ga.mcxsureshot.com/metformin-puren-9184
301 Moved Permanently 0 B URL HTTP/1.1 ga.mcxsureshot.com/metformin-puren-9184
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /metformin-puren-9184 HTTP/1.1
Host: ga.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 09:52:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 10:52:34 GMT
Location: https://ga.mcxsureshot.com/metformin-puren-9184
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L8aQ36RALrla6qflnLzZ8soI2xVYtYiJeeb%2BO6frSN25VMOO7qXPC7a9AFa7useeVYmdNdshh3TkCrlpCUWcCkCX8HtRclS7rxWebpK3YnGq1cA3YUjfpYFoB1fyHcSHGCbgWgE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649be7580bb511-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4107
Expires: Thu, 08 Dec 2022 11:01:01 GMT
Date: Thu, 08 Dec 2022 09:52:34 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15217
Expires: Thu, 08 Dec 2022 14:06:11 GMT
Date: Thu, 08 Dec 2022 09:52:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 09:08:09 GMT
content-type: application/json
age: 2665
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4029
Expires: Thu, 08 Dec 2022 10:59:43 GMT
Date: Thu, 08 Dec 2022 09:52:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9EEUNU7FgSoddMMjjihndI1bDnTfc8tFHGO9Vpzh+NaSjaeuwIA1bLgd77Jub6GTDACy6Eg+yZg=
x-amz-request-id: JZ7Z6X9WF9PC7RMC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 09:49:44 GMT
age: 170
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:34 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash f1b34262abf01979e4428ff3145b6233
624468127cf510bfd6b5c4303914c5d6017cc1dd
c5fdc0a5e61d7500c0cbea26c9d0c2a2ca189d3b77a111360ffb87e20fde3652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=106336
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:34 GMT
Etag: "6390b042-118"
Expires: Fri, 09 Dec 2022 15:24:50 GMT
Last-Modified: Wed, 07 Dec 2022 15:24:50 GMT
Server: nginx
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 09:07:58 GMT
age: 2677
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash f1b34262abf01979e4428ff3145b6233
624468127cf510bfd6b5c4303914c5d6017cc1dd
c5fdc0a5e61d7500c0cbea26c9d0c2a2ca189d3b77a111360ffb87e20fde3652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=106336
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Etag: "6390b042-118"
Expires: Fri, 09 Dec 2022 15:24:51 GMT
Last-Modified: Wed, 07 Dec 2022 15:24:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
200 OK 1.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
IP
File type ASCII text, with very long lines (1460)
Hash 8786cd8041431d860694eed4e4df5493
ad176b25138137c05527a1a93f9b1d2bd9819bb6
2f1ab64452cbd8b4a75b5f778aaadd7f8a9c194ef48c5e2e9132393b68d21a85
GET /npm/cookieconsent@3/build/cookieconsent.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Dec 2022 09:52:35 GMT
age: 12459
x-served-by: cache-fra-eddf8230021-FRA, cache-bma1674-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1299
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 1d8d2169d8e6311b0274f329464321ff
ca4b88218bb90f32b0f79b3794217bba17eb60d6
e010be6ef0737984c769977f2e1d06afbee7b9ba54a800095e8dc41200b5c0b7
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:35 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "07ACC5A9F91FAE863F131D71B3A5A617715402FA"
Expires: Thu, 08 Dec 2022 20:00:00 GMT
Last-Modified: Thu, 08 Dec 2022 08:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2935
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649becde1dfab8-OSL
ocsp.digicert.com/
200 OK 471 B IP
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4814
Cache-Control: max-age=88469
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:27:04 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
s7.addthis.com/js/300/addthis_widget.js
200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js
IP
File type ASCII text, with very long lines (54602)
Size 116 kB (116406 bytes)
Hash 722e21e12eaa431752dfae3577fe0619
cdf8ee4381284ad6b6081663ae6ee322998e1b35
998242560562ed6542b378745338b65d06b0001ee9c4c9bb843166524bd4c407
GET /js/300/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
cache-control: public, max-age=600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116406
date: Thu, 08 Dec 2022 09:52:35 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7c694935bc832b839e439d4633480d9d
1593cc6545840b0b44ec1c3c6efb8a857f626988
bc8111564e841ff35ed541d34e3e04cc758a3eacd8dfef2f4505ad92db048d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BC8111564E841FF35ED541D34E3E04CC758A3EACD8DFEF2F4505AD92DB048D48"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9655
Expires: Thu, 08 Dec 2022 12:33:30 GMT
Date: Thu, 08 Dec 2022 09:52:35 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b5c27a4ab37c6c8203d281ea09fa3e4a
0c36ba3df7510a76b2062ad1584e564592a45035
4eac9570f12e3959c4944baf4f232cd994291cd1dfe334ffc93ac4737972bdb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/ZUc5OwI7ZWw/hqdefault.jpg
200 OK 28 kB URL HTTP/2 i.ytimg.com/vi/ZUc5OwI7ZWw/hqdefault.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash 8587a60af439f8669b7fa8044a7114f2
b7f0842aecfd5ac54f890242b718fa2946f43829
8ebf332acb2dbe0ff8592743d2703ce5f65a98826726f0fdeefca04b5200644c
GET /vi/ZUc5OwI7ZWw/hqdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 28446
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:57:37 GMT
expires: Thu, 08 Dec 2022 10:57:37 GMT
cache-control: public, max-age=7200
age: 3298
etag: "1624498798"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
get.optad360.io/sf/0cb56948-cae8-47f8-b292-fbe3862a81d2/plugin.min.js
200 OK 85 kB URL HTTP/2 get.optad360.io/sf/0cb56948-cae8-47f8-b292-fbe3862a81d2/plugin.min.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 24d4ad11421cf35a58a3b7003980a3d1
6deb2e7779a5cd5d02090315d3b1766fc7402d32
76b4e539b6a88f5666bba7523330c5ee06092c60cc56415296a77a52ae29b56e
GET /sf/0cb56948-cae8-47f8-b292-fbe3862a81d2/plugin.min.js HTTP/1.1
Host: get.optad360.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 05 Dec 2022 02:46:58 GMT
last-modified: Thu, 17 Nov 2022 15:59:38 GMT
etag: W/"160a0cae9d1982717207388752d39fb3"
cache-control: public, max-age=604800
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5tnfFuAU5kjP7-ONS5r7XplJEvo3NBTtNNDwJPMGq7druvvkUIdfmQ==
age: 284738
X-Firefox-Spdy: h2
a.mcxsureshot.com/medicine/Rivastigmin-1-A-Pharma-6-mg-Hartkapseln.webp
200 OK 44 kB URL HTTP/2 a.mcxsureshot.com/medicine/Rivastigmin-1-A-Pharma-6-mg-Hartkapseln.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x453, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2dfb78692a501c5b0232e53bdd8bc9a6
0ea377cc4f353b113f47babe1d6c0a7d2034dba1
759aa88c8398f992a0b6e128cab15ffc66c02d2730c1c12c1513bfcf5e17e150
GET /medicine/Rivastigmin-1-A-Pharma-6-mg-Hartkapseln.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 43684
last-modified: Fri, 11 Nov 2022 13:59:54 GMT
etag: "aaa4-5ed324dded759"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lsnlI%2Fvev4zgIBBUo2x968yYWEk4UtMuso%2FG%2FZcvAARXPyHyJBVsvdGD41S2%2BNi%2BOxmupjzXhGfDD23ZUy7VyodnNaM04KORqOlqIIegUVGZIKQZF8KgUF5du3AecgHbizr4qg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedbf2f1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.mcxsureshot.com/medicine/Buprenorphin-AL-35-Mikrogramm/Stunde-transdermales-Pflaster.webp
200 OK 13 kB URL HTTP/2 a.mcxsureshot.com/medicine/Buprenorphin-AL-35-Mikrogramm/Stunde-transdermales-Pflaster.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x535, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7bf450fe692398d7aec4c54cbebb4ef3
386f272895015e8712b55f4cd16089d0d354f158
7a10427371209cd8327dfc4a1fbef0e7d80d5ea9cfba0d900f109d0572e510f4
GET /medicine/Buprenorphin-AL-35-Mikrogramm/Stunde-transdermales-Pflaster.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 13320
last-modified: Fri, 11 Nov 2022 13:58:56 GMT
etag: "3408-5ed324a6ba1e0"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0ew3%2Fevxg9Esl9JtBTQNtObHyVzRTRLlDA3%2FD%2FwP5asa%2FIxZfRzW6MaRwR%2BvqxEjkdMy0r%2FRf8%2FimbL%2Bxfoy4gDiEgkI3oCOIJYhagwHTv8REZIbZHzoQU5mf46SCrf56dykQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedaf1e1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b5c27a4ab37c6c8203d281ea09fa3e4a
