ouo.io/F4eLhm
104.22.22.162301 Moved Permanently 0 B IP 104.22.22.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /F4eLhm HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 31 Jan 2023 07:04:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 31 Jan 2023 08:04:53 GMT
Location: https://ouo.io/F4eLhm
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79209884fa6fb4ed-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15584
Expires: Tue, 31 Jan 2023 11:24:37 GMT
Date: Tue, 31 Jan 2023 07:04:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15966
Expires: Tue, 31 Jan 2023 11:30:59 GMT
Date: Tue, 31 Jan 2023 07:04:53 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 06:35:52 GMT
content-type: application/json
age: 1741
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6861
Expires: Tue, 31 Jan 2023 08:59:14 GMT
Date: Tue, 31 Jan 2023 07:04:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /YCjVdQf1IcjtriI4HAr/Cg1PrADd7BRzl62psaf/HM0euaziCRuvDaP6bN9RquHmZfiD4ObpKk=
x-amz-request-id: DQRB2Z8D2GQTZ9VA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 06:51:04 GMT
age: 829
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7c80fd82ebebc38cca3964c9e2823bd1
53d67bef6d1b3ff2630c4e53b7e3063727e6a139
e7393fe78002b8ac4c055a3cb5e17f330d2f6be382ca6de8fa4db84ba51cc887
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2567
Cache-Control: max-age=140182
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:53 GMT
Etag: "63d83424-116"
Expires: Wed, 01 Feb 2023 22:01:15 GMT
Last-Modified: Mon, 30 Jan 2023 21:18:28 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 278
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:53 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 06:41:42 GMT
age: 1392
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash f56614ee90990edf915cd9a846296c60
64ea7bc2548324ff6bf94326b28a0ec7aa7717a3
7e6a52a3e0b2250b53f5a10f0bf8bd0e74c0d1dfcc05e872d919dff18eb06edd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6131
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:54 GMT
Last-Modified: Tue, 31 Jan 2023 05:22:43 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Tue, 31 Jan 2023 09:56:27 GMT
Date: Tue, 31 Jan 2023 07:04:54 GMT
Connection: keep-alive
push.services.mozilla.com/
52.41.91.37101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.91.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oM0E13sCI7MahewNKnN6Mw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UnBGpWpliKm3lhcsPOqUmm+REhY=
ouo.press/images/world.png
172.67.22.15200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP 172.67.22.15:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/F4eLhm
Cookie: ouoio_session=eyJpdiI6IlZFMWY4UzY3V1F4REMyMDBJYnVUQTZ1K2w5RjVhanFVZFZBdDI3XC8zYTJnPSIsInZhbHVlIjoidTZJS3A2UVRGTzZKZHZ6c1ZIZytVWnJEY2RxXC9TRVFMUFhLcEsxNzVvTnNRMWFjakN4K0xtaWlKUTUxNHFFSExoaVI4NjNFYVpTWk9ORXV3NWZ6RitBPT0iLCJtYWMiOiJjZWU2NzE3YjUxNjlmN2RhZDBjZjlkZjZiNWE2YzAwNWJkZTQxM2M1NDgzNjFlZTZlNjRmMDI3MjNkOTNiOWJlIn0%3D; language=eyJpdiI6InZibjRWRlwvM29tYmN2YVU0bmt1dVZtUE5lTWVveWRuOEFGMnFXTXU0QXRFPSIsInZhbHVlIjoiM3Y0Qmtvekt3WEExXC9zejQ3S0p2SVwvaTNtdjU5bE85VVg2QnN1bWQ3YnprPSIsIm1hYyI6IjI0M2UyNDVlNDBkMWE5ZDViYTdiNjI0ZGFkNGVlOGE1NGU1ZDcyOTgzMThhYTUxMjA4M2ZkNmE5ZGUyY2U3NzgifQ%3D%3D; 174db50e2cc9eb30b77ad68581bffdb4f385b2ad=eyJpdiI6IjZQV2I3NWtXRk1KejlzbjZYeDQ0QXBIWGRLM2VNS09KWURDSE4rZGt0Tkk9IiwidmFsdWUiOiJxbFdJMUpIXC9xa0tWSzY1Y2hYb3o4MDJ4Qkt0VTNocDFcL1pGZ0JwaXl3a3VQUWc0N0R6OEZZNjAwTFdhUlwvXC81dEJ2Q1FlZjczUTB4ZGsyMGV6ZnBYMVRNQjR0K0gwSzhrN3ZxMldjZDAzVGg3eUtURWRiUUQrUUZydVF4dXBBV1hnbUJwQUgycCtySkxyQzZPRmExbWdObXF5c3ZkbGpqRFFoWUo2RVJkbElvXC9zck9mTnU4U2R3Vlg2SEhWSkJudWhXR2t2VVltUEsydUZvNWdVU0FmaGpDWWJHTUM0NVRDRUNHR1lcLzFDZTNIOE92ZkdSYVhrWjlTME9TeXNHQ1dHN2ZCVEE0Q2RaZVBDSzB2SURmZklIVDNpcFBmMjgyNFVlUGFOTGcyOUJ2NFFaRzVLNWdUamhGSHpsN2JKRUZSWWdSeXB5WnFKNGRIRE43aUxKOCtCNFVjT3BJRnRad2NoU3BzU3lBQUVrb3ZcL29TOStkeWloVXpWVklzTmRpS0RLIiwibWFjIjoiODU1MTc2MDQ5NWQwNTgwZmMzZjI0OGE2NTg1NmNhN2JhMWE0N2QyYmFlMjA3NTgwNmI5NjI3YzRkNDFlNGQxOSJ9; __cf_bm=6Ozt1CwuE9dd0wM9IKuMH4h0nbySARijExi.e4bPTZI-1675148694-0-AWG2boHv75j7G7tZwllRaZLjX/6yldB4U+1Bs/DzDeiZZ8a4TY0qONTE0rznWl3FDsyCLFeE32RqAJu0kgO+Tu0=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Wed, 01 Feb 2023 22:39:30 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 2449524
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920988dfc2db4fd-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ac1bcdceabf1fc4e07017906aa8a815
ba00b737325fc50b35af8d851ced0fe13d1cba22
c6c54f5dbbfc40b454b9c67a7972827f500d83b10a1594f7cb56c69158278c08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 40bac282ee9730b7a7fde839fcf58736
be00063ec5c760560f34663d0a6a9cad87cfebe4
45b83537d8621d3c4a7c046a9b78f6745977c359db2868d720f19dbb0eb80d3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
216.58.207.228200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP 216.58.207.228:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 6d4b39be8e61ed402ba6b422fc8e7ebb
2829bcfb0c41c1332dbadfa297a0947a416e7ec5
d49e57d7925d97ad48089af3d3a114d2a17b8bfc98486f029e8d2a981f34fe0a
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 31 Jan 2023 07:04:54 GMT
date: Tue, 31 Jan 2023 07:04:54 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Questrial
142.250.74.74200 OK 859 B URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP 142.250.74.74:0
Hash 5d4875e169de9c06b7420d3e72bd2081
43f4b0b9df8b718cc6f09617dafc031e56859a87
dec36be32d146d3b41413be3fc6015bde535f6821a213bbcdad57cc986f66879
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 31 Jan 2023 07:04:54 GMT
date: Tue, 31 Jan 2023 07:04:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ff07b9b81cdf319f4a57d8d6dbbd6d
736ae15d0ed2068580d35a7cff8b33c0ec87af52
24406eda914ef8f78e1f60d6b54237ea6311f2fdf54b2b63647d84b397b41de0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a877b9078d1e94771c661e6441be44c0
72c0e38a06559e9d90514d5ded46e0236d38249c
ee745110ba3931a19338a7acdbb4082c37a6b6f5910e49609b3309e51fbe26de
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:54 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 30 Jan 2023 20:45:59 GMT
Expires: Mon, 06 Feb 2023 20:45:58 GMT
Etag: "72c0e38a06559e9d90514d5ded46e0236d38249c"
Cache-Control: max-age=567063,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7920988f4e9a1c02-OSL
cdn.runative-syndicate.com/sdk/v1/n.js
8.248.225.238200 OK 5.2 kB URL HTTP/2 cdn.runative-syndicate.com/sdk/v1/n.js
IP 8.248.225.238:0
File type ASCII text, with very long lines (591)
Hash e6b953ae4edfbe129269f196fe87eee9
eb99511c1d23000bc72b2c640bbcd5792eb431f2
eb6d42f0cdeddc023b69947db248be42bc66aa2da8c59178b7f22b528c4dd60f
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: application/javascript
content-length: 5220
last-modified: Wed, 23 Mar 2022 15:25:35 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"623b3bef-3202"
age: 14853935
accept-ranges: bytes
X-Firefox-Spdy: h2
ecdn.analysis.fi/static/js/fab.js
13.225.34.74200 OK 2.0 kB URL HTTP/2 ecdn.analysis.fi/static/js/fab.js
IP 13.225.34.74:0
File type ASCII text, with very long lines (574)
Hash 5ef3900e9871e29605c9e99ce56fcdc3
a02908be929b5b991809c7d1f1202354fdd75dc9
260edfb4001c260af0bd9ee443b5e9f204315493f3bcd8752388707e69660fc0
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: br
date: Tue, 31 Jan 2023 06:40:36 GMT
expires: Tue, 31 Jan 2023 07:40:35 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-1090"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 49fc2f926cfb7dd26ebb967cdc70f29a.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG3-C2
x-amz-cf-id: OQUXCKijPfgp2xta6Ciuhkro3oJisq8wsitOQgDvMbdUP8_9geK2Og==
age: 1459
X-Firefox-Spdy: h2
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37186), with no line terminators
Hash 320a622e04857e1c5b672896f521b512
567a1d721b32e02a9b605cc6ece63ac0b4a3e3ee
f3785cb329d3e0621c46283f43e49a044a03e7b172a5eec55d8adaed9f11a961
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 31 Jan 2023 07:04:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5529ac17983d3c9d2072255cb6096e78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2c7a971097bf9f972ac8b93d8453127d
396bc80e545cbbfebf28dd4e19f6ee05c5e064bf
fd33bbc1e12bcccadbee4f232f1d4b11788522f6211b2f5d1a011daa424af8fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD33BBC1E12BCCCADBEE4F232F1D4B11788522F6211B2F5D1A011DAA424AF8FA"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17043
Expires: Tue, 31 Jan 2023 11:48:58 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tv.gourdycortes.com/1clkn/16562
23.109.82.239200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP 23.109.82.239:0
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 31 Jan 2023 07:04:55 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Wed, 01-Feb-2023 07:04:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJw9i7sOgkAURAENEQXMJH6APyA%2BgoWtWhoojPUG8Wo2wl7Crg%2F8elETq5mcOWNZljMK4cgK%2FmoerWZRvIjmyxidCzGcJIWf802ZuhEqKwluwvUja%2BDWdJGsAgx%2BReR8IvSTdHJQV8UP9R8%2BtwDdXJomgPeJrxv20JG6Qrgu5HO85%2BJmWlvDU2SErohO8DbZsaDpdr9D%2BKffs2ujJ7Woan42bR8aWdKLFQk%2BnzWZFtl313kDsc5BIg%3D%3D; expires=Wed, 01-Feb-2023 07:04:55 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
142.250.74.35200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 03:51:39 GMT
expires: Sun, 28 Jan 2024 03:51:39 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:12:54 GMT
content-type: font/woff2
age: 270796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89231e8fe1afd89090e6a09d61430e11
11b471e4821cade1ea075b8835c892d455bfdaa2
8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2693
Expires: Tue, 31 Jan 2023 07:49:48 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f075625a67cefc01c034a3c732ec8023
c3ef563fbf1cf30f75fc931f82426a0f859ccb6d
75ce941806680157fcca91d6074496cbbc7cdcf6da28fa35384273bf9a76d588
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash faf1d8a7f1edd1251b55117f41d77161
7e6b55f7968cc7381b7aa4deeed12d2692f135a2
8c27b658d2267f2dd6d138e17751edaec11d04c9e0f6015212dd92fb583533bc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112456
Date: Tue, 31 Jan 2023 07:04:55 GMT
Etag: "63d7c69b-1d7"
Expires: Wed, 01 Feb 2023 14:19:11 GMT
Last-Modified: Mon, 30 Jan 2023 13:31:07 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KpTYs-snUihlXD-GSHQqk_9jBmExVGqXZR2Vl7HmZ5b3orfsApvosA==
Age: 2884
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash bac12290f6574ab324fc38c646e6061e
1dedac973b1691adc8060aee3ae5a173b0c3a51b
882b8a0ab4c696c4237201d18a6dadaeb741310ee9edab779c5874adbbff6a83
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:55 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
set-cookie: uid_id2=006ffe78-bce4-4482-b363-7965889b9003:1:1; expires=Fri, 28 Jan 2033 07:04:55 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 89231e8fe1afd89090e6a09d61430e11
11b471e4821cade1ea075b8835c892d455bfdaa2
8c78cce8f98a69e9c1c2bf45d12879b40c784288b4e79dabb296c24f94025c12
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8C78CCE8F98A69E9C1C2BF45D12879B40C784288B4E79DABB296C24F94025C12"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2693
Expires: Tue, 31 Jan 2023 07:49:48 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FF4eLhm&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=&_firid=26163615
54.230.111.73200 OK 5.8 kB URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FF4eLhm&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=&_firid=26163615
IP 54.230.111.73:0
File type JSON data\012- , ASCII text, with very long lines (26060), with no line terminators
Hash f6db14a1cea9d3f6d225aef0cababb54
62b59eaf1d4baed4f510cc88a7dfd6d7baba19c3
fa5b700a3f03242f1a95ffe9e8e822656be8c5c60b03fac0652fae0fff73320a
GET /delivery/spc_fi.php?id=7419&url=%2FF4eLhm&charset=UTF-8&ch=7&ref=ouo.press&viewerId=null&referer=&_firid=26163615 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
content-length: 5776
date: Tue, 31 Jan 2023 07:04:55 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Wed, 31-Jan-2024 07:04:55 GMT; Max-Age=31536000; path=/; secure; SameSite=none
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SlGE8rzOOvWps9lJfIDEhRyf5nOHgFZoLR5HMOrASdngVs6GoTI-Bw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6599
Expires: Tue, 31 Jan 2023 08:54:54 GMT
Date: Tue, 31 Jan 2023 07:04:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 36E3JCGqpkeMmb_fzM0DTb24ElUMGDdikE1IdqQABDlbT28XRs7B-w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 11:52:37 GMT
age: 69138
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
104.21.234.93200 OK 37 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 104.21.234.93:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash f271b44166e71673ebd2edb37377e077
40c3fb27a1af9cfbe12da7c8481e953fb07379f2
45d79fb73d20973c7adf5eaa5470c9fda22c784042d7349347a8c34b4c8fb55a
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:55 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: a7cfe423197f26e0bf5b3945836a497f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 31 Jan 2023 07:04:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ChVyN3%2FLpjBHiSIPlAF5NnoesZTfYHeD1FkTBE5zGbG5EYBPENPFaPh%2BvcfPBuP4oh7XxUJ4DWczI0YuvPJsrQIt4F4%2Fo%2FnZjAY4pdvL9L33ASjx7xz6xNDkKv%2BpY20fbFgEKb8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79209892b97c35db-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63486f2a937aa8fd013fc2c2d1b32f2d
e8868de34c2f79348c1edad764259eb70bebd7a6
fa6e5ce374031c0df3b3f2d6de823cf1fe08fdaf9957a0722770867cfdec0ed1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1925abe-5fa6-440b-8e23-d92b1e3bf273.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13639
x-amzn-requestid: 8131c878-620a-4972-ba8f-1456859acae2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYcJSF0SIAMFe1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d340a1-18c7280940d508c440c0182c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 03:10:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L6MnX0h8Bn9-ufqI6yOzQAPhqc4SoJKySgzlm756NaiVrfJpnftIWQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 06:29:38 GMT
age: 2117
