289bc61f8
6a8bacef90357fbe21dce445a5551e861ccec8db
fd8a85970e5e9a2705e30e9879eb66509f29cc450ae0e183e802438da2c74186
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4660
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Last-Modified: Thu, 26 Jan 2023 07:46:55 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F0vk0r4&pid=nv4CeiX9pTt9O&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
54.230.241.131200 OK 145 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F0vk0r4&pid=nv4CeiX9pTt9O&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 54.230.241.131:0
File type ASCII text, with no line terminators
Hash 3d76a0871bf57ce8540ecb0bf1333763
b75ac12ee4a187303e843a19e97d6f01e6759e4f
17102a4b86e006f431d6aeac0a04d628d2ad3a6a1722a60b8fec94d6ebaf851f
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2F0vk0r4&pid=nv4CeiX9pTt9O&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 145
server: Server
date: Thu, 26 Jan 2023 09:04:35 GMT
x-amz-rid: A924THT9G6SFT17FZ156
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YAXIewxmRvBi0OE1QDX_riAY3v_DLL400-Nml0_LAfSdC5dP_IsOnQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 726f79ed38626e3b7ea4f051cfddd9ce
018c66d36d3db07220b55c1c41b973b3d5cd99aa
4b75473f5c012f09c9ed5303a179cbf3fd526043913687ba1977b223daf73b0b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2246
Cache-Control: max-age=104956
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Etag: "63d13059-13a"
Expires: Fri, 27 Jan 2023 14:13:51 GMT
Last-Modified: Wed, 25 Jan 2023 13:36:25 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 314
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b2aafdafa11867a6d8cdb983186b122e
a5271d7ffd840a1a85c92f57a4afb2679546d420
f2b57d3bfecd984e2b90744a287788533ea75ef9e5b87b1c80526f6ef50a968f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F2B57D3BFECD984E2B90744A287788533EA75EF9E5B87B1C80526F6EF50A968F"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19736
Expires: Thu, 26 Jan 2023 14:33:31 GMT
Date: Thu, 26 Jan 2023 09:04:35 GMT
Connection: keep-alive
static.criteo.net/js/ld/publishertag.prebid.123.js
178.250.0.130200 OK 29 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.123.js
IP 178.250.0.130:0
File type ASCII text, with very long lines (65354)
Hash 20ac2c4462879de5e87bb093a87877fb
0f5424e096ba541b4789ed910e7257493be343cd
cd064793ed5ae178ceaee41fc363174391f70a5813e33124c8483ecf68c0268b
GET /js/ld/publishertag.prebid.123.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: text/javascript
last-modified: Tue, 03 May 2022 11:21:03 GMT
etag: W/"6271101f-15b58"
expires: Fri, 27 Jan 2023 09:04:35 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 2cf12a61c5f3f23abe6f26d2181f908c
7cc44e27a14d87f3a8180a7b3a99f6fbc52f99c8
f0b7a85374c53a3a5e3dc9074aa1587df2e43cbd4835cb777f23ae7492cf2041
GET /syncframe?origin=publishertag&topUrl=ouo.press HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:34 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=6f65e640-8180-46c1-af91-017a4bd09f28; expires=Tue, 20 Feb 2024 09:04:34 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 572894
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
52.94.223.167200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
IP 52.94.223.167:0
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Thu, 26 Jan 2023 09:04:35 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: 42HW41SF6H4WS61NG9FA
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c3fa0acd495f7caf6e73cd7d11915aa1
68214131a41d142e3f8cb2fc73fbc9a0d7ab5040
d343cb2efb8921f99f1acef382f5296d9f582fb8ad8d79b80d49e23bd7606a8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2041
Cache-Control: max-age=158084
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Etag: "63d200ae-139"
Expires: Sat, 28 Jan 2023 04:59:19 GMT
Last-Modified: Thu, 26 Jan 2023 04:25:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c3fa0acd495f7caf6e73cd7d11915aa1
68214131a41d142e3f8cb2fc73fbc9a0d7ab5040
d343cb2efb8921f99f1acef382f5296d9f582fb8ad8d79b80d49e23bd7606a8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2041
Cache-Control: max-age=158084
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Etag: "63d200ae-139"
Expires: Sat, 28 Jan 2023 04:59:19 GMT
Last-Modified: Thu, 26 Jan 2023 04:25:18 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8d045cc52e7c74758a7d3b69efb95611
0f360324db3bdd2a9b0d764b8c344835cffbba9b
4844922df439a325ded6208e274719305ebba57f9c006fa12cc5a5a5f622eee6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4844922DF439A325DED6208E274719305EBBA57F9C006FA12CC5A5A5F622EEE6"
Last-Modified: Mon, 23 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9895
Expires: Thu, 26 Jan 2023 11:49:30 GMT
Date: Thu, 26 Jan 2023 09:04:35 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:35 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf5366877f7c1412a0b9937d6a1a7217
Strict-Transport-Security: max-age=0; includeSubdomains
gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=hineR180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1azhmJTJGSW1TeDFkMCUyRjQwZmw5b01HV2E&idsd=1949332626,-1120868483&cw=1&lsw=1
178.250.0.157200 OK 785 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=hineR180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1azhmJTJGSW1TeDFkMCUyRjQwZmw5b01HV2E&idsd=1949332626,-1120868483&cw=1&lsw=1
IP 178.250.0.157:0
Hash bf4ff2b74af44d3d2e1a9162673d8c3c
d9b3fe8901a4c9cf1e6dc91ce112d5959f7119db
fdd6aeb2bb091499ab812aa108f0fa45138a3fc1b22998e594371d65eeec8707
GET /sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=hineR180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1azhmJTJGSW1TeDFkMCUyRjQwZmw5b01HV2E&idsd=1949332626,-1120868483&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 998201
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
178.250.0.157200 OK 752 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1
IP 178.250.0.157:0
Hash cdd6aa6314c91ed6b5895fd5e8ed995a
6e3e869020304bab25b2ab6044e60300514921e5
20575a7e46d8df9f2c5d701cde12ea3e7949318ca940aa96abab524713fcf4bf
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 1273652
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 30 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
Hash 354b6684cc56c3acdfedd6d702b8f614
70dbcc2bfd7f61d9251e95298b05fb5b9633e914
5361f98f472c1c257f532997a3ad892d8b99f0c39db44e0631a2f85ca72b8fdc
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 01:20:50 GMT
etag: W/"63c74972-162fb"
expires: Fri, 27 Jan 2023 09:04:35 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dda854cb90cda40c6a6dbc19eb186eca
0d23775c5af739aac0a41844d09c704ab850a1bd
7c432d209fcf9dde0ca59bf93f76526d98aab474041f19b2d6fe79942ed3a7e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
142.250.74.34200 OK 4.8 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12776)
Hash 66e246fbebeda1d07f167e9645d4ccd3
1838db0a0b475246a392dce0d14d7a8b26979ff3
64d762859670ae33f3045deed975c7843e04dada5f0dc9be61da03887803ceb7
GET /pagead/render_post_ads_v1.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4767
x-xss-protection: 0
date: Wed, 25 Jan 2023 20:00:07 GMT
expires: Thu, 26 Jan 2023 20:00:07 GMT
cache-control: public, max-age=86400
age: 47068
etag: 12223946614886178233
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/xbfe_backfill.js
142.250.74.34200 OK 3.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/xbfe_backfill.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (1531)
Hash 562506238b9215a693454fbc88d0df5a
165f27696f81a017b433ba8d1d0f8c7cdc677041
b906b51be2742b7cfc21fe2d99515aa1aa51a2af3a1b1b4335792138bde40486
GET /pagead/xbfe_backfill.js HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 3003
x-xss-protection: 0
date: Thu, 26 Jan 2023 08:56:57 GMT
expires: Thu, 26 Jan 2023 09:56:57 GMT
cache-control: public, max-age=3600
age: 458
etag: 2660866305706646737
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shaggyselectmast.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c%3A1%3A1
173.233.137.52200 OK 4.0 kB URL HTTP/1.1 shaggyselectmast.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c%3A1%3A1
IP 173.233.137.52:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6167), with no line terminators
Hash b7505be954352e83d47126f50e271dec
d885b2710d4db0dee5b8bb5175633f595b2e378e
bf1df777956024995ecdf9a9355d6e4ac383171a96f211eb1fbd7dbeceda13f7
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=a9ce8948-7963-4e28-8ffc-1bcfa193493c%3A1%3A1 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Fri, 27 Jan 2023 09:04:35 GMT; secure; SameSite=None
uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; expires=Thu, 02 Feb 2023 09:04:35 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 27 Jan 2023 09:04:35 GMT; secure; SameSite=None
uncs=1; expires=Fri, 27 Jan 2023 09:04:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 27 Jan 2023 09:04:35 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 27 Jan 2023 09:04:35 GMT; secure; SameSite=None