0c36ba3df7510a76b2062ad1584e564592a45035
4eac9570f12e3959c4944baf4f232cd994291cd1dfe334ffc93ac4737972bdb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.mcxsureshot.com/medicine/Chronocard-N.webp
200 OK 34 kB URL HTTP/2 a.mcxsureshot.com/medicine/Chronocard-N.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 625x624, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fcf050e6f5ee2b7361ccdd9d00c32b03
0a11d594ff30f707faf20209c6d272fa30620079
957f9ae008d1b08e3bafd1486e8ef377ba1c827fef653a847a416e1c3e856268
GET /medicine/Chronocard-N.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 33712
last-modified: Fri, 11 Nov 2022 13:59:16 GMT
etag: "83b0-5ed324ba149e9"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3n1kh%2B5vfHXlSFCD3dxh%2F5bpr%2BIO64Y%2FXGGlL5AhgK24R9sgZUpNhHZFbEdqWNhOLxm6Yq3vxDL1Xn00CZ%2F233q7b2A1EKjHMY0QU0Mo3yrc2IgxA9Ho8iNHvYyzqlTIzDZPOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedaf201c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.mcxsureshot.com/medicine/Isoket-20mg-Tabletten.webp
200 OK 34 kB URL HTTP/2 a.mcxsureshot.com/medicine/Isoket-20mg-Tabletten.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 625x624, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3562f795ee71ccfbec4de9b8af49c899
2d83f17c72dbf42c0a703368fd64e715ad1e7b7c
8adf90b109722517fa1cd5b984727039a7714e93de0f811f2dcbd08f0f6d4622
GET /medicine/Isoket-20mg-Tabletten.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 33584
last-modified: Fri, 11 Nov 2022 14:00:34 GMT
etag: "8330-5ed32504c6d71"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BpowtyTlpDcWGKMKD%2FWJ17rWpH1FPO05SM5IW7nCHwTzwopms4A9QuII0QpUCenBBR4GKGhC%2B9msziIitxcV0Qgip4wyj2svwK2KSo5ryLvtHjPojM9eTcs3PwRJJn6r3TupA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedaf231c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.mcxsureshot.com/medicine/Olanzapin-1-A-Pharma-10-mg-Filmtabletten.webp
200 OK 38 kB URL HTTP/2 a.mcxsureshot.com/medicine/Olanzapin-1-A-Pharma-10-mg-Filmtabletten.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 607x341, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3113fc9c63cf7de3938ac91ea035e497
da927d784ff5e1c6d69da4ef7b530a4318965667
69e6d7779e71a596a613c2af9c9dde645e2888f51f22e899fd92cf6263d75117
GET /medicine/Olanzapin-1-A-Pharma-10-mg-Filmtabletten.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 37866
last-modified: Fri, 11 Nov 2022 13:59:57 GMT
etag: "93ea-5ed324e15eca9"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qDGI7pwfLtHUq8vuv0oqeAGwGK%2FFETeDpn1RganAJX%2B%2BK55Vu7zETXqQ%2BedqIuFafjqa%2FCgx0R9WiNhYDzBh%2F5X7vCfg8c6cnXKSTGu1vlSjjPNqT2LTa6nfiQUFrY%2BJVi70sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedaf281c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.mcxsureshot.com/medicine/Silodosin-AET-4-mg-Hartkapseln.webp
200 OK 33 kB URL HTTP/2 a.mcxsureshot.com/medicine/Silodosin-AET-4-mg-Hartkapseln.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 625x624, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a5eec019be14899c60ee980f9ed3624f
79dbf1cc31c273213923b4f63b61d8fcd83fa017
2cdb1d39a02a9988d511f7a8f1488dfb76038911328d165d56173aff6bfcef2f
GET /medicine/Silodosin-AET-4-mg-Hartkapseln.webp HTTP/1.1
Host: a.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: image/webp
content-length: 32910
last-modified: Fri, 11 Nov 2022 13:57:14 GMT
etag: "808e-5ed32445635e4"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCNRtEA5dNsDvIxcNDmHfO%2FPWuPrYPf6CkveOXmYgX3UtSrJmTGz22GfBeKfEdNnT01nWNgjFjLBbJgSPPyiRVysiMa4BxNR0%2FzxKUjJFVxQNxBgHXVSwc3oi2ti0V%2F%2F8x0g6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bedbf2b1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s7.addthis.com/l10n/client.ga.min.json
200 OK 1.7 kB URL HTTP/2 s7.addthis.com/l10n/client.ga.min.json
IP
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3423), with no line terminators
Hash af1a58a852a250dfb917020e4519e55c
5ff13e5b75471fd7fe622f326c90312a8eb6288c
a6997488ff3b80333802c80c80de71444dd472444c969a03c1deca9a300554b9
GET /l10n/client.ga.min.json HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
last-modified: Tue, 10 Sep 2019 15:15:17 GMT
etag: W/"5d77be05-e0d"
cache-control: public, s-maxage=604800
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 1734
date: Thu, 08 Dec 2022 09:52:35 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/xrj4Uk1ibQE
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/xrj4Uk1ibQE
IP
Hash 5c96c6b4cc62766758eb12dd433ae767
e5aac1bbf946a9fec77caa614abcff524c484778
6338dd229c1c711829ba64afd0b42c6623256e39acc4cbfdc14b967005c347da
POST /s/gts1d4/xrj4Uk1ibQE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
z.moatads.com/addthismoatframe568911941483/moatframe.js
200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=51365
date: Thu, 08 Dec 2022 09:52:35 GMT
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QwS7UPW9eqZevqoNLHeMWQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: H/3GA2ag+v5AYggPizASjMXxhxs=
cdn.zx-adnet.com/consent/sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js
200 OK 67 kB URL HTTP/2 cdn.zx-adnet.com/consent/sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (36913), with CRLF line terminators
Hash 38064fba917e5a610efabf03cdf9cc29
bbb3a7fb2cc2cdb080d09441ffb059881a9cce3f
f7c344c5ef01d2a38c988bf5f39d798c410e3e2c20b86674c320e08f0f677b63
GET /consent/sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js HTTP/1.1
Host: cdn.zx-adnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=315000
content-encoding: br
content-type: text/javascript; charset=utf-8
etag: "903d4e9708a69e8cc899413e10c8bd8c12ff0e8553c05df46fc83d843518567b-br"
last-modified: Wed, 09 Nov 2022 12:55:44 GMT
strict-transport-security: max-age=31556926
accept-ranges: bytes
date: Thu, 08 Dec 2022 09:52:35 GMT
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670493156.663582,VS0,VE2
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 67057
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 9a41dea8d087351fcb8b9d0a670702a3
13b2f9d464c486caf92a621a59f581e7a345b7e8
17217e4a6eae813a45e48211d0444ff7d40657663e558211c4c23e03607c467c
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:35 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Mon, 12 Dec 2022 05:55:17 GMT
ETag: "13b2f9d464c486caf92a621a59f581e7a345b7e8"
Last-Modified: Thu, 08 Dec 2022 05:55:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1250
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649bef5805fab8-OSL
m.addthis.com/live/red_lojson/300lo.json?si=6391b3e2ca62490e&bkl=0&bl=1&pdt=1003&sid=6391b3e2ca62490e&pub=ra-60ffe60bcf8f5055&rev=v8.28.8-wp&ln=ga&pc=men&cb=0&ab=-&dp=ga.mcxsureshot.com&fp=metformin-puren-9184&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1670493154900&jsl=0&uvs=6391b3e2ee842569000&skipb=1&callback=addthis.cbs.jsonp__94385200127773760
200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=6391b3e2ca62490e&bkl=0&bl=1&pdt=1003&sid=6391b3e2ca62490e&pub=ra-60ffe60bcf8f5055&rev=v8.28.8-wp&ln=ga&pc=men&cb=0&ab=-&dp=ga.mcxsureshot.com&fp=metformin-puren-9184&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1670493154900&jsl=0&uvs=6391b3e2ee842569000&skipb=1&callback=addthis.cbs.jsonp__94385200127773760
IP
File type ASCII text, with no line terminators
Hash 07032eaee3f978882164ab76126c83ed
55aa659b81cc6622d9a008c9eeeba4b1a056a549
76938e9832cc48a8b953d1bfda66f4fb4cd69d065cbbb4bc1e378cfe7e52fefe
GET /live/red_lojson/300lo.json?si=6391b3e2ca62490e&bkl=0&bl=1&pdt=1003&sid=6391b3e2ca62490e&pub=ra-60ffe60bcf8f5055&rev=v8.28.8-wp&ln=ga&pc=men&cb=0&ab=-&dp=ga.mcxsureshot.com&fp=metformin-puren-9184&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1670493154900&jsl=0&uvs=6391b3e2ee842569000&skipb=1&callback=addthis.cbs.jsonp__94385200127773760 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Thu, 08 Dec 2022 09:52:35 GMT
X-Firefox-Spdy: h2
optad360.mgr.consensu.org/icons/branding-ads.svg
200 OK 7.4 kB URL HTTP/2 optad360.mgr.consensu.org/icons/branding-ads.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash b0a3aa2e09d4ddd83150d7bd3347c5c0
66a9f97f6a98adc6d4b1db03927fa77956274073
d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1
GET /icons/branding-ads.svg HTTP/1.1