etag: "e8868de34c2f79348c1edad764259eb70bebd7a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42a648f9d34d8fb703f0b80a52e0deec
7ccefd66211d249ae5266c3b6ae3375a19e5cb6d
a57f8792e8caa2a31045a141d019f53f51b633d5d04baebdae97387740c6639d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b003bbe-42d9-4014-8fbe-ddff072cc8b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5903
x-amzn-requestid: f6fca787-17c1-4edd-9ab0-a00e2fccc7a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboufGeSoAMF-1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d487f6-58be6bdc5e3e767e1ea47b86;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:27:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tAR5c5rQD0h5YZ6TU8pZKhUFUf5d0-l794EaYnwwkts3QXPhdYm6vA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:03:25 GMT
age: 36090
etag: "7ccefd66211d249ae5266c3b6ae3375a19e5cb6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b43468b05cd1fd11c398263a80e4edb2
02e964ea5a88c866267ac6c5601bfcde26ffd42b
19783f05297f7ed5d7ca8cec0fc0e1676831275ac48f1510a4f410dbe2802314
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4634
x-amzn-requestid: 2941da94-203c-47d1-99ee-d864bdbf6993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCAHF9kIAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e39a-78bb7189351d830a7ef70c67;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hWONP8eVA6h5VMyREx_CgRY2zeb9KUxipWiXdx9dHBtU2YDV07lGXQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 05:35:57 GMT
age: 5338
etag: "02e964ea5a88c866267ac6c5601bfcde26ffd42b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,eLhm&adtype=label-under&callback=callback_6uZo8
136.243.80.153200 OK 15 kB URL HTTP/2 run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,eLhm&adtype=label-under&callback=callback_6uZo8
IP 136.243.80.153:0
ASN #24940 Hetzner Online GmbH
Hash dab0a0c87ea3aa37b18b63ef8f2b2e97
345e055eb4cfc580d3debd7f1a1a8dca0aacab7c
a61d798d68fa7799b9858430b66dcd114394d6189d33d228ced8cd3a196c1e3d
GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,eLhm&adtype=label-under&callback=callback_6uZo8 HTTP/1.1
Host: run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:55 GMT
content-type: application/javascript; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: 94a7062f3efe5240
set-cookie: ts_uid=8644ee23-e874-4e96-9b9e-3b4ae1597088; expires=Mon, 31 Jul 2023 07:04:55 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5b63ee28cf1c8bc76a32cde866d38c22
6bbafb95fdc1ef9feea34bde6166df7b1fc48559
5a6e966488a7550d9548299347b47c19801f5d65c3b120cd5239deb93dfb42c0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 00:01:30 GMT
Expires: Sat, 04 Feb 2023 00:01:29 GMT
Etag: "6bbafb95fdc1ef9feea34bde6166df7b1fc48559"
Cache-Control: max-age=319593,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79209893b9e91c02-OSL
cdn.run-syndicate.com/sdk/v1/n.css
8.248.225.238200 OK 8.3 kB URL HTTP/2 cdn.run-syndicate.com/sdk/v1/n.css
IP 8.248.225.238:0
File type ASCII text, with very long lines (8277), with no line terminators
Hash 37ebbc4b85fb5383d08547f5fe9d8d9f
99dac34980b1fd00028f76e782444bdf948724c5
24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:55 GMT
content-type: text/css
content-length: 8277
etag: "6114dd75-2055"
last-modified: Thu, 12 Aug 2021 08:36:05 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 28801483
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
151.101.1.229200 OK 8.9 kB URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (26104)
Hash f93233a919d47bd470922826d4cc00f1
5571e6ae9c7026c733084b390d78b93703b63ceb
f7bd9a813b14d3aa76ec1d67d654cce845d3b3bc980ae0fc0500d4ac8f85ea1d
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.15.0
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 31 Jan 2023 07:04:55 GMT
age: 2410
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8852
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash bb9c3aa1e73d8525de0248b355c588b1
9a9c38bcdba91801967fc60a4b0bc0f3e5ff4e4c
639b678ccfc7347255ac76384be385511be19b8add9465639336b44cbb5909c3
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:55 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9AECBE5FC1D4117D2D9F523A57288A8A24E77C88"
Expires: Tue, 31 Jan 2023 18:00:00 GMT
Last-Modified: Tue, 31 Jan 2023 06:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 737
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792098956c89b4f7-OSL
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash b6b250aca4328be7bb17e2ebfcea8c64
ea3302c5a49c0985fea6938f77779671d98a5b5d
68270d2de00cf7da684d892d3943675dc99b33bb7f99196ee147458b6ec83e43
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 31 Jan 2023 07:04:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 30 Jan 2023 21:23:19 GMT
Expires: Tue, 31 Jan 2023 21:23:19 GMT
ETag: "ea3302c5a49c0985fea6938f77779671d98a5b5d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
tag.escalated.io/?i=KxxajmhPPCsT&d=ouo.press&type=display&cust=7419&sid=direct&c=&cust2=direct
54.78.253.158200 OK 30 kB URL HTTP/1.1 tag.escalated.io/?i=KxxajmhPPCsT&d=ouo.press&type=display&cust=7419&sid=direct&c=&cust2=direct
IP 54.78.253.158:0
File type Unicode text, UTF-8 text, with very long lines (41355)
Hash d019bd09b59a3245a1b69bc7619cea7f
dc79d636c28df875a0f7513cb6efe11c1038c0d4
f9ca4d65357d8941579da3ad5c6d286dc6a83c355baa01dc6607fb7e37806e3f
GET /?i=KxxajmhPPCsT&d=ouo.press&type=display&cust=7419&sid=direct&c=&cust2=direct HTTP/1.1
Host: tag.escalated.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:56 GMT
Server: Apache
Last-Modified: Tue, 24 Jan 2023 16:01:27 GMT
ETag: "134a3-5f304a0d0a3c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Length: 30406
Connection: close
Content-Type: text/javascript
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 32eb12bbcd7fb4f11708445179921a3d
e579038e62e8bd09fcc61282fd4084263b385c86
66efa2c6644bb8734a06dcae8a0e2352ea59107e93e706e139e11ff980946074
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5778
Cache-Control: max-age=109596
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Etag: "63d7b022-139"
Expires: Wed, 01 Feb 2023 13:31:32 GMT
Last-Modified: Mon, 30 Jan 2023 11:55:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ib.adnxs.com/ut/v3/prebid
185.89.210.82200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.210.82:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4da68fe3639e34bd12a65cfd382a251c
2ff7035a46940c58b93de1155dc90d0764fbfef1
38f898d05e44766d1f65e07b252e78f718ab27195bb9f3e9ff1fb5f1713b259e
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 562
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: f3d79e82-45c7-4cb1-be06-5d1f6d87598f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=97906212164
178.250.2.131200 OK 44 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=97906212164
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5f1dcf53824ce88cdb7941d34db3f19d
4164a13e3f53e1f002606a807d64a92620720fb0
3a803b7520764b5266cfac90aa9f9b2ff931109f489d9a1deb24aa686c239a74
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=97906212164 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 487
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:55 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 44
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8338da928ed8c81e5c4960d05909101f
6b8948f369889429022b48a65a00e65c6ac94dcc
705dcd16d6bb07f959182ddf94e5253ef394875a0bcce3f95d29fdabb55c3326
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 15:56:18 GMT
Expires: Sat, 04 Feb 2023 15:56:17 GMT
Etag: "6b8948f369889429022b48a65a00e65c6ac94dcc"
Cache-Control: max-age=376880,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792098961ba11c02-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8338da928ed8c81e5c4960d05909101f
6b8948f369889429022b48a65a00e65c6ac94dcc
705dcd16d6bb07f959182ddf94e5253ef394875a0bcce3f95d29fdabb55c3326
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 15:56:18 GMT
Expires: Sat, 04 Feb 2023 15:56:17 GMT
Etag: "6b8948f369889429022b48a65a00e65c6ac94dcc"
Cache-Control: max-age=376880,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792098960b9a1c02-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 41a4a3693b6cf7e1a345afbe00934ca7
6f072cde84187c4124dd88fab10a1296bcba998c
9e426a348b95f52ca2e18f09932f0e48046abd55f30c8a884da00d8e89d45bc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4336
Cache-Control: max-age=155654
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Etag: "63d869ae-1d7"
Expires: Thu, 02 Feb 2023 02:19:10 GMT
Last-Modified: Tue, 31 Jan 2023 01:06:54 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
lcdn.tsyndicate.com/images/b/f/d13fbe69e2b843334099c4259eac92a70957b3/300x250.webp
8.247.219.121200 OK 9.6 kB URL HTTP/2 lcdn.tsyndicate.com/images/b/f/d13fbe69e2b843334099c4259eac92a70957b3/300x250.webp
IP 8.247.219.121:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 287x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash acc801cf76fe6deae5937a4675d7a6c0
2e1f57498b6cded0184480711b5577febf52fa32
b28b1800ac19dafdf9980c31f2a4a19ea0e7b15f5cd5471df85d3634f9514eeb
GET /images/b/f/d13fbe69e2b843334099c4259eac92a70957b3/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: image/webp
content-length: 9639
last-modified: Fri, 04 Mar 2022 12:31:24 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6222069c-2590"
age: 28750884
accept-ranges: bytes
X-Firefox-Spdy: h2
lcdn.tsyndicate.com/images/0/3/8d1c15bf04a752f8d83ba4f4e56cd0a3d0c898/300x250.webp
8.247.219.121200 OK 8.0 kB URL HTTP/2 lcdn.tsyndicate.com/images/0/3/8d1c15bf04a752f8d83ba4f4e56cd0a3d0c898/300x250.webp
IP 8.247.219.121:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 90cf5210ad1c6f5076987a45b395a12b
20107e1f9b559fe123d939b3106b9c6495b8813c
fd8a1914f34a9001047c5ac77b912b82166fa892d1028fe4334ba49b3b2679fd
GET /images/0/3/8d1c15bf04a752f8d83ba4f4e56cd0a3d0c898/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: image/webp
content-length: 7957
last-modified: Fri, 04 Mar 2022 12:31:22 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"6222069a-1efe"
age: 28750873
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ccefce3e2d533b3ad7bcfd5721807c50
c5bc309b1b69ac0d2b9c852ac90dc205d7751d02
e1b0528efc847eea32f4b995490b109c75244f7838021234a3c1b231df4c85af
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 13:55:53 GMT
Expires: Sat, 04 Feb 2023 13:55:52 GMT
Etag: "c5bc309b1b69ac0d2b9c852ac90dc205d7751d02"
Cache-Control: max-age=369655,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792098971c5f1c06-OSL
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUuFHmhhgzYsK0sCEmB4wWNGTgINMiTMkZLWCUyVFjTBgcN83gsCHiYZg6YzLOgEFDjFEaOVrUMFPGDMqUNFoYJXNSzAwbOcjMoDEjhlYZPSGSsbMwJYwbFUXAqSNm4QwZDR1ChANnoYwaNt4-nANnoo4ZOWzAsCHDxsMxberqoAEDLlGfZMwsJPxQjBs3drHWCEzjYRs3GBm-lQHjIZzPoWOYvPqwjhw2dnPcgJEDR2kRdcDqGEiHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VHmTh07cd5YnTEjDA0aMcLEgcGlDozGNpDRQ17c7YRDfjHsRJoMN5BRw0Zi1BBRf_8VNkcPgAlGmA0UAihGD4XRxFmHhYmhXQ8wuABDDCTaAMeJWUxRRxE13PHGEEKIsQYObpThRhx32IHFDEy0scYZZoyxBBJk6CGHGHAYEYQbUrVQRxZjSJEbDWjY0MQSbBi3RBFDzIHGGVdUgUYbQtjgBhZLDJEHEVCc4QYeONiUwxNjzpGEE0284YQadrhBBBNNnNEEFmQ0UYUWVMRnBR5MfCFDGpbBoQUbc1SRRRRqsKkGSjU0gYMSbBSBhhxBfHFGFUkQIUUVabSIWHqMOUZDi2uUkYeNcgj4Rh1vlCDDENiVMcccxpaJRnV0NMtGGm6sweyx01bbrJnQ-ohQs2bIUUYZzVYhBRPbPisHHd7K0awR4pJ7rLnoHsvtuj5ui5Ad08k7xLDFHpvsss2WwcSaLZIhw4AyJBxDD7nGQFTCM6CYMA0g4vVWwjX04MQTCdvQA8DkibtswjeMTGzJys6xghNh0JGGHWWs0IR2ZLBRRsI4QJxwDhiGdZpdD70xtA4yPETGG21kRPLACh0W80Jb4NeFaXIEpUOKK5oWRh5tvEEGRf9VJtnWKqYlhx2KkdZaHWlktNN943bXQhk43BAVDTPZ0EIOJZXRwgxi0BBGGQ3JBgMOOISVhmIi5BCDCya5kJILDdEQlhxfPJ6R5JSneHnmYdURRkaB6pEGG2yE8UINKoKAwhXULn3HHCA4QQUIEqu4Awi0u2EDDb_jMfzvazMEA-wwpADCEWWMscYbL5Am8YorgmBEGuKa8QYeL0jMfFhjaC3Cx2FV90X5GaH_EBvmF-FEWAfZ8YW4sDG00Q04XGXbbXKwk11qkDellcF-YpDDQhhnQPuFbWxI20layCCHN7ilaApZDNa-l4eyPKR7GUFDb34TnBc8zWRzeEFY7pCRAsEgLGhoYWM0t5e1ZaSCdIhZdawkHTrEJAcuIMMYuEM_8x3kC0IkokWaxhAb3KAGMaDBTmiyRN3EwIlQlKJm8IIDyNxPWXD4wtSa-MQoTlEuLvGLCA5ihp-wYSKmgd9CbjOG09hPDjFLgwXRlhIZyOYwqZFBHxQQEA%3D%3D&r=1&s=e73347039d998dde259d4f5911112a2d5579e0dfa63a7c715678d4857119014b1675148695&w=t&ir=245x208
136.243.81.150200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUuFHmhhgzYsK0sCEmB4wWNGTgINMiTMkZLWCUyVFjTBgcN83gsCHiYZg6YzLOgEFDjFEaOVrUMFPGDMqUNFoYJXNSzAwbOcjMoDEjhlYZPSGSsbMwJYwbFUXAqSNm4QwZDR1ChANnoYwaNt4-nANnoo4ZOWzAsCHDxsMxberqoAEDLlGfZMwsJPxQjBs3drHWCEzjYRs3GBm-lQHjIZzPoWOYvPqwjhw2dnPcgJEDR2kRdcDqGEiHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VHmTh07cd5YnTEjDA0aMcLEgcGlDozGNpDRQ17c7YRDfjHsRJoMN5BRw0Zi1BBRf_8VNkcPgAlGmA0UAihGD4XRxFmHhYmhXQ8wuABDDCTaAMeJWUxRRxE13PHGEEKIsQYObpThRhx32IHFDEy0scYZZoyxBBJk6CGHGHAYEYQbUrVQRxZjSJEbDWjY0MQSbBi3RBFDzIHGGVdUgUYbQtjgBhZLDJEHEVCc4QYeONiUwxNjzpGEE0284YQadrhBBBNNnNEEFmQ0UYUWVMRnBR5MfCFDGpbBoQUbc1SRRRRqsKkGSjU0gYMSbBSBhhxBfHFGFUkQIUUVabSIWHqMOUZDi2uUkYeNcgj4Rh1vlCDDENiVMcccxpaJRnV0NMtGGm6sweyx01bbrJnQ-ohQs2bIUUYZzVYhBRPbPisHHd7K0awR4pJ7rLnoHsvtuj5ui5Ad08k7xLDFHpvsss2WwcSaLZIhw4AyJBxDD7nGQFTCM6CYMA0g4vVWwjX04MQTCdvQA8DkibtswjeMTGzJys6xghNh0JGGHWWs0IR2ZLBRRsI4QJxwDhiGdZpdD70xtA4yPETGG21kRPLACh0W80Jb4NeFaXIEpUOKK5oWRh5tvEEGRf9VJtnWKqYlhx2KkdZaHWlktNN943bXQhk43BAVDTPZ0EIOJZXRwgxi0BBGGQ3JBgMOOISVhmIi5BCDCya5kJILDdEQlhxfPJ6R5JSneHnmYdURRkaB6pEGG2yE8UINKoKAwhXULn3HHCA4QQUIEqu4Awi0u2EDDb_jMfzvazMEA-wwpADCEWWMscYbL5Am8YorgmBEGuKa8QYeL0jMfFhjaC3Cx2FV90X5GaH_EBvmF-FEWAfZ8YW4sDG00Q04XGXbbXKwk11qkDellcF-YpDDQhhnQPuFbWxI20layCCHN7ilaApZDNa-l4eyPKR7GUFDb34TnBc8zWRzeEFY7pCRAsEgLGhoYWM0t5e1ZaSCdIhZdawkHTrEJAcuIMMYuEM_8x3kC0IkokWaxhAb3KAGMaDBTmiyRN3EwIlQlKJm8IIDyNxPWXD4wtSa-MQoTlEuLvGLCA5ihp-wYSKmgd9CbjOG09hPDjFLgwXRlhIZyOYwqZFBHxQQEA%3D%3D&r=1&s=e73347039d998dde259d4f5911112a2d5579e0dfa63a7c715678d4857119014b1675148695&w=t&ir=245x208