sleced36014633829dc70a42dccaefdf3f11=[3952979]; expires=Thu, 26 Jan 2023 09:04:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e5f28b7d16de5cc677dae25a529d090b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLCLuhCFwAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvR1AZgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy8wdmswcjTyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjE1MTcwNTUwMTfyAsgVCgtQUkVfU0NSSVBUUxK4FTxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGs9dGhpc3x8c2VsZjt2YXIgbD1BcnJheS5wcm90b3R5cGUuaW5kZXhPZj9mdW5jdGlvbihhLGMpe3JldHVybiBBcnJheS5wcm90b3R5cGUuaW5kAS1ULmNhbGwoYSxjLHZvaWQgMCl9OmZ1bgnNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUaWGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kAWtQKGMsMCk7Zm9yKHZhciBlPTA7ZTxhDSlcO2UrKylpZihlIGluIGEmJmFbZV09PT1jDWgMIGU7cgVxDC0xfTsRoDggbShhKXttWyIgIl0oYSkNIgggYX0JEwA9ESgIKCl7HTUAbgE1BGE9Ce44PT09YT9kb2N1bWVudDphFUMkLmNyZWF0ZUVsZQEZGCgiaW1nIikdRQBwIRwMLGUpewHKFGI9ITE7YhlSgGI_ITE6YjthLmdvb2dsZV9pbWFnZV9yZXF1ZXN0c3x8KFoaABA9W10pOwFRFGQ9bihhLhGXBCk7IRgJawBmLtUAGRcEZz1aUwBYLGg9bChnLGQpOzA8PWgmJkFycmF5LnBVBRRzcGxpY2VJBHRnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZSFwA0KCJsb2FkIixmLCExKTtSIwBiOgAQZXJyb3INOxh9O2QuYWRkQnMAPhQAPnAAPiAAAW0-FAAAKDZqAFhiJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIgG-AQoAY163ASQucHVzaChkKX0KWYAEcSgplgRhPTGsNC5jdXJyZW50U2NyaXB0TU8AKDJuAixudWxsOmEpJiYiNzdhUhRhLmdldEENkDhlKCJkYXRhLWpjIik_YToVVzxxdWVyeVNlbGVjdG9yKCdbDSUAPQFEDF0nKX1FNyxyPVJlZ0V4cCgiXmihIuA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNAAQgdBXgAGsFYQxjPVtdBQkEZT0Bxgw7ZG97Qa8YYj1hO3RyeQUMAGRBrRhkPSEhYiYmASQcIT1iLmxvY2EhaiAuaHJlZiliOnsBLZBtKGIuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2goaCl7fWQ9ITF9AV4IZj1kGRcAZgEWDGlmKGYpeQBnPl4ADDtlPWJ1OQQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf9MfX13aGlsZShhJiZiIT1hKTtiPTCF3gBhlf90LTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwArUEAPR11ACmhZBRhPTE7YTyxiUw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEcMDw9ZTstLWWh4UhmPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZSVaCCYmZQVIARsIKTtjBa0QdihiLGfVHRRjLmc_Yy4F-gw6Yy5pAUAAfdEoBCB2odYcKXt0aGlzLmlB1QEJCGc9YxkiAHUdIgh1cmwRJBRoPSEhYzsFLwWIJQrdLwB3dUkUdCgpLGM9-RM8Ij8iKTtzZXRUaW1lb3V0KBGMDTEAZdlWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNtxBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NABm4YoAZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnggpfX0OFwkW3wgoIDA8PWM_YS5zdWIWWgkcKDAsYyk6YX0J4AwucmZsLgIIDTVoZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1EQlZGdkpkUVJxMFRJRUtKeVhCSWFiVEZBZUJsV0RROHVQVURlUmVCTUJXSU9HUUY4ZFI0WEktSGt5emRmTEF1WkREYzg4VS1YQ2tIYkctLXdrZVZ0VzNOWkNkZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGohkaXNwbGF5Om5vbmUiPjwvZGl2PvICmgEKDFBPU1RfU0NSSQ4aDASJARoaDDYIARYQClBhZHMuZy5kb3VibGVjbGljay5uZXQxBjx4YmZlX2JhY2tmaWxsLmpzAWUttQ1TAD6dJCQge3IzcHgoJzE1HqYMHCcpO30pKCk7PesQoxAKEEgBnjRQT1JUX1BBUkFNUxKOEJEkipUAOGFkZmV0Y2g_YWRrPTI3NgFt8Gk4MCZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjE1NCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYkgX3N0YXJ0PTEmoXQRuQhvdW8y_g0QJnN1Yl8NhwBiQY30aQhyLTUwODE2MzImaGw9ZW4mYWNlaWQ9TUQwY3RBQjVITFFBdlg0MEFldC1OQUZWZ0RRQlhvQTBBWlNCTkFIdmdUUUJTNEkwQWVpQ05BSHdnalFCSTRNMEFVdUROQUZaZ3pRQjFJTTBBZlNETkFILWd6UUJfNE0wQVFLRU5BRUtoRFFCQzRRMEFST0VOQUU1aERRQlY0UTBBWTZFTkFHV2hEUUJtWVEwQVoyRU5BR2ZoRFFCcllRMEFibUVOQUczYkVFQlMzTkJBVk56UVFFUkdOb0JXQjVjQWtnZlhBSjlIMXdDX0tKZEFscjVpQUlSX0lnQ0ZmeUlBaVQ4aUFLVk82b0NKMEtxQWp0YXFnTE9ZYW9DX1hpcUFoV0ZxZ0tuaXFvQ2dKdXFBb0dicWdLQ202b0NUYUNxQXFLb3FnSmlycW9DUmNDcUFqM05xZ0oxMnFvQ210dXFBb3pkcWdLZzVhb0NCdkdxQW1yNHFnSW0tNm9DUXZ1cUFuSVNxd0ljRktzQ1l4eXJBZ1FlcXdKM0lhc0NpQ0tyQWp3anF3S2FJNnNDY2lXckFrSW1xd0pVS0tzQ1hTaXJBc0VxcXdMVEtxc0MteXVyQXVjdnF3SThNS3NDb1RDckFnTXhxd0tMTXFzQ1F6T3JBamswcXdJT05xc0NqVHFyQXVVNnF3SU5QS3NDSXp5ckFyVThxd0p3UGFzQ1JUNnJBdTAtcXdMMlBxc0NZai1yQWdoQXF3SlJRYXNDazBHckFvbEVxd0ttUktzQzBVU3JBamhGcXdMT1Jhc0M0VVdyQXFoR3F3SWVSNnNDcDBlckFrQklxd0tVU0tzQ3owaXJBZ1JKcXdKUVNhc0NzVXVyQXA5TXF3STdUYXNDZEUyckFvZE9xd0tSVHFzQ0lFLXJBaUpRcXdJVFVhc0N2VkdyQXZWMEpBVGlzOFVGOEVMY0NTVGhHQXpTcV9zU0E2ejdFcUM1LXhMVHVmc1NJY1g3RWhYSS14TE4wZnNTV3Q3N0VvZjMteEwtQVB3U2t3bjhFajRLX0JLVUN2d1N3Z3I4RXYwS19CSTlDX3dTd3d2OEV1aGIwQk1oeUF3VkQxdzNGX2hXYXhxeDhGa284RGlTTUVjYkIybyZleGs9MTUxNzA1NTAxNyZhd2JpZF9jPUFLQW1mLUNCUHRGYVdkYTNJOGJmYUVrYmpSNW12R3BuMHlnMlRGczdBc19OeTBhNzZfU0ZvUDkxWVdYQVAzQUFXS3E1d0g3N1JpVDIxbjgtYm5jUlpIWFo4N1Y5Si1WSDhVMFNsMVdaTVlVN2RKdXpoWmVOQnd3SFdwa2xHbHlNelZNLUhST3UxS1NnYlg1UjhVLVRjazFYQVFiZVpSeFl3bFB6NWl0eVdydkJqNjJibHp0Z1lscyZhd2JpZF9kPUFLQW1mLUExNDViTFAtdENVVmE1SzBKZjN4R1FaU1JKSmRBRXF3RHpUNXF1ajVsLUFJZG5tOGZURXY0Um52SVZuckxfTE91aVVuNUE2S2M5MWczcnhDNFRfSkdidXpCZlEybVJyaE05cU1NT1Q5ZnRHaGVPSlBjZDVUa0NYMUpFS3ZnVlNxT1M5cFItQ0QxUmRvZmhDa29kenU5cFREbDhneC1CbzdJd3BxWElxbmx6cl8xeXNacGtHSG92cGt1NmxjNzQxNXJxWGRtejVrWVoyMW9ubW9yTEpYd0FTSTd6TmdHQjF2MVhrOXNkT2tqSVYxWGVCM294RmU2aFFNR016Rmx5OHR5ZzczRFpJcmJET0dtWklOelFhSUpBVE03cnRETjF0MHNFMDczWnFoNHkwd1FuU19RcGtYa0FDRHQxTXRUY1BLVWNyQWNHQ2NZR2p0OGhDSzFiMFVKV0FHS2YyMVhDVGlZM2lmbFZ1Ym03RDY5YTNScnVQRHd2NUU3UXdjSklSUDlDMjF1bS1ZWE5OTE8wNUZnNF9vSmJXU0loSWt1RG9xRklSVEZkV1Y5NzFrbXRhTm5BQzU1djFHbTZDaEJPMnN0NlNZQjdnaGlpMEs0RjNQTE1QYVdUNlJ0X0dWb0M4Z1ZKS20zQTJKNXRGYWIzeFV6UVZwWnBmWFBqWnV1NXVJQWZ5STZJN19wRFFHd1Nyb2t5WUEtVE1YMklZd3gzbzRSRUFzYTFOalFxYlpNNG55ZFFJc2R5T1N2Wk92ZHdKaTBTMW5KUzhqSHh0YnNOSzE4a2NUeUxRVHFaTFZrSWR4NWlKQ0piLWtvZjZ0YUpjZ0JTcXdUd0VzNmlTX1BPYm1oMFpRT3RzUURHWVdSenY3RElfZXVuU2E5UEJ0NmEtRklkZzctRzQtekR1b2dGTm9sYURyeVF1NnI0S0U0cGo3U0JkU0NuJmNpZD1DQVFTR3dEVUU1eW1nMHR1ajVkU2hDV25UNm92Z0JjZFdPZEJXcEE4cUJnQklBbyZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMjg2NTEzNDAyMDHIB5LZBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=532ae1bf74546d5127526d1fc7696b2b925ecc54&bdref=https%3A%2F%2Fouo.press%2F0vk0r4&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4&
37.252.171.85200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLCLuhCFwAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvR1AZgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy8wdmswcjTyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjE1MTcwNTUwMTfyAsgVCgtQUkVfU0NSSVBUUxK4FTxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGs9dGhpc3x8c2VsZjt2YXIgbD1BcnJheS5wcm90b3R5cGUuaW5kZXhPZj9mdW5jdGlvbihhLGMpe3JldHVybiBBcnJheS5wcm90b3R5cGUuaW5kAS1ULmNhbGwoYSxjLHZvaWQgMCl9OmZ1bgnNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUaWGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kAWtQKGMsMCk7Zm9yKHZhciBlPTA7ZTxhDSlcO2UrKylpZihlIGluIGEmJmFbZV09PT1jDWgMIGU7cgVxDC0xfTsRoDggbShhKXttWyIgIl0oYSkNIgggYX0JEwA9ESgIKCl7HTUAbgE1BGE9Ce44PT09YT9kb2N1bWVudDphFUMkLmNyZWF0ZUVsZQEZGCgiaW1nIikdRQBwIRwMLGUpewHKFGI9ITE7YhlSgGI_ITE6YjthLmdvb2dsZV9pbWFnZV9yZXF1ZXN0c3x8KFoaABA9W10pOwFRFGQ9bihhLhGXBCk7IRgJawBmLtUAGRcEZz1aUwBYLGg9bChnLGQpOzA8PWgmJkFycmF5LnBVBRRzcGxpY2VJBHRnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZSFwA0KCJsb2FkIixmLCExKTtSIwBiOgAQZXJyb3INOxh9O2QuYWRkQnMAPhQAPnAAPiAAAW0-FAAAKDZqAFhiJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIgG-AQoAY163ASQucHVzaChkKX0KWYAEcSgplgRhPTGsNC5jdXJyZW50U2NyaXB0TU8AKDJuAixudWxsOmEpJiYiNzdhUhRhLmdldEENkDhlKCJkYXRhLWpjIik_YToVVzxxdWVyeVNlbGVjdG9yKCdbDSUAPQFEDF0nKX1FNyxyPVJlZ0V4cCgiXmihIuA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNAAQgdBXgAGsFYQxjPVtdBQkEZT0Bxgw7ZG97Qa8YYj1hO3RyeQUMAGRBrRhkPSEhYiYmASQcIT1iLmxvY2EhaiAuaHJlZiliOnsBLZBtKGIuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2goaCl7fWQ9ITF9AV4IZj1kGRcAZgEWDGlmKGYpeQBnPl4ADDtlPWJ1OQQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf9MfX13aGlsZShhJiZiIT1hKTtiPTCF3gBhlf90LTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwArUEAPR11ACmhZBRhPTE7YTyxiUw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEcMDw9ZTstLWWh4UhmPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZSVaCCYmZQVIARsIKTtjBa0QdihiLGfVHRRjLmc_Yy4F-gw6Yy5pAUAAfdEoBCB2odYcKXt0aGlzLmlB1QEJCGc9YxkiAHUdIgh1cmwRJBRoPSEhYzsFLwWIJQrdLwB3dUkUdCgpLGM9-RM8Ij8iKTtzZXRUaW1lb3V0KBGMDTEAZdlWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNtxBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NABm4YoAZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnggpfX0OFwkW3wgoIDA8PWM_YS5zdWIWWgkcKDAsYyk6YX0J4AwucmZsLgIIDTVoZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1EQlZGdkpkUVJxMFRJRUtKeVhCSWFiVEZBZUJsV0RROHVQVURlUmVCTUJXSU9HUUY4ZFI0WEktSGt5emRmTEF1WkREYzg4VS1YQ2tIYkctLXdrZVZ0VzNOWkNkZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGohkaXNwbGF5Om5vbmUiPjwvZGl2PvICmgEKDFBPU1RfU0NSSQ4aDASJARoaDDYIARYQClBhZHMuZy5kb3VibGVjbGljay5uZXQxBjx4YmZlX2JhY2tmaWxsLmpzAWUttQ1TAD6dJCQge3IzcHgoJzE1HqYMHCcpO30pKCk7PesQoxAKEEgBnjRQT1JUX1BBUkFNUxKOEJEkipUAOGFkZmV0Y2g_YWRrPTI3NgFt8Gk4MCZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjE1NCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYkgX3N0YXJ0PTEmoXQRuQhvdW8y_g0QJnN1Yl8NhwBiQY30aQhyLTUwODE2MzImaGw9ZW4mYWNlaWQ9TUQwY3RBQjVITFFBdlg0MEFldC1OQUZWZ0RRQlhvQTBBWlNCTkFIdmdUUUJTNEkwQWVpQ05BSHdnalFCSTRNMEFVdUROQUZaZ3pRQjFJTTBBZlNETkFILWd6UUJfNE0wQVFLRU5BRUtoRFFCQzRRMEFST0VOQUU1aERRQlY0UTBBWTZFTkFHV2hEUUJtWVEwQVoyRU5BR2ZoRFFCcllRMEFibUVOQUczYkVFQlMzTkJBVk56UVFFUkdOb0JXQjVjQWtnZlhBSjlIMXdDX0tKZEFscjVpQUlSX0lnQ0ZmeUlBaVQ4aUFLVk82b0NKMEtxQWp0YXFnTE9ZYW9DX1hpcUFoV0ZxZ0tuaXFvQ2dKdXFBb0dicWdLQ202b0NUYUNxQXFLb3FnSmlycW9DUmNDcUFqM05xZ0oxMnFvQ210dXFBb3pkcWdLZzVhb0NCdkdxQW1yNHFnSW0tNm9DUXZ1cUFuSVNxd0ljRktzQ1l4eXJBZ1FlcXdKM0lhc0NpQ0tyQWp3anF3S2FJNnNDY2lXckFrSW1xd0pVS0tzQ1hTaXJBc0VxcXdMVEtxc0MteXVyQXVjdnF3SThNS3NDb1RDckFnTXhxd0tMTXFzQ1F6T3JBamswcXdJT05xc0NqVHFyQXVVNnF3SU5QS3NDSXp5ckFyVThxd0p3UGFzQ1JUNnJBdTAtcXdMMlBxc0NZai1yQWdoQXF3SlJRYXNDazBHckFvbEVxd0ttUktzQzBVU3JBamhGcXdMT1Jhc0M0VVdyQXFoR3F3SWVSNnNDcDBlckFrQklxd0tVU0tzQ3owaXJBZ1JKcXdKUVNhc0NzVXVyQXA5TXF3STdUYXNDZEUyckFvZE9xd0tSVHFzQ0lFLXJBaUpRcXdJVFVhc0N2VkdyQXZWMEpBVGlzOFVGOEVMY0NTVGhHQXpTcV9zU0E2ejdFcUM1LXhMVHVmc1NJY1g3RWhYSS14TE4wZnNTV3Q3N0VvZjMteEwtQVB3U2t3bjhFajRLX0JLVUN2d1N3Z3I4RXYwS19CSTlDX3dTd3d2OEV1aGIwQk1oeUF3VkQxdzNGX2hXYXhxeDhGa284RGlTTUVjYkIybyZleGs9MTUxNzA1NTAxNyZhd2JpZF9jPUFLQW1mLUNCUHRGYVdkYTNJOGJmYUVrYmpSNW12R3BuMHlnMlRGczdBc19OeTBhNzZfU0ZvUDkxWVdYQVAzQUFXS3E1d0g3N1JpVDIxbjgtYm5jUlpIWFo4N1Y5Si1WSDhVMFNsMVdaTVlVN2RKdXpoWmVOQnd3SFdwa2xHbHlNelZNLUhST3UxS1NnYlg1UjhVLVRjazFYQVFiZVpSeFl3bFB6NWl0eVdydkJqNjJibHp0Z1lscyZhd2JpZF9kPUFLQW1mLUExNDViTFAtdENVVmE1SzBKZjN4R1FaU1JKSmRBRXF3RHpUNXF1ajVsLUFJZG5tOGZURXY0Um52SVZuckxfTE91aVVuNUE2S2M5MWczcnhDNFRfSkdidXpCZlEybVJyaE05cU1NT1Q5ZnRHaGVPSlBjZDVUa0NYMUpFS3ZnVlNxT1M5cFItQ0QxUmRvZmhDa29kenU5cFREbDhneC1CbzdJd3BxWElxbmx6cl8xeXNacGtHSG92cGt1NmxjNzQxNXJxWGRtejVrWVoyMW9ubW9yTEpYd0FTSTd6TmdHQjF2MVhrOXNkT2tqSVYxWGVCM294RmU2aFFNR016Rmx5OHR5ZzczRFpJcmJET0dtWklOelFhSUpBVE03cnRETjF0MHNFMDczWnFoNHkwd1FuU19RcGtYa0FDRHQxTXRUY1BLVWNyQWNHQ2NZR2p0OGhDSzFiMFVKV0FHS2YyMVhDVGlZM2lmbFZ1Ym03RDY5YTNScnVQRHd2NUU3UXdjSklSUDlDMjF1bS1ZWE5OTE8wNUZnNF9vSmJXU0loSWt1RG9xRklSVEZkV1Y5NzFrbXRhTm5BQzU1djFHbTZDaEJPMnN0NlNZQjdnaGlpMEs0RjNQTE1QYVdUNlJ0X0dWb0M4Z1ZKS20zQTJKNXRGYWIzeFV6UVZwWnBmWFBqWnV1NXVJQWZ5STZJN19wRFFHd1Nyb2t5WUEtVE1YMklZd3gzbzRSRUFzYTFOalFxYlpNNG55ZFFJc2R5T1N2Wk92ZHdKaTBTMW5KUzhqSHh0YnNOSzE4a2NUeUxRVHFaTFZrSWR4NWlKQ0piLWtvZjZ0YUpjZ0JTcXdUd0VzNmlTX1BPYm1oMFpRT3RzUURHWVdSenY3RElfZXVuU2E5UEJ0NmEtRklkZzctRzQtekR1b2dGTm9sYURyeVF1NnI0S0U0cGo3U0JkU0NuJmNpZD1DQVFTR3dEVUU1eW1nMHR1ajVkU2hDV25UNm92Z0JjZFdPZEJXcEE4cUJnQklBbyZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMjg2NTEzNDAyMDHIB5LZBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=532ae1bf74546d5127526d1fc7696b2b925ecc54&bdref=https%3A%2F%2Fouo.press%2F0vk0r4&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4&
IP 37.252.171.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLCLuhCFwAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvR1AZgB2AWgAVqoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAudD4ALDy1nqAhhodHRwczovL291by5wcmVzcy8wdmswcjTyAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM3MjjyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjE1MTcwNTUwMTfyAsgVCgtQUkVfU0NSSVBUUxK4FTxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGs9dGhpc3x8c2VsZjt2YXIgbD1BcnJheS5wcm90b3R5cGUuaW5kZXhPZj9mdW5jdGlvbihhLGMpe3JldHVybiBBcnJheS5wcm90b3R5cGUuaW5kAS1ULmNhbGwoYSxjLHZvaWQgMCl9OmZ1bgnNiGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4iDRoAIRUaWGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kAWtQKGMsMCk7Zm9yKHZhciBlPTA7ZTxhDSlcO2UrKylpZihlIGluIGEmJmFbZV09PT1jDWgMIGU7cgVxDC0xfTsRoDggbShhKXttWyIgIl0oYSkNIgggYX0JEwA9ESgIKCl7HTUAbgE1BGE9Ce44PT09YT9kb2N1bWVudDphFUMkLmNyZWF0ZUVsZQEZGCgiaW1nIikdRQBwIRwMLGUpewHKFGI9ITE7YhlSgGI_ITE6YjthLmdvb2dsZV9pbWFnZV9yZXF1ZXN0c3x8KFoaABA9W10pOwFRFGQ9bihhLhGXBCk7IRgJawBmLtUAGRcEZz1aUwBYLGg9bChnLGQpOzA8PWgmJkFycmF5LnBVBRRzcGxpY2VJBHRnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZSFwA0KCJsb2FkIixmLCExKTtSIwBiOgAQZXJyb3INOxh9O2QuYWRkQnMAPhQAPnAAPiAAAW0-FAAAKDZqAFhiJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIgG-AQoAY163ASQucHVzaChkKX0KWYAEcSgplgRhPTGsNC5jdXJyZW50U2NyaXB0TU8AKDJuAixudWxsOmEpJiYiNzdhUhRhLmdldEENkDhlKCJkYXRhLWpjIik_YToVVzxxdWVyeVNlbGVjdG9yKCdbDSUAPQFEDF0nKX1FNyxyPVJlZ0V4cCgiXmihIuA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNAAQgdBXgAGsFYQxjPVtdBQkEZT0Bxgw7ZG97Qa8YYj1hO3RyeQUMAGRBrRhkPSEhYiYmASQcIT1iLmxvY2EhaiAuaHJlZiliOnsBLZBtKGIuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2goaCl7fWQ9ITF9AV4IZj1kGRcAZgEWDGlmKGYpeQBnPl4ADDtlPWJ1OQQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZz1lLA3LAGMp4DBuZXcgdShnfHwiIikpBdUUYT1iLnBhIdQZhgBhBf9MfX13aGlsZShhJiZiIT1hKTtiPTCF3gBhlf90LTE7Yjw9YTsrK2IpY1tiXS5kZXB0aD1hLWI7Yj1rISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwArUEAPR11ACmhZBRhPTE7YTyxiUw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEcMDw9ZTstLWWh4UhmPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZSVaCCYmZQVIARsIKTtjBa0QdihiLGfVHRRjLmc_Yy4F-gw6Yy5pAUAAfdEoBCB2odYcKXt0aGlzLmlB1QEJCGc9YxkiAHUdIgh1cmwRJBRoPSEhYzsFLwWIJQrdLwB3dUkUdCgpLGM9-RM8Ij8iKTtzZXRUaW1lb3V0KBGMDTEAZdlWGGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNtxBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxACmhtlIEBQAtDTEwIil8fCJ1bmtub3duImHjXCtkKyImc2FtcGxlPSIrZTtiPXdpbmRvdwVYAGY5NABm4YoAZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnggpfX0OFwkW3wgoIDA8PWM_YS5zdWIWWgkcKDAsYyk6YX0J4AwucmZsLgIIDTVoZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyDhTFWHSRRKWQJBNg0eLjICFGF3YmlkJgUG8IZfYj1BS0FtZi1EQlZGdkpkUVJxMFRJRUtKeVhCSWFiVEZBZUJsV0RROHVQVURlUmVCTUJXSU9HUUY4ZFI0WEktSGt5emRmTEF1WkREYzg4VS1YQ2tIYkctLXdrZVZ0VzNOWkNkZyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIxGohkaXNwbGF5Om5vbmUiPjwvZGl2PvICmgEKDFBPU1RfU0NSSQ4aDASJARoaDDYIARYQClBhZHMuZy5kb3VibGVjbGljay5uZXQxBjx4YmZlX2JhY2tmaWxsLmpzAWUttQ1TAD6dJCQge3IzcHgoJzE1HqYMHCcpO30pKCk7PesQoxAKEEgBnjRQT1JUX1BBUkFNUxKOEJEkipUAOGFkZmV0Y2g_YWRrPTI3NgFt8Gk4MCZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjE1NCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYkgX3N0YXJ0PTEmoXQRuQhvdW8y_g0QJnN1Yl8NhwBiQY30aQhyLTUwODE2MzImaGw9ZW4mYWNlaWQ9TUQwY3RBQjVITFFBdlg0MEFldC1OQUZWZ0RRQlhvQTBBWlNCTkFIdmdUUUJTNEkwQWVpQ05BSHdnalFCSTRNMEFVdUROQUZaZ3pRQjFJTTBBZlNETkFILWd6UUJfNE0wQVFLRU5BRUtoRFFCQzRRMEFST0VOQUU1aERRQlY0UTBBWTZFTkFHV2hEUUJtWVEwQVoyRU5BR2ZoRFFCcllRMEFibUVOQUczYkVFQlMzTkJBVk56UVFFUkdOb0JXQjVjQWtnZlhBSjlIMXdDX0tKZEFscjVpQUlSX0lnQ0ZmeUlBaVQ4aUFLVk82b0NKMEtxQWp0YXFnTE9ZYW9DX1hpcUFoV0ZxZ0tuaXFvQ2dKdXFBb0dicWdLQ202b0NUYUNxQXFLb3FnSmlycW9DUmNDcUFqM05xZ0oxMnFvQ210dXFBb3pkcWdLZzVhb0NCdkdxQW1yNHFnSW0tNm9DUXZ1cUFuSVNxd0ljRktzQ1l4eXJBZ1FlcXdKM0lhc0NpQ0tyQWp3anF3S2FJNnNDY2lXckFrSW1xd0pVS0tzQ1hTaXJBc0VxcXdMVEtxc0MteXVyQXVjdnF3SThNS3NDb1RDckFnTXhxd0tMTXFzQ1F6T3JBamswcXdJT05xc0NqVHFyQXVVNnF3SU5QS3NDSXp5ckFyVThxd0p3UGFzQ1JUNnJBdTAtcXdMMlBxc0NZai1yQWdoQXF3SlJRYXNDazBHckFvbEVxd0ttUktzQzBVU3JBamhGcXdMT1Jhc0M0VVdyQXFoR3F3SWVSNnNDcDBlckFrQklxd0tVU0tzQ3owaXJBZ1JKcXdKUVNhc0NzVXVyQXA5TXF3STdUYXNDZEUyckFvZE9xd0tSVHFzQ0lFLXJBaUpRcXdJVFVhc0N2VkdyQXZWMEpBVGlzOFVGOEVMY0NTVGhHQXpTcV9zU0E2ejdFcUM1LXhMVHVmc1NJY1g3RWhYSS14TE4wZnNTV3Q3N0VvZjMteEwtQVB3U2t3bjhFajRLX0JLVUN2d1N3Z3I4RXYwS19CSTlDX3dTd3d2OEV1aGIwQk1oeUF3VkQxdzNGX2hXYXhxeDhGa284RGlTTUVjYkIybyZleGs9MTUxNzA1NTAxNyZhd2JpZF9jPUFLQW1mLUNCUHRGYVdkYTNJOGJmYUVrYmpSNW12R3BuMHlnMlRGczdBc19OeTBhNzZfU0ZvUDkxWVdYQVAzQUFXS3E1d0g3N1JpVDIxbjgtYm5jUlpIWFo4N1Y5Si1WSDhVMFNsMVdaTVlVN2RKdXpoWmVOQnd3SFdwa2xHbHlNelZNLUhST3UxS1NnYlg1UjhVLVRjazFYQVFiZVpSeFl3bFB6NWl0eVdydkJqNjJibHp0Z1lscyZhd2JpZF9kPUFLQW1mLUExNDViTFAtdENVVmE1SzBKZjN4R1FaU1JKSmRBRXF3RHpUNXF1ajVsLUFJZG5tOGZURXY0Um52SVZuckxfTE91aVVuNUE2S2M5MWczcnhDNFRfSkdidXpCZlEybVJyaE05cU1NT1Q5ZnRHaGVPSlBjZDVUa0NYMUpFS3ZnVlNxT1M5cFItQ0QxUmRvZmhDa29kenU5cFREbDhneC1CbzdJd3BxWElxbmx6cl8xeXNacGtHSG92cGt1NmxjNzQxNXJxWGRtejVrWVoyMW9ubW9yTEpYd0FTSTd6TmdHQjF2MVhrOXNkT2tqSVYxWGVCM294RmU2aFFNR016Rmx5OHR5ZzczRFpJcmJET0dtWklOelFhSUpBVE03cnRETjF0MHNFMDczWnFoNHkwd1FuU19RcGtYa0FDRHQxTXRUY1BLVWNyQWNHQ2NZR2p0OGhDSzFiMFVKV0FHS2YyMVhDVGlZM2lmbFZ1Ym03RDY5YTNScnVQRHd2NUU3UXdjSklSUDlDMjF1bS1ZWE5OTE8wNUZnNF9vSmJXU0loSWt1RG9xRklSVEZkV1Y5NzFrbXRhTm5BQzU1djFHbTZDaEJPMnN0NlNZQjdnaGlpMEs0RjNQTE1QYVdUNlJ0X0dWb0M4Z1ZKS20zQTJKNXRGYWIzeFV6UVZwWnBmWFBqWnV1NXVJQWZ5STZJN19wRFFHd1Nyb2t5WUEtVE1YMklZd3gzbzRSRUFzYTFOalFxYlpNNG55ZFFJc2R5T1N2Wk92ZHdKaTBTMW5KUzhqSHh0YnNOSzE4a2NUeUxRVHFaTFZrSWR4NWlKQ0piLWtvZjZ0YUpjZ0JTcXdUd0VzNmlTX1BPYm1oMFpRT3RzUURHWVdSenY3RElfZXVuU2E5UEJ0NmEtRklkZzctRzQtekR1b2dGTm9sYURyeVF1NnI0S0U0cGo3U0JkU0NuJmNpZD1DQVFTR3dEVUU1eW1nMHR1ajVkU2hDV25UNm92Z0JjZFdPZEJXcEE4cUJnQklBbyZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMjg2NTEzNDAyMDHIB5LZBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=532ae1bf74546d5127526d1fc7696b2b925ecc54&bdref=https%3A%2F%2Fouo.press%2F0vk0r4&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4,https%3A%2F%2Fouo.press%2F0vk0r4& HTTP/1.1
Host: fra1-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ed6b671a-3b2f-4246-827a-5440e0fc1761
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
googleads.g.doubleclick.net/pagead/adfetch
142.250.74.34200 OK 32 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/adfetch
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash f5185450231e9689d9f1606a22a544f2
59619d4cdb9f1c4324e563fbe27d8c84afc62b88
2a7ff7edf952ae5211fd4eb28794b482687d98e6f5b36275fa728e4d3e15b96f
POST /pagead/adfetch HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Content-Length: 2065
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 26 Jan 2023 09:04:35 GMT
server: cafe
content-length: 31991
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.firstimpression.io/tracking/habit/v1?b=1
54.230.111.99200 OK 2 B URL HTTP/2 cdn.firstimpression.io/tracking/habit/v1?b=1
IP 54.230.111.99:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /tracking/habit/v1?b=1 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 615
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
date: Thu, 26 Jan 2023 09:04:36 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-request-method: *
access-control-allow-methods: OPTIONS, GET, POST
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tv7VpZBlGsBfOiXfUXqwcqbb_bYErULpIeavLauXD6T-7Xz8KmV2CQ==
X-Firefox-Spdy: h2