Host: optad360.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 7419
last-modified: Wed, 22 Jun 2022 12:02:24 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 00:48:47 GMT
cache-control: public, max-age=360000000
etag: "b0a3aa2e09d4ddd83150d7bd3347c5c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: clTj6xFokZ0w49qzWA8EYmest6d-gY23znLLcJPWZUpgW4wh9jSNYA==
age: 32631
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/metrika/tag.js
200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash a4567a1e52f99c2b3870f58375ec8cac
dbfc795e71fc19f7e45e8637abc4ac770f639a48
2b13b5716855040bd9a08972b0e61369e50c6daa402ed937e18f6795f82429c8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73266
date: Thu, 08 Dec 2022 09:52:35 GMT
access-control-allow-origin: *
etag: "638eb36c-11e32"
expires: Thu, 08 Dec 2022 10:52:35 GMT
last-modified: Tue, 06 Dec 2022 06:13:48 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP
File type ASCII text, with very long lines (39504)
Hash e614efcde145bd1579b73d26a0d90f3b
14d1026310e94d36da07c81906eae15f9f89894b
d2779f9923646cc742daab722de9c2b0d7121936ee87d8f68501dad17d451761
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27700
date: Thu, 08 Dec 2022 09:52:35 GMT
expires: Thu, 08 Dec 2022 09:52:35 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1415 / 343 of 1000 / last-modified: 1670454417"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
v1.addthisedge.com/live/boost/ra-60ffe60bcf8f5055/_ate.track.config_resp
200 OK 503 B URL HTTP/2 v1.addthisedge.com/live/boost/ra-60ffe60bcf8f5055/_ate.track.config_resp
IP
File type ASCII text, with very long lines (1363), with no line terminators
Hash 0591876fb319232e38d4d57a6ba796d0
76d2b355561d15fec283cf04434c292ab9fcb2b9
ea52fcb7638d9f4c6d04cffc50f0b10057122dc67bc90056a4bd3aaf69b98ddf
GET /live/boost/ra-60ffe60bcf8f5055/_ate.track.config_resp HTTP/1.1
Host: v1.addthisedge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 503
etag: 1565888289--gzip
content-disposition: attachment; filename=1.txt
content-encoding: gzip
cache-control: public, max-age=58, s-maxage=86400
date: Thu, 08 Dec 2022 09:52:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash dfa7d7df199e7868819d712faf7004ee
544c1bb7778608434e0f52a32a761fb98aef542b
92feb8b79a77bada87d7c2dc6cc69738b907fa7ec12506416a94fa88fab92c0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5801
Cache-Control: max-age=131924
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "6390fd8f-116"
Expires: Fri, 09 Dec 2022 22:31:20 GMT
Last-Modified: Wed, 07 Dec 2022 20:54:39 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
www.bigmp3db.com/1duwt.json
200 OK 343 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash c6b6a356def92a4e75f5032668e4ee5e
0cfda95e970fcefaa8456b1d3efcb29cc4b8bda5
46316dc4196dc12cce811d234aeccda3878017406819ebc6ed498ddb621b6d77
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 362
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
dr5.biz/?te=my2ggzrtmi5ha3ddf42tomrq
200 OK 39 kB URL HTTP/2 dr5.biz/?te=my2ggzrtmi5ha3ddf42tomrq
IP
ASN #39572 DataWeb Global Group B.V.
Hash 61e47aa372268ca21d9636bdc39bb76a
f50c0408363272771217e84b23bce96374afbd4b
e6ada94877d3ec33e53f8d8a88e9cc03ef161ba4854e633dd017ef28d0be694f
Analyzer Verdict Alert quad9 Sinkholed
GET /?te=my2ggzrtmi5ha3ddf42tomrq HTTP/1.1
Host: dr5.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=4971ae5a-b67a-45e2-b4d3-467bbebf860f; expires=Sat, 07-Jan-2023 09:52:35 GMT; Max-Age=2592000; path=/; SameSite=None; domain=dr5.biz; secure
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash ac1b5db6377f89a6d7f517c571b8ddba
87205f72f7338d717dd2966119ecb6aae22d5835
9164225c4ffa9eded3fd96fd8403249cf67e2047354fc245fb349216565d00a2
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77691
date: Thu, 08 Dec 2022 09:52:36 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 126 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 2d75a5f292013ef0bdfb9726415ca444
2eda7ecb14e77320ff721a364b1c16dfea334aba
714ce5ec601ae463d27cc0783536bd61a5d3506fb24697f8546b793e22e1878b
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 210
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20221208
200 OK 928 B URL HTTP/2 cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20221208
IP
File type JSON data\012- , ASCII text, with very long lines (1641), with no line terminators
Hash 33a9a2d7125e815e9e741bed1c1335f6
49214f18b99589d8952215782d7a654e79cd75ba
1a2381f700621d485ab47adf9a4845e9149940e4ecd9a8bc272bc3697b63d840
GET /gh/prebid/currency-file@1/latest.json?date=20221208 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json; charset=utf-8
x-jsd-version: 1.0.1549
x-jsd-version-type: version
etag: W/"669-qt53nq720yju5AvMxS3Y9hJ65xs"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Dec 2022 09:52:36 GMT
age: 21104
x-served-by: cache-fra-eddf8230021-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 928
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash f462327d283fb40e5d9b7d6306b516fb
f6ea39a2fe36614e9b45461eabf30fddd85a0779
82bd5e8beddde2181770ed47992eb0690cda9ae4a8935717a6887ca2d8615d0a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3683
Cache-Control: max-age=142450
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "63912ef3-139"
Expires: Sat, 10 Dec 2022 01:26:46 GMT
Last-Modified: Thu, 08 Dec 2022 00:25:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 471 B IP
Hash 82fe344091a7fb91113742b06e991694
8beb6c9547d3b04b341e03559bc868d9d8eb4f95
315eca86217123eed9a0817b39026b72ff82e16e68f938a2bf683999bf90cdbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4361
Cache-Control: max-age=126515
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "6390ee0e-1d7"
Expires: Fri, 09 Dec 2022 21:01:11 GMT
Last-Modified: Wed, 07 Dec 2022 19:48:30 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 23fbcd21ea9675a5440ad8cb43522ec6
a16e84915a9b2a896af9c85db217dd5b832e466e
3dcd77aafffb880a68dcb3f73938efc62f66ae6aa97e600c12dc9810e9087c7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3DCD77AAFFFB880A68DCB3F73938EFC62F66AE6AA97E600C12DC9810E9087C7A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3842
Expires: Thu, 08 Dec 2022 10:56:38 GMT
Date: Thu, 08 Dec 2022 09:52:36 GMT
Connection: keep-alive
ib.adnxs.com/ut/v3/prebid
200 OK 138 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash bb2d06d9f12d53d71fe81be4cf2c5889
a283e503daf548d72780c78a4e2b35df19a5a968
e95edd05047117b78a24013fa5fef0b946723b9b9dfb88baa2858c5850e83ece
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 754
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 138
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ga.mcxsureshot.com
AN-X-Request-Uuid: 4f482a20-8a46-4706-84df-229faaf58c93
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/ut/v3/prebid
200 OK 50 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7736c7e5103ab75364b02c667809041c
9079a8f6b2c428bdaf1b5dcd598263b2eccbb6fb
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 805
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 50
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ga.mcxsureshot.com
AN-X-Request-Uuid: c0b5fcc2-b162-4490-9847-896039119228
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ssp.wp.pl/bidder/?bdver=5.7&pbver=7.11.0&inver=0
204 No Content 0 B URL HTTP/2 ssp.wp.pl/bidder/?bdver=5.7&pbver=7.11.0&inver=0
IP
ASN #12827 Wirtualna Polska Media S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/?bdver=5.7&pbver=7.11.0&inver=0 HTTP/1.1
Host: ssp.wp.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 877
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
accept-ch-lifetime: 604800
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
uber-trace-id: 00000000000000006b38149ed9ecf0cf:0ad554c80ab45da7:0:0
vary: Origin
X-Firefox-Spdy: h2
cdn.zx-adnet.com/consent/cookies_gdpr.js?0.5154167467386749
200 OK 9.5 kB URL HTTP/2 cdn.zx-adnet.com/consent/cookies_gdpr.js?0.5154167467386749
IP
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2366), with CRLF line terminators
Hash edf8466b9444ae533838eff8f3766653
a10390635d4fddcbf77e0886672c1afa81ad5ad3
ed32a2fc2fd84c3719cd80eee3a58e5ea42474f5e722618a829696ece1bf924d