IP 136.243.81.150:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUuFHmhhgzYsK0sCEmB4wWNGTgINMiTMkZLWCUyVFjTBgcN83gsCHiYZg6YzLOgEFDjFEaOVrUMFPGDMqUNFoYJXNSzAwbOcjMoDEjhlYZPSGSsbMwJYwbFUXAqSNm4QwZDR1ChANnoYwaNt4-nANnoo4ZOWzAsCHDxsMxberqoAEDLlGfZMwsJPxQjBs3drHWCEzjYRs3GBm-lQHjIZzPoWOYvPqwjhw2dnPcgJEDR2kRdcDqGEiHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VHmTh07cd5YnTEjDA0aMcLEgcGlDozGNpDRQ17c7YRDfjHsRJoMN5BRw0Zi1BBRf_8VNkcPgAlGmA0UAihGD4XRxFmHhYmhXQ8wuABDDCTaAMeJWUxRRxE13PHGEEKIsQYObpThRhx32IHFDEy0scYZZoyxBBJk6CGHGHAYEYQbUrVQRxZjSJEbDWjY0MQSbBi3RBFDzIHGGVdUgUYbQtjgBhZLDJEHEVCc4QYeONiUwxNjzpGEE0284YQadrhBBBNNnNEEFmQ0UYUWVMRnBR5MfCFDGpbBoQUbc1SRRRRqsKkGSjU0gYMSbBSBhhxBfHFGFUkQIUUVabSIWHqMOUZDi2uUkYeNcgj4Rh1vlCDDENiVMcccxpaJRnV0NMtGGm6sweyx01bbrJnQ-ohQs2bIUUYZzVYhBRPbPisHHd7K0awR4pJ7rLnoHsvtuj5ui5Ad08k7xLDFHpvsss2WwcSaLZIhw4AyJBxDD7nGQFTCM6CYMA0g4vVWwjX04MQTCdvQA8DkibtswjeMTGzJys6xghNh0JGGHWWs0IR2ZLBRRsI4QJxwDhiGdZpdD70xtA4yPETGG21kRPLACh0W80Jb4NeFaXIEpUOKK5oWRh5tvEEGRf9VJtnWKqYlhx2KkdZaHWlktNN943bXQhk43BAVDTPZ0EIOJZXRwgxi0BBGGQ3JBgMOOISVhmIi5BCDCya5kJILDdEQlhxfPJ6R5JSneHnmYdURRkaB6pEGG2yE8UINKoKAwhXULn3HHCA4QQUIEqu4Awi0u2EDDb_jMfzvazMEA-wwpADCEWWMscYbL5Am8YorgmBEGuKa8QYeL0jMfFhjaC3Cx2FV90X5GaH_EBvmF-FEWAfZ8YW4sDG00Q04XGXbbXKwk11qkDellcF-YpDDQhhnQPuFbWxI20layCCHN7ilaApZDNa-l4eyPKR7GUFDb34TnBc8zWRzeEFY7pCRAsEgLGhoYWM0t5e1ZaSCdIhZdawkHTrEJAcuIMMYuEM_8x3kC0IkokWaxhAb3KAGMaDBTmiyRN3EwIlQlKJm8IIDyNxPWXD4wtSa-MQoTlEuLvGLCA5ihp-wYSKmgd9CbjOG09hPDjFLgwXRlhIZyOYwqZFBHxQQEA%3D%3D&r=1&s=e73347039d998dde259d4f5911112a2d5579e0dfa63a7c715678d4857119014b1675148695&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
185.89.210.82200 OK 12 kB URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP 185.89.210.82:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20472), with no line terminators
Hash b450bd6a74668ea9faaa23b62467f0e6
1c2b8ffeaccec4a60aa8ccdb23bd551b35680767
458aebbcec17a2265681355cd5c9a85893a7f044d0aa8285e9224710ae6ea8a4
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 682
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 78d30b3c-6ace-46f4-a189-0676f7fe9bf8
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Encoding: gzip
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAqEGDTJgbOMy0CCOGjIwWNCKezDHDjJgWYsLMyFGyDI4xOWyKeBimzpiMM2DQEEOURo4WNcyUEUmDhgwaMEvCgDnDRg4yM2jMiIFVxk6IZOwsdArjRkURcOqIWThDRkOHEOHAWSijho22D-fAmahjpg0YNmTYeDimzVwdNGC4FcqTjJmFgR-KceOGrtUaOSKLaOMGI8O2MmA8hMPZc4wcMKo-rCOHDd0cN2DAzrHaq46BdOjAmaPjxQs7ZPKYYXNGzZg8eNyYcVHHTZoxb-S4gSMnzcEYMma4gN7mBRsXcNDA-QGnxxgdZe7UsRPnjZgZ8MM0jREmDgwudWAotkGmx13sONiAA30xBBiaDDeQUUMNN4hRQ0T46SfYHD34BZhgEe4nRg-C5YBZYBkKJoZ1PcDgAgwxhGgDHCQmBgMTMVRBhBxJyPDFGl98IYQYZuCxhhVK6DHEEy0kIcQMTxyhBREt4GjHG2qkoUYNYtBQAxpZTKEGFXZYYccUYtyBhA1SEDEFFTJoQQUMQphhxBtUiHHEF3HEMMQYOJSBxXBHHJGUFmcc0cQUaawhxBI0JGFDGmnMsWAeT34xBJRTPPERDHqYQcQRVSwhhBFH3BAGHlHUUQUUWNRxxxdnVJEEEVJUkYaKhZWX2GI0qLhGGXncEV1_b9TxRgkyDEFdGXPMQewQc6ARHR3LspGGG2soW6y01C7b7LNluIHQsmbIUUYZy1YhBRPaOisHHd1-W6wR4pJbrLnoFrvtut1qi5Adz8k7qbDLHpvssmUwgUYbKprknwwJx9DDrTEIlfAMJSZMA4d2tZVwDT048UTCNvQQ7BvgiZtswjeILGzJyM6xghNh0JGGHWWs0IR1ZLBRRsI4PJxwDhV-RRpdD70xtA4yPETGG21kNDLLyX41RswLbUFDDF2MJsdPOpiI4mhh5NHGG2RQpJ9kj3V94lly2HFYaKvVkUZGATY1bnYt2HQDVDSUkVkLNOXUwgxVhlFGQ7DBgAMOX6VxmAg5xOACai445UJDNHwlxxeOZxT55CZajvlXdYSRURNv6JEGG2yE8UINJ4KAwhXTLn3HHCA4QQUIEZ-4Awi0u2EDDb_jMfzvbTO00YkpgHBEGWOs8cYLoUWMIoogGJGGuGa8gccLEcMOg9Rci-DxV9F9MUb55z_ERvlFOPHVQXZ8Ia5rDDEIUlU4nC2CHGeoDNJqgIMbKK0M9RODHBayuAPWb2xlQ1qAzkIGObyBLUVTCGK05r08jOUh3MsIGnKzm9684GkCm8MLvnKHjABofA9BgwsVk7m8tC0jFqRDzKLTguakgQ4tkI0LyDAG7MyvfAf5AhGNaJGmMcQGN6hBDGgQIA810TYxgKIUqXgZu9AGLPZDFhy-QLUnRnGKVYQLSfgigoOYoSdsmMho3kcRwpCmfnKIWRouqLarxeAGgxHBGEwjgz4oICA%3D&r=1&s=f1a4514938d232e7c94abf48b9eb85089107ea22e18ffff0ff0043578ea0dbc71675148695&w=t&ir=245x208
136.243.81.150200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAqEGDTJgbOMy0CCOGjIwWNCKezDHDjJgWYsLMyFGyDI4xOWyKeBimzpiMM2DQEEOURo4WNcyUEUmDhgwaMEvCgDnDRg4yM2jMiIFVxk6IZOwsdArjRkURcOqIWThDRkOHEOHAWSijho22D-fAmahjpg0YNmTYeDimzVwdNGC4FcqTjJmFgR-KceOGrtUaOSKLaOMGI8O2MmA8hMPZc4wcMKo-rCOHDd0cN2DAzrHaq46BdOjAmaPjxQs7ZPKYYXNGzZg8eNyYcVHHTZoxb-S4gSMnzcEYMma4gN7mBRsXcNDA-QGnxxgdZe7UsRPnjZgZ8MM0jREmDgwudWAotkGmx13sONiAA30xBBiaDDeQUUMNN4hRQ0T46SfYHD34BZhgEe4nRg-C5YBZYBkKJoZ1PcDgAgwxhGgDHCQmBgMTMVRBhBxJyPDFGl98IYQYZuCxhhVK6DHEEy0kIcQMTxyhBREt4GjHG2qkoUYNYtBQAxpZTKEGFXZYYccUYtyBhA1SEDEFFTJoQQUMQphhxBtUiHHEF3HEMMQYOJSBxXBHHJGUFmcc0cQUaawhxBI0JGFDGmnMsWAeT34xBJRTPPERDHqYQcQRVSwhhBFH3BAGHlHUUQUUWNRxxxdnVJEEEVJUkYaKhZWX2GI0qLhGGXncEV1_b9TxRgkyDEFdGXPMQewQc6ARHR3LspGGG2soW6y01C7b7LNluIHQsmbIUUYZy1YhBRPaOisHHd1-W6wR4pJbrLnoFrvtut1qi5Adz8k7qbDLHpvssmUwgUYbKprknwwJx9DDrTEIlfAMJSZMA4d2tZVwDT048UTCNvQQ7BvgiZtswjeILGzJyM6xghNh0JGGHWWs0IR1ZLBRRsI4PJxwDhV-RRpdD70xtA4yPETGG21kNDLLyX41RswLbUFDDF2MJsdPOpiI4mhh5NHGG2RQpJ9kj3V94lly2HFYaKvVkUZGATY1bnYt2HQDVDSUkVkLNOXUwgxVhlFGQ7DBgAMOX6VxmAg5xOACai445UJDNHwlxxeOZxT55CZajvlXdYSRURNv6JEGG2yE8UINJ4KAwhXTLn3HHCA4QQUIEZ-4Awi0u2EDDb_jMfzvbTO00YkpgHBEGWOs8cYLoUWMIoogGJGGuGa8gccLEcMOg9Rci-DxV9F9MUb55z_ERvlFOPHVQXZ8Ia5rDDEIUlU4nC2CHGeoDNJqgIMbKK0M9RODHBayuAPWb2xlQ1qAzkIGObyBLUVTCGK05r08jOUh3MsIGnKzm9684GkCm8MLvnKHjABofA9BgwsVk7m8tC0jFqRDzKLTguakgQ4tkI0LyDAG7MyvfAf5AhGNaJGmMcQGN6hBDGgQIA810TYxgKIUqXgZu9AGLPZDFhy-QLUnRnGKVYQLSfgigoOYoSdsmMho3kcRwpCmfnKIWRouqLarxeAGgxHBGEwjgz4oICA%3D&r=1&s=f1a4514938d232e7c94abf48b9eb85089107ea22e18ffff0ff0043578ea0dbc71675148695&w=t&ir=245x208
IP 136.243.81.150:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XAqEGDTJgbOMy0CCOGjIwWNCKezDHDjJgWYsLMyFGyDI4xOWyKeBimzpiMM2DQEEOURo4WNcyUEUmDhgwaMEvCgDnDRg4yM2jMiIFVxk6IZOwsdArjRkURcOqIWThDRkOHEOHAWSijho22D-fAmahjpg0YNmTYeDimzVwdNGC4FcqTjJmFgR-KceOGrtUaOSKLaOMGI8O2MmA8hMPZc4wcMKo-rCOHDd0cN2DAzrHaq46BdOjAmaPjxQs7ZPKYYXNGzZg8eNyYcVHHTZoxb-S4gSMnzcEYMma4gN7mBRsXcNDA-QGnxxgdZe7UsRPnjZgZ8MM0jREmDgwudWAotkGmx13sONiAA30xBBiaDDeQUUMNN4hRQ0T46SfYHD34BZhgEe4nRg-C5YBZYBkKJoZ1PcDgAgwxhGgDHCQmBgMTMVRBhBxJyPDFGl98IYQYZuCxhhVK6DHEEy0kIcQMTxyhBREt4GjHG2qkoUYNYtBQAxpZTKEGFXZYYccUYtyBhA1SEDEFFTJoQQUMQphhxBtUiHHEF3HEMMQYOJSBxXBHHJGUFmcc0cQUaawhxBI0JGFDGmnMsWAeT34xBJRTPPERDHqYQcQRVSwhhBFH3BAGHlHUUQUUWNRxxxdnVJEEEVJUkYaKhZWX2GI0qLhGGXncEV1_b9TxRgkyDEFdGXPMQewQc6ARHR3LspGGG2soW6y01C7b7LNluIHQsmbIUUYZy1YhBRPaOisHHd1-W6wR4pJbrLnoFrvtut1qi5Adz8k7qbDLHpvssmUwgUYbKprknwwJx9DDrTEIlfAMJSZMA4d2tZVwDT048UTCNvQQ7BvgiZtswjeILGzJyM6xghNh0JGGHWWs0IR1ZLBRRsI4PJxwDhV-RRpdD70xtA4yPETGG21kNDLLyX41RswLbUFDDF2MJsdPOpiI4mhh5NHGG2RQpJ9kj3V94lly2HFYaKvVkUZGATY1bnYt2HQDVDSUkVkLNOXUwgxVhlFGQ7DBgAMOX6VxmAg5xOACai445UJDNHwlxxeOZxT55CZajvlXdYSRURNv6JEGG2yE8UINJ4KAwhXTLn3HHCA4QQUIEZ-4Awi0u2EDDb_jMfzvbTO00YkpgHBEGWOs8cYLoUWMIoogGJGGuGa8gccLEcMOg9Rci-DxV9F9MUb55z_ERvlFOPHVQXZ8Ia5rDDEIUlU4nC2CHGeoDNJqgIMbKK0M9RODHBayuAPWb2xlQ1qAzkIGObyBLUVTCGK05r08jOUh3MsIGnKzm9684GkCm8MLvnKHjABofA9BgwsVk7m8tC0jFqRDzKLTguakgQ4tkI0LyDAG7MyvfAf5AhGNaJGmMcQGN6hBDGgQIA810TYxgKIUqXgZu9AGLPZDFhy-QLUnRnGKVYQLSfgigoOYoSdsmMho3kcRwpCmfnKIWRouqLarxeAGgxHBGEwjgz4oICA%3D&r=1&s=f1a4514938d232e7c94abf48b9eb85089107ea22e18ffff0ff0043578ea0dbc71675148695&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FF4eLhm&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.page=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=8652d9f1-64c6-422f-8a9d-d2aa79f2dbfb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6638503522963138
213.19.162.31200 OK 348 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FF4eLhm&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.page=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=8652d9f1-64c6-422f-8a9d-d2aa79f2dbfb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6638503522963138
IP 213.19.162.31:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash fab1c1801cd28c4d1d0547367fdd675f
9771a00f1f28f918fbf595ca7d21a9418d47bfb9
9f94263d0b6bc16006d46c71b65b2243045100dd27e65e54ffe5236638120521
GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FF4eLhm&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.page=https%3A%2F%2Fouo.press%2FF4eLhm&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=8652d9f1-64c6-422f-8a9d-d2aa79f2dbfb&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6638503522963138 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LDJWA6CO-1S-IBC6; Domain=.rubiconproject.com; Path=/; Expires=Wed, 31-Jan-2024 07:04:56 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrX23lVw3GMHu9DtVM30fCguJiciBlYek0PEqlTKrXMpJZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Wed, 31-Jan-2024 07:04:56 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 348
X-Firefox-Spdy: h2
ouo.press/favicon.ico
172.67.22.15200 OK 0 B IP 172.67.22.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/F4eLhm
Cookie: ouoio_session=eyJpdiI6IlZFMWY4UzY3V1F4REMyMDBJYnVUQTZ1K2w5RjVhanFVZFZBdDI3XC8zYTJnPSIsInZhbHVlIjoidTZJS3A2UVRGTzZKZHZ6c1ZIZytVWnJEY2RxXC9TRVFMUFhLcEsxNzVvTnNRMWFjakN4K0xtaWlKUTUxNHFFSExoaVI4NjNFYVpTWk9ORXV3NWZ6RitBPT0iLCJtYWMiOiJjZWU2NzE3YjUxNjlmN2RhZDBjZjlkZjZiNWE2YzAwNWJkZTQxM2M1NDgzNjFlZTZlNjRmMDI3MjNkOTNiOWJlIn0%3D; language=eyJpdiI6InZibjRWRlwvM29tYmN2YVU0bmt1dVZtUE5lTWVveWRuOEFGMnFXTXU0QXRFPSIsInZhbHVlIjoiM3Y0Qmtvekt3WEExXC9zejQ3S0p2SVwvaTNtdjU5bE85VVg2QnN1bWQ3YnprPSIsIm1hYyI6IjI0M2UyNDVlNDBkMWE5ZDViYTdiNjI0ZGFkNGVlOGE1NGU1ZDcyOTgzMThhYTUxMjA4M2ZkNmE5ZGUyY2U3NzgifQ%3D%3D; 174db50e2cc9eb30b77ad68581bffdb4f385b2ad=eyJpdiI6IjZQV2I3NWtXRk1KejlzbjZYeDQ0QXBIWGRLM2VNS09KWURDSE4rZGt0Tkk9IiwidmFsdWUiOiJxbFdJMUpIXC9xa0tWSzY1Y2hYb3o4MDJ4Qkt0VTNocDFcL1pGZ0JwaXl3a3VQUWc0N0R6OEZZNjAwTFdhUlwvXC81dEJ2Q1FlZjczUTB4ZGsyMGV6ZnBYMVRNQjR0K0gwSzhrN3ZxMldjZDAzVGg3eUtURWRiUUQrUUZydVF4dXBBV1hnbUJwQUgycCtySkxyQzZPRmExbWdObXF5c3ZkbGpqRFFoWUo2RVJkbElvXC9zck9mTnU4U2R3Vlg2SEhWSkJudWhXR2t2VVltUEsydUZvNWdVU0FmaGpDWWJHTUM0NVRDRUNHR1lcLzFDZTNIOE92ZkdSYVhrWjlTME9TeXNHQ1dHN2ZCVEE0Q2RaZVBDSzB2SURmZklIVDNpcFBmMjgyNFVlUGFOTGcyOUJ2NFFaRzVLNWdUamhGSHpsN2JKRUZSWWdSeXB5WnFKNGRIRE43aUxKOCtCNFVjT3BJRnRad2NoU3BzU3lBQUVrb3ZcL29TOStkeWloVXpWVklzTmRpS0RLIiwibWFjIjoiODU1MTc2MDQ5NWQwNTgwZmMzZjI0OGE2NTg1NmNhN2JhMWE0N2QyYmFlMjA3NTgwNmI5NjI3YzRkNDFlNGQxOSJ9; __cf_bm=6Ozt1CwuE9dd0wM9IKuMH4h0nbySARijExi.e4bPTZI-1675148694-0-AWG2boHv75j7G7tZwllRaZLjX/6yldB4U+1Bs/DzDeiZZ8a4TY0qONTE0rznWl3FDsyCLFeE32RqAJu0kgO+Tu0=; dom3ic8zudi28v8lr6fgphwffqoz0j6c=006ffe78-bce4-4482-b363-7965889b9003%3A1%3A1; sb_page_ed36014633829dc70a42dccaefdf3f11=1; sb_idelay_ed36014633829dc70a42dccaefdf3f11=1; sb_onpage_ed36014633829dc70a42dccaefdf3f11=0; sb_main_ed36014633829dc70a42dccaefdf3f11=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:56 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 3062
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79209897ff2db4fd-OSL
X-Firefox-Spdy: h2
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
213.19.147.42204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP 213.19.147.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 618
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 31 Jan 2023 07:04:56 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 17:09:34 GMT
expires: Tue, 30 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
age: 50122
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
widgets.outbrain.com/images/widgetIcons/achoice.svg
2.18.173.74200 OK 990 B URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP 2.18.173.74:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (990), with no line terminators
Hash 5ab8e16b5f46213840bcd403e349419c
f03f6dc8e2206a94119af76f9a3b3c835390cae7
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "5ab8e16b5f46213840bcd403e349419c:1673369393.880194"
last-modified: Tue, 10 Jan 2023 16:40:08 GMT
server: AkamaiNetStorage
content-length: 990
cache-control: max-age=2592000
expires: Thu, 02 Mar 2023 07:04:56 GMT
date: Tue, 31 Jan 2023 07:04:56 GMT
access-control-request-headers: X-OB-STG,X-OB-PRD
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
tag.escalated.io/post
54.78.253.158200 OK 51 B IP 54.78.253.158:0
File type JSON data\012- , ASCII text, with no line terminators
Hash af47ed6707ad0667d1c5ab5d3ef44cfa
1e909d87ff7585133dcdd042e569d98f1b56751d
9f799a342ce80194a68d7d8fd97b03e31af734936325de7edfe35ad3be80187b
POST /post HTTP/1.1
Host: tag.escalated.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1494
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:04:56 GMT
Server: Apache
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Headers: content-type
Cache-Control: no-store
Content-Length: 51
Connection: close
Content-Type: application/json; charset=utf-8
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
54.230.111.210204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP 54.230.111.210:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Tue, 31 Jan 2023 05:35:55 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GV0e00gCfBsVCxMckn746KAbJMooOJPJ9jy41ZYvZHm_HV21YETC0Q==
age: 5340
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 33e403367d183257be0f03f28da923d2
a586e4052008741f8f535e7bd12a94bde81b264e
82ce104749546e6a6f76a8ddf19b67795784c06256581c13f499e80e4f713131
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FF4eLhm&pid=qlJgK7gnlGenZ&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
54.230.241.131200 OK 145 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FF4eLhm&pid=qlJgK7gnlGenZ&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP 54.230.241.131:0
File type ASCII text, with no line terminators
Hash 3d76a0871bf57ce8540ecb0bf1333763
b75ac12ee4a187303e843a19e97d6f01e6759e4f
17102a4b86e006f431d6aeac0a04d628d2ad3a6a1722a60b8fec94d6ebaf851f
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FF4eLhm&pid=qlJgK7gnlGenZ&cb=0&ws=728x90&v=23.123.1617&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 145
server: Server
date: Tue, 31 Jan 2023 07:04:56 GMT
x-amz-rid: R2RZ9C8DHEEBZN69H29V
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CZ63TaaKUzbweRJaBN-XyncyzvX6vEYWO-CCnNU1v2M3n_W7uwUa0g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 00a4ab5fce0563b557844d2e4657e41b
f1facd292a31dde9bcce7b06598e2530c09cc56e
a00c4f8441c55c6a943962eeb6ca429b32300851ba279b00b917b3e9f6a8c8d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A00C4F8441C55C6A943962EEB6CA429B32300851BA279B00B917B3E9F6A8C8D6"
Last-Modified: Sun, 29 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10475
Expires: Tue, 31 Jan 2023 09:59:31 GMT
Date: Tue, 31 Jan 2023 07:04:56 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/xbfe_backfill.js
142.250.74.162200 OK 3.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/xbfe_backfill.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (1531)