shaggyselectmast.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZaSME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQyexD5tcirhfWa3wjRM%2F%2FvbeHAUge8e06egeSjq1u%2FPYRkQ6SdH64Lu53r7LW3O4WiuTbo8qMP0u1Ulyk6l2ViHCTp0XQa2o4I%2BeYKdHo0VQDdPRgrQCxHxHnsI06PpjQRdw8vmMYKIkXMr6HsDiHUEJIOwfQdSH5KAMaxuoa0c29Vm5LuXKB0jI7IzL%2F%2FQJYjMvPHs0g73y8p2XM3tCpyqVOLXlJB9oaQ7SGy4hj5rgNZHoPln0FygrRTQfKzl2nERCsKW7PNaD6YDUW9NdtKEjbrxyyhfhSEUcAm1kg5hEyGUKIPah0U4yMdFImDInPQ4WcubUSJ5zWTOAmCVsgYCwLGGq153uBB2Eo8FGzMvY8864OpPpjZQ2b2sC37MMWvsFsVLHdgc4Iur1AKgtISlJSglARlTlB2q0OubN1W97iyRexPc32ag2qg8%2FY%2BPdR5W6RkPzsnT08M%2B%2BujH7EtzlzBg3nPD%2BeDoFWPOGt6NKxzxqhIeBIkvg8rK0h7ZSJzV54%2B9RiZPH2yQkyPYdUxmHwRtHgBtBw06x7o1iBsedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ65oJF4ivLqIkyhOmtTjURJGMY180Ywb1EduR2y09NJ%2FAAAA%2F%2F8BAAD%2F%2F9XAy12BBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 shaggyselectmast.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZaSME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQyexD5tcirhfWa3wjRM%2F%2FvbeHAUge8e06egeSjq1u%2FPYRkQ6SdH64Lu53r7LW3O4WiuTbo8qMP0u1Ulyk6l2ViHCTp0XQa2o4I%2BeYKdHo0VQDdPRgrQCxHxHnsI06PpjQRdw8vmMYKIkXMr6HsDiHUEJIOwfQdSH5KAMaxuoa0c29Vm5LuXKB0jI7IzL%2F%2FQJYjMvPHs0g73y8p2XM3tCpyqVOLXlJB9oaQ7SGy4hj5rgNZHoPln0FygrRTQfKzl2nERCsKW7PNaD6YDUW9NdtKEjbrxyyhfhSEUcAm1kg5hEyGUKIPah0U4yMdFImDInPQ4WcubUSJ5zWTOAmCVsgYCwLGGq153uBB2Eo8FGzMvY8864OpPpjZQ2b2sC37MMWvsFsVLHdgc4Iur1AKgtISlJSglARlTlB2q0OubN1W97iyRexPc32ag2qg8%2FY%2BPdR5W6RkPzsnT08M%2B%2BujH7EtzlzBg3nPD%2BeDoFWPOGt6NKxzxqhIeBIkvg8rK0h7ZSJzV54%2B9RiZPH2yQkyPYdUxmHwRtHgBtBw06x7o1iBsedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ65oJF4ivLqIkyhOmtTjURJGMY180Ywb1EduR2y09NJ%2FAAAA%2F%2F8BAAD%2F%2F9XAy12BBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZaSME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQyexD5tcirhfWa3wjRM%2F%2FvbeHAUge8e06egeSjq1u%2FPYRkQ6SdH64Lu53r7LW3O4WiuTbo8qMP0u1Ulyk6l2ViHCTp0XQa2o4I%2BeYKdHo0VQDdPRgrQCxHxHnsI06PpjQRdw8vmMYKIkXMr6HsDiHUEJIOwfQdSH5KAMaxuoa0c29Vm5LuXKB0jI7IzL%2F%2FQJYjMvPHs0g73y8p2XM3tCpyqVOLXlJB9oaQ7SGy4hj5rgNZHoPln0FygrRTQfKzl2nERCsKW7PNaD6YDUW9NdtKEjbrxyyhfhSEUcAm1kg5hEyGUKIPah0U4yMdFImDInPQ4WcubUSJ5zWTOAmCVsgYCwLGGq153uBB2Eo8FGzMvY8864OpPpjZQ2b2sC37MMWvsFsVLHdgc4Iur1AKgtISlJSglARlTlB2q0OubN1W97iyRexPc32ag2qg8%2FY%2BPdR5W6RkPzsnT08M%2B%2BujH7EtzlzBg3nPD%2BeDoFWPOGt6NKxzxqhIeBIkvg8rK0h7ZSJzV54%2B9RiZPH2yQkyPYdUxmHwRtHgBtBw06x7o1iBsedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ65oJF4ivLqIkyhOmtTjURJGMY180Ywb1EduR2y09NJ%2FAAAA%2F%2F8BAAD%2F%2F9XAy12BBAAA HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b205b3cbdb35b56fbf8afcd14240bcf
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c0bbc597d82691f0020d6d1e60914306
ba18a55f73b48ea5d6be350ffbc1d43cea13eb98
0e64d8549df6a2e47a5ca2a51a418f45e47e5813924adf4540e0cac817e1667a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E64D8549DF6A2E47A5CA2A51A418F45E47E5813924ADF4540E0CAC817E1667A"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19824
Expires: Thu, 26 Jan 2023 14:35:00 GMT
Date: Thu, 26 Jan 2023 09:04:36 GMT
Connection: keep-alive
cdn.adnxs.com/v/s/231/trk.js
151.101.129.108200 OK 28 kB URL HTTP/1.1 cdn.adnxs.com/v/s/231/trk.js
IP 151.101.129.108:0
File type ASCII text, with very long lines (3174)
Hash 3f3e5176c70a15daa549a047730ce9e1
bffa3987be4f3336bf4079759c4059143364f215
01748b20204714ba2887166c4eac83bac26bd6e0f01c455014a2419e5277b1ca
GET /v/s/231/trk.js HTTP/1.1
Host: cdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 27455
Content-Type: application/x-javascript
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
Content-Encoding: gzip
Cache-Control: max-age=31536000
Expires: Wed, 10 Jan 2024 21:27:38 GMT
Access-Control-Allow-Origin: *
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 26 Jan 2023 09:04:36 GMT
Age: 1337817
X-Served-By: cache-lga13620-LGA, cache-bma1661-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 7, 1940991
X-Timer: S1674723876.087881,VS0,VE0
Vary: Accept-Encoding
fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97
37.252.171.85200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97
IP 37.252.171.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97 HTTP/1.1
Host: fra1-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 9ee55e2d-cfa2-4bf7-9e2b-e2cbb6eebdc3
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.4200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Thu, 26 Jan 2023 10:04:36 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1fca039b34bc82737177821029b88328
6bc87e93e0dcf2c99dad991b25590bdabff87f0c
33515bb7035ae1ce174490de6fcedb2d6cb9feab0346a10bc63dd1d714312878
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1fca039b34bc82737177821029b88328
6bc87e93e0dcf2c99dad991b25590bdabff87f0c
33515bb7035ae1ce174490de6fcedb2d6cb9feab0346a10bc63dd1d714312878
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js
216.58.207.193200 OK 11 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/abg_lite.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1484)
Hash ab795b0b85f414a5b1256230d5c93b78
698a030c07b620abe9f8080649246020ae221c33
572ff84c927aa4f672dd02d45f2d1cb1522a2c1b147892045de57b3aada666d5
GET /pagead/js/r20230124/r20110914/abg_lite.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10810
x-xss-protection: 0
date: Wed, 25 Jan 2023 09:43:36 GMT
expires: Wed, 08 Feb 2023 09:43:36 GMT
cache-control: public, max-age=1209600
etag: 8766511519597269738
content-type: text/javascript; charset=UTF-8
age: 84060
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection.js
216.58.207.193200 OK 10 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/qs_click_protection.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1512)
Hash 789dc0b5533d4fc3a437a4cb7535ab5f
2f3a65d173f0edc1c3d99c4961e77898a0425873
cd3c69a8627bbdac1440d4f782a9bd666da5266ac43dc4dbd6dcdd50de9d7e70
GET /pagead/js/r20230124/r20110914/client/qs_click_protection.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10272
x-xss-protection: 0
date: Wed, 25 Jan 2023 20:31:29 GMT
expires: Wed, 08 Feb 2023 20:31:29 GMT
cache-control: public, max-age=1209600
age: 45187
etag: 11468148672078775617
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1fca039b34bc82737177821029b88328
6bc87e93e0dcf2c99dad991b25590bdabff87f0c
33515bb7035ae1ce174490de6fcedb2d6cb9feab0346a10bc63dd1d714312878
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DBVFvJdQRq0TIEKJyXBIabTFAeBlWDQ8uPUDeReBMBWIOGQF8dR4XI-HkyzdfLAuZDDc88U-XCkHbG--wkeVtW3NZCdg
142.250.74.66204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DBVFvJdQRq0TIEKJyXBIabTFAeBlWDQ8uPUDeReBMBWIOGQF8dR4XI-HkyzdfLAuZDDc88U-XCkHbG--wkeVtW3NZCdg
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/gen_204?id=awbid&awbid_b=AKAmf-DBVFvJdQRq0TIEKJyXBIabTFAeBlWDQ8uPUDeReBMBWIOGQF8dR4XI-HkyzdfLAuZDDc88U-XCkHbG--wkeVtW3NZCdg HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 26 Jan 2023 09:04:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.162200 OK 49 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.162:0
File type ASCII text, with very long lines (3504)
Hash eaf26b8f5900d361a5d447ea72df4752
26b0a44ca382082dde8648abd0a4d949bdf0c664
1334af0b91c26ce21cb75ab69d0c7e9c8ec1f00c0ce946a3689bb9d6fdcc4d37
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 49065
date: Thu, 26 Jan 2023 09:04:36 GMT
expires: Thu, 26 Jan 2023 09:04:36 GMT
cache-control: private, max-age=3000
etag: "1674650782302584"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus.js
216.58.207.193200 OK 1.3 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/window_focus.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1500)
Hash c6be4595650bfa6cbb0839f2fab25529
0ab58af5d6c029935919c889d75455a15f5429a3
bb2b1f1b24360f9d28e6e5e0bcffa6f19111b176cdbd849340673f224a73e92b
GET /pagead/js/r20230124/r20110914/client/window_focus.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1305
x-xss-protection: 0
date: Wed, 25 Jan 2023 20:31:29 GMT
expires: Wed, 08 Feb 2023 20:31:29 GMT
cache-control: public, max-age=1209600
age: 45187
etag: 12828169674928258300
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/one_click_handler_one_afma.js
216.58.207.193200 OK 18 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230124/r20110914/client/one_click_handler_one_afma.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1823)
Hash 4d7b520fae6011f766f11ab41aa171f0
10cd9a4970f5463cb6d91a918bb8c9b35d381b8f
8447fc6c4435c170b88d67909ce75175c1aa4923770b301bb3824ab9fc70440c
GET /pagead/js/r20230124/r20110914/client/one_click_handler_one_afma.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 18064
x-xss-protection: 0
date: Wed, 25 Jan 2023 20:32:03 GMT
expires: Wed, 08 Feb 2023 20:32:03 GMT
cache-control: public, max-age=1209600
age: 45153
etag: 11640667607391808528
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d80f05847356c48aad673a796b772afd
8f4ae86bf7a572c5b674a27efccd5120f36b06d0
78dc859ac3ef69b8e258b776230a61a4617865023997d21341a7a664a8fbc55f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78DC859AC3EF69B8E258B776230A61A4617865023997D21341A7A664A8FBC55F"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9685
Expires: Thu, 26 Jan 2023 11:46:01 GMT
Date: Thu, 26 Jan 2023 09:04:36 GMT
Connection: keep-alive
shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5e%2F2f%2Fd4%2F5e2fd4b3d4c51bdf7b2952c27a9795ef%2F1652872195.html&l=955&fd=144
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5e%2F2f%2Fd4%2F5e2fd4b3d4c51bdf7b2952c27a9795ef%2F1652872195.html&l=955&fd=144