GET /consent/cookies_gdpr.js?0.5154167467386749 HTTP/1.1
Host: cdn.zx-adnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache
content-encoding: br
content-type: text/javascript; charset=utf-8
etag: "6d9479856d34b784a695cf827606b5512cda2503d6ed62ebe429f4ef02dd9fef-br"
last-modified: Wed, 09 Nov 2022 12:55:44 GMT
strict-transport-security: max-age=31556926
accept-ranges: bytes
date: Thu, 08 Dec 2022 09:52:35 GMT
x-served-by: cache-bma1620-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670493155.495597,VS0,VE107
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
X-Firefox-Spdy: h2
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 708
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:32 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 733f13edbe174e94eab812ebc06d857c
aa58fec1016a3761976bbe2c50d17247dba494ba
df4f66c561361cae276bb4b1595f32bfc647bdd0b38c36a5133968ee7aa40b60
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4021
Cache-Control: max-age=149247
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "6391482e-1d7"
Expires: Sat, 10 Dec 2022 03:20:03 GMT
Last-Modified: Thu, 08 Dec 2022 02:13:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ssp.wp.pl/bidder/?bdver=5.7&pbver=7.11.0&inver=0
204 No Content 0 B URL HTTP/2 ssp.wp.pl/bidder/?bdver=5.7&pbver=7.11.0&inver=0
IP
ASN #12827 Wirtualna Polska Media S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/?bdver=5.7&pbver=7.11.0&inver=0 HTTP/1.1
Host: ssp.wp.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 903
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
accept-ch: device-memory, dpr, width, viewport-width, rtt, downlink, ect
accept-ch-lifetime: 604800
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
uber-trace-id: 0000000000000000e772bbc40f71bc57:01adf2a694585e2c:0:0
vary: Origin
X-Firefox-Spdy: h2
onetag-sys.com/prebid-request
200 OK 41 B URL HTTP/2 onetag-sys.com/prebid-request
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 1c15203d1319c02fe2a06d78bc45eccf
40386992654bdda331c8f6eb21ac79de396119ee
cc81a9c5e7147dba347b0ffd34f64e9a7c40f25782569fec5c3fc68b4017badb
POST /prebid-request HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1218
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-headers: content-type, origin, referer, user-agent
access-control-allow-credentials: true
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
content-type: application/json
content-encoding: gzip
content-length: 41
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
useast.quantumdex.io/auction/pbjs
500 Internal Server Error 0 B URL HTTP/2 useast.quantumdex.io/auction/pbjs
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /auction/pbjs HTTP/1.1
Host: useast.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 786
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 500 Internal Server Error
date: Thu, 08 Dec 2022 09:52:36 GMT
content-length: 0
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
access-control-allow-methods: POST, GET
x-reason: [Inventory] site.domain not match RootDomain, mcxsureshot.com != vermin-club.org
set-cookie: uid=db5cc28d-4014-4e5b-a5bc-2cf413652e5d; expires=Sat, 07 Jan 2023 09:52:36 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649bf58c440a2b-ARN
X-Firefox-Spdy: h2
useast.quantumdex.io/auction/pbjs
500 Internal Server Error 0 B URL HTTP/2 useast.quantumdex.io/auction/pbjs
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /auction/pbjs HTTP/1.1
Host: useast.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 808
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 500 Internal Server Error
date: Thu, 08 Dec 2022 09:52:36 GMT
content-length: 0
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
access-control-allow-methods: POST, GET
x-reason: [Inventory] site.domain not match RootDomain, mcxsureshot.com != vermin-club.org
set-cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c; expires=Sat, 07 Jan 2023 09:52:36 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649bf59c540a2b-ARN
X-Firefox-Spdy: h2
prebid.a-mo.net/a/c
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 833
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
cache-control: max-age=0, private, must-revalidate
date: Thu, 08 Dec 2022 09:52:36 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 50d44347480ddbf69ff2e269edb5cce5
33dd3dfeab6f79c528cad49c3ce78c82b2d675bc
5a1afe32968aa9a3c3e2240e7766ebe312b3d017505fe8a8596138ce95ab208e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4462
Cache-Control: max-age=89898
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "63905ea0-1d7"
Expires: Fri, 09 Dec 2022 10:50:54 GMT
Last-Modified: Wed, 07 Dec 2022 09:36:32 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 6aba6e29e9836108dab090f51066ec43
214b089de8b68ab7b29effe11c54e4992dc67d35
5992a95dd01f6d83bb67d7ee537fc7394160a7b8769323f6cae73e363c667c19
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 12 Dec 2022 07:27:42 GMT
ETag: "214b089de8b68ab7b29effe11c54e4992dc67d35"
Last-Modified: Thu, 08 Dec 2022 07:27:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3024
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649bf67c91fab8-OSL
ocsp.digicert.com/
200 OK 313 B IP
Hash aa9e9cc4cf21d2f8e869a92e65a45506
32bac4c290787256eb7362fd11b4342d20a6c8ab
b82203e3d34d3cd6c7b013b8887a74af649ef07edccacf3a1874a670951a915b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4675
Cache-Control: max-age=95523
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "639073c4-139"
Expires: Fri, 09 Dec 2022 12:24:39 GMT
Last-Modified: Wed, 07 Dec 2022 11:06:44 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 313
prebid.a-mo.net/a/c
204 No Content 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /a/c HTTP/1.1
Host: prebid.a-mo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 854
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
cache-control: max-age=0, private, must-revalidate
date: Thu, 08 Dec 2022 09:52:36 GMT
server: envoy
vary: origin, Accept-Encoding
x-nbr: 1
x-envoy-upstream-service-time: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 50d44347480ddbf69ff2e269edb5cce5
33dd3dfeab6f79c528cad49c3ce78c82b2d675bc
5a1afe32968aa9a3c3e2240e7766ebe312b3d017505fe8a8596138ce95ab208e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4462
Cache-Control: max-age=89898
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "63905ea0-1d7"
Expires: Fri, 09 Dec 2022 10:50:54 GMT
Last-Modified: Wed, 07 Dec 2022 09:36:32 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/ut/v3/prebid
200 OK 50 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7736c7e5103ab75364b02c667809041c
9079a8f6b2c428bdaf1b5dcd598263b2eccbb6fb
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 833
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 50
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ga.mcxsureshot.com
AN-X-Request-Uuid: ce941a71-02d0-4918-8eb1-332b686a803e
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 6aba6e29e9836108dab090f51066ec43
214b089de8b68ab7b29effe11c54e4992dc67d35
5992a95dd01f6d83bb67d7ee537fc7394160a7b8769323f6cae73e363c667c19
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Mon, 12 Dec 2022 07:27:42 GMT
ETag: "214b089de8b68ab7b29effe11c54e4992dc67d35"
Last-Modified: Thu, 08 Dec 2022 07:27:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3024
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649bf68c9ffab8-OSL
adx.adform.net/adx/openrtb
204 No Content 0 B URL HTTP/2 adx.adform.net/adx/openrtb
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adx/openrtb HTTP/1.1
Host: adx.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 727
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:32 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 139 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash f1a7a3db8c0156d96194c14cb9ec6267
71d1f2139daf30888eefd9b905da795475f52c8f
90341cd26a860aff7f91a360bb55a4a2246d208f8456a93610792e4c07c7beaf
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 783
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 139
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ga.mcxsureshot.com
AN-X-Request-Uuid: 40867063-c936-45d6-b131-5e1b3f17ae84