Hash 562506238b9215a693454fbc88d0df5a
165f27696f81a017b433ba8d1d0f8c7cdc677041
b906b51be2742b7cfc21fe2d99515aa1aa51a2af3a1b1b4335792138bde40486
GET /pagead/xbfe_backfill.js HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 3003
x-xss-protection: 0
date: Tue, 31 Jan 2023 06:39:39 GMT
expires: Tue, 31 Jan 2023 07:39:39 GMT
cache-control: public, max-age=3600
age: 1517
etag: 2660866305706646737
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
142.250.74.162200 OK 4.8 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12776)
Hash 66e246fbebeda1d07f167e9645d4ccd3
1838db0a0b475246a392dce0d14d7a8b26979ff3
64d762859670ae33f3045deed975c7843e04dada5f0dc9be61da03887803ceb7
GET /pagead/render_post_ads_v1.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4767
x-xss-protection: 0
date: Mon, 30 Jan 2023 10:05:58 GMT
expires: Tue, 31 Jan 2023 10:05:58 GMT
cache-control: public, max-age=86400
age: 75538
etag: 12223946614886178233
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.firstimpression.io/tracking/habit/v1?b=1
54.230.111.73200 OK 2 B URL HTTP/2 cdn.firstimpression.io/tracking/habit/v1?b=1
IP 54.230.111.73:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /tracking/habit/v1?b=1 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 613
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
date: Tue, 31 Jan 2023 07:04:56 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-request-method: *
access-control-allow-methods: OPTIONS, GET, POST
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2-f2tUmZZ0VrPyT5gIG9QTEsiIAJDjrMmn45I1m6VIdj0XEcy0Ting==
X-Firefox-Spdy: h2
cdn.adnxs-simple.com/v/s/231/trk.js
2.18.172.187200 OK 28 kB URL HTTP/1.1 cdn.adnxs-simple.com/v/s/231/trk.js
IP 2.18.172.187:0
File type ASCII text, with very long lines (3174)
Hash 3f3e5176c70a15daa549a047730ce9e1
bffa3987be4f3336bf4079759c4059143364f215
01748b20204714ba2887166c4eac83bac26bd6e0f01c455014a2419e5277b1ca
GET /v/s/231/trk.js HTTP/1.1
Host: cdn.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=31536000
Expires: Wed, 31 Jan 2024 07:04:56 GMT
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Length: 27455
Connection: keep-alive
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain
67.220.228.203302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain
IP 67.220.228.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Tue, 31 Jan 2023 07:04:56 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: MQ8GX56VXFWCX0Q83TKV
Set-Cookie: ad-id=A3Umb_HUIkLdoNW-JAMFVtY|t; Domain=.amazon-adsystem.com; Expires=Sun, 01-Oct-2023 07:04:56 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ams3-ib.adnxs-simple.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QKfMGwfGAAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG9HADmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvRjRlTGht8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxNTUwMDMzODYw8gLIFQoLUFJFX1NDUklQVFMSuBU8c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBrPXRoaXN8fHNlbGY7dmFyIGw9QXJyYXkucHJvdG90eXBlLmluZGV4T2Y_ZnVuY3Rpb24oYSxjKXtyZXR1cm4gQXJyYXkucHJvdG90eXBlLmluZGV4T2YuY2FsbChhLGMsdm9pZCAwKX06ZnVuY3Rpb24oYSxjKXtpZigic3RyaW5nIj09PXR5cGVvZiBhKXJldHVybiJzdHJpbmciIT09dHlwZW9mIGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS5sZW5ndGg7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMpcmV0dXJuIGU7cmV0dXJuLTF9O2Z1bmN0aW9uIG0oYSl7bVsiICJdKGEpO3JldHVybiBhfW1bIiAiXT1mdW5jdGlvbigpe307ZnVuY3Rpb24gbihhKXthPXZvaWQgMD09PWE_ZG9jdW1lbnQ6YTtyZXR1cm4gYS5jcmVhdGVFbGVtZW50KCJpbWciKX07ZnVuY3Rpb24gcChhLGMsZSl7dmFyIGI9ITE7Yj12b2lkIDA9PT1iPyExOmI7YS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChhLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSk7dmFyIGQ9bihhLmRvY3VtZW50KTtpZihlKXt2YXIgZj1mdW5jdGlvbigpe2lmKGUpe3ZhciBnPWEuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzLGg9bChnLGQpOzA8PWgmJkFycmF5LnByb3RJMqhzcGxpY2UuY2FsbChnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZkThcANCgibG9hZCIsZiwhMSk7tjoAEGVycm9yDTsYfTtkLmFkZEJzAD4UAD5wAD4gAAQmJkZIAAAoNmoAMGImJihkLmF0dHJpYnVhsxRzcmM9IiIBvgEKFGM7YS5nb0qdATQucHVzaChkKX0KO2Z1bmUgDCBxKCkllnxhPWRvY3VtZW50LmN1cnJlbnRTY3JpcHQ7cmV0dXJuKDJuAlRudWxsOmEpJiYiNzciPT09YS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRBBdJyl9O0E38ElyPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQ3gAHQV4ABrBWEMYz1bXQUJBGU9AcYIO2RvBf8YYj1hO3RyeQUMLGQ7aWYoZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110DB2KGEsYyl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUKAH2ZKQB3dUl8dCgpLGM9YS5pbmRleE9mKCI_Iik7c2V0VGltZW91dCgRjA0xBGU91VYYZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKWkPDGI9cSghpAAiZf80Oi8vIisoYiYmInRydWWBawBiVmsEOC1yY2QiKT8icGFnZWFkMq0AEHN5bmRpabkgLWNuLmNvbSI6ZiMABSAMKSsiLwlFeC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSKFRQxkPShkAbEAKaG2UgQFAC0NMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYGwgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhApOwo8LxqwCmjyAskCCgpFWFRSQV9UQUdTEroCPGRpdiBzdHkhUgxwb3NpobFkOiBhYnNvbHV0ZTsgbGVmdDogMHB4OyB0b3ANCmR2aXNpYmlsaXR5OiBoaWRkZW47Ij48aW1nIOFMVYdJFEpZAkE2DR4uMgIUYXdiaWQmBQbwhl9iPUFLQW1mLUM0SzZYUjIxaGZCa01Jb1JZbDBVTjY5aFJHS25xQ3VLRm5DRlJQY3htaWh5Nk1DSDlWZ1ZsRThULVUyRnVrRjRialdQZG5QQmxfY0UtNzg4NkJ1ajhpSWJTRUF3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHMSAgg2CAEWWQhQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5tDCgge3IzcHgoJzE1NRqmDBwnKTt9KSgpOz3rEPgRChBIAZ40UE9SVF9QQVJBTVMS4xGRJIqVAPB5YWRmZXRjaD9hZGs9Mjc0MDI4MjY4OSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9JiCBfc3RhcnQ9MSahcxG4Pv0NECZzdWJfDYUAYkGM8H1yLTQzNjMxODkmaGw9ZW4mYWNlaWQ9TUhZWHRBQlpHTFFBV1gwMEFiMS1OQUhiZmpRQlhvQTBBU0tCTkFHSGdUUUJTNEkwQVNPRE5BRk1nelFCV1lNMEFkU0ROQUgwZ3pRQl9vTTBBZi1ETkFFQ2hEUUJDb1EwQVRpRU5BRTUBECxWNFEwQVl5RU5BR1cBEBhvb1EwQWFPARAAdAEQAHQBEBhicUVOQUhKARAAMAEwAGQFEABjARAYM1lRMEFkNgEgAGYBEAA1ASAEZWkBEABwARAANgFAAGUFIAB5ARAALQEw9KwCVXR6UVFGVGMwRUJFaGphQVpnZlhBSjYtWWdDV1B1SUF2NzdpQUlXX0lnQ2VVQ3FBaWRDcWdJRlVhb0NPMXFxQW4xaXFnTC1lS29DVFhxcUFseUdxZ0xaanFvQ2dKdXFBb0dicWdLQ202b0NvcWlxQXNXMXFnSTcyYW9DbXR1cUFyX2dxZ0xKNHFvQ29PV3FBamJ4cWdLeDg2b0NTZmlxQWlYN3FnSkItNm9Dd3d5ckFuQVpxd0ppSEtzQ3FSLXJBdUlmcXdLZUlLc0NQQ09yQWxRb3F3TFRLS3NDUWl1ckF2c3Jxd0llTDZzQ1lpLXJBdWd2cXdLTE1xc0Noek9yQW9NMHF3S2NOS3NDUVRXckFoUTRxd0tWT3FzQ0RUeXJBaU04cXdKTlBLc0M2RHlyQW5BOXF3TENQYXNDQmo2ckFyTS1xd0wyUHFzQ0JELXJBaDhfcXdKcVA2c0Mwei1yQXQwX3F3SkxRYXNDYTBHckFrQkRxd0xOUTZzQzBVU3JBaFpGcXdJZFI2c0N5RWVyQWh4SXF3STlTS3NDbDBtckFyOUpxd0xHU2FzQ3NVdXJBczlMcXdKSlRLc0NwRXlyQXJGTXF3SjFUYXNDaDA2ckFwRk9xd0p5VDZzQ2tFLXJBdjlQcXdKN1VLc0NFMUdyQW9OUnF3SkNVcXNDR0ZPckFrOVRxd0xwVTZzQy1GU3JBbTBHdVFKZm5Qc1MwN243RXNfRS14SzR4X3NTTS1MN0Vnbm8teEpROXZzU0FRbjhFcFFKX0JMM0Nmd1NQUXI4RWt3S19CSm1DX3dTYnd2OEVnY01fQkk2RFB3UzhsdlFFN3BjMEJNb291b1ViUmIzRl9oV2F4cUd2UDhqV1FDU0tkZk90UzQmZXhrPTE1NTAwMzM4NjAmYXdiaWRfY63d8LBEQ3JCNjFMODNUcVV6OENGSk13ZXp6dUtGTXRQX0dyTG5wVVFmWEtic0I4c2xROU5KU1pQT2RQYmhOVFlFcDFXZVRWcHI5Zlhvb1pWeGNUbzZnbFVhNC1nNDNtSF9iNEVvcWl3TW9ld1dXdVdiWUUwYnJjMEcxMXNVVkJpeE5pdzUtTFZTZU1WZXNON3N3U1FWNHBZRVZBT2NVZGVRekdQWktMVXpieVNtZ0w4SEFRTzjNnQBkDcD0bARCREZtLVJsVmYxLVM0cFdlRmlrc3dFbEV6cmdPZ0pkaHNhM3VVNlJRR08wZDM5XzZrMzlELTd0amtmX0hLRDdva0RvSmltV3NPWFVPVzM1WnlWaGdOdmlwUUJuZGJQQXhlcG9HeVJ6MmRkdDJPVi1lcXJvM052ckI0T3Y2N1dySEtzeElKMEVQRTUzUC1uNUY3dlBMbmRNMFBJWkQ4a1NKZFdSOUdheGtDOWExdG5FSDc0UGFuR3owMzZTSnBJWUxmMU9wZHJlUlFjc0tEb3JQS2FZcHZLNUlla0NSdFhWNDhzcThfOTVTRTlZZldJbGs2M2hURGZsMHVscFUtbnhvRDhuMWlJc2hnS01wUGVCUjlaZFkybUhKQm52SVJ4dUZncXFlcWkwRzFJSllLTmNBSWFsNmhyQ0txdDRjaDlxa1dtU0RUa09fMDBJV0VvTl9LUndSSkFhczA3WVBQQ1ppYjJySGs4ZkdjVF90R1MwMTA4SEtmSmpsS1ZMMzYtYW9KOGlDd2ZoNDdHZFIwUjlxcW9zQXJPLW9VeWRnZjJBY0tqeUxpdjBoMGVYWDJteXYxTU94RWdFX09lV0lDV0pFaXE3ekNGSnEwOVRtSHdjd2tLejh0WTJIa2Y2WW5lZTI4QjZ5OHZsWTAyXzNUNFlmY3Q0YnFIZ3h2UXRfZ0ttR2RFVWFPRVdITThjUzVMdzdXME54dHN4d0xnSWpPc2NtMXkxcVp5VnRIWThkN1A3SnM0aUNZSEVIQ2dpYzF0Q0hPeDFOM2d3SmMzOTFGXzdKT0lZWWNfN3FsMVh4T0JWR0NvNUFLRmlCMmhYVjgya0pJS0pKcjBiZmNla1JXVTlfMS1nN1dNOWZtZGR5dlBWYTFDdUItWnF1Z2ZpdGhudXA5ZUhTdUNsUk5qVmZ4UG9MWGw1Sm5WRXYzVHljZjdJeWlJTDhKcGhtT1A2U2dUX1FYaW41RFRGYWNSTG92dGlzWGFVRDdDWlZaLVBiaENOVjFxR3F4NlUxTy1TYnR6SHZ6eXdHa1BaQUVGVzV5emIySWFQak9ycVVrQ3Raa0wxVkNrV29HR1BlZjUtTGJ4SHNxbWYwMERTOXNkWl8zVFFockxBWmNsUkR5OW9HMDA4WmJSNC1DSnphYkY1ZyZjaWQ9Q0FRU0d3RFVFNXltdHduY1Nwb0tUUVAxcFRwcGxDVlRPRkhDZ3BmVFVoZ0JJQW8mYV9jaWQ9gAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEp6LLJYgFAZgFAKAFu4Hd8r2TkvMgwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFvOAb-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAFFEQFcEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMDncJQDYwMTk3NjA4yAfL8wXSBw0JLjUADNoHBggJPlwHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=64480b606f9028c17cabc4da1b3d45ff9099d94f&bdref=https%3A%2F%2Fouo.press%2FF4eLhm&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm&
185.89.210.122200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs-simple.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QKfMGwfGAAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG9HADmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvRjRlTGht8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxNTUwMDMzODYw8gLIFQoLUFJFX1NDUklQVFMSuBU8c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBrPXRoaXN8fHNlbGY7dmFyIGw9QXJyYXkucHJvdG90eXBlLmluZGV4T2Y_ZnVuY3Rpb24oYSxjKXtyZXR1cm4gQXJyYXkucHJvdG90eXBlLmluZGV4T2YuY2FsbChhLGMsdm9pZCAwKX06ZnVuY3Rpb24oYSxjKXtpZigic3RyaW5nIj09PXR5cGVvZiBhKXJldHVybiJzdHJpbmciIT09dHlwZW9mIGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS5sZW5ndGg7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMpcmV0dXJuIGU7cmV0dXJuLTF9O2Z1bmN0aW9uIG0oYSl7bVsiICJdKGEpO3JldHVybiBhfW1bIiAiXT1mdW5jdGlvbigpe307ZnVuY3Rpb24gbihhKXthPXZvaWQgMD09PWE_ZG9jdW1lbnQ6YTtyZXR1cm4gYS5jcmVhdGVFbGVtZW50KCJpbWciKX07ZnVuY3Rpb24gcChhLGMsZSl7dmFyIGI9ITE7Yj12b2lkIDA9PT1iPyExOmI7YS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChhLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSk7dmFyIGQ9bihhLmRvY3VtZW50KTtpZihlKXt2YXIgZj1mdW5jdGlvbigpe2lmKGUpe3ZhciBnPWEuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzLGg9bChnLGQpOzA8PWgmJkFycmF5LnByb3RJMqhzcGxpY2UuY2FsbChnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZkThcANCgibG9hZCIsZiwhMSk7tjoAEGVycm9yDTsYfTtkLmFkZEJzAD4UAD5wAD4gAAQmJkZIAAAoNmoAMGImJihkLmF0dHJpYnVhsxRzcmM9IiIBvgEKFGM7YS5nb0qdATQucHVzaChkKX0KO2Z1bmUgDCBxKCkllnxhPWRvY3VtZW50LmN1cnJlbnRTY3JpcHQ7cmV0dXJuKDJuAlRudWxsOmEpJiYiNzciPT09YS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRBBdJyl9O0E38ElyPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQ3gAHQV4ABrBWEMYz1bXQUJBGU9AcYIO2RvBf8YYj1hO3RyeQUMLGQ7aWYoZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110DB2KGEsYyl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUKAH2ZKQB3dUl8dCgpLGM9YS5pbmRleE9mKCI_Iik7c2V0VGltZW91dCgRjA0xBGU91VYYZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKWkPDGI9cSghpAAiZf80Oi8vIisoYiYmInRydWWBawBiVmsEOC1yY2QiKT8icGFnZWFkMq0AEHN5bmRpabkgLWNuLmNvbSI6ZiMABSAMKSsiLwlFeC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSKFRQxkPShkAbEAKaG2UgQFAC0NMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYGwgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhApOwo8LxqwCmjyAskCCgpFWFRSQV9UQUdTEroCPGRpdiBzdHkhUgxwb3NpobFkOiBhYnNvbHV0ZTsgbGVmdDogMHB4OyB0b3ANCmR2aXNpYmlsaXR5OiBoaWRkZW47Ij48aW1nIOFMVYdJFEpZAkE2DR4uMgIUYXdiaWQmBQbwhl9iPUFLQW1mLUM0SzZYUjIxaGZCa01Jb1JZbDBVTjY5aFJHS25xQ3VLRm5DRlJQY3htaWh5Nk1DSDlWZ1ZsRThULVUyRnVrRjRialdQZG5QQmxfY0UtNzg4NkJ1ajhpSWJTRUF3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHMSAgg2CAEWWQhQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5tDCgge3IzcHgoJzE1NRqmDBwnKTt9KSgpOz3rEPgRChBIAZ40UE9SVF9QQVJBTVMS4xGRJIqVAPB5YWRmZXRjaD9hZGs9Mjc0MDI4MjY4OSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9JiCBfc3RhcnQ9MSahcxG4Pv0NECZzdWJfDYUAYkGM8H1yLTQzNjMxODkmaGw9ZW4mYWNlaWQ9TUhZWHRBQlpHTFFBV1gwMEFiMS1OQUhiZmpRQlhvQTBBU0tCTkFHSGdUUUJTNEkwQVNPRE5BRk1nelFCV1lNMEFkU0ROQUgwZ3pRQl9vTTBBZi1ETkFFQ2hEUUJDb1EwQVRpRU5BRTUBECxWNFEwQVl5RU5BR1cBEBhvb1EwQWFPARAAdAEQAHQBEBhicUVOQUhKARAAMAEwAGQFEABjARAYM1lRMEFkNgEgAGYBEAA1ASAEZWkBEABwARAANgFAAGUFIAB5ARAALQEw9KwCVXR6UVFGVGMwRUJFaGphQVpnZlhBSjYtWWdDV1B1SUF2NzdpQUlXX0lnQ2VVQ3FBaWRDcWdJRlVhb0NPMXFxQW4xaXFnTC1lS29DVFhxcUFseUdxZ0xaanFvQ2dKdXFBb0dicWdLQ202b0NvcWlxQXNXMXFnSTcyYW9DbXR1cUFyX2dxZ0xKNHFvQ29PV3FBamJ4cWdLeDg2b0NTZmlxQWlYN3FnSkItNm9Dd3d5ckFuQVpxd0ppSEtzQ3FSLXJBdUlmcXdLZUlLc0NQQ09yQWxRb3F3TFRLS3NDUWl1ckF2c3Jxd0llTDZzQ1lpLXJBdWd2cXdLTE1xc0Noek9yQW9NMHF3S2NOS3NDUVRXckFoUTRxd0tWT3FzQ0RUeXJBaU04cXdKTlBLc0M2RHlyQW5BOXF3TENQYXNDQmo2ckFyTS1xd0wyUHFzQ0JELXJBaDhfcXdKcVA2c0Mwei1yQXQwX3F3SkxRYXNDYTBHckFrQkRxd0xOUTZzQzBVU3JBaFpGcXdJZFI2c0N5RWVyQWh4SXF3STlTS3NDbDBtckFyOUpxd0xHU2FzQ3NVdXJBczlMcXdKSlRLc0NwRXlyQXJGTXF3SjFUYXNDaDA2ckFwRk9xd0p5VDZzQ2tFLXJBdjlQcXdKN1VLc0NFMUdyQW9OUnF3SkNVcXNDR0ZPckFrOVRxd0xwVTZzQy1GU3JBbTBHdVFKZm5Qc1MwN243RXNfRS14SzR4X3NTTS1MN0Vnbm8teEpROXZzU0FRbjhFcFFKX0JMM0Nmd1NQUXI4RWt3S19CSm1DX3dTYnd2OEVnY01fQkk2RFB3UzhsdlFFN3BjMEJNb291b1ViUmIzRl9oV2F4cUd2UDhqV1FDU0tkZk90UzQmZXhrPTE1NTAwMzM4NjAmYXdiaWRfY63d8LBEQ3JCNjFMODNUcVV6OENGSk13ZXp6dUtGTXRQX0dyTG5wVVFmWEtic0I4c2xROU5KU1pQT2RQYmhOVFlFcDFXZVRWcHI5Zlhvb1pWeGNUbzZnbFVhNC1nNDNtSF9iNEVvcWl3TW9ld1dXdVdiWUUwYnJjMEcxMXNVVkJpeE5pdzUtTFZTZU1WZXNON3N3U1FWNHBZRVZBT2NVZGVRekdQWktMVXpieVNtZ0w4SEFRTzjNnQBkDcD0bARCREZtLVJsVmYxLVM0cFdlRmlrc3dFbEV6cmdPZ0pkaHNhM3VVNlJRR08wZDM5XzZrMzlELTd0amtmX0hLRDdva0RvSmltV3NPWFVPVzM1WnlWaGdOdmlwUUJuZGJQQXhlcG9HeVJ6MmRkdDJPVi1lcXJvM052ckI0T3Y2N1dySEtzeElKMEVQRTUzUC1uNUY3dlBMbmRNMFBJWkQ4a1NKZFdSOUdheGtDOWExdG5FSDc0UGFuR3owMzZTSnBJWUxmMU9wZHJlUlFjc0tEb3JQS2FZcHZLNUlla0NSdFhWNDhzcThfOTVTRTlZZldJbGs2M2hURGZsMHVscFUtbnhvRDhuMWlJc2hnS01wUGVCUjlaZFkybUhKQm52SVJ4dUZncXFlcWkwRzFJSllLTmNBSWFsNmhyQ0txdDRjaDlxa1dtU0RUa09fMDBJV0VvTl9LUndSSkFhczA3WVBQQ1ppYjJySGs4ZkdjVF90R1MwMTA4SEtmSmpsS1ZMMzYtYW9KOGlDd2ZoNDdHZFIwUjlxcW9zQXJPLW9VeWRnZjJBY0tqeUxpdjBoMGVYWDJteXYxTU94RWdFX09lV0lDV0pFaXE3ekNGSnEwOVRtSHdjd2tLejh0WTJIa2Y2WW5lZTI4QjZ5OHZsWTAyXzNUNFlmY3Q0YnFIZ3h2UXRfZ0ttR2RFVWFPRVdITThjUzVMdzdXME54dHN4d0xnSWpPc2NtMXkxcVp5VnRIWThkN1A3SnM0aUNZSEVIQ2dpYzF0Q0hPeDFOM2d3SmMzOTFGXzdKT0lZWWNfN3FsMVh4T0JWR0NvNUFLRmlCMmhYVjgya0pJS0pKcjBiZmNla1JXVTlfMS1nN1dNOWZtZGR5dlBWYTFDdUItWnF1Z2ZpdGhudXA5ZUhTdUNsUk5qVmZ4UG9MWGw1Sm5WRXYzVHljZjdJeWlJTDhKcGhtT1A2U2dUX1FYaW41RFRGYWNSTG92dGlzWGFVRDdDWlZaLVBiaENOVjFxR3F4NlUxTy1TYnR6SHZ6eXdHa1BaQUVGVzV5emIySWFQak9ycVVrQ3Raa0wxVkNrV29HR1BlZjUtTGJ4SHNxbWYwMERTOXNkWl8zVFFockxBWmNsUkR5OW9HMDA4WmJSNC1DSnphYkY1ZyZjaWQ9Q0FRU0d3RFVFNXltdHduY1Nwb0tUUVAxcFRwcGxDVlRPRkhDZ3BmVFVoZ0JJQW8mYV9jaWQ9gAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEp6LLJYgFAZgFAKAFu4Hd8r2TkvMgwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFvOAb-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAFFEQFcEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMDncJQDYwMTk3NjA4yAfL8wXSBw0JLjUADNoHBggJPlwHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=64480b606f9028c17cabc4da1b3d45ff9099d94f&bdref=https%3A%2F%2Fouo.press%2FF4eLhm&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm&