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F5e%2F2f%2Fd4%2F5e2fd4b3d4c51bdf7b2952c27a9795ef%2F1652872195.html&l=955&fd=144 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tpc.googlesyndication.com/simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g
216.58.207.193200 OK 18 kB URL HTTP/2 tpc.googlesyndication.com/simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g
IP 216.58.207.193:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 970x90, components 3\012- data
Hash 5195ed3a37b14c162bb4a90134b95b53
0deff1bf80cf019583a83f213881ab48c1014971
c396244b8f6c944ed5ddea166ae08114e55ef0e8b06e548e7fe470b87a2759b9
GET /simgad/9891241878637235776?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkxcEdb5eFTTr1Wa4FmvHsCQk3G7g HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 18511
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 07:03:23 GMT
expires: Sun, 21 Jan 2024 07:03:23 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Dec 2016 13:03:32 GMT
content-type: image/jpeg
age: 439273
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash f0c61c1d29820684364893ec04cfeed6
0216fa0091f97302456ff3de73cf5660d08590d9
725385d4373d359b0d503191967e65e0ec5c7ea98edd9e4c152bf0cb6ea6e19d
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 30 Jan 2023 06:07:22 GMT
ETag: "0216fa0091f97302456ff3de73cf5660d08590d9"
Last-Modified: Thu, 26 Jan 2023 06:07:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3011
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f81502beb2b529-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b139ef842e1ece23a2fb6810cbb79f0b
75eb76995244c2e1841e0f3283f126cf13a77b04
7287866e126fff5e98015a2750cfe2889271f4f7e4084668e69e939a951243be
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:42:55 GMT
Expires: Wed, 01 Feb 2023 13:42:54 GMT
Etag: "75eb76995244c2e1841e0f3283f126cf13a77b04"
Cache-Control: max-age=534497,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f815029d5fb527-OSL
id5-sync.com/g/v2/806.json
141.95.98.65200 216 B URL HTTP/1.1 id5-sync.com/g/v2/806.json
IP 141.95.98.65:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a5a0830c621ef91009946c93b5ce96df
5c3d31e5bd62152e5bb0bbb73a1ce49c755dbace
d18263f7e9e154e47d7701a3afccb4d4a92929bca36ec5e9ed8ce9fc2174115a
POST /g/v2/806.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 193
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 09:04:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7ad6fd09fbf3d8b4a832252995424258
f090d018c530e46d689d416c86efa2d238bb2df5
8a029043e8142e37a905a5f5300b938b7319afaa3ebcb4c96962f8513594e8a0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A029043E8142E37A905A5F5300B938B7319AFAA3EBCB4C96962F8513594E8A0"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11968
Expires: Thu, 26 Jan 2023 12:24:04 GMT
Date: Thu, 26 Jan 2023 09:04:36 GMT
Connection: keep-alive
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7ad6fd09fbf3d8b4a832252995424258
f090d018c530e46d689d416c86efa2d238bb2df5
8a029043e8142e37a905a5f5300b938b7319afaa3ebcb4c96962f8513594e8a0
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8A029043E8142E37A905A5F5300B938B7319AFAA3EBCB4C96962F8513594E8A0"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11968
Expires: Thu, 26 Jan 2023 12:24:04 GMT
Date: Thu, 26 Jan 2023 09:04:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e739703f7f87386784639edcbbb04dbd
83a98913c0c3c5cde66cd96a67ab50a1cde6bf37
4358cb8830987168faa5ed5937805d6ce1dfba8e5cb1e6c088f4fea4b6e8b5a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4358CB8830987168FAA5ED5937805D6CE1DFBA8E5CB1E6C088F4FEA4B6E8B5A2"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3891
Expires: Thu, 26 Jan 2023 10:09:27 GMT
Date: Thu, 26 Jan 2023 09:04:36 GMT
Connection: keep-alive
match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
15.197.193.217200 OK 63 B URL HTTP/2 match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
IP 15.197.193.217:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 85954621d0b6a675a0b1ce4ee20b3677
a2625c3a21949cf17cb8bd5d9b54a786f36fabe6
70db35c469e04b76ee28bb08df0bc9a981bc60c4121b0f5be8162e91968fe431
GET /track/rid?ttd_pid=pubmatic&fmt=json HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/json; charset=utf-8
content-length: 63
cache-control: private
expires: Sat, 25 Feb 2023 09:04:36 GMT
vary: Origin
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
x-aspnet-version: 4.0.30319
X-Firefox-Spdy: h2
api.rlcdn.com/api/identity/envelope?pid=1258
34.120.133.55401 Unauthorized 19 B URL HTTP/2 api.rlcdn.com/api/identity/envelope?pid=1258
IP 34.120.133.55:0
Hash 63dfbd2b39fe4f536a04e7b32ada47b4
207298c4a215ad5d97d888522927910ae772ba48
26e51290d12b4fea0bb98da3ed118837b744555ba723061771ab3df30000b6b7
GET /api/identity/envelope?pid=1258 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 401 Unauthorized
content-type: text/plain; charset=utf-8
x-content-type-options: nosniff
date: Thu, 26 Jan 2023 09:04:36 GMT
content-length: 19
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
45.133.44.10200 OK 12 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash c07f1baac701b672939b359081f813c7
d38ffbae259aae1e8ad3b38959339bb29da9b69f
85bc8e3de3651f6f03dc381ea4bbaff350d8973c37f598582838677817bf1826
GET /si/e3/38/1c/e3381c2969587380b30458753c6349d5/1674361501.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: image/png
content-length: 12186
server: nginx/1.17.6
last-modified: Sun, 22 Jan 2023 04:25:10 GMT
etag: "63ccbaa6-2f9a"
expires: Sat, 28 Jan 2023 09:04:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.166.9200 OK 534 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.166.9:0
Hash c6a22ff5362a6b9b99531d2fd654ba35
b574ae09962edd83fe30acffeef220d26d6b0964
203a02c03326e8223834dffb0d292185c2a8b36ab66fe6c1d4daf8b4a5a49430
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 134285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0FMEp2p2bM7GOwddMRsJdYvVxViw%2BfnJ%2FmQ5GN26MvbzNnvV7%2FaOMSUAD8lAhUda7QCmv6PVzVdQHycRlRgzVTokeY1YOnMwhtrwY9R20LSMb0uM9%2FWYFtuUbXvoICc1OeS85a5xaIQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f815033a9a76db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fjs%2Fscript.js&l=387&fd=228
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fjs%2Fscript.js&l=387&fd=228
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fjs%2Fscript.js&l=387&fd=228 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b139ef842e1ece23a2fb6810cbb79f0b
75eb76995244c2e1841e0f3283f126cf13a77b04
7287866e126fff5e98015a2750cfe2889271f4f7e4084668e69e939a951243be
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 13:42:55 GMT
Expires: Wed, 01 Feb 2023 13:42:54 GMT
Etag: "75eb76995244c2e1841e0f3283f126cf13a77b04"
Cache-Control: max-age=534497,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f815038e93b527-OSL
shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fstyle.css&l=5214&fd=231
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fstyle.css&l=5214&fd=231
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fstyle.css&l=5214&fd=231 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fanimate.css&l=79245&fd=246
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fanimate.css&l=79245&fd=246
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fsoftware%2Fus%2Fios%2Fdesk-new-big%2Fcss%2Fanimate.css&l=79245&fd=246 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.166.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.166.9:0
File type Web Open Font Format, TrueType, length 72696, version 11.0\012- data
Hash 53d97caea7ef8a12beab745fcc5744e1
b8c70e4f67957e4f2cb809a58d84c773a3bde6d0
542772868e28df6d786b6f00f9dec929cba214d928cb013b32588485b46f8715
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 106098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WgOwGV8xgzKN%2BOki46WZM3bl%2Frt5tTjb%2F%2BFcynbo%2BSeKdQzI3Ce2TPD935%2BjK%2BD5SOpxF41UsvZzuvFqm1xIBna4UIHbdX8XvzjBmaCsbvvGvMZhRFbgt2gJQXhqXiHzyceEpZSG67YG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f815053d3e76db-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shaggyselectmast.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 shaggyselectmast.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
shaggyselectmast.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZHiME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQye9Dyay2vFtZrfiNEz%2Fy%2Ft4UDSx3w7jl5BpKPrm799hCSDZF2frgu7Haus9fe7hSK5tqgy48%2BSLdTXaboXJaJcZCkR9NpaDsi5Jsr0OnRVAF092CsALEcEeexjzg9mtJE3D28YBoriBQxv4ayO4RQQ0g6BNN3IPkpARjH6hrSzr1VbUq6c4HSMToiM%2F%2F%2BA1mOyMwfzyLtfL%2BkZM%2Fd0KrIpU4tekkF2RtCtofIimPkuw5keQyWfwbJCdJOBcnPXqYtJqJWGM02W%2FPBbCjq0WyUJGzWj1lC%2FVYQtgI2sUbKIWQyhBJ9UOugGB%2FpoEgcFJmDDj9zaaOVeF4ziZMgiELGWBAw1ojmeYMHYZR4KNiYex951gdTfTCzh8zsYVv2YYpfYbcqWO7A5gRdXqEUBKUlKClBKQnKnKDsVodc2bqt7nFli9if5vo0B9VA5%2B19eqjztkjJfnZOnp4Y9tdHP2JbnLmCB%2FOeH84HQVRvcdb0aFjnjFGR8CRIfB9WVpD2ykTmrjx96jEyefpkhZgew6pjMPkiaPECaDlo1j3QrUEYedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ27DD0UUR03GeSwY95v1IAo8r8552GwJv4Xcjtho6aX%2FAAAA%2F%2F8BAAD%2F%2F8HIRbuBBAAA