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 1.2 kB IP
Hash d661301f5af9e7b13cf4efce4f6d221d
b52a1a7bfc5f74d038d7b2b4c0eec89632acbc98
a41ecba16170ebce7b8827db196f05849bfd11341ff2e24ceae7e9c64b9eeb85
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4675
Cache-Control: max-age=95523
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:36 GMT
Etag: "639073c4-139"
Expires: Fri, 09 Dec 2022 12:24:39 GMT
Last-Modified: Wed, 07 Dec 2022 11:06:44 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 313
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 666
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:36 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-eu.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-eu.creativecdn.com/bidder/prebid/bids
IP
ASN #204995 Rtb House S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-eu.creativecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 685
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:36 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
hbopenbid.pubmatic.com/translator?source=prebid-client
204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1021
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
cache-control: no-cache, no-store, must-revalidate
date: Thu, 08 Dec 2022 09:52:35 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash acc6e85dd108d6decb01abb026fbb6f2
02d41baa9960843736eb670b59862696f1d94752
27503e3f300422eae4096aadb448ff226f8592fa5b47f891c652bb6192ff853b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "27503E3F300422EAE4096AADB448FF226F8592FA5B47F891C652BB6192FF853B"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11323
Expires: Thu, 08 Dec 2022 13:01:19 GMT
Date: Thu, 08 Dec 2022 09:52:36 GMT
Connection: keep-alive
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.11.0&cb=36807383793&lsavail=0
204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.11.0&cb=36807383793&lsavail=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.11.0&cb=36807383793&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 527
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:36 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ga.mcxsureshot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
204 No Content 0 B URL HTTP/2 web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cvx/client/hb/ortb/25 HTTP/1.1
Host: web.hb.ad.cpe.dotomi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
cache-control: no-cache
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15363
Expires: Thu, 08 Dec 2022 14:08:39 GMT
Date: Thu, 08 Dec 2022 09:52:36 GMT
Connection: keep-alive
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
204 No Content 0 B URL HTTP/2 web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cvx/client/hb/ortb/25 HTTP/1.1
Host: web.hb.ad.cpe.dotomi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 754
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
cache-control: no-cache
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=7.11.0&cb=63734412559&lsavail=0
204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=7.11.0&cb=63734412559&lsavail=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=7.11.0&cb=63734412559&lsavail=0 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 538
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:36 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://ga.mcxsureshot.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 567 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash a908b0a76caaf3f30836278809a4781d
033c58859979630dcbfa653f718ea4d1b4f33710
a48790a89ac733676e88c314978b29a09a848c90c37970797f687818c13c8975
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 210
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15363
Expires: Thu, 08 Dec 2022 14:08:39 GMT
Date: Thu, 08 Dec 2022 09:52:36 GMT
Connection: keep-alive
hbopenbid.pubmatic.com/translator?source=prebid-client
204 No Content 0 B URL HTTP/2 hbopenbid.pubmatic.com/translator?source=prebid-client
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /translator?source=prebid-client HTTP/1.1
Host: hbopenbid.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1002
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-origin: https://ga.mcxsureshot.com
cache-control: no-cache, no-store, must-revalidate
date: Thu, 08 Dec 2022 09:52:36 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15363
Expires: Thu, 08 Dec 2022 14:08:39 GMT
Date: Thu, 08 Dec 2022 09:52:36 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57a992ab666f21c6da0057fefb622ff2
c36381d6744ae44360b2a37ca7586028e980714b
afe4050d9b07dcab509c95eb8d75ca410db74bd59f39561e5d190550cb61503e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F234796b8-a59e-4174-a03a-b127b03b60eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13556
x-amzn-requestid: 3e79e2da-80ea-404c-8d87-939c7682dbe8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4h8EuUIAMFkIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639107a5-68318f164708882a43fb0f12;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7RZTh3iQHGp_XffXQQw13UUWqPNZQFJ_e4pIvNPgAaA1aGy_cXMueA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:18:20 GMT
age: 41656
etag: "c36381d6744ae44360b2a37ca7586028e980714b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 10:23:11 GMT
age: 84565
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15e59c3f-fa3a-4698-96c2-2e89662ffa9f.webp
200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15e59c3f-fa3a-4698-96c2-2e89662ffa9f.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 311cb4353566dfb426dbc692fde93223
979910df445a5c4d3513c8c25e289800335f646d
5ecd5c12620c0b8b6bbf456cb6c016168479a735f4eb67a9a1047677b9d798fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15e59c3f-fa3a-4698-96c2-2e89662ffa9f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8179
x-amzn-requestid: 39aa4016-4f48-4d2a-b94b-05432980d66a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czCruHckIAMFkHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639117e4-1953985a5c8d2da8239ec8e8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qKaRX4QpQU2U8J-jk1lWjhAooObsgxfHuNXv5Bbc69IEMCXAyIESeQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:50:01 GMT
age: 39755
etag: "979910df445a5c4d3513c8c25e289800335f646d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb1ea0161d261518c99909aff49e6f58
c3b915cb579b651db25442fea0bbedd0d292c0fc
d877a21abfd883a368da0136c4e56d7f590fa9e9ea09dec3675823211fe56385
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6110
x-amzn-requestid: 2ebf542a-dacc-472a-81c0-0c69cb1ec143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEQAH2doAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb3ff-7173ff7941b57fa163e3cc6b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Bo1JGLLmbH9LRrcXA4i8qVD1ilMqHxNWq1u52RhGMAdAhywK42lMPA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 01:57:38 GMT
age: 28498
etag: "c3b915cb579b651db25442fea0bbedd0d292c0fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 37157
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb40390-82ef-453b-afca-e37aa7674ed3.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb40390-82ef-453b-afca-e37aa7674ed3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0c8a8dbe6c3ae6eaa2e464296708f5c
98556b27bc3759d0ceb8200ff5bc7b9567e428a5
bfc64a0e18c0137360f746eca256f464e26d23a04521ea629c46ae50ea6af173
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb40390-82ef-453b-afca-e37aa7674ed3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9058
x-amzn-requestid: 1f7fdd3d-1e65-46f7-8ef2-d164bf81e72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz4FtuIAMFjsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-4866b3fd61fdb35d34317038;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6ET1Tfo1QXRpjkWyOE7jfYnWToK8h7ojB31efNc09awacwlCIYEPjA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 05:05:36 GMT
age: 17220
etag: "98556b27bc3759d0ceb8200ff5bc7b9567e428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
video.onnetwork.tv/embed.php?ext=optad
200 OK 704 B URL HTTP/2 video.onnetwork.tv/embed.php?ext=optad
IP
Hash 7e4b7eb818d1c37a3082dfa1161b2569
fb1653822acd59c1ab4958e6e86b6091d186ab57