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rd_log?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QKfMGwfGAAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG9HADmAHYBaABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACpcVP6gIYaHR0cHM6Ly9vdW8ucHJlc3MvRjRlTGht8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxNTUwMDMzODYw8gLIFQoLUFJFX1NDUklQVFMSuBU8c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBrPXRoaXN8fHNlbGY7dmFyIGw9QXJyYXkucHJvdG90eXBlLmluZGV4T2Y_ZnVuY3Rpb24oYSxjKXtyZXR1cm4gQXJyYXkucHJvdG90eXBlLmluZGV4T2YuY2FsbChhLGMsdm9pZCAwKX06ZnVuY3Rpb24oYSxjKXtpZigic3RyaW5nIj09PXR5cGVvZiBhKXJldHVybiJzdHJpbmciIT09dHlwZW9mIGN8fDEhPWMubGVuZ3RoPy0xOmEuaW5kZXhPZihjLDApO2Zvcih2YXIgZT0wO2U8YS5sZW5ndGg7ZSsrKWlmKGUgaW4gYSYmYVtlXT09PWMpcmV0dXJuIGU7cmV0dXJuLTF9O2Z1bmN0aW9uIG0oYSl7bVsiICJdKGEpO3JldHVybiBhfW1bIiAiXT1mdW5jdGlvbigpe307ZnVuY3Rpb24gbihhKXthPXZvaWQgMD09PWE_ZG9jdW1lbnQ6YTtyZXR1cm4gYS5jcmVhdGVFbGVtZW50KCJpbWciKX07ZnVuY3Rpb24gcChhLGMsZSl7dmFyIGI9ITE7Yj12b2lkIDA9PT1iPyExOmI7YS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChhLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSk7dmFyIGQ9bihhLmRvY3VtZW50KTtpZihlKXt2YXIgZj1mdW5jdGlvbigpe2lmKGUpe3ZhciBnPWEuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzLGg9bChnLGQpOzA8PWgmJkFycmF5LnByb3RJMqhzcGxpY2UuY2FsbChnLGgsMSl9ZC5yZW1vdmVFdmVudExpc3RlbmVyJiZkThcANCgibG9hZCIsZiwhMSk7tjoAEGVycm9yDTsYfTtkLmFkZEJzAD4UAD5wAD4gAAQmJkZIAAAoNmoAMGImJihkLmF0dHJpYnVhsxRzcmM9IiIBvgEKFGM7YS5nb0qdATQucHVzaChkKX0KO2Z1bmUgDCBxKCkllnxhPWRvY3VtZW50LmN1cnJlbnRTY3JpcHQ7cmV0dXJuKDJuAlRudWxsOmEpJiYiNzciPT09YS5nZXRBDZA4ZSgiZGF0YS1qYyIpP2E6FVc8cXVlcnlTZWxlY3RvcignWw0lAD0BRBBdJyl9O0E38ElyPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQ3gAHQV4ABrBWEMYz1bXQUJBGU9AcYIO2RvBf8YYj1hO3RyeQUMLGQ7aWYoZD0hIWImJgEkHCE9Yi5sb2NhIWogLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVZf8AZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110DB2KGEsYyl7dGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUKAH2ZKQB3dUl8dCgpLGM9YS5pbmRleE9mKCI_Iik7c2V0VGltZW91dCgRjA0xBGU91VYYZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKWkPDGI9cSghpAAiZf80Oi8vIisoYiYmInRydWWBawBiVmsEOC1yY2QiKT8icGFnZWFkMq0AEHN5bmRpabkgLWNuLmNvbSI6ZiMABSAMKSsiLwlFeC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSKFRQxkPShkAbEAKaG2UgQFAC0NMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCAoZSk6cChiLGUaaAkEPT0NnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYGwgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30p6dtBmhApOwo8LxqwCmjyAskCCgpFWFRSQV9UQUdTEroCPGRpdiBzdHkhUgxwb3NpobFkOiBhYnNvbHV0ZTsgbGVmdDogMHB4OyB0b3ANCmR2aXNpYmlsaXR5OiBoaWRkZW47Ij48aW1nIOFMVYdJFEpZAkE2DR4uMgIUYXdiaWQmBQbwhl9iPUFLQW1mLUM0SzZYUjIxaGZCa01Jb1JZbDBVTjY5aFJHS25xQ3VLRm5DRlJQY3htaWh5Nk1DSDlWZ1ZsRThULVUyRnVrRjRialdQZG5QQmxfY0UtNzg4NkJ1ajhpSWJTRUF3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHMSAgg2CAEWWQhQYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5tDCgge3IzcHgoJzE1NRqmDBwnKTt9KSgpOz3rEPgRChBIAZ40UE9SVF9QQVJBTVMS4xGRJIqVAPB5YWRmZXRjaD9hZGs9Mjc0MDI4MjY4OSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTkxLjkwLjQyLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9JiCBfc3RhcnQ9MSahcxG4Pv0NECZzdWJfDYUAYkGM8H1yLTQzNjMxODkmaGw9ZW4mYWNlaWQ9TUhZWHRBQlpHTFFBV1gwMEFiMS1OQUhiZmpRQlhvQTBBU0tCTkFHSGdUUUJTNEkwQVNPRE5BRk1nelFCV1lNMEFkU0ROQUgwZ3pRQl9vTTBBZi1ETkFFQ2hEUUJDb1EwQVRpRU5BRTUBECxWNFEwQVl5RU5BR1cBEBhvb1EwQWFPARAAdAEQAHQBEBhicUVOQUhKARAAMAEwAGQFEABjARAYM1lRMEFkNgEgAGYBEAA1ASAEZWkBEABwARAANgFAAGUFIAB5ARAALQEw9KwCVXR6UVFGVGMwRUJFaGphQVpnZlhBSjYtWWdDV1B1SUF2NzdpQUlXX0lnQ2VVQ3FBaWRDcWdJRlVhb0NPMXFxQW4xaXFnTC1lS29DVFhxcUFseUdxZ0xaanFvQ2dKdXFBb0dicWdLQ202b0NvcWlxQXNXMXFnSTcyYW9DbXR1cUFyX2dxZ0xKNHFvQ29PV3FBamJ4cWdLeDg2b0NTZmlxQWlYN3FnSkItNm9Dd3d5ckFuQVpxd0ppSEtzQ3FSLXJBdUlmcXdLZUlLc0NQQ09yQWxRb3F3TFRLS3NDUWl1ckF2c3Jxd0llTDZzQ1lpLXJBdWd2cXdLTE1xc0Noek9yQW9NMHF3S2NOS3NDUVRXckFoUTRxd0tWT3FzQ0RUeXJBaU04cXdKTlBLc0M2RHlyQW5BOXF3TENQYXNDQmo2ckFyTS1xd0wyUHFzQ0JELXJBaDhfcXdKcVA2c0Mwei1yQXQwX3F3SkxRYXNDYTBHckFrQkRxd0xOUTZzQzBVU3JBaFpGcXdJZFI2c0N5RWVyQWh4SXF3STlTS3NDbDBtckFyOUpxd0xHU2FzQ3NVdXJBczlMcXdKSlRLc0NwRXlyQXJGTXF3SjFUYXNDaDA2ckFwRk9xd0p5VDZzQ2tFLXJBdjlQcXdKN1VLc0NFMUdyQW9OUnF3SkNVcXNDR0ZPckFrOVRxd0xwVTZzQy1GU3JBbTBHdVFKZm5Qc1MwN243RXNfRS14SzR4X3NTTS1MN0Vnbm8teEpROXZzU0FRbjhFcFFKX0JMM0Nmd1NQUXI4RWt3S19CSm1DX3dTYnd2OEVnY01fQkk2RFB3UzhsdlFFN3BjMEJNb291b1ViUmIzRl9oV2F4cUd2UDhqV1FDU0tkZk90UzQmZXhrPTE1NTAwMzM4NjAmYXdiaWRfY63d8LBEQ3JCNjFMODNUcVV6OENGSk13ZXp6dUtGTXRQX0dyTG5wVVFmWEtic0I4c2xROU5KU1pQT2RQYmhOVFlFcDFXZVRWcHI5Zlhvb1pWeGNUbzZnbFVhNC1nNDNtSF9iNEVvcWl3TW9ld1dXdVdiWUUwYnJjMEcxMXNVVkJpeE5pdzUtTFZTZU1WZXNON3N3U1FWNHBZRVZBT2NVZGVRekdQWktMVXpieVNtZ0w4SEFRTzjNnQBkDcD0bARCREZtLVJsVmYxLVM0cFdlRmlrc3dFbEV6cmdPZ0pkaHNhM3VVNlJRR08wZDM5XzZrMzlELTd0amtmX0hLRDdva0RvSmltV3NPWFVPVzM1WnlWaGdOdmlwUUJuZGJQQXhlcG9HeVJ6MmRkdDJPVi1lcXJvM052ckI0T3Y2N1dySEtzeElKMEVQRTUzUC1uNUY3dlBMbmRNMFBJWkQ4a1NKZFdSOUdheGtDOWExdG5FSDc0UGFuR3owMzZTSnBJWUxmMU9wZHJlUlFjc0tEb3JQS2FZcHZLNUlla0NSdFhWNDhzcThfOTVTRTlZZldJbGs2M2hURGZsMHVscFUtbnhvRDhuMWlJc2hnS01wUGVCUjlaZFkybUhKQm52SVJ4dUZncXFlcWkwRzFJSllLTmNBSWFsNmhyQ0txdDRjaDlxa1dtU0RUa09fMDBJV0VvTl9LUndSSkFhczA3WVBQQ1ppYjJySGs4ZkdjVF90R1MwMTA4SEtmSmpsS1ZMMzYtYW9KOGlDd2ZoNDdHZFIwUjlxcW9zQXJPLW9VeWRnZjJBY0tqeUxpdjBoMGVYWDJteXYxTU94RWdFX09lV0lDV0pFaXE3ekNGSnEwOVRtSHdjd2tLejh0WTJIa2Y2WW5lZTI4QjZ5OHZsWTAyXzNUNFlmY3Q0YnFIZ3h2UXRfZ0ttR2RFVWFPRVdITThjUzVMdzdXME54dHN4d0xnSWpPc2NtMXkxcVp5VnRIWThkN1A3SnM0aUNZSEVIQ2dpYzF0Q0hPeDFOM2d3SmMzOTFGXzdKT0lZWWNfN3FsMVh4T0JWR0NvNUFLRmlCMmhYVjgya0pJS0pKcjBiZmNla1JXVTlfMS1nN1dNOWZtZGR5dlBWYTFDdUItWnF1Z2ZpdGhudXA5ZUhTdUNsUk5qVmZ4UG9MWGw1Sm5WRXYzVHljZjdJeWlJTDhKcGhtT1A2U2dUX1FYaW41RFRGYWNSTG92dGlzWGFVRDdDWlZaLVBiaENOVjFxR3F4NlUxTy1TYnR6SHZ6eXdHa1BaQUVGVzV5emIySWFQak9ycVVrQ3Raa0wxVkNrV29HR1BlZjUtTGJ4SHNxbWYwMERTOXNkWl8zVFFockxBWmNsUkR5OW9HMDA4WmJSNC1DSnphYkY1ZyZjaWQ9Q0FRU0d3RFVFNXltdHduY1Nwb0tUUVAxcFRwcGxDVlRPRkhDZ3BmVFVoZ0JJQW8mYV9jaWQ9gAMBiAMAkAMAmAMXoAMBqgMAwAOsAsgDANgD3KCnAeADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAw5MS45MC40Mi4xNTSoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEp6LLJYgFAZgFAKAFu4Hd8r2TkvMgwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFvOAb-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAFFEQFcEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMDncJQDYwMTk3NjA4yAfL8wXSBw0JLjUADNoHBggJPlwHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=64480b606f9028c17cabc4da1b3d45ff9099d94f&bdref=https%3A%2F%2Fouo.press%2FF4eLhm&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm,https%3A%2F%2Fouo.press%2FF4eLhm& HTTP/1.1
Host: ams3-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b274caeb-3602-4e3d-a211-d8f33dc0bdac
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
67.220.228.203200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t
IP 67.220.228.203:0
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-LoopMe_n-onetag_pm-db5_rbd_cnv_n-Outbrain&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: XGWYK3Z7X7238V5XVMGW
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ams3-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1
185.89.210.122200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs-simple.com/it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it?an_audit=0&referrer=https%253A%252F%252Fouo.press%252FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1 HTTP/1.1
Host: ams3-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ac2ebeb5-a361-4f60-9550-3ce15c6a6c6a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=nv&nvt=5&jm=1003&px=271&py=1834&bw=728&bh=90&sid=8894412041616545941&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1830&ww=1280&wh=939&ft=2
185.89.210.122200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=nv&nvt=5&jm=1003&px=271&py=1834&bw=728&bh=90&sid=8894412041616545941&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1830&ww=1280&wh=939&ft=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=nv&nvt=5&jm=1003&px=271&py=1834&bw=728&bh=90&sid=8894412041616545941&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&sw=1280&sh=1024&pw=1268&ph=1830&ww=1280&wh=939&ft=2 HTTP/1.1
Host: ams3-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 0520bdce-c19e-4b3d-9756-dd090c3d3a0f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
sweepfrequencydissolved.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=006ffe78-bce4-4482-b363-7965889b9003%3A1%3A1
192.243.59.13200 OK 4.1 kB URL HTTP/1.1 sweepfrequencydissolved.com/sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=006ffe78-bce4-4482-b363-7965889b9003%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6163), with no line terminators
Hash 8c496bca02a6bd00424bee181be64c42
d24dd852fe52eca248992d17a163ff14dc899414
5a751de2828f4fe999c298c6e0889bcb68b870eee2eaefe700b6f9f4b1e4507b
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=ed36014633829dc70a42dccaefdf3f11&uuid=006ffe78-bce4-4482-b363-7965889b9003%3A1%3A1 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ouo.press
Access-Control-Allow-Origin: https://ouo.press
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15424691; expires=Wed, 01 Feb 2023 07:04:57 GMT; secure; SameSite=None
uid_id2=006ffe78-bce4-4482-b363-7965889b9003:1:1; expires=Tue, 07 Feb 2023 07:04:57 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 01 Feb 2023 07:04:57 GMT; secure; SameSite=None
uncs=1; expires=Wed, 01 Feb 2023 07:04:57 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 01 Feb 2023 07:04:57 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 01 Feb 2023 07:04:57 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 29d43f70d6cd98ad24f002ae155297ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 087182d3a6a359284853764004bfb9b4
0297b9b2cb72a979d6a1267f587bab0fb79b7b40
aa00ff2ec55972ad493cedf34c369da582f052df3a1f660610b8cbbcb78ce5ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 087182d3a6a359284853764004bfb9b4
0297b9b2cb72a979d6a1267f587bab0fb79b7b40
aa00ff2ec55972ad493cedf34c369da582f052df3a1f660610b8cbbcb78ce5ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba712b809d1107138674cd304e041068
cb7ed5692720084e2b66e724712685d1d56dbe94
1624708856cbcf339b6acc2d31268b693af742aa1b0c699391dddbb09c493347
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1624708856CBCF339B6ACC2D31268B693AF742AA1B0C699391DDDBB09C493347"
Last-Modified: Sat, 28 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3870
Expires: Tue, 31 Jan 2023 08:09:27 GMT
Date: Tue, 31 Jan 2023 07:04:57 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 087182d3a6a359284853764004bfb9b4
0297b9b2cb72a979d6a1267f587bab0fb79b7b40
aa00ff2ec55972ad493cedf34c369da582f052df3a1f660610b8cbbcb78ce5ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite.js
142.250.74.97200 OK 11 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1484)
Hash ab795b0b85f414a5b1256230d5c93b78
698a030c07b620abe9f8080649246020ae221c33
572ff84c927aa4f672dd02d45f2d1cb1522a2c1b147892045de57b3aada666d5
GET /pagead/js/r20230125/r20110914/abg_lite.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10810
x-xss-protection: 0
date: Mon, 30 Jan 2023 22:13:33 GMT
expires: Mon, 13 Feb 2023 22:13:33 GMT
cache-control: public, max-age=1209600
age: 31884
etag: 8766511519597269738
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection.js
142.250.74.97200 OK 10 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1512)
Hash 789dc0b5533d4fc3a437a4cb7535ab5f
2f3a65d173f0edc1c3d99c4961e77898a0425873
cd3c69a8627bbdac1440d4f782a9bd666da5266ac43dc4dbd6dcdd50de9d7e70
GET /pagead/js/r20230125/r20110914/client/qs_click_protection.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 10272
x-xss-protection: 0
date: Mon, 30 Jan 2023 22:13:37 GMT
expires: Mon, 13 Feb 2023 22:13:37 GMT
cache-control: public, max-age=1209600
age: 31880
etag: 11468148672078775617
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus.js
142.250.74.97200 OK 1.3 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1500)
Hash c6be4595650bfa6cbb0839f2fab25529
0ab58af5d6c029935919c889d75455a15f5429a3
bb2b1f1b24360f9d28e6e5e0bcffa6f19111b176cdbd849340673f224a73e92b
GET /pagead/js/r20230125/r20110914/client/window_focus.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1305
x-xss-protection: 0
date: Mon, 30 Jan 2023 22:13:32 GMT
expires: Mon, 13 Feb 2023 22:13:32 GMT
cache-control: public, max-age=1209600
age: 31885
etag: 12828169674928258300
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/one_click_handler_one_afma.js
142.250.74.97200 OK 18 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/one_click_handler_one_afma.js
IP 142.250.74.97:0
File type ASCII text, with very long lines (1823)
Hash 4d7b520fae6011f766f11ab41aa171f0
10cd9a4970f5463cb6d91a918bb8c9b35d381b8f
8447fc6c4435c170b88d67909ce75175c1aa4923770b301bb3824ab9fc70440c
GET /pagead/js/r20230125/r20110914/client/one_click_handler_one_afma.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 18064
x-xss-protection: 0
date: Tue, 31 Jan 2023 03:11:48 GMT
expires: Tue, 14 Feb 2023 03:11:48 GMT
cache-control: public, max-age=1209600
age: 13989
etag: 11640667607391808528
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/simgad/1686913566973399375?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnvsa4zKX7liHocZ45XM1fIj1-DZA
142.250.74.97200 OK 33 kB URL HTTP/2 tpc.googlesyndication.com/simgad/1686913566973399375?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnvsa4zKX7liHocZ45XM1fIj1-DZA