173.233.137.52200 OK 7 B URL HTTP/1.1 shaggyselectmast.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZHiME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQye9Dyay2vFtZrfiNEz%2Fy%2Ft4UDSx3w7jl5BpKPrm799hCSDZF2frgu7Haus9fe7hSK5tqgy48%2BSLdTXaboXJaJcZCkR9NpaDsi5Jsr0OnRVAF092CsALEcEeexjzg9mtJE3D28YBoriBQxv4ayO4RQQ0g6BNN3IPkpARjH6hrSzr1VbUq6c4HSMToiM%2F%2F%2BA1mOyMwfzyLtfL%2BkZM%2Fd0KrIpU4tekkF2RtCtofIimPkuw5keQyWfwbJCdJOBcnPXqYtJqJWGM02W%2FPBbCjq0WyUJGzWj1lC%2FVYQtgI2sUbKIWQyhBJ9UOugGB%2FpoEgcFJmDDj9zaaOVeF4ziZMgiELGWBAw1ojmeYMHYZR4KNiYex951gdTfTCzh8zsYVv2YYpfYbcqWO7A5gRdXqEUBKUlKClBKQnKnKDsVodc2bqt7nFli9if5vo0B9VA5%2B19eqjztkjJfnZOnp4Y9tdHP2JbnLmCB%2FOeH84HQVRvcdb0aFjnjFGR8CRIfB9WVpD2ykTmrjx96jEyefpkhZgew6pjMPkiaPECaDlo1j3QrUEYedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ27DD0UUR03GeSwY95v1IAo8r8552GwJv4Xcjtho6aX%2FAAAA%2F%2F8BAAD%2F%2F8HIRbuBBAAA
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWskRRSuXrMHWRAUD3oQGvWgYCbd0z2ZHiME4xoJrkncrATES3VV9aQ2NV1NVff0JAhGF2QvwogHPXa%2BSTasLuLiVVEme5GcMh6WHIw%2FwIsgeJaZDAQfVL336nuH7%2Fvqfb5fnBMPBT1bf0%2FvSqXoXKPmua9sypTr0rqrt1zfq3kL7qZM58MFtze%2BTPd132vUvFfddwTb1nN1z%2Fc83%2FPdZWlEontzExQye9Dyay2vFtZrfiNEz%2Fy%2Ft4UDSx3w7jl5BpKPrm799hCSDZF2frgu7Haus9fe7hSK5tqgy48%2BSLdTXaboXJaJcZCkR9NpaDsi5Jsr0OnRVAF092CsALEcEeexjzg9mtJE3D28YBoriBQxv4ayO4RQQ0g6BNN3IPkpARjH6hrSzr1VbUq6c4HSMToiM%2F%2F%2BA1mOyMwfzyLtfL%2BkZM%2Fd0KrIpU4tekkF2RtCtofIimPkuw5keQyWfwbJCdJOBcnPXqYtJqJWGM02W%2FPBbCjq0WyUJGzWj1lC%2FVYQtgI2sUbKIWQyhBJ9UOugGB%2FpoEgcFJmDDj9zaaOVeF4ziZMgiELGWBAw1ojmeYMHYZR4KNiYex951gdTfTCzh8zsYVv2YYpfYbcqWO7A5gRdXqEUBKUlKClBKQnKnKDsVodc2bqt7nFli9if5vo0B9VA5%2B19eqjztkjJfnZOnp4Y9tdHP2JbnLmCB%2FOeH84HQVRvcdb0aFjnjFGR8CRIfB9WVpD2ykTmrjx96jEyefpkhZgew6pjMPkiaPECaDlo1j3QrUEYedhN7%2BtC1zIjrAXXFbL8KvIdZ1%2Bdk%2BcnBN54fwOCnSw%2Beu6r%2FKfbn4CZCpmpcFs%2BImiru4ObuiQHN3VpycO1LJcduUvHv7mR01zMfPuu2Cm14SvXbf%2F%2Bm2wMjMsHt4TNb9CUy7RtyXdLknNhlrVhgvy8YjdFvF7YraXCpEV2Y%2F2t5ZXOhKDU6RBUjgj59GMwOSLXnHSyqW7vHNIMYYoKneKETANSH4Nle7DZyeLXX6z9ucA%2FhNUERl3OxJmDsqgGph5fPipJoMRlT%2BMKVlyaEIuTX%2F6%2BwPbtXbSNA5rfmexn11ToqgpU9WGLJwZ5Zk4Wfw8mgVg5g1gZ5yBWRn15Ya6VZ27DD0UUR03GeSwY95v1IAo8r8552GwJv4Xcjtho6aX%2FAAAA%2F%2F8BAAD%2F%2F8HIRbuBBAAA HTTP/1.1
Host: shaggyselectmast.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=a9ce8948-7963-4e28-8ffc-1bcfa193493c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleced36014633829dc70a42dccaefdf3f11=[3952979]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e523a380b4f6b20b8e5332f43cc454ed
Strict-Transport-Security: max-age=0; includeSubdomains
fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=nv&nvt=5&jm=1003&px=271&py=1840&bw=728&bh=90&sid=5568807031777972492&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
37.252.171.85200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=nv&nvt=5&jm=1003&px=271&py=1840&bw=728&bh=90&sid=5568807031777972492&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2
IP 37.252.171.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=nv&nvt=5&jm=1003&px=271&py=1840&bw=728&bh=90&sid=5568807031777972492&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&sw=1280&sh=1024&pw=1268&ph=1793&ww=1280&wh=939&ft=2 HTTP/1.1
Host: fra1-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 02e5b5b6-2d3f-41b4-aa96-88ae6e095b92
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
id.crwdcntrl.net/id
34.243.201.47200 OK 43 B IP 34.243.201.47:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90eeff5111bbbdce769d4130cc3cca3c
d62886c1a85d51814cb7f124761c5e6aca6d8933
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
GET /id HTTP/1.1
Host: id.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:37 GMT
content-type: application/json;charset=utf-8
content-length: 43
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.1.45
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
server: Jetty(9.4.38.v20210224)
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
2.18.172.200200 OK 5.6 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=155495
IP 2.18.172.200:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15889), with no line terminators
Hash 18a6bc0e051c0767f814f63ff07e65f9
8fbe4eb399d8501b90276723d38c9ffb4ab483fa
26341482a8d6c8384b2cb91aba95833ac2002bd284ff690adbd2009bf76cb95b
GET /AdServer/js/user_sync.html?kdntuid=1&p=155495 HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5554
content-type: text/html
cache-control: max-age=21473
expires: Thu, 26 Jan 2023 15:02:30 GMT
date: Thu, 26 Jan 2023 09:04:37 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=HrefRV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bTMyYWxSNlBSNyUyRkVsZThFV3NYb05m&idsd=1949332626,-1120868483&cw=1&lsw=1
178.250.0.157200 OK 389 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=HrefRV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bTMyYWxSNlBSNyUyRkVsZThFV3NYb05m&idsd=1949332626,-1120868483&cw=1&lsw=1
IP 178.250.0.157:0
Hash c1f816b2d88e27053d2f548881ad72d2
ecee96e795a8cbcb019b8efc188f5b8494da12b5
5e50831b94d5ca632b623a775d1dfde245be9c977f2b176b17ddab2812e16f63
GET /sid/json?origin=publishertag&domain=ouo.press&sn=FirefoxSyncframe&so=3&topUrl=ouo.press&bundle=aof4oF92ZTNqVHZ2c2F1S2toODA1bVdSY3h5RGIlMkJvSlVXaFZoejl3UVhGTEhmREM1eW1pSFJmbVB4UUk1ZDcwT0V5QlBKNGJiUHJOVGN4SE90UzRYYkQyWUhGYWwlMkJDOUY1WDBZWnBkNzh4cHQxYWt2Q3diWlNtMkN4Q1RDcDR3aG1wJTJCWg&info=HrefRV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bTMyYWxSNlBSNyUyRkVsZThFV3NYb05m&idsd=1949332626,-1120868483&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1231419
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
198.47.127.19200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP 198.47.127.19:0
File type ASCII text, with no line terminators
Hash 6e46f6eb73854926e77dd506314ed38b
62120b9e3795e8cceefe9d9c3ed98606c47a8515
33e9d94589a328ac6ef61219d158c757991da0fe020426b57b7bb98ffb74fcdb
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Wed, 26 Apr 2023 01:14:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 26 Jan 2023 09:04:36 GMT
content-length: 60
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=FB69D665-5F7E-446C-9AFB-8C149A7D9B36&rs=3&gdpr=0&gdpr_consent=&us_privacy=
198.47.127.20200 OK 1.3 kB URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=155495&sc=1&u=FB69D665-5F7E-446C-9AFB-8C149A7D9B36&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP 198.47.127.20:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720)
Hash 720609e7543ecf45c02d092fc4b1c4d4
d8ac9e75ff32bc18541f8436305c54c0ef43a5da
83eb8844ad128855adaa6030058c2317ae1c6f3901183153d6de4e070b5dcbac
GET /AdServer/SPug?o=1&p=155495&sc=1&u=FB69D665-5F7E-446C-9AFB-8C149A7D9B36&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:04:37 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=pv&jm=1003&px=271&py=1840&bw=728&bh=90&sf=1&sid=5568807031777972492&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2
37.252.171.85200 OK 0 B URL HTTP/1.1 fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=pv&jm=1003&px=271&py=1840&bw=728&bh=90&sf=1&sid=5568807031777972492&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2
IP 37.252.171.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2F0vk0r4&e=wqT_3QLvBejvAgAAAwDWAAUBCKKEyZ4GEKPGttuQ8b3vfhgAKjYJXjC45o7-hz8RL_-dxFLqgz8ZAAAAIIXr0T8hLw0SACkRJMgxAAAAQOF6lD8w3d2KCTjRGEDlHkhlUKeiyyVY0ZdlYABozMw_eJLZBYABAYoBA1VTRJIFBvBemAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC50PgAsPLWeoCGGh0dHBzOi8vb3VvLnByZXNzLzB2azByNIADAIgDAZADAJgDF6ADAaoD5wEKvwFodHQFLnBwYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQ0eRC9nZW5fMjA0P2lkPWF3YmlkJgUG9GkBX2I9QUtBbWYtREtqVFdmdnNKa3U2NjdjemdKSnlWVnh0b0oweThRc0xnaXdEM2YxdmV2Y0M1LTFyclFzWmZpMkFWbmEwc2E5Y1hiQ2JrUHRFQUhZZm42OS1NcHE4amZuYmp4MlEmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTOTE0MjAxNjQ2MTU4MzAwMDM1NSIINzg4Mjc4MTUqBDM5NDHAA6wCyAMA2APcoKcB4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDkxLjkwLjQyLjE1NKgEALIEDwgAEAEY2AUgWigAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASnossliAUBmAUAoAWMz9PcgJ-YvzrABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXDwQ_6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAANP7AQABgA4AYB8gYCCACABwGIBwCgBwGqBwsyODY1MTM0MDIwMcgHktkF0gcNCQAdNAzaBwYICT1kBwDqBwIIAPAH_PYLiggCEACVCAAAgD-YCAE.&s=2e36cc287b47f4b722b1f030542ca418f3a0ea97&type=pv&jm=1003&px=271&py=1840&bw=728&bh=90&sf=1&sid=5568807031777972492&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=19050205&ft=2 HTTP/1.1
Host: fra1-ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: f9abeaba-5afc-4842-8e19-73b0b022c406
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash d3577c5d8820c627792eba0ba7be3253
1af50dcc5263fe7129aa0443d4663dd51c963c80
8eba5a5ad866c75de07894353c2224803ab4ab14c82b4741db7bee6c221ed72d
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 26 Jan 2023 09:04:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 25 Jan 2023 22:56:34 GMT
Expires: Thu, 26 Jan 2023 22:56:34 GMT
ETag: "1af50dcc5263fe7129aa0443d4663dd51c963c80"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
acdn.adnxs.com/dmp/async_usersync.html
151.101.1.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.1.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 18 Jan 2023 06:44:40 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 26 Jan 2023 09:04:38 GMT
Age: 8381
X-Served-By: cache-lga13626-LGA, cache-bma1669-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 5, 36667
X-Timer: S1674723879.886145,VS0,VE0
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 26 Jan 2023 09:04:38 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18573)
Hash c1af05efaf469b405840b25655c6a6b9
97cfe74adeb79d23701f541b57fe2805062c8985
2027e8fa10c090ed9e9086f48ba3511d9bbd1dcd4202600baef0c3952a9a3322