705039299ecb0af4dbd84d8c6946be620a06f3d2abf0607259f51851b7ace68c
GET /embed.php?ext=optad HTTP/1.1
Host: video.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="ALL CAO DSP COR IVD IVA PSD PSA TEL TAI CUS ADM CUR CON SAM OUR IND"
last-modified: Thu, 08 Dec 2022 09:52:35 GMT
expires: Thu, 08 Dec 2022 09:52:35 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=1, pre-check=1
pragma: no-cache
feature-policy: fullscreen *; autoplay;
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-length: 704
content-type: text/javascript;charset=utf-8
date: Thu, 08 Dec 2022 09:52:36 GMT
server: XO.webservant
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 08 Dec 2022 09:52:37 GMT
access-control-allow-origin: *
etag: "638eb36c-2b"
expires: Thu, 08 Dec 2022 10:52:37 GMT
accept-ranges: bytes
last-modified: Tue, 06 Dec 2022 06:13:48 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/84986842/1?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
200 OK 407 B URL HTTP/2 mc.yandex.ru/watch/84986842/1?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 8a5f772b45368478b80ff9e3c4f16bb2
4cb99495698be1d039f3fd66231f556086ef428e
40c1ecffc8488bbd7927154f8e8516bfc200c9a937e2e6636c50a04870f587b4
GET /watch/84986842/1?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Referer: https://ga.mcxsureshot.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 407
date: Thu, 08 Dec 2022 09:52:37 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 08-Dec-2022 09:52:37 GMT
last-modified: Thu, 08-Dec-2022 09:52:37 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=ga.mcxsureshot.com
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=ga.mcxsureshot.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ga.mcxsureshot.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 08 Dec 2022 09:52:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=ga.mcxsureshot.com
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=ga.mcxsureshot.com
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=ga.mcxsureshot.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Thu, 08 Dec 2022 09:52:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_2zcf0
200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_2zcf0
IP
File type ASCII text, with no line terminators
Hash 10eeb78a50804353f547046d24952c83
dbba568eeef83b5a075ab7806fbeeba03a7bc270
2797fc92263b8f1af8b359b6579c62b07dc96e8889e527cd7e56f56530c58d72
GET /url/shares.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_2zcf0 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: ga.mcxsureshot.com/metformin-puren-9184
last-modified: Thu, 08 Dec 2022 09:52:37 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Thu, 08 Dec 2022 09:52:37 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_d2j70
200 OK 53 B URL HTTP/2 api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_d2j70
IP
File type ASCII text, with no line terminators
Hash 487ca6d40c6fc424e271d31bc86d0b09
36572186bab96a5fc752b2146590d2c66d3c104a
e5633941876a64c7e0e78b29fb205d98bd0b9c1525807712d2d1f35428a3f60a
GET /url/shares.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=_ate.cbs.rcb_d2j70 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
cache-control: no-transform, must-revalidate, max-age=0, s-maxage=3600
surrogate-key: ga.mcxsureshot.com/metformin-puren-9184
last-modified: Thu, 08 Dec 2022 09:52:37 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 53
date: Thu, 08 Dec 2022 09:52:37 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184
200 OK 2 B URL HTTP/2 api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184 HTTP/1.1
Host: api-public.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/json
content-length: 2
cache-control: no-transform, max-age=0, s-maxage=14400
surrogate-key: sFbt=https://ga.mcxsureshot.com/metformin-puren-9184
last-modified: Thu, 08 Dec 2022 09:00:00 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
date: Thu, 08 Dec 2022 09:52:37 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s-img.mgid.com/g/14137429/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wOC8xMDE5MjQvNzQ1NGZlZGU4NTcxNzI3M2VhYmVjNWFiYzRkMDVlNDcucG5n.webp?v=1670493157-6PRScnKp0O55VKAbVrRK2TtNEA7w4sQGWDXVBP27158
200 OK 13 kB URL HTTP/2 s-img.mgid.com/g/14137429/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wOC8xMDE5MjQvNzQ1NGZlZGU4NTcxNzI3M2VhYmVjNWFiYzRkMDVlNDcucG5n.webp?v=1670493157-6PRScnKp0O55VKAbVrRK2TtNEA7w4sQGWDXVBP27158
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 492x277, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fb26f40dc1f214a3fa1152934fd68aa9
a85185b33eb3218486ed68827bcd0ff59033481e
13b9e0d3a87806192efd472b8e8ac47a8654ad9882be9493922582027bb058db
GET /g/14137429/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wOC8xMDE5MjQvNzQ1NGZlZGU4NTcxNzI3M2VhYmVjNWFiYzRkMDVlNDcucG5n.webp?v=1670493157-6PRScnKp0O55VKAbVrRK2TtNEA7w4sQGWDXVBP27158 HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/webp
content-length: 13316
x-mg-request-uuid: e02d8167-e6c8-4df8-b7cb-c4b362a27a9e
access-control-allow-origin: *
last-modified: Thu, 22 Sep 2022 10:00:55 GMT
cache-control: immutable, max-age=31536000
cf-cache-status: HIT
age: 3757367
accept-ranges: bytes
set-cookie: __cf_bm=6aecEJYu9ViwQKn0P2XmtqLjij6zP3juZwPtAfS4tWw-1670493157-0-ARfPldnHr8UXN63d/o2iQrAaocUOr4vlSvUsv8SnMEJO4+Y8LmaxGoUdwtu9zzNFwVQxnQvDKwfx7evZ6poREUA=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9ed891c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s-img.mgid.com/g/14649913/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfODIyLHlfODQxL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTEwLzEwMTkyNC84ODRkYTg5NWRkODFmOGIyYjA0Y2M0MjQ5YjNiZmQ5Ni5qcGVn.webp?v=1670493157-EGoGgT3XY4KITOaYl141o4zs4Utb1r_EskEbrSaWAeg
200 OK 7.8 kB URL HTTP/2 s-img.mgid.com/g/14649913/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfODIyLHlfODQxL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTEwLzEwMTkyNC84ODRkYTg5NWRkODFmOGIyYjA0Y2M0MjQ5YjNiZmQ5Ni5qcGVn.webp?v=1670493157-EGoGgT3XY4KITOaYl141o4zs4Utb1r_EskEbrSaWAeg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 492x277, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 20cec5faabb7141f6253a3f7eff773f0
e0a18ee326fcc9029280b87863e3b91f12772c47
39004d12f5995318322b93285fb906c1c8b9e490469e2048a7d339019286b52e
GET /g/14649913/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfODIyLHlfODQxL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTEwLzEwMTkyNC84ODRkYTg5NWRkODFmOGIyYjA0Y2M0MjQ5YjNiZmQ5Ni5qcGVn.webp?v=1670493157-EGoGgT3XY4KITOaYl141o4zs4Utb1r_EskEbrSaWAeg HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/webp
content-length: 7758
x-mg-request-uuid: c673d536-a9a3-4240-81c5-45610cc8f19c
access-control-allow-origin: *
last-modified: Wed, 16 Nov 2022 15:36:21 GMT
cache-control: immutable, max-age=31536000
cf-cache-status: HIT
age: 1880176
accept-ranges: bytes
set-cookie: __cf_bm=j9gW0AInoIuteLG2iE7bOo8LjAJO4h.tMOkJcsGmeXI-1670493157-0-Ac5BKasmFIiMv6ebT3wxUNFIhy0YdjErM8OVj1XVwoI1qbXLYBc+TMlx7u+dz+d2PoEMS45mUnz2bDKDa/rE1g4=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9ed8c1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s-img.mgid.com/g/13414945/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNDE3LHlfMjE3L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA3LzE3NTY4NS9lMGQ4MGMwOGZmODY0NjE0ZjZiYzhmNzBiMTBjMmI4Zi5qcGc.webp?v=1670493157-V1QkIuQlaSwYyWIe7BSgF58vMhnjBSdD5HufY4PeNhM
200 OK 29 kB URL HTTP/2 s-img.mgid.com/g/13414945/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNDE3LHlfMjE3L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA3LzE3NTY4NS9lMGQ4MGMwOGZmODY0NjE0ZjZiYzhmNzBiMTBjMmI4Zi5qcGc.webp?v=1670493157-V1QkIuQlaSwYyWIe7BSgF58vMhnjBSdD5HufY4PeNhM
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 492x277, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7d15827e53bce18b693f04887b4d1f50
6ae004e54a3a789514d2bc4fad10302c9a4f9d49
55ecc84b5b1292c3f5023abc34a348a2a13a44adc1ea2071a57ae4643deb00f8
GET /g/13414945/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmdvb2Qsd18xMDIwLHhfNDE3LHlfMjE3L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA3LzE3NTY4NS9lMGQ4MGMwOGZmODY0NjE0ZjZiYzhmNzBiMTBjMmI4Zi5qcGc.webp?v=1670493157-V1QkIuQlaSwYyWIe7BSgF58vMhnjBSdD5HufY4PeNhM HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/webp