IP 142.250.74.97:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 728x90, components 3\012- data
Hash a347fe492919ae970f3ebfaf9cd1654a
b7dcecbccce4604ac1d578091cb361daddbf29b2
d0390544ed48bae95187a3cab772ac831183fa7c9cfde50972d403190f17cab1
GET /simgad/1686913566973399375?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnvsa4zKX7liHocZ45XM1fIj1-DZA HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 32591
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 09:37:13 GMT
expires: Fri, 26 Jan 2024 09:37:13 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 10 Dec 2021 07:30:23 GMT
content-type: image/jpeg
age: 422864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq650%2BbQzDGSDRmlyS6IF6qq6pny6npaqq6p2cXD4sByUUYT%2Bqt9zu7WaJBDJ4DMutF9rTjIe7B9SaCR8GzzOzA6IOq91593%2BHzXr1Pd4oTQlGw47V3zZbSml1s1mnt5XWVClO62s07NZ%2FW6aXaukpb4aXacHbZwWs%2BbdbpK7W3JO%2BZiw3qU%2BpTv3ZNWZmY4cW5CpU9jPx6ROtho%2B43Qwztf3NXeHDMgxickGegxPT8xk%2BPoPgEaf%2B7q9L1cpO9%2Bma%2F0Cw3FgOx%2F17aS02Zor8ME%2BshSfcX1TBuSsiXZ2DS%2FUUHMIPdWQeI1ZR4T3zE6f4CE%2FFg75Q01pApYvF%2FlIMJpJ5AsQm4uQsljgjABW6uIu3fv2lsyTZPVTZTp%2BTc339BlVNy7tdnkfa%2FvaLVsHbb6CJXJnUYJhXUcALVnSArDpBveVDlAXj%2BCZQgSPsVlDh%2BidJWksh2ZyXmMlwJw05jJQ5awUo7ajU7nSiOKA3mo1FqApVMoOUIzHkoZkd5KBIPReahL45rrBkllLaTOAmCTsg5DwLOm52WaIog7CQUBZ%2Bxj5BnI3A9ArfbyOw2emoEW%2FwAt1HBCQ8uJxiICqUkKB1ByQhKRVDmBOWg2hPaNVx1X2hXxP7CNxY%2BqMYm7%2B6wPZN3ZUp2shPy9Hxgf374PXryuCZF0KJ%2B2AqCTiMSvE1Z2BCcM5mIJEh8H05VUO7MvM0tdfTUE2Tq6H8VYnYApw%2FA1YtgxfNg5bjdoGAb47BDsZU%2BMIWpZ1Y6B2EqZPl55Jvejj4hz80Bot8vQPLDy198tvrbJfEBuK2Q2QofqR8Juvre%2BJYpye4tUzryaDXLVV9tsdlv3s5ZLs9%2B%2FY7cLI0V16%2B60YPX%2BUyYhQ%2FvSJffYKlQadeRb64oIaS9ZiyX5PF1ty7jtcJtXClsWmQ31t64dr0%2FB1QmnYCpo%2Fc%2FBldTcsH25nv6wh9vQ9kJbFGhXxyShUGZCXi2DZct6Z0hsHpZE2ceyqIa20a8fNSKQMtlzuIK7l95vIx33D10rQeW351v58BWGOgKTI%2FgirPjPLOHl38O5oZYe%2BNYW2831lZ%2Ffjpap45rspnQRNKGjJMoTtqMiigJo5hFvmzHTeYjd1P%2By%2BOv%2FgEAAP%2F%2FAQAA%2F%2F%2BPsTRNfwQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 sweepfrequencydissolved.com/ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq650%2BbQzDGSDRmlyS6IF6qq6pny6npaqq6p2cXD4sByUUYT%2Bqt9zu7WaJBDJ4DMutF9rTjIe7B9SaCR8GzzOzA6IOq91593%2BHzXr1Pd4oTQlGw47V3zZbSml1s1mnt5XWVClO62s07NZ%2FW6aXaukpb4aXacHbZwWs%2BbdbpK7W3JO%2BZiw3qU%2BpTv3ZNWZmY4cW5CpU9jPx6ROtho%2B43Qwztf3NXeHDMgxickGegxPT8xk%2BPoPgEaf%2B7q9L1cpO9%2Bma%2F0Cw3FgOx%2F17aS02Zor8ME%2BshSfcX1TBuSsiXZ2DS%2FUUHMIPdWQeI1ZR4T3zE6f4CE%2FFg75Q01pApYvF%2FlIMJpJ5AsQm4uQsljgjABW6uIu3fv2lsyTZPVTZTp%2BTc339BlVNy7tdnkfa%2FvaLVsHbb6CJXJnUYJhXUcALVnSArDpBveVDlAXj%2BCZQgSPsVlDh%2BidJWksh2ZyXmMlwJw05jJQ5awUo7ajU7nSiOKA3mo1FqApVMoOUIzHkoZkd5KBIPReahL45rrBkllLaTOAmCTsg5DwLOm52WaIog7CQUBZ%2Bxj5BnI3A9ArfbyOw2emoEW%2FwAt1HBCQ8uJxiICqUkKB1ByQhKRVDmBOWg2hPaNVx1X2hXxP7CNxY%2BqMYm7%2B6wPZN3ZUp2shPy9Hxgf374PXryuCZF0KJ%2B2AqCTiMSvE1Z2BCcM5mIJEh8H05VUO7MvM0tdfTUE2Tq6H8VYnYApw%2FA1YtgxfNg5bjdoGAb47BDsZU%2BMIWpZ1Y6B2EqZPl55Jvejj4hz80Bot8vQPLDy198tvrbJfEBuK2Q2QofqR8Juvre%2BJYpye4tUzryaDXLVV9tsdlv3s5ZLs9%2B%2FY7cLI0V16%2B60YPX%2BUyYhQ%2FvSJffYKlQadeRb64oIaS9ZiyX5PF1ty7jtcJtXClsWmQ31t64dr0%2FB1QmnYCpo%2Fc%2FBldTcsH25nv6wh9vQ9kJbFGhXxyShUGZCXi2DZct6Z0hsHpZE2ceyqIa20a8fNSKQMtlzuIK7l95vIx33D10rQeW351v58BWGOgKTI%2FgirPjPLOHl38O5oZYe%2BNYW2831lZ%2Ffjpap45rspnQRNKGjJMoTtqMiigJo5hFvmzHTeYjd1P%2By%2BOv%2FgEAAP%2F%2FAQAA%2F%2F%2BPsTRNfwQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq650%2BbQzDGSDRmlyS6IF6qq6pny6npaqq6p2cXD4sByUUYT%2Bqt9zu7WaJBDJ4DMutF9rTjIe7B9SaCR8GzzOzA6IOq91593%2BHzXr1Pd4oTQlGw47V3zZbSml1s1mnt5XWVClO62s07NZ%2FW6aXaukpb4aXacHbZwWs%2BbdbpK7W3JO%2BZiw3qU%2BpTv3ZNWZmY4cW5CpU9jPx6ROtho%2B43Qwztf3NXeHDMgxickGegxPT8xk%2BPoPgEaf%2B7q9L1cpO9%2Bma%2F0Cw3FgOx%2F17aS02Zor8ME%2BshSfcX1TBuSsiXZ2DS%2FUUHMIPdWQeI1ZR4T3zE6f4CE%2FFg75Q01pApYvF%2FlIMJpJ5AsQm4uQsljgjABW6uIu3fv2lsyTZPVTZTp%2BTc339BlVNy7tdnkfa%2FvaLVsHbb6CJXJnUYJhXUcALVnSArDpBveVDlAXj%2BCZQgSPsVlDh%2BidJWksh2ZyXmMlwJw05jJQ5awUo7ajU7nSiOKA3mo1FqApVMoOUIzHkoZkd5KBIPReahL45rrBkllLaTOAmCTsg5DwLOm52WaIog7CQUBZ%2Bxj5BnI3A9ArfbyOw2emoEW%2FwAt1HBCQ8uJxiICqUkKB1ByQhKRVDmBOWg2hPaNVx1X2hXxP7CNxY%2BqMYm7%2B6wPZN3ZUp2shPy9Hxgf374PXryuCZF0KJ%2B2AqCTiMSvE1Z2BCcM5mIJEh8H05VUO7MvM0tdfTUE2Tq6H8VYnYApw%2FA1YtgxfNg5bjdoGAb47BDsZU%2BMIWpZ1Y6B2EqZPl55Jvejj4hz80Bot8vQPLDy198tvrbJfEBuK2Q2QofqR8Juvre%2BJYpye4tUzryaDXLVV9tsdlv3s5ZLs9%2B%2FY7cLI0V16%2B60YPX%2BUyYhQ%2FvSJffYKlQadeRb64oIaS9ZiyX5PF1ty7jtcJtXClsWmQ31t64dr0%2FB1QmnYCpo%2Fc%2FBldTcsH25nv6wh9vQ9kJbFGhXxyShUGZCXi2DZct6Z0hsHpZE2ceyqIa20a8fNSKQMtlzuIK7l95vIx33D10rQeW351v58BWGOgKTI%2FgirPjPLOHl38O5oZYe%2BNYW2831lZ%2Ffjpap45rspnQRNKGjJMoTtqMiigJo5hFvmzHTeYjd1P%2By%2BOv%2FgEAAP%2F%2FAQAA%2F%2F%2BPsTRNfwQAAA%3D%3D HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=006ffe78-bce4-4482-b363-7965889b9003:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 613b01e87c570a85c353e509066e738b
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 78ab2d5cc6d61c3c29944777767ccefe
a5380ce83cea0350b0ea550ac99d36b0093d220a
5901f2549eee80f63d44390d2c6de7ed62ce5e63b842dc366d58a367a6be9303
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5901F2549EEE80F63D44390D2C6DE7ED62CE5E63B842DC366D58A367A6BE9303"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1969
Expires: Tue, 31 Jan 2023 07:37:46 GMT
Date: Tue, 31 Jan 2023 07:04:57 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=006ffe78-bce4-4482-b363-7965889b9003&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=006ffe78-bce4-4482-b363-7965889b9003&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=006ffe78-bce4-4482-b363-7965889b9003&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=ed36014633829dc70a42dccaefdf3f11&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 31 Jan 2023 07:04:57 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8afbfe5ee02002131ccda106dc977983
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c0d79787c5ee0933b2b39a9630793f94
47468efa1fa4c08f2d595fc8948d3bc462341bfe
91d589a2248c35896d7c6da948899edba959056aabcf8e41b4f3feebf3f0d9e2
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "91D589A2248C35896D7C6DA948899EDBA959056AABCF8E41B4F3FEEBF3F0D9E2"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16290
Expires: Tue, 31 Jan 2023 11:36:27 GMT
Date: Tue, 31 Jan 2023 07:04:57 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
172.64.167.9200 OK 1.6 kB URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/style.css
IP 172.64.167.9:0
Hash c1b300c081bb9101b959094adcb3fb1e
b408fab9d5f5c8d6a117c8d9adc2ec27f197f9f7
5ad0a9ff342ea3326b9980c942e16e041c446cea52a18750f51c05eff8d13f87
GET /sb/ssp/in-page_push/os/android/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:01 GMT
etag: W/"627b7b4d-126c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4301326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7pzc4iMI0TVPeXGDlpTW0Ep8zwVLRn5CLjA48dDGYOXbjR0Z7W1KWh7EMq%2FTycb3YT6o4WRV%2FKx23NcvsdlSw8i1bi88jXSln6mPqNwUU0Nfm58NxbCeVDzQ72rnOywctWXTwwtZ5AN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792098a00b6976e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js
172.64.167.9200 OK 701 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/js/script.js
IP 172.64.167.9:0
Hash 9f5122d69c5dc5b5b0d6fc60dee123c5
60e0815788b7f40c2c805e6313466a16a5446a1f
a8ed21216e888a68eb14a146231ec247256f436f463daa64256c51e1f6749d4a
GET /sb/ssp/in-page_push/os/android/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: application/javascript
last-modified: Wed, 11 May 2022 09:01:04 GMT
etag: W/"627b7b50-194"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4301326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNkKgJKdNXuxU5d22J0FzKt4D63PwMkgaFqQpV4vHAhKaUu4a0CKDxlmVkZeYY%2Bq9pIuCEfNAgGLd4bN9wDB7xkvp17lXQS8QXy3ONRRC3BwKWS1AhYBLdBZq9QQ7d6u4%2Bqk%2FTVxKe94"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920989ffb6476e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
54.230.111.73200 OK 126 kB URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP 54.230.111.73:0
File type ASCII text, with very long lines (618)
Size 126 kB (126409 bytes)
Hash 2df0008a9e850c30210952e4108d9b12
6811baf039b7f7d81782edc9d541dbb22eafffc7
0188cf7051f30b0137acac396acae32462b2691c5e817bafd64e1f5c2b26e42b
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 31 Jan 2023 06:07:15 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Tue, 31 Jan 2023 06:07:15 UTC
etag: W/"0ac13b207f25ea6bfdabc989cac9c210"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JwwT_T36n0ldyJW1Wo_TX7nUQsUaaX8MHNREFSyawp7dp8JxgTHt7w==
age: 3459
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3025fb112231fed65dd6afa7586ea320
7055cfa6528fac0e753e6d5c816ed4c833860b15
8bf2cd4d60db22be0de2f303c50bb070b2c0d4d89376d638e39d03c9d9666da1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5942
Cache-Control: max-age=133163
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:58 GMT
Etag: "63d80b8f-139"
Expires: Wed, 01 Feb 2023 20:04:21 GMT
Last-Modified: Mon, 30 Jan 2023 18:25:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
sweepfrequencydissolved.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq6Z6bHHIIxRqIxuyTRBfFSXVU9W05NV1PVPT27eFgMSC7CeFJvvd%2FZzRINYvAckFkvsqcdD3EPrjcRPAqeZWYHRh9Uvffq%2Bw6f9%2Bp9ulOcEIqCHa%2B9a7aU1uxis05rL6%2BrVJjS1W7eqfm0Ti%2FV1lXaCi%2FVhrPLDl7zabNOX6m9JXnPXGxQn1Kf%2BrVrysrEDC%2FOVajsYcevd2g9bNT9Zoih%2FW%2FuCg%2BOeRCDE%2FIMlJie3%2FjpERSfIO1%2Fd1W6Xm6yV9%2FsF5rlxmIg9t9Le6kpU%2FSXYWI9JOn%2BohrGTQn58gxMur%2FoAGawO%2BsAsZoS74mPON1fYCIe7J2SxhoyRSz%2Bj3IwgdQTKDYBN3ehxBEBuMDNVaT9%2BzeNLdnmqcpm6pSc%2B%2FsvqHJKzv36LNL%2Bt1e0GtZuG13kyqQOw6SCGk6guhNkxQHyLQ%2BqPADPP4ESBGm%2FghLHL1HaShLZjlZiLsOVMIwaK3HQClbanVYzijpxh9JgPhqlJlDJBFqOwJyHYnaUhyLxUGQe%2BuK4xpqdhNJ2EidBEIWc8yDgvBm1RFMEYZRQFHzGPkKejcD1CNxuI7Pb6KkRbPED3EYFJzy4nGAgKpSSoHQEJSMoFUGZE5SDak9o13DVfaFdEfsL31j4oBqbvLvD9kzelSnZyU7I0%2FOB%2Ffnh9%2BjJ45oUQYv6YSsIokZH8DZlYUNwzmQikiDxfThVQbkz8za31NFTT5Cpo%2F9ViNkBnD4AVy%2BCFc%2BDleN2g4JtjMOIYit9YApTz6x0DsJUyPLzyDe9HX1CnpsDdH6%2FAMkPL3%2Fx2epvl8QH4LZCZit8pH4k6Op741umJLu3TOnIo9UsV321xWa%2FeTtnuTz79TtyszRWXL%2FqRg9e5zNhFj68I11%2Bg6VCpV1HvrmihJD2mrFcksfX3bqM1wq3caWwaZHdWHvj2vX%2BHFCZdAKmjt7%2FGFxNyQXbm%2B%2FpC3%2B8DWUnsEWFfnFIFgZlJuDZNly2pHeGwOplTZx5KItqbBvx8lErAi2XOYsruH%2Fl8TLecffQtR5Yfne%2BnQNbYaArMD2CK86O88weXv45mBti7Y1jbb3dWFv9%2BelonTquNf1QRnHU5kLEkgu%2F3QiigNKGEGG7I%2F0Ocjflvzz%2B6h8AAAD%2F%2FwEAAP%2F%2Fm7m6q38EAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 sweepfrequencydissolved.com/impr.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq6Z6bHHIIxRqIxuyTRBfFSXVU9W05NV1PVPT27eFgMSC7CeFJvvd%2FZzRINYvAckFkvsqcdD3EPrjcRPAqeZWYHRh9Uvffq%2Bw6f9%2Bp9ulOcEIqCHa%2B9a7aU1uxis05rL6%2BrVJjS1W7eqfm0Ti%2FV1lXaCi%2FVhrPLDl7zabNOX6m9JXnPXGxQn1Kf%2BrVrysrEDC%2FOVajsYcevd2g9bNT9Zoih%2FW%2FuCg%2BOeRCDE%2FIMlJie3%2FjpERSfIO1%2Fd1W6Xm6yV9%2FsF5rlxmIg9t9Le6kpU%2FSXYWI9JOn%2BohrGTQn58gxMur%2FoAGawO%2BsAsZoS74mPON1fYCIe7J2SxhoyRSz%2Bj3IwgdQTKDYBN3ehxBEBuMDNVaT9%2BzeNLdnmqcpm6pSc%2B%2FsvqHJKzv36LNL%2Bt1e0GtZuG13kyqQOw6SCGk6guhNkxQHyLQ%2BqPADPP4ESBGm%2FghLHL1HaShLZjlZiLsOVMIwaK3HQClbanVYzijpxh9JgPhqlJlDJBFqOwJyHYnaUhyLxUGQe%2BuK4xpqdhNJ2EidBEIWc8yDgvBm1RFMEYZRQFHzGPkKejcD1CNxuI7Pb6KkRbPED3EYFJzy4nGAgKpSSoHQEJSMoFUGZE5SDak9o13DVfaFdEfsL31j4oBqbvLvD9kzelSnZyU7I0%2FOB%2Ffnh9%2BjJ45oUQYv6YSsIokZH8DZlYUNwzmQikiDxfThVQbkz8za31NFTT5Cpo%2F9ViNkBnD4AVy%2BCFc%2BDleN2g4JtjMOIYit9YApTz6x0DsJUyPLzyDe9HX1CnpsDdH6%2FAMkPL3%2Fx2epvl8QH4LZCZit8pH4k6Op741umJLu3TOnIo9UsV321xWa%2FeTtnuTz79TtyszRWXL%2FqRg9e5zNhFj68I11%2Bg6VCpV1HvrmihJD2mrFcksfX3bqM1wq3caWwaZHdWHvj2vX%2BHFCZdAKmjt7%2FGFxNyQXbm%2B%2FpC3%2B8DWUnsEWFfnFIFgZlJuDZNly2pHeGwOplTZx5KItqbBvx8lErAi2XOYsruH%2Fl8TLecffQtR5Yfne%2BnQNbYaArMD2CK86O88weXv45mBti7Y1jbb3dWFv9%2BelonTquNf1QRnHU5kLEkgu%2F3QiigNKGEGG7I%2F0Ocjflvzz%2B6h8AAAD%2F%2FwEAAP%2F%2Fm7m6q38EAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SST4gcxRfHq%2FPn8MsPBMWLB2UQDwrupHq6Z6bHHIIxRqIxuyTRBfFSXVU9W05NV1PVPT27eFgMSC7CeFJvvd%2FZzRINYvAckFkvsqcdD3EPrjcRPAqeZWYHRh9Uvffq%2Bw6f9%2Bp9ulOcEIqCHa%2B9a7aU1uxis05rL6%2BrVJjS1W7eqfm0Ti%2FV1lXaCi%2FVhrPLDl7zabNOX6m9JXnPXGxQn1Kf%2BrVrysrEDC%2FOVajsYcevd2g9bNT9Zoih%2FW%2FuCg%2BOeRCDE%2FIMlJie3%2FjpERSfIO1%2Fd1W6Xm6yV9%2FsF5rlxmIg9t9Le6kpU%2FSXYWI9JOn%2BohrGTQn58gxMur%2FoAGawO%2BsAsZoS74mPON1fYCIe7J2SxhoyRSz%2Bj3IwgdQTKDYBN3ehxBEBuMDNVaT9%2BzeNLdnmqcpm6pSc%2B%2FsvqHJKzv36LNL%2Bt1e0GtZuG13kyqQOw6SCGk6guhNkxQHyLQ%2BqPADPP4ESBGm%2FghLHL1HaShLZjlZiLsOVMIwaK3HQClbanVYzijpxh9JgPhqlJlDJBFqOwJyHYnaUhyLxUGQe%2BuK4xpqdhNJ2EidBEIWc8yDgvBm1RFMEYZRQFHzGPkKejcD1CNxuI7Pb6KkRbPED3EYFJzy4nGAgKpSSoHQEJSMoFUGZE5SDak9o13DVfaFdEfsL31j4oBqbvLvD9kzelSnZyU7I0%2FOB%2Ffnh9%2BjJ45oUQYv6YSsIokZH8DZlYUNwzmQikiDxfThVQbkz8za31NFTT5Cpo%2F9ViNkBnD4AVy%2BCFc%2BDleN2g4JtjMOIYit9YApTz6x0DsJUyPLzyDe9HX1CnpsDdH6%2FAMkPL3%2Fx2epvl8QH4LZCZit8pH4k6Op741umJLu3TOnIo9UsV321xWa%2FeTtnuTz79TtyszRWXL%2FqRg9e5zNhFj68I11%2Bg6VCpV1HvrmihJD2mrFcksfX3bqM1wq3caWwaZHdWHvj2vX%2BHFCZdAKmjt7%2FGFxNyQXbm%2B%2FpC3%2B8DWUnsEWFfnFIFgZlJuDZNly2pHeGwOplTZx5KItqbBvx8lErAi2XOYsruH%2Fl8TLecffQtR5Yfne%2BnQNbYaArMD2CK86O88weXv45mBti7Y1jbb3dWFv9%2BelonTquNf1QRnHU5kLEkgu%2F3QiigNKGEGG7I%2F0Ocjflvzz%2B6h8AAAD%2F%2FwEAAP%2F%2Fm7m6q38EAAA%3D HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=006ffe78-bce4-4482-b363-7965889b9003:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 31 Jan 2023 07:04:58 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1c77b85cef4b890e72d905c681ee3e7
Strict-Transport-Security: max-age=0; includeSubdomains
sweepfrequencydissolved.com/pixel/sbs?c=1
192.243.59.13200 OK 0 B URL HTTP/1.1 sweepfrequencydissolved.com/pixel/sbs?c=1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: sweepfrequencydissolved.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: u_pl=15424691; uid_id2=006ffe78-bce4-4482-b363-7965889b9003:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 31 Jan 2023 07:04:58 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 94da194bbf70aa41a65827c4882ea756
6db97bd2d9b0d4406523d4a6984f62a21d76c6a8
eaf9c0e5fef6d174295c7abb4b3b61620cfdb84067e86b3544ebdb37f9d916a8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4327
Cache-Control: max-age=114217
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:58 GMT