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 26 Jan 2023 07:41:46 GMT
Content-Encoding: gzip
Content-Length: 10037
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=81459
Expires: Fri, 27 Jan 2023 07:42:17 GMT
Date: Thu, 26 Jan 2023 09:04:38 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.53307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: b2f72fbe-689a-4f65-8c0a-73e756ce9751
Set-Cookie: uuid2=4303460017693683564; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 26-Apr-2023 09:04:38 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.53200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 4c40058f-7740-4cf0-b707-0956dd62394f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
match.adsrvr.org/track/cmf/rubicon
15.197.193.217200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/rubicon
IP 15.197.193.217:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/rubicon HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:39 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
token.rubiconproject.com/token?pid=25470
69.173.144.139204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470
IP 69.173.144.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
token.rubiconproject.com/token?pid=2974&pt=n&a=1
69.173.144.139204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1
IP 69.173.144.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7a278aed7e9155ee683885a0b3bc5623
d0709f1a94f99c0de07de3caef4410818a16fda2
ae744ee0d16695b4f646bed4d7b81c4099ce887ca59cad66e30c6d4bd71a37cf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5833
Cache-Control: max-age=85187
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:04:39 GMT
Etag: "63d0d521-1d7"
Expires: Fri, 27 Jan 2023 08:44:26 GMT
Last-Modified: Wed, 25 Jan 2023 07:07:13 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
pixel.rubiconproject.com/exchange/sync.php?p=a9us
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif
ad.turn.com/r/cs?pid=6
46.228.164.11302 Found 0 B IP 46.228.164.11:0
ASN #56396 Amobee EMEA Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r/cs?pid=6 HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=2874230902271005175; Domain=.turn.com; Expires=Tue, 25-Jul-2023 09:04:39 GMT; Path=/; Secure; SameSite=None
location: https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=2874230902271005175&expires=60&gdpr=&gdpr_consent=
content-length: 0
date: Thu, 26 Jan 2023 09:04:38 GMT
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/rubicon?zcc=1&cb=1674723879210
213.19.147.44302 Found 0 B URL HTTP/2 sync.1rx.io/usersync2/rubicon?zcc=1&cb=1674723879210
IP 213.19.147.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usersync2/rubicon?zcc=1&cb=1674723879210 HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 26 Jan 2023 09:04:39 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
location: https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=OPTOUT&expires=30
etag: OPTOUT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 92aa6eb9c361775a4c8f6b87087bc37f
95a2ac48bea2f71ac00957ca5a343eff5828ab13
0a0357e20ac72831e96f935615f5a91fe42d3dc4978fdfd6234187bb7a4966ba
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=131820
Date: Thu, 26 Jan 2023 09:04:39 GMT
Etag: "63d19a06-1d7"
Expires: Fri, 27 Jan 2023 21:41:39 GMT
Last-Modified: Wed, 25 Jan 2023 21:07:18 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mG-02HTjynZKsMlCt4CsN_4QiCcZv2uj7w__XWYzvyO6lJwjpaS1QA==
Age: 2062
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 3fe804b07c6e8ca0c284f3ce83674a54
310640d9d60b7ede5751a0b0ccd4df662bd400f1
145b95bcb23617cea0b1901b7aa08dd3dc0880e49d837c45d65f1a1b556be9f2
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 26 Jan 2023 09:04:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 25 Jan 2023 20:02:56 GMT
Expires: Thu, 26 Jan 2023 20:02:56 GMT
ETag: "310640d9d60b7ede5751a0b0ccd4df662bd400f1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=2874230902271005175&expires=60&gdpr=&gdpr_consent=
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=2874230902271005175&expires=60&gdpr=&gdpr_consent=
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=4212&nid=1185&put=2874230902271005175&expires=60&gdpr=&gdpr_consent= HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif
um2.eqads.com/um/rc
52.0.74.68302 Found 41 B IP 52.0.74.68:0
File type HTML document, ASCII text
Hash 35da0475e9e65a74daebc3cac6184121
febc72e58fa17b96de9aa3a949ce5c3183d492c6
72afbcab808546c6e31a434b250a74e47085054ee1ba016bc2f55a2985d9148f
GET /um/rc HTTP/1.1
Host: um2.eqads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 26 Jan 2023 09:04:39 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/rc&eq_cc=1
set-cookie: EQUser=UID=266f4dd2-1097-4231-adf6-4dfb4eb43194; Path=/; Domain=eqads.com; Expires=Wed, 26 Apr 2023 09:04:39 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
match.deepintent.com/usersync/143
169.197.150.8200 OK 0 B URL HTTP/2 match.deepintent.com/usersync/143
IP 169.197.150.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usersync/143 HTTP/1.1
Host: match.deepintent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Thu, 26 Jan 2023 09:04:39 GMT
server: b
X-Firefox-Spdy: h2
um2.eqads.com/um/rc&eq_cc=1
52.0.74.68200 OK 0 B URL HTTP/2 um2.eqads.com/um/rc&eq_cc=1
IP 52.0.74.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /um/rc&eq_cc=1 HTTP/1.1
Host: um2.eqads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:39 GMT
content-length: 0
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
37.252.171.53307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 2c50ab1d-3db5-4fc4-8d0a-cd5b86014619
Set-Cookie: uuid2=7543742984118411964; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 26-Apr-2023 09:04:39 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
37.252.171.53200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:04:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: c31da74c-8d1a-4806-a314-cf78b30c9fb1
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: browser_data=HrefRV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bTMyYWxSNlBSNyUyRkVsZThFV3NYb05m
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:37 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=b-M4h180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1a2RsbkNxajVyTUNyWU1Nd2ZJcW4wRg; expires=Tue, 20 Feb 2024 09:04:37 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 297741
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=dck16180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bms5ekxFaFlsOThvaEw4WENDbnl3Yg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=hineR180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1azhmJTJGSW1TeDFkMCUyRjQwZmw5b01HV2E; expires=Tue, 20 Feb 2024 09:04:35 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 220202
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.14200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.14:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 106195
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/animate.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: text/css
last-modified: Wed, 17 Feb 2021 11:44:02 GMT
etag: W/"602d0182-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 134285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rF8qLaxYCGmRxoL6K%2FlGmnM5OAE97KK24ECwVAJRD1bqpXFl3%2F1GFhFJlEzPAlCSS96gcEtaGWgVi2BAW0Bp%2FpTtWoPkiUZ4nMOfB3wYAq6A%2FLmsBMDN%2FnF9HduXlmZKTuz%2B0NastNi6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f815034abd76db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.113.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.113.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.113.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: text/javascript
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
etag: W/"6138b197-1532d"
expires: Fri, 27 Jan 2023 09:04:36 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Questrial
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.138:0
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 26 Jan 2023 09:04:33 GMT
date: Thu, 26 Jan 2023 09:04:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ouo.io/0vk0r4
104.22.22.162302 Found 0 B IP 104.22.22.162:0
GET /0vk0r4 HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/0vk0r4
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6Im95Z2R0MHE0TGJ0aE44bW1lTVwvRFlXOGVlSnVUa3Bsclc2VjRzaUs4ZVNJPSIsInZhbHVlIjoiNWhaTGFRcDhNQnRhQ3NQS2tmYnhZclBIWEZvSllET3h3MHhsOExoSTRVWXFnZGQ2dUY5K05mdmZaZXgrR1o5cXlDcFV5M3Y1R0JcL3VYc2cyMGdGc0FBPT0iLCJtYWMiOiJiNTQ5NTdhYzE3MDQ2OWJkNTRjOGNjOGU3ZjY0MDQ4MDc2ZGEyNzdhNTVjMzFkZDljNWFiNTYyYmJkZjQ4NjUxIn0%3D; path=/; httponly
language=eyJpdiI6InpFM3NDSXBLdFlNSkdJcWRMN3FlQjRhRlg4NnlRSHRwaDFGc2tsWVJZQkU9IiwidmFsdWUiOiJLdjU1c0JYYXFDc25kY0lKc2t2REVoQzdDc3ZBM09rRFwvM0pIQXdIbkhTWT0iLCJtYWMiOiJkM2MyMzFlNmY1Y2NiMDFhZGU5NjM5MzY1NjA3YTk1OWU4MWZhYzI0Mzc4NzFhYjJiYmU2ZTQ2Mzc3MjEyMDBhIn0%3D; expires=Tue, 25-Jan-2028 09:04:32 GMT; Max-Age=157680000; path=/; httponly