content-length: 28698
x-mg-request-uuid: e8881f8b-e10c-4cb4-b0a6-abc4c33f58c4
access-control-allow-origin: *
last-modified: Sat, 02 Jul 2022 09:35:50 GMT
cache-control: immutable, max-age=31536000
cf-cache-status: HIT
age: 3757391
accept-ranges: bytes
set-cookie: __cf_bm=2FV0jJvClyGBO.Isc8TJuKtI6Ddt.GCalyoODs5awvs-1670493157-0-AcvUK3KaLKUFN6VJj4rwz6eEnjkQtUkdLKy9l6pmlCYPJDYSS7TYg7gV6pnAnLetaIvyYdBa+GbCT618Ly4jGlg=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9ed871c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s-img.mgid.com/g/4021001/492x277/0x0x600x337/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2MzMGIwMWVkY2MyODVjOWRiNjBmOTQ5NTVmMDg2YTdiLmpwZWc.webp?v=1670493157-SSglJjqpVch1OEaxSNkhoXx2V2FB2PGC07YxfQ8iqQo
200 OK 30 kB URL HTTP/2 s-img.mgid.com/g/4021001/492x277/0x0x600x337/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2MzMGIwMWVkY2MyODVjOWRiNjBmOTQ5NTVmMDg2YTdiLmpwZWc.webp?v=1670493157-SSglJjqpVch1OEaxSNkhoXx2V2FB2PGC07YxfQ8iqQo
IP
Hash 0a412a2131607345e7f4b6432fbcbc36
2f6858c0ccee00efc29443b0803e0bc64a282454
03658315d247baadb7d3ccdfef7026b031a01ba3b40cf9752710783834cd61d9
GET /g/4021001/492x277/0x0x600x337/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2MzMGIwMWVkY2MyODVjOWRiNjBmOTQ5NTVmMDg2YTdiLmpwZWc.webp?v=1670493157-SSglJjqpVch1OEaxSNkhoXx2V2FB2PGC07YxfQ8iqQo HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/webp
content-length: 28458
x-mg-request-uuid: ad2e1065-0018-4d98-9564-50a990c617cb
access-control-allow-origin: *
last-modified: Mon, 05 Sep 2022 04:35:49 GMT
cache-control: immutable, max-age=31536000
cf-cache-status: HIT
age: 3757339
accept-ranges: bytes
set-cookie: __cf_bm=DGaar95gBrhZT9AUKB7TXtzpnJ9p5N669XcbV_r50p8-1670493157-0-AZYmt+baxEEkEJvX8oQ14AdO7vsVGkdS47Cvjd7HK0/4nVM63n6qmB2/hDKYT/huaVT7WC1tcxKo2CM1/3qkLoY=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9ed8e1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s-img.mgid.com/g/3805528/492x277/0x0x492x277/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZw.webp?v=1670493157-L9HnlX_K4Z3QOMX_EK-KgLeVh1Gc-GWEMgnVs3zWHbE
200 OK 5.5 kB URL HTTP/2 s-img.mgid.com/g/3805528/492x277/0x0x492x277/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZw.webp?v=1670493157-L9HnlX_K4Z3QOMX_EK-KgLeVh1Gc-GWEMgnVs3zWHbE
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 492x277, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d8e67d476eb69012744879f2546ee2f2
d7219d22eee80f696924677e0c5172224bf27aac
e96f8d392367a4b02d5c7f4422e67e3f0638d6fdd3a92f9f62d4fb4d77e7347c
GET /g/3805528/492x277/0x0x492x277/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDQtMTIvMTAxOTI0LzQ1YTczYzA1OWExZmMwMGM5ZWU3ZTNhNTAzOTM4ZTZmLmpwZw.webp?v=1670493157-L9HnlX_K4Z3QOMX_EK-KgLeVh1Gc-GWEMgnVs3zWHbE HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/webp
content-length: 5516
x-mg-request-uuid: 21eca56d-3827-441c-91a0-0e2c68450336
access-control-allow-origin: *
last-modified: Wed, 10 Aug 2022 10:34:32 GMT
cache-control: immutable, max-age=31536000
cf-cache-status: HIT
age: 3757375
accept-ranges: bytes
set-cookie: __cf_bm=UgHXIZFZxEK5JV9V2VDTQz5Iflqo5t1H1bOFwqxNRTw-1670493157-0-AfyL8uH6h7qHWCkxI1R5ymibtWZN9lU8q0HHPAB/VRDMp1jvCiVQZhcDN1hpGPXCYid0almHEr3s7Ow+eliOXyk=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9fd901c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s-img.mgid.com/g/13404765/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGZfZ2lmLGZsX2xvc3N5LGdfZmFjZXM6YXV0byx3Xzk2MC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZWU2NzNkYmRhMGVlNTY5MDgzMTMwNmUwN2MzZDk1MTguZ2lm.gif?v=1670493157-tji_JNMzHB2ck35qRNyKoD2u1HgcOG_rUwgsgL_Rek4
200 OK 241 kB URL HTTP/2 s-img.mgid.com/g/13404765/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGZfZ2lmLGZsX2xvc3N5LGdfZmFjZXM6YXV0byx3Xzk2MC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZWU2NzNkYmRhMGVlNTY5MDgzMTMwNmUwN2MzZDk1MTguZ2lm.gif?v=1670493157-tji_JNMzHB2ck35qRNyKoD2u1HgcOG_rUwgsgL_Rek4
IP
File type GIF image data, version 89a, 492 x 277\012- data
Size 241 kB (241158 bytes)
Hash 5d92174468fb2ac221820ee7fb4981e8
dc5e7a288fdea835a15769f74c5ff3d8875a88a3
e082d400bb7c5d866cdab6c2917d77cfe4fe4c53a4856e7c86ad07b3c039ebeb
GET /g/13404765/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGZfZ2lmLGZsX2xvc3N5LGdfZmFjZXM6YXV0byx3Xzk2MC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wNi8xMDE5MjQvZWU2NzNkYmRhMGVlNTY5MDgzMTMwNmUwN2MzZDk1MTguZ2lm.gif?v=1670493157-tji_JNMzHB2ck35qRNyKoD2u1HgcOG_rUwgsgL_Rek4 HTTP/1.1
Host: s-img.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/gif
content-length: 241158
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
last-modified: Fri, 01 Jul 2022 06:57:18 GMT
x-mg-request-uuid: ed480928-968d-417c-a777-4945fe72d2bf
cf-cache-status: HIT
age: 3756334
accept-ranges: bytes
set-cookie: __cf_bm=TU7tjFvnBwa_ovZ5TvOiACSwGdfzI0OoMaPIZTB9wj8-1670493157-0-AVAjafI+5GlKLb6Q13UFPSVoSpORX2uk9jRX+xlSu6PqTWfTEHb2OcH9y+9uhqEEAkkQNmrrWnazzS7RWJpcF4U=; path=/; expires=Thu, 08-Dec-22 10:22:37 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 77649bf9ed8a1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2f4a8410fe27f1a0c1fb8e27c05db527.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
200 OK 2.7 kB URL HTTP/2 2f4a8410fe27f1a0c1fb8e27c05db527.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 2f4a8410fe27f1a0c1fb8e27c05db527.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Thu, 08 Dec 2022 09:52:37 GMT
expires: Fri, 08 Dec 2023 09:52:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.onnetwork.tv/cnt/a_cntg.png?ts=1670493156869&d=9074&wsc=00&typ=embed&mobile=0&c=40
200 OK 126 B URL HTTP/2 cdn.onnetwork.tv/cnt/a_cntg.png?ts=1670493156869&d=9074&wsc=00&typ=embed&mobile=0&c=40
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e714c69ca26dcdabcf9016341f66b5b9
1c78ace0e38129460966521ecb9f3ce70563a5e8
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
GET /cnt/a_cntg.png?ts=1670493156869&d=9074&wsc=00&typ=embed&mobile=0&c=40 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: image/png
content-length: 126
cache-control: no-cache
last-modified: Thursday, 08-Dec-2022 09:52:37 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_57t30
200 OK 8.3 kB URL HTTP/2 widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_57t30
IP
File type ASCII text, with no line terminators
Hash 9aa14d8c87b7c5de5cf3f32a888274cf
552e00d353e3d51eb59ed70753ac9b3663ba5693
233897fbfec891b224f1b8da58ea69323fbe436733d2f4a2fbe012c25ff284b8
GET /v1/urls/count.json?url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_57t30 HTTP/1.1
Host: widgets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/javascript
cache-control: must-revalidate, max-age=887
expires: Thu, 08 Dec 2022 10:07:37 GMT
x-envoy-upstream-service-time: 3
x-pinterest-rid: 1708182198923957
date: Thu, 08 Dec 2022 09:52:37 GMT
age: 0
content-encoding: br
vary: accept-encoding
accept-ranges: none
X-Firefox-Spdy: h2
video.onnetwork.tv/frame88.php?id=ffONNP88aabdd3baa4b806724699b886d2c14516704931568651&iid=1670493156865&e=1&ap=4&map=1&umum=1&naa=1&pinva=1&pinv=1&dpre=1&onnsfonn=1&vids=919027&dpb=1&onnwid=9074&wtop=https%253A%252F%252Fga.mcxsureshot.com%252Fmetformin-puren-9184&apop=0&vpop=0&apopa=0&vpopa=0&cId=ndONNP88aabdd3baa4b806724699b886d2c1451670493156864&rrpt=%7B%22CxSegments%22%3Anull%7D
200 OK 6.1 kB URL HTTP/2 video.onnetwork.tv/frame88.php?id=ffONNP88aabdd3baa4b806724699b886d2c14516704931568651&iid=1670493156865&e=1&ap=4&map=1&umum=1&naa=1&pinva=1&pinv=1&dpre=1&onnsfonn=1&vids=919027&dpb=1&onnwid=9074&wtop=https%253A%252F%252Fga.mcxsureshot.com%252Fmetformin-puren-9184&apop=0&vpop=0&apopa=0&vpopa=0&cId=ndONNP88aabdd3baa4b806724699b886d2c1451670493156864&rrpt=%7B%22CxSegments%22%3Anull%7D
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10132)
Hash 2117d8dbcf40cc38d5dad0740b0c38a9
9700a8f4dd71366f29b66e6db6740d5d9305101c
613cae40712fff5a0aa61168ad9fc78f6a14bf46669ea6dffce616167669fb8b
GET /frame88.php?id=ffONNP88aabdd3baa4b806724699b886d2c14516704931568651&iid=1670493156865&e=1&ap=4&map=1&umum=1&naa=1&pinva=1&pinv=1&dpre=1&onnsfonn=1&vids=919027&dpb=1&onnwid=9074&wtop=https%253A%252F%252Fga.mcxsureshot.com%252Fmetformin-puren-9184&apop=0&vpop=0&apopa=0&vpopa=0&cId=ndONNP88aabdd3baa4b806724699b886d2c1451670493156864&rrpt=%7B%22CxSegments%22%3Anull%7D HTTP/1.1