Etag: "63d7c7dc-13a"
Expires: Wed, 01 Feb 2023 14:48:35 GMT
Last-Modified: Mon, 30 Jan 2023 13:36:28 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:58 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=wjGibF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNqcG9IOTM1WjVRQzRWVWFsNSUyRkVBN1pOWDFsdUtKMXolMkZ5SEZEczBEUURT; expires=Sun, 25 Feb 2024 07:04:58 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 235495
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e24b648009bb4c419c3bf2c995832b00
457168a7a1f2cfff41ebcd7855410c08001eb5d4
c4f888188d5b4c7885cd16c39e5e4915a45bc91e8303a6e62fcd2e433a80aee1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4162
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:58 GMT
Last-Modified: Tue, 31 Jan 2023 05:55:36 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e24b648009bb4c419c3bf2c995832b00
457168a7a1f2cfff41ebcd7855410c08001eb5d4
c4f888188d5b4c7885cd16c39e5e4915a45bc91e8303a6e62fcd2e433a80aee1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4162
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 07:04:58 GMT
Last-Modified: Tue, 31 Jan 2023 05:55:36 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313
ag.gbc.criteo.com/newidsd
178.250.6.230200 OK 400 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.230:0
Hash 3d432a5d0969d49854bc33e391f5d9f0
38e83e6577c5af969bfb5abc7304c89847d14efa
3de5ef3fb33754901456ac4761909a9a0387b14f2daaaa799102497432057550
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 84182
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2
185.89.210.122200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&ft=2 HTTP/1.1
Host: ams3-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 2c6cdcf7-31e2-4d30-b005-f8348b144a43
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
eus.rubiconproject.com/usync.html
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 31 Jan 2023 07:04:59 GMT
Connection: keep-alive
Vary: Accept-Encoding
acdn.adnxs.com/dmp/async_usersync.html
151.101.65.108200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP 151.101.65.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 18 Jan 2023 06:44:40 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 31 Jan 2023 07:04:59 GMT
Age: 1192
X-Served-By: cache-lga13626-LGA, cache-bma1653-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 20, 4661
X-Timer: S1675148700.519888,VS0,VE0
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18573)
Hash b4537fd95a572fde70ee129592434415
90d54f5284b7b6fece7c91d65cfebf70de8a6520
918a490575da060dd0b7c758dfb8cb8544d499995a8e2a6c943e25410c42847b
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 30 Jan 2023 19:42:29 GMT
Content-Encoding: gzip
Content-Length: 10037
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=45438
Expires: Tue, 31 Jan 2023 19:42:17 GMT
Date: Tue, 31 Jan 2023 07:04:59 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.82307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 2d465dda-96cc-432d-863c-4fa2464e92ec
Set-Cookie: uuid2=2842739812103397099; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:04:59 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.82200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:04:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 4630a92a-a61c-49de-8b6b-357dffb75f8e
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
cti.w55c.net/ct/cms-2c-rubicon.html
192.229.233.53200 OK 13 kB URL HTTP/2 cti.w55c.net/ct/cms-2c-rubicon.html
IP 192.229.233.53:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (53556)
Hash 8974e4d91b50a8be2c3f32001ba7d48d
24538387df9c9f0811c7d275c419d909fb850954
ebdff3f1eb36e3953db7b49208c2b46079113e731db92b9f8b73d719c1e0b49f
GET /ct/cms-2c-rubicon.html HTTP/1.1
Host: cti.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 439077
cache-control: no-cache, must-revalidate
content-type: text/html
date: Tue, 31 Jan 2023 07:04:59 GMT
etag: "3055990060+gzip"
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Thu, 14 Oct 2021 17:36:30 GMT
p3p: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
pragma: no-cache
server: ECS (ska/F708)
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
content-length: 12841
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.126200 OK 2.7 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.126:0
File type JSON data\012- , ASCII text, with very long lines (7820)
Hash 6506bb491252fd89ce0260a68d4e709f
c37e6c678cdf5f7635dc2228883146bc2f7fe18e
a05901488a0968a98026a6c4782ccaaed93181e763e51be8891143021fd24e07
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 93698
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
pixel.rubiconproject.com/exchange/sync.php?p=a9us
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 3bbe2722f31ff5c51af5f7900136be1a
f58c5441e8c7883cc6265ae33fd1db215f746045
1a5ba82ed105af89350ccf23ba389b781917e2260f0b425be9fd49ce491943f7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103702
Date: Tue, 31 Jan 2023 07:04:59 GMT
Etag: "63d79dcf-1d7"
Expires: Wed, 01 Feb 2023 11:53:21 GMT
Last-Modified: Mon, 30 Jan 2023 10:37:03 GMT
Server: ECS (nyb/1D2D)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0jV2-KGmc7kxKS6yjBUu11sUJhGCCEWK1f-ZtmpFCEWLyXehwSzbrQ==
Age: 4578
pm.w55c.net/pingmatch.gif
3.126.58.16302 0 B URL HTTP/1.1 pm.w55c.net/pingmatch.gif
IP 3.126.58.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pingmatch.gif HTTP/1.1
Host: pm.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cti.w55c.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302
Cache-Control: no-cache, must-revalidate
Date: Tue, 31 Jan 2023 07:04:59 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://pm.w55c.net/pingmatch.gif?scc=1
Pragma: no-cache
Server: PingMatch/d601d38#rel-ec2-master i-05a89a035fd5ddeba@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=PQPtjGvG1PmKHp5; Domain=.w55c.net; Expires=Fri, 01-Mar-2024 17:04:59 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
cm.smadex.com/sync?sm_p=rbc&sm_r=rbc
54.230.111.47302 Found 0 B URL HTTP/2 cm.smadex.com/sync?sm_p=rbc&sm_r=rbc
IP 54.230.111.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?sm_p=rbc&sm_r=rbc HTTP/1.1
Host: cm.smadex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446&expires=30
date: Tue, 31 Jan 2023 07:04:59 GMT
set-cookie: smxtrack=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446; Expires=Fri, 26 Jan 2024 07:04:59 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
smxtrack=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446; Expires=Fri, 26 Jan 2024 07:04:59 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
smxrbc=1; Expires=Thu, 02 Mar 2023 07:04:59 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sITWOqcDBoqwzcLHUWRlpYQBmzci-Vgyb-kVYnYaGHJ4N-35mHMJww==
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446&expires=30
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446&expires=30
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=71194&nid=3636&put=15475ee4-c8cf-4fcf-bd7c-dbdb98c53446&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
67.220.228.203302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
IP 67.220.228.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Tue, 31 Jan 2023 07:04:59 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: CY3H145K50K3121TGTZZ
Set-Cookie: ad-id=A5Gd-ibfmExJg-LGk8ZSv-c|t; Domain=.amazon-adsystem.com; Expires=Sun, 01-Oct-2023 07:04:59 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
67.220.228.203200 OK 43 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
IP 67.220.228.203:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Tue, 31 Jan 2023 07:05:00 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: NC3725P9R85F15NR077Y
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
token.rubiconproject.com/token?pid=2974&pt=n&a=1
69.173.144.165204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
token.rubiconproject.com/token?pid=2249&pt=n
69.173.144.165302 Found 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2249&pt=n
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2249&pt=n HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
content-length: 0
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 75c812b3ca4e4eeae3179826b9f0d837
a4c25c5aac44a08a6a9b53634f69a9dc3c1ce8c1
9e9efe7448947054b523d79a0706bb7ab7e4eea8a703d313d772d1382f24560e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 31 Jan 2023 07:04:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 30 Jan 2023 21:50:04 GMT
Expires: Tue, 31 Jan 2023 21:50:04 GMT
ETag: "a4c25c5aac44a08a6a9b53634f69a9dc3c1ce8c1"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
match.adsby.bidtheatre.com/rubiconmatch
159.65.197.210302 302 0 B URL HTTP/1.1 match.adsby.bidtheatre.com/rubiconmatch
IP 159.65.197.210:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rubiconmatch HTTP/1.1
Host: match.adsby.bidtheatre.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 302
Date: Tue, 31 Jan 2023 07:05:00 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Set-Cookie: __kuid=27415449-47f5-4055-948e-9fa2d7c9623b.444362700; Max-Age=604800; Domain=.adsby.bidtheatre.com; SameSite=None; Secure
Location: https://pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=27415449-47f5-4055-948e-9fa2d7c9623b
Content-Length: 0
Keep-Alive: timeout=5, max=3000
Connection: Keep-Alive
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
216.58.207.226302 Found 280 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
IP 216.58.207.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 71ad89ad199a33e899f914d898872fe4
6ca9d2988115dbec1e30c337be9b67adea23732e
d780663f1202366919be361d8b4a9c47e234342d0bb6e55695172837a17c0418
GET /pixel?google_nid=rubicon&google_hm= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
date: Tue, 31 Jan 2023 07:05:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 280
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 07:20:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=27415449-47f5-4055-948e-9fa2d7c9623b
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=27415449-47f5-4055-948e-9fa2d7c9623b
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=27415449-47f5-4055-948e-9fa2d7c9623b HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
216.58.207.226200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&google_tc=
IP 216.58.207.226:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_hm=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Tue, 31 Jan 2023 07:05:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 4c88c48cf170318d9ed17fcaf6daba1f
10ea19f36921d711bdcf8ac28302bc8f9b8cd39a
5ae6570cec2007269de893e2718e3ea79121c11f2624b5a7d7b1b30b2f79240d
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 07:05:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 04 Feb 2023 03:58:06 GMT
ETag: "10ea19f36921d711bdcf8ac28302bc8f9b8cd39a"
Last-Modified: Tue, 31 Jan 2023 03:58:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3229
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792098b0b85eb4f7-OSL
ib.adnxs.com/async_usersync?cbfn=queuePixels
185.89.210.82307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP 185.89.210.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:05:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: b8378ef9-c761-4c75-82bc-aab5086844f3
Set-Cookie: uuid2=8838513852553369390; SameSite=None; Path=/; Max-Age=7776000; Expires=Mon, 01-May-2023 07:05:00 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
185.89.210.82200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP 185.89.210.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:05:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ef35d620-2a9f-4fac-9e6a-7de60e80024a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
tg.socdm.com/rtb/sync?proto=rubicon
124.146.215.47302 Found 0 B URL HTTP/1.1 tg.socdm.com/rtb/sync?proto=rubicon
IP 124.146.215.47:0
ASN #2514 NTT PC Communications, Inc.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rtb/sync?proto=rubicon HTTP/1.1
Host: tg.socdm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 31 Jan 2023 07:05:00 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=Y9i9nMCo8YMAACPf0FQAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Set-Cookie: SOSYNC=anNvbjp7InJ1Ymljb24iOjE2NzUxNDg3MDB9; path=/; expires=Thu, 30-Jan-25 07:05:00 GMT; domain=socdm.com; secure; SameSite=None
X-SO-Ads-Time: 40
X-SO-HostName: a-ad40367.dc2p.scaleout.jp
X-SO-LB-Hostname: m-tgng31.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync?proto=rubicon","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"Y9i9nMCo8YMAACPf0FQAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40367"}
X-SO-Key: Y9i9nMCo8YMAACPf0FQAAAAA
X-SO-IP: 91.90.42.154
X-SO-Cluster-ID: 0
X-SO-Upstream-ID: a-ad40367
pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=Y9i9nMCo8YMAACPf0FQAAAAA
69.173.144.165204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=Y9i9nMCo8YMAACPf0FQAAAAA
IP 69.173.144.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=71722&nid=3668&expires=30&put=Y9i9nMCo8YMAACPf0FQAAAAA HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif
ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~320|dm~90&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.22&d=5.21&id=5.21&ic=1&d0=5.21&d25=5.21&d50=5.21&d75=4.64&d100=4.6&ft=2
185.89.210.122200 OK 0 B URL HTTP/1.1 ams3-ib.adnxs-simple.com/vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~320|dm~90&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.22&d=5.21&id=5.21&ic=1&d0=5.21&d25=5.21&d50=5.21&d75=4.64&d100=4.6&ft=2