d9b0da8daeb656867fa8f229997b0b7636006b20=eyJpdiI6IlwvZGlFdnljRGtCVno5a2tobVBHdzQ5bEZwcUM1Y29QR0FxeDRSYzlKM2c0PSIsInZhbHVlIjoiYmRVRzdkUXNDT0xSTFVVM1lKTzF5WnQ5K3NPREFzZUx1cXB2azhtQiszbExXRWMrZXhYcTA0Q3ZGRDVhcHlna3lCWkhkXC80SkFiOEhtbnU4dWRzOUl5UDZNMjBkQ3ZRYUZRS1dZZ0hSY2srZmV1a1FIVDRrWWRpN2xNSkM2RVwvRStKcDUzU3VVdTFOcTFsRU5Db0dEb25MeGR4YTRFVmZ2WmppVFQyMktBeUczSG4wbnNyeTU5amVZa0p0STRPN2MxTHI4ckU4Wkc0YlN0ajBTSXZpK3VnNnQzRjNDSUdBYU1IRmZjalwvTEt0WmVSVCtLUnlhSjQ0ek1sV1hWTW4xMTNwcXVcL3orTXBVdUtQcDFNV3FlanhFXC93WUpVS09leGdldjVwaUQzV3A2K1J5UklaZUxuZkg4Q2xGNDFBRERmSnQwdWpJSTZlNTVBZlFMRStOZzBEWEE9PSIsIm1hYyI6ImE5MzkzNGM2MmM2OTZjZWEwMTM0YTk3NTBkY2QwM2YzNDBhZThmNTA1NmNjMmJiOTlkMmU4YjA4MDFjNTYyYzkifQ%3D%3D; expires=Thu, 26-Jan-2023 11:04:32 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f814e92f1cb509-OSL
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
104.16.87.20200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP 104.16.87.20:0
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.15.0
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
x-served-by: cache-fra-eddf8230118-FRA, cache-yyz4553-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 41444
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afiI%2FzOVauipeQzwWrN8ZstnG4C2%2B1wT7WnNIOyUs3dFBsHMrSp9P4uI%2FrMwzQVJ88K4sA0ea72cu6o2WRLwtMOeSQDnT2R26qYzPi566Wvxt3wTTgT%2BAjOnH%2FZ7UmtUHN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78f814f4b908b505-OSL
content-encoding: br
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
54.230.111.99200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP 54.230.111.99:0
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 26 Jan 2023 08:56:04 GMT
expires: Thu, 26 Jan 2023 09:56:03 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: EDR8JxFRGBRhIkscscmz_RzMfCQzYCn9kcORFeNXtwV8aDi4ykiPcQ==
age: 510
X-Firefox-Spdy: h2
cdn.adtrue.com/rtb/async.js
104.21.95.131200 OK 0 B URL HTTP/2 cdn.adtrue.com/rtb/async.js
IP 104.21.95.131:0
GET /rtb/async.js HTTP/1.1
Host: cdn.adtrue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: application/javascript
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
etag: W/"5fb1d3ed-1c9f"
expires: Sun, 24 Sep 2023 03:46:20 GMT
cache-control: max-age=31104000
access-control-allow-origin: *
cf-cache-status: HIT
age: 10300692
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maMEmr4nC6tR%2FoaLIkUXnBajcMtGGJAcBvpD5elaQONu%2FLhbGUITFmAcE5%2FrIs9IIMbTcDYyYVOPo8Ji9B8z9gcUTpQ7ipt4bZ32rZZD2TVnfrSxTc5J1HGszKACkyagiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814ee38c3b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sync.1rx.io/usersync2/rubicon
213.19.147.44302 Found 0 B URL HTTP/2 sync.1rx.io/usersync2/rubicon
IP 213.19.147.44:0
GET /usersync2/rubicon HTTP/1.1
Host: sync.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 26 Jan 2023 09:04:39 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-50a59cbf-108a-4edf-8fb8-c48f3f76058a-003%22%2C%22zdxidn%22%3A%222013%22%7D; path=/; expires=Fri, 26 Jan 2024 09:04:39 GMT; domain=.1rx.io; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://sync.1rx.io/usersync2/rubicon?zcc=1&cb=1674723879210
etag: RX50a59cbf108a4edf8fb8c48f3f76058a003
X-Firefox-Spdy: h2
ecdn.analysis.fi/static/js/fab.js
54.230.111.8200 OK 0 B URL HTTP/2 ecdn.analysis.fi/static/js/fab.js
IP 54.230.111.8:0
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Thu, 26 Jan 2023 08:55:59 GMT
expires: Thu, 26 Jan 2023 09:55:57 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-1090"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MOdKDLUD58fahCmR_JBj_5SzBf4k_9xNO2hmPp8f4Rk4UBmm3pbL9g==
age: 516
X-Firefox-Spdy: h2
c.amazon-adsystem.com/aax2/apstag.js
54.230.111.210200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 54.230.111.210:0
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 26 Jan 2023 08:12:48 GMT
last-modified: Wed, 25 Jan 2023 21:28:24 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront), 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
etag: W/"8a6d0f2d51de2b80e524e04684f71215"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-P1
x-amz-cf-id: JcvDYqaxW_mnKhSTnHxZzFQV7Um2jyplFhjZIdc8IY_LtcK8sg793Q==
age: 3107
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/css/style.css
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: text/css
last-modified: Thu, 23 Sep 2021 12:16:53 GMT
etag: W/"614c7035-145e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 134285
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wlkkm6xHqjM9HYf%2BWuhuapz1gRKKWxsrfjSrj%2FfHfJi3dF1wKaZ20IaZEgX%2BQHSQbbGEWB2yXJlj6QiLwWP0PNMnydX%2FzQSukPfuN4Es9oa9CcYhuzchY%2Fy0IwEjtx%2B%2FEjVku9g%2Fpj%2F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f815033a9e76db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=hineR180M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1azhmJTJGSW1TeDFkMCUyRjQwZmw5b01HV2E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=HrefRV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czYwWXg3Y0JRRnRjciUyRk8yNDFldzZ1bTMyYWxSNlBSNyUyRkVsZThFV3NYb05m; expires=Tue, 20 Feb 2024 09:04:36 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 317494
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.199200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.199:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 118898
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
54.230.111.99200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 54.230.111.99:0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Thu, 26 Jan 2023 09:04:34 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HvwHADnee4sT-PK_m-uNImE8xX9Yy3m6o6ySb5qM1oVBIj0lf5nvrA==
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.199200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.199:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 126999
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.14200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.14:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101692
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.22.58.251200 OK 0 B URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.22.58.251:0
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/0vk0r4
Cookie: ouoio_session=eyJpdiI6Im53czFWZ2dHbGVEaTE1MDlFQnU0dUQ4N3B6OVY5ZUVJOFJvVytpcXRLKzg9IiwidmFsdWUiOiJ1ZW02QXdVdGl4UU1KTFFhYW8ydjdpWUZZcUhhU3oyXC9mQ2c0aEk1UHZyMlBNM09ETXljVTh2dzk2V3l1VkhUQmN0Z3Uwcnc0OEFETDdKMElGaHF5NVE9PSIsIm1hYyI6IjNiNGI0OGU1NjAxZjQ0OTQ3NzUyODQ3ZTdkNGIwZjk1ZTMzNzg0N2M0YzdiOTNmNmI1M2ZhZjZlMjFmNmNkN2QifQ%3D%3D; language=eyJpdiI6InJISGVoeXVPcTJsV1VkTE8rakxTQnYyQzNpbnJzWER3bEZCM1hoT1RxQk09IiwidmFsdWUiOiJXT0haaG9vd1FCdjBiUXF3TEc3SUxcL3FHVzFSUk9cL2p0UVdQRmFVak5pUVU9IiwibWFjIjoiNGJjYTgyYmNlZjI3YjE2ODZiNzgwMTk2YjVlOWVhNTM2NzIxN2Y4YTRmZDQ1NDk3ZDc4ODc1MDViMzc4OTAwYyJ9; 6b11574f7a1ec1a5cd7d4e6cc6b064bbd2c8bac6=eyJpdiI6InB5MUlIQ2hEbVwvWVA2YU1aVzcyTDlCQXNkOXV2eklaUzNXZW5yV2lrcjc0PSIsInZhbHVlIjoicjZwTFZGMW44TWZVbzFEajljazkxRUQ5bFZoSVAzRkRCNkF0SHhmbE9UNWk0SmJCUWNPNzd5NDd5Y1BsamxKXC9EU1FBbGs5VHJYckhVWmZ6bFAyb3N2MXk1VGV4M0w5Zjh1eDBBMm5BajM0OVdUZ3BoWXNrTUNZTlJYNXdhSkl5U2N4b2JLQksyMGxcL1B1SlliXC9qVEJiN2syNmNyTG1xdmJmeEpwV0JXS3VaQ1NkTkhYdnd0QWkxVXJHVlZCU1VhMEFxMXFFeFFKT0JSdnhSWWNtb01zMUlzUGFtM2ZmNlhGMThQdXF0aThvc0pGckc0OU94b0oyUUhvVDBxZnkyRFdjUlpRN2RPbjlPaStWKytMTFdhT2J1QjlBcFpKbHZ0aG5jdDBVcTNiUGJoUnl3YkRCS1kxaFg3c21WV3NWc3p1U3VFT2hoYkxIdEk2ZHVGZzYwNTRwTzhPODE3MjJDbGE2UkJhSmpBakxDYk9ldmhhVGREellEdyt0VzlHa3llIiwibWFjIjoiOTU1Nzc0OTE2YzVlM2QwMjc4YWRkMzc1NmE4YWE3MWRkZDY1ZjM2YjNiMWQ0NWE0MzUwNmY0ODIxODZkMTk5MCJ9; __cf_bm=4X5gKU.9F_m895IJCMLOsUa0hP2Xx8Yak9G267EYD4Q-1674723872-0-AWnX/SV7jNgeSvL+1RxWDcrzBXzur/kn2zJyaSziUEhjbgGM/HFwRJNbTvM33GthD9rjwWdOu3GSh74nG2W/cJo=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:32 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814edf88ab50c-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 28 Jan 2023 09:04:32 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
hhklc.com/c.js
104.21.70.122200 OK 0 B IP 104.21.70.122:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:33 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 13:04:38 GMT
etag: W/"63aaed66-2eef"
server-asp-net: Asp Net
expires: Thu, 26 Jan 2023 09:40:03 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 570
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rVZ3UbzJefaI50PbSrAuw7de86HM2iIk0Y3DwWdDAnb5MHA6dbcDJhQsIQcjT0ZZXTvlYiXr5VL7nZWutt2IbQdzqM7z2asQ8BPkh27yqtwQ4zHqt0okpvhE5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f814ee5c68b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.99200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.99:0
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 26 Jan 2023 08:56:03 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Thu, 26 Jan 2023 08:56:03 UTC
etag: W/"4654cd2184b6386e45ddd1e1e4689510"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: be-R9VdfvVwBa7yTd3q1wyS9eQY7dUFYLtKdYMwphmrMyjrQ_7H3tw==
age: 510
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
54.230.111.210200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 54.230.111.210:0
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 25 Jan 2023 09:12:39 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
etag: W/"a4d296427fc806b21335359e398c025c"
cache-control: public, max-age=86400
x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1-GC3PyY1HfuogvjwK60ejV1I6jw5T4i6dmYptXWVbZ49TLCXgq-dw==
age: 85917
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fouo.press%2F&domain=ouo.press&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:04:37 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ouo.press
server-processing-duration-in-ticks: 1076509
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2