IP 185.89.210.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /vevent?an_audit=0&referrer=https%3A%2F%2Fouo.press%2FF4eLhm&e=wqT_3QL3BWz3AgAAAwDWAAUBCJj74p4GEK6Gs62w6Pv7IRj_EQF4ASo2CchhMH-FzIU_EVZJZB9kWYA_GQAAAKBwPfY_IRESACkRJNAxAAAAQOF6pD8w9PbtBzjuUUDlHkhlUKeiyyVY9p5zYABolNeXAXjL8wWAAQGKAQNVU0SSAQEG8F6YAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKlxU_qAhhodHRwczovL291by5wcmVzcy9GNGVMaG2AAwGIAwCQAwCYAxegAwGqA-cBCr8BaHR0cAEucHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0aQFfYj1BS0FtZi1EblZXMkw4dVVDMklkbjllT25GVlNoSnAxT0F4ZVUxb1VqMXpCV0d2cDN2RG9xcHJjVWxyUktLd3hMVXhuU1V0bllHU0NxMjR0RDJFbVNkeDE3UmE3TWJrLTZLZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyNDQ3Njg3OTkzNjM2MjA5NDU0Igg3ODgyNzgxNSoEMzk0McADrALIAwDYA9ygpwHgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMOTEuOTAuNDIuMTU0qAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBKeiyyWIBQGYBQCgBbuB3fK9k5LzIMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbzgG_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAA0_sBAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEyNzQ2MDE5NzYwOMgHy_MF0gcNCQ00BTUM2gcGCAUJYOAHAOoHAggA8AcAiggCEACVCAAAgD-YCAE.&s=83b5accbfc2cc84ca96a91ac59f81035acfe03c1&type=pv&jm=1003&px=271&py=1834&bw=728&bh=90&sf=1&sid=8894412041616545941&vd=ct~0|rr~320|dm~90&sv=231&tv=view7-1hs&ua=gecko40&pl=win&x=v&tag_id=16481140&pd=5.22&d=5.21&id=5.21&ic=1&d0=5.21&d25=5.21&d50=5.21&d75=4.64&d100=4.6&ft=2 HTTP/1.1
Host: ams3-ib.adnxs-simple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Tue, 31 Jan 2023 07:05:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 5e9ee674-dae5-471d-8a8f-cfc6cd6f4f31
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs-simple.com
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
54.230.111.73200 OK 0 B URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP 54.230.111.73:0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Tue, 31 Jan 2023 07:04:56 GMT
server: Apache/2.4.38 (Debian)
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M52n7gnAObob0-keLA5CYjdK6AGv1812Hb4A_R0Zkg_PqElIGZtqQA==
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.113.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.113.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.113.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:58 GMT
content-type: text/javascript
last-modified: Wed, 08 Sep 2021 12:50:31 GMT
etag: W/"6138b197-1532d"
expires: Wed, 01 Feb 2023 07:04:58 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
172.67.22.15200 OK 0 B URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 172.67.22.15:0
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/F4eLhm
Cookie: ouoio_session=eyJpdiI6IlZFMWY4UzY3V1F4REMyMDBJYnVUQTZ1K2w5RjVhanFVZFZBdDI3XC8zYTJnPSIsInZhbHVlIjoidTZJS3A2UVRGTzZKZHZ6c1ZIZytVWnJEY2RxXC9TRVFMUFhLcEsxNzVvTnNRMWFjakN4K0xtaWlKUTUxNHFFSExoaVI4NjNFYVpTWk9ORXV3NWZ6RitBPT0iLCJtYWMiOiJjZWU2NzE3YjUxNjlmN2RhZDBjZjlkZjZiNWE2YzAwNWJkZTQxM2M1NDgzNjFlZTZlNjRmMDI3MjNkOTNiOWJlIn0%3D; language=eyJpdiI6InZibjRWRlwvM29tYmN2YVU0bmt1dVZtUE5lTWVveWRuOEFGMnFXTXU0QXRFPSIsInZhbHVlIjoiM3Y0Qmtvekt3WEExXC9zejQ3S0p2SVwvaTNtdjU5bE85VVg2QnN1bWQ3YnprPSIsIm1hYyI6IjI0M2UyNDVlNDBkMWE5ZDViYTdiNjI0ZGFkNGVlOGE1NGU1ZDcyOTgzMThhYTUxMjA4M2ZkNmE5ZGUyY2U3NzgifQ%3D%3D; 174db50e2cc9eb30b77ad68581bffdb4f385b2ad=eyJpdiI6IjZQV2I3NWtXRk1KejlzbjZYeDQ0QXBIWGRLM2VNS09KWURDSE4rZGt0Tkk9IiwidmFsdWUiOiJxbFdJMUpIXC9xa0tWSzY1Y2hYb3o4MDJ4Qkt0VTNocDFcL1pGZ0JwaXl3a3VQUWc0N0R6OEZZNjAwTFdhUlwvXC81dEJ2Q1FlZjczUTB4ZGsyMGV6ZnBYMVRNQjR0K0gwSzhrN3ZxMldjZDAzVGg3eUtURWRiUUQrUUZydVF4dXBBV1hnbUJwQUgycCtySkxyQzZPRmExbWdObXF5c3ZkbGpqRFFoWUo2RVJkbElvXC9zck9mTnU4U2R3Vlg2SEhWSkJudWhXR2t2VVltUEsydUZvNWdVU0FmaGpDWWJHTUM0NVRDRUNHR1lcLzFDZTNIOE92ZkdSYVhrWjlTME9TeXNHQ1dHN2ZCVEE0Q2RaZVBDSzB2SURmZklIVDNpcFBmMjgyNFVlUGFOTGcyOUJ2NFFaRzVLNWdUamhGSHpsN2JKRUZSWWdSeXB5WnFKNGRIRE43aUxKOCtCNFVjT3BJRnRad2NoU3BzU3lBQUVrb3ZcL29TOStkeWloVXpWVklzTmRpS0RLIiwibWFjIjoiODU1MTc2MDQ5NWQwNTgwZmMzZjI0OGE2NTg1NmNhN2JhMWE0N2QyYmFlMjA3NTgwNmI5NjI3YzRkNDFlNGQxOSJ9; __cf_bm=6Ozt1CwuE9dd0wM9IKuMH4h0nbySARijExi.e4bPTZI-1675148694-0-AWG2boHv75j7G7tZwllRaZLjX/6yldB4U+1Bs/DzDeiZZ8a4TY0qONTE0rznWl3FDsyCLFeE32RqAJu0kgO+Tu0=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: application/javascript
last-modified: Mon, 23 Jan 2023 11:05:52 GMT
etag: W/"63ce6a10-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920988dfc2fb4fd-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 02 Feb 2023 07:04:54 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/css/bootstrap.css
172.67.22.15200 OK 0 B URL HTTP/2 ouo.press/css/bootstrap.css
IP 172.67.22.15:0
GET /css/bootstrap.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/F4eLhm
Cookie: ouoio_session=eyJpdiI6IlZFMWY4UzY3V1F4REMyMDBJYnVUQTZ1K2w5RjVhanFVZFZBdDI3XC8zYTJnPSIsInZhbHVlIjoidTZJS3A2UVRGTzZKZHZ6c1ZIZytVWnJEY2RxXC9TRVFMUFhLcEsxNzVvTnNRMWFjakN4K0xtaWlKUTUxNHFFSExoaVI4NjNFYVpTWk9ORXV3NWZ6RitBPT0iLCJtYWMiOiJjZWU2NzE3YjUxNjlmN2RhZDBjZjlkZjZiNWE2YzAwNWJkZTQxM2M1NDgzNjFlZTZlNjRmMDI3MjNkOTNiOWJlIn0%3D; language=eyJpdiI6InZibjRWRlwvM29tYmN2YVU0bmt1dVZtUE5lTWVveWRuOEFGMnFXTXU0QXRFPSIsInZhbHVlIjoiM3Y0Qmtvekt3WEExXC9zejQ3S0p2SVwvaTNtdjU5bE85VVg2QnN1bWQ3YnprPSIsIm1hYyI6IjI0M2UyNDVlNDBkMWE5ZDViYTdiNjI0ZGFkNGVlOGE1NGU1ZDcyOTgzMThhYTUxMjA4M2ZkNmE5ZGUyY2U3NzgifQ%3D%3D; 174db50e2cc9eb30b77ad68581bffdb4f385b2ad=eyJpdiI6IjZQV2I3NWtXRk1KejlzbjZYeDQ0QXBIWGRLM2VNS09KWURDSE4rZGt0Tkk9IiwidmFsdWUiOiJxbFdJMUpIXC9xa0tWSzY1Y2hYb3o4MDJ4Qkt0VTNocDFcL1pGZ0JwaXl3a3VQUWc0N0R6OEZZNjAwTFdhUlwvXC81dEJ2Q1FlZjczUTB4ZGsyMGV6ZnBYMVRNQjR0K0gwSzhrN3ZxMldjZDAzVGg3eUtURWRiUUQrUUZydVF4dXBBV1hnbUJwQUgycCtySkxyQzZPRmExbWdObXF5c3ZkbGpqRFFoWUo2RVJkbElvXC9zck9mTnU4U2R3Vlg2SEhWSkJudWhXR2t2VVltUEsydUZvNWdVU0FmaGpDWWJHTUM0NVRDRUNHR1lcLzFDZTNIOE92ZkdSYVhrWjlTME9TeXNHQ1dHN2ZCVEE0Q2RaZVBDSzB2SURmZklIVDNpcFBmMjgyNFVlUGFOTGcyOUJ2NFFaRzVLNWdUamhGSHpsN2JKRUZSWWdSeXB5WnFKNGRIRE43aUxKOCtCNFVjT3BJRnRad2NoU3BzU3lBQUVrb3ZcL29TOStkeWloVXpWVklzTmRpS0RLIiwibWFjIjoiODU1MTc2MDQ5NWQwNTgwZmMzZjI0OGE2NTg1NmNhN2JhMWE0N2QyYmFlMjA3NTgwNmI5NjI3YzRkNDFlNGQxOSJ9; __cf_bm=6Ozt1CwuE9dd0wM9IKuMH4h0nbySARijExi.e4bPTZI-1675148694-0-AWG2boHv75j7G7tZwllRaZLjX/6yldB4U+1Bs/DzDeiZZ8a4TY0qONTE0rznWl3FDsyCLFeE32RqAJu0kgO+Tu0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: origSize=109522
etag: W/"54def1fc-1abd2"
expires: Tue, 31 Jan 2023 08:20:07 GMT
last-modified: Sat, 14 Feb 2015 06:58:04 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 38687
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920988dec25b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
54.230.111.210200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP 54.230.111.210:0
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 23 Dec 2022 01:05:48 GMT
x-amz-version-id: 1R3b4YI9dI20q9Y7Gq1DHxVUnq3Fp2gn
server: AmazonS3
content-encoding: gzip
date: Mon, 30 Jan 2023 09:12:41 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fH_hPppvJ1gx_moKJDXAFSCPRiPoV-SOnsBot4ggRBGff4mJAq-18A==
age: 78735
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/e1/6f/bb/e16fbbe9f31c82c23d1d57f9726b5fc7/1654616215.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Tue, 07 Jun 2022 15:37:00 GMT
etag: W/"629f709c-40e"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 31 Jan 2023 08:04:57 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
IP 178.250.0.157:0
GET /syncframe?origin=publishertag&topUrl=ouo.press HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=d77c7d30-60f7-4e1d-bc44-ada689da3509; expires=Sun, 25 Feb 2024 07:04:57 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 711869
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.0.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.0.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 07:04:58 GMT
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 01:20:50 GMT
etag: W/"63c74972-162fb"
expires: Wed, 01 Feb 2023 07:04:58 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ouo.io/F4eLhm
104.22.22.162302 Found 0 B IP 104.22.22.162:0
GET /F4eLhm HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/F4eLhm
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6Ilwvb0R0c293dXNCR3hCa2FoSk8yUU9nc0VWdmxIRlYyZks0T3c5SHdlMHdRPSIsInZhbHVlIjoiXC9xclB3MHZuaEhJM2dxT0trZ1Rjcks5YUFKelJRY3NiWWdNdUhLSzNIWVZHcU95dVFWSURGY0VVVGFYWDk2eXptRGJOMlljQW51XC9ZT0IweGVUdjlQdz09IiwibWFjIjoiZjJmNmIyMDhhNjZmMmUxYWFmNzA4YTlkYTViNWY1ZjU3YzJiMmZhODRjNWQ0OWFmYTg5OTBkNzVkYThlNDE3OCJ9; path=/; httponly
language=eyJpdiI6IlROYStVYUhRRVNlRzg2UEQzOXRXTHM3SWdIcjZRTUkrNkVcL0M5ZUVcL1Jobz0iLCJ2YWx1ZSI6IlJJTjltejB1dFZkbENpQWZTeW9HaCs1OGVKWDJEUXVhXC9NbTkxc0kyTWk4PSIsIm1hYyI6IjE3YWVhZWMzZWFkYjFkMDYxZGM0OGEyZGMzNzVhZTFkMmQ0ZjJlODU1YWRkMmRjNmJlMDUzMDE4NTdjNzUxYzIifQ%3D%3D; expires=Sun, 30-Jan-2028 07:04:53 GMT; Max-Age=157680000; path=/; httponly
07a880f31b4ffaad65543c7a27de3ad719d4acf5=eyJpdiI6IjJcL1wvWVV0dFwvVVFOUm9qK05nTk1QaThLWVc5WUJjeEwybDdJa3NzK21lakE9IiwidmFsdWUiOiJMbFh0bktheVdlSEI5eXZyZjNsU0taWVRZbFwvanFFZ3VWaVRPQ2xvb25VNDVYT1ZZSnErd2JpNzlEZzBoMkVcL0QxN0pBdHRpWjV6dEtGWWNEbmtGaFpMbm0raHdKZ0tRSDhBZUVtMytKb1pNMUJUM2sxa0hpU0lyNlV6WWRSM0FMc1wvNDlZSHpmN2RYaHo2bzM2TXdPaVwvWFE2b0h5S3psS1ZPNTNVbUhHK1BuT1NIOE5IdzRQcnlFZUNmY1R0ZU1NQmV5a0xQVkRQdUplcSs2NVBKb3NzZHIxMTF0WEdoUmVvZjNwcXhqWTRwZThPaFVXWW5veEV3WWVHZGlhUVYydnJYVlp1VGIrNmx6OXcxZkdaU1J2WHV4TXBaREFTRklxamw3ZGwwZzNRRjJCbE5KK1VEM0trb1BiNTJDeUhkWEtDTHM0ZXRkUkszSFhcL3hPb1NKa0RKdz09IiwibWFjIjoiYzA3ZmM1MjU1NzAzZjJlODVlMzc3ZTlkNjEyNmNjMzc4NmM1MTMyZGFiMTgzZTA4ZmVmODJmN2EyYThhMjkwYiJ9; expires=Tue, 31-Jan-2023 09:04:53 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 792098878f40b4fa-OSL
X-Firefox-Spdy: h2
hhklc.com/c.js
104.21.70.122200 OK 0 B IP 104.21.70.122:0
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: application/javascript
last-modified: Tue, 27 Dec 2022 13:04:38 GMT
etag: W/"63aaed66-2eef"
server-asp-net: Asp Net
expires: Tue, 31 Jan 2023 07:11:52 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2282
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9jfUXOjttp4B6a1tTs57TbUNz8uB5zArC9O50yHm21LVssMn84JTisld9u%2Bs1zCsiFaGWDCOUbUnBB7ccPRq3tjvBC6GRFQeW8Cm3FkFIVdgyizVdTXYfRaY3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920988e1ed4b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.amazon-adsystem.com/aax2/apstag.js
54.230.111.210200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP 54.230.111.210:0
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 31 Jan 2023 06:26:43 GMT
last-modified: Wed, 25 Jan 2023 21:28:25 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront), 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
etag: W/"8a6d0f2d51de2b80e524e04684f71215"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P1, OSL50-P1
x-amz-cf-id: ppAfYHIra0YLY3JhyUe_xlUW4G7YKZ4de3V2nzQhCVzFkyLPtC1pTw==
age: 2293
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
54.230.111.73200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP 54.230.111.73:0
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: br
date: Tue, 31 Jan 2023 06:07:17 GMT
expires: Tue, 31 Jan 2023 07:07:15 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 30tKhEl5Lg2jLbiIISzxjvGcYF7pHazeRt7BDs9FDhVUdHFBrddyWg==
age: 3460
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=wjGibF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNqcG9IOTM1WjVRQzRWVWFsNSUyRkVBN1pOWDFsdUtKMXolMkZ5SEZEczBEUURT
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=q_CiSF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNqcG9IOTM1WjVRQzRWVWFsNSUyRkVBNDR0TllnbUtVRk95QXR4bkx5NXRMRw; expires=Sun, 25 Feb 2024 07:04:58 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 437231
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/F4eLhm
172.67.22.15200 OK 0 B IP 172.67.22.15:0
GET /F4eLhm HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:54 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6IlZFMWY4UzY3V1F4REMyMDBJYnVUQTZ1K2w5RjVhanFVZFZBdDI3XC8zYTJnPSIsInZhbHVlIjoidTZJS3A2UVRGTzZKZHZ6c1ZIZytVWnJEY2RxXC9TRVFMUFhLcEsxNzVvTnNRMWFjakN4K0xtaWlKUTUxNHFFSExoaVI4NjNFYVpTWk9ORXV3NWZ6RitBPT0iLCJtYWMiOiJjZWU2NzE3YjUxNjlmN2RhZDBjZjlkZjZiNWE2YzAwNWJkZTQxM2M1NDgzNjFlZTZlNjRmMDI3MjNkOTNiOWJlIn0%3D; path=/; httponly
language=eyJpdiI6InZibjRWRlwvM29tYmN2YVU0bmt1dVZtUE5lTWVveWRuOEFGMnFXTXU0QXRFPSIsInZhbHVlIjoiM3Y0Qmtvekt3WEExXC9zejQ3S0p2SVwvaTNtdjU5bE85VVg2QnN1bWQ3YnprPSIsIm1hYyI6IjI0M2UyNDVlNDBkMWE5ZDViYTdiNjI0ZGFkNGVlOGE1NGU1ZDcyOTgzMThhYTUxMjA4M2ZkNmE5ZGUyY2U3NzgifQ%3D%3D; expires=Sun, 30-Jan-2028 07:04:54 GMT; Max-Age=157680000; path=/; httponly
174db50e2cc9eb30b77ad68581bffdb4f385b2ad=eyJpdiI6IjZQV2I3NWtXRk1KejlzbjZYeDQ0QXBIWGRLM2VNS09KWURDSE4rZGt0Tkk9IiwidmFsdWUiOiJxbFdJMUpIXC9xa0tWSzY1Y2hYb3o4MDJ4Qkt0VTNocDFcL1pGZ0JwaXl3a3VQUWc0N0R6OEZZNjAwTFdhUlwvXC81dEJ2Q1FlZjczUTB4ZGsyMGV6ZnBYMVRNQjR0K0gwSzhrN3ZxMldjZDAzVGg3eUtURWRiUUQrUUZydVF4dXBBV1hnbUJwQUgycCtySkxyQzZPRmExbWdObXF5c3ZkbGpqRFFoWUo2RVJkbElvXC9zck9mTnU4U2R3Vlg2SEhWSkJudWhXR2t2VVltUEsydUZvNWdVU0FmaGpDWWJHTUM0NVRDRUNHR1lcLzFDZTNIOE92ZkdSYVhrWjlTME9TeXNHQ1dHN2ZCVEE0Q2RaZVBDSzB2SURmZklIVDNpcFBmMjgyNFVlUGFOTGcyOUJ2NFFaRzVLNWdUamhGSHpsN2JKRUZSWWdSeXB5WnFKNGRIRE43aUxKOCtCNFVjT3BJRnRad2NoU3BzU3lBQUVrb3ZcL29TOStkeWloVXpWVklzTmRpS0RLIiwibWFjIjoiODU1MTc2MDQ5NWQwNTgwZmMzZjI0OGE2NTg1NmNhN2JhMWE0N2QyYmFlMjA3NTgwNmI5NjI3YzRkNDFlNGQxOSJ9; expires=Tue, 31-Jan-2023 09:04:54 GMT; Max-Age=7200; path=/; httponly
__cf_bm=6Ozt1CwuE9dd0wM9IKuMH4h0nbySARijExi.e4bPTZI-1675148694-0-AWG2boHv75j7G7tZwllRaZLjX/6yldB4U+1Bs/DzDeiZZ8a4TY0qONTE0rznWl3FDsyCLFeE32RqAJu0kgO+Tu0=; path=/; expires=Tue, 31-Jan-23 07:34:54 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7920988aa83bb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/fiamp.js
54.230.111.73200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP 54.230.111.73:0
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: br
date: Tue, 31 Jan 2023 06:07:17 GMT
expires: Tue, 31 Jan 2023 07:07:15 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O2ewd46D-Rjh8NPIvCUjW026C9YdJCd-DmZ0OiXPgXTlgBr0M5ON4g==
age: 3460
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/ssp/in-page_push/os/android/2/css/animate.css
IP 172.64.167.9:0
GET /sb/ssp/in-page_push/os/android/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 07:04:57 GMT
content-type: text/css
last-modified: Wed, 11 May 2022 09:01:02 GMT
etag: W/"627b7b4e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4301326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCKPzGbn8AayZkq3dwPAxdlzzdi1U69G3DC72kmUC3LpAtc37Wl6kfF7%2Fz%2F9FLylxxKGVQbPlUP7%2BKT4xJS3h%2FZyFJuIIbgeDcg8rgeIrTwxKjvO22e3KF95mxllGrGY%2FQ27skzNE3ZB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7920989ffb6376e3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2