Host: video.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="ALL CAO DSP COR IVD IVA PSD PSA TEL TAI CUS ADM CUR CON SAM OUR IND"
last-modified: Thu, 08 Dec 2022 09:52:37 GMT
expires: Thu, 08 Dec 2022 09:52:38 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=1, pre-check=1
pragma: no-cache
feature-policy: fullscreen *; autoplay;
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-length: 6141
content-type: text/html; charset=utf-8
date: Thu, 08 Dec 2022 09:52:37 GMT
server: XO.webservant
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 2.1 kB IP
Hash 2ab7b1a0986436b964c624b6ddfffa85
cf8313511530363f77be6c8c030a6aa025160820
97d78b56c7608c90ef850889032ed880875bf39b4552cfcc17e0dd77a98789f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash 96f3f20169deed7dae69c5bb4af2b8b2
5b5298870075cac36f6220816fa6a79f3bacdd3c
5f3ff3511fb62cc5d41dfa6a97fd794292ec8de1a78331169320fd84ea1c5986
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2799
Cache-Control: max-age=99069
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Etag: "639088f3-118"
Expires: Fri, 09 Dec 2022 13:23:46 GMT
Last-Modified: Wed, 07 Dec 2022 12:37:07 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK 280 B IP
Hash 96f3f20169deed7dae69c5bb4af2b8b2
5b5298870075cac36f6220816fa6a79f3bacdd3c
5f3ff3511fb62cc5d41dfa6a97fd794292ec8de1a78331169320fd84ea1c5986
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2893
Cache-Control: max-age=99163
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Etag: "639088f3-118"
Expires: Fri, 09 Dec 2022 13:25:20 GMT
Last-Modified: Wed, 07 Dec 2022 12:37:07 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
optad360.mgr.consensu.org/icons/branding-video-negative.svg
200 OK 19 kB URL HTTP/2 optad360.mgr.consensu.org/icons/branding-video-negative.svg
IP
Hash 3be894f6140ceb549c816928d80eca11
939011ccb7751b08dfe9a6edff8fe8d022d0de84
a63e2e5685598a212ee42ea9ef0b05d5c09a31fbebc267d3b6073b37b942169a
GET /icons/branding-video-negative.svg HTTP/1.1
Host: optad360.mgr.consensu.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 22 Jun 2022 12:05:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 08 Dec 2022 03:19:28 GMT
cache-control: public, max-age=360000000
etag: W/"4ccbac335fa4fcdf4c526588ec6a6bc0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mVW1gU_uXX9RbRUuwo-Kia9Gr4Gb3e6Yye-_rmYFys55Bx3ygFmavA==
age: 23590
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120601&st=env
200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022120601&st=env
IP
File type JSON data\012- , ASCII text, with very long lines (14770), with no line terminators
Hash bac488bed5b0ba9a4e663b2cd77405ab
afbaae5da75a9e9b52fbc79b8d622a56a3d1ef57
31735f8ace1758ee28da0a17d74629ab10adf4b84a28c010ea2979bb06490895
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022120601&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Thu, 08 Dec 2022 09:52:37 GMT
server: cafe
content-length: 11151
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2a5c18efb45e1cb46e02888efe081eff
ea098d4ebd7fb4a18b8b62beaebaa4a2c191f30b
68906a4ee3fb913ce0cd7bc4d32a54c20da4704c9f069de1a134c76139f11a9d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 313 B IP
Hash 80bc0f96ea96fde678243ff6ac1a2b22
09f6a7dd77cae8777a0a105926f6f8a38635d5a4
fa517d4d2dd08a6bdc676d703e216ba5b48fc658698bc628961854dbd25dbdc5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4552
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Last-Modified: Thu, 08 Dec 2022 08:36:46 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
cdn.id5-sync.com/api/1.0/id5-api.js
200 OK 29 kB URL HTTP/2 cdn.id5-sync.com/api/1.0/id5-api.js
IP
Hash 0f54fec48fa7d1371007339839cb89ae
c4281311e718765d9ca77a04377b7b0717f8baed
f0806a47aa865f97ae09d81dea3fd903d5ac4b19cb6dbe614699b90809538e7b
GET /api/1.0/id5-api.js HTTP/1.1
Host: cdn.id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: NzzDMQRIzsXNjVR7/B6e4yrrDcazBk60q2/S2QH7YxwqiaX7/iQchWRPdgPY0BswypKEPiqaJg8=
x-amz-request-id: EK159HTWSS7GNBQ8
last-modified: Thu, 24 Nov 2022 12:48:29 GMT
etag: W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 2080
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 77649bfafa760afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 21 kB URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash c337b87dce71988115873790dbdb3035
4f80c241f8fc147662992d5361429fcc94dedcf9
bf9170b5fba91d9e835bc431b8b09f61506e33fb418d3ee0d7bd399ec2d2a48a
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 207
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/84986842?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
302 Found 12 kB URL HTTP/2 mc.yandex.ru/watch/84986842?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 492x277, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8ffb486a1abd39f1714394978bba09cd
3d82963636fd928f2d32eca1d451b393a3f9ce32
ea90eee41bd350f1835f21d0d544c9477630af2919e02b9ed497ea50379ed67e
GET /watch/84986842?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/84986842/1?wmode=7&page-url=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afp%3A1050%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A1478853265974%3Ahid%3A664859967%3Az%3A0%3Ai%3A20221208095235%3Aet%3A1670493156%3Ac%3A1%3Arn%3A464097220%3Arqn%3A1%3Au%3A1670493156209966838%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C303%2C92%2C45%2C320%2C0%2C%2C54%2C2%2C1056%2C1056%2C8%2C1038%3Aco%3A0%3Ans%3A1670493153733%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670493156%3At%3AMetformin%20%C3%ADon%20500mg%20-%20C%C3%B3gas%20-%202022&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Thu, 08 Dec 2022 09:52:36 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
set-cookie: yabs-sid=2286560241670493156; Path=/; SameSite=None; Secure
i=pczzCb5ukK5A0pptMhjcoz6+4ccZO5fexHwyrAu7CpQQfXhAMfoSgQLWSqh52QERB8HLSW2W1qcxg6A0+0Tcpu3dc3c=; Expires=Sun, 05-Dec-2032 09:52:33 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=5330094011670493156; Expires=Fri, 08-Dec-2023 09:52:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=5330094011670493156; Expires=Fri, 08-Dec-2023 09:52:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702029156.yc.1670493156#1702029156.yrts.1670493156#1702029156.yrtsi.1670493156; Expires=Fri, 08-Dec-2023 09:52:36 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 08-Dec-2022 09:52:36 GMT
last-modified: Thu, 08-Dec-2022 09:52:36 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.onnetwork.tv/css/player88.css?s=1670358419
200 OK 22 kB URL HTTP/2 cdn.onnetwork.tv/css/player88.css?s=1670358419
IP
Hash 44eceb62926cee91a3845163fead908f
f3cc4b0a218b9bbd3b7f772814dad0726ab79ff0
28da934fcb5715a1bff6ec1973c5376bd9a82a9274de780b7bbff3efa21e8aba
GET /css/player88.css?s=1670358419 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: text/css
last-modified: Tue, 06 Dec 2022 20:26:59 GMT
vary: Accept-Encoding
etag: W/"638fa593-b295"
expires: Mon, 26 Jun 2023 09:52:37 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/sdkloader/gpt_proxy.js
200 OK 31 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/gpt_proxy.js
IP
File type ASCII text, with very long lines (3452)
Hash 5727d71af8fb94541b4a28094baf86a2
41fd0a7fd01569d888cde5643418422a95f9b8cb
109c9a3e4d0bcd1864916e2f23fac4d1e966bd9f523cbda826617e8afa750531
GET /js/sdkloader/gpt_proxy.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 31144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 09:39:59 GMT
expires: Thu, 08 Dec 2022 09:54:59 GMT
cache-control: public, max-age=900
age: 758
last-modified: Tue, 06 Dec 2022 19:24:20 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/sdkloader/ima3.js
200 OK 127 kB URL HTTP/2 imasdk.googleapis.com/js/sdkloader/ima3.js
IP
File type ASCII text, with very long lines (2791)
Size 127 kB (126815 bytes)
Hash e6ce6730b0e7cfe4cc995926ca00e5b9
78a31d1c17bce48b0fc1ffe4580166fc9d21de25
263312f99ed53981d3f885c3af5e34d0b579f55718f8e8352f9431bc437fb225
GET /js/sdkloader/ima3.js HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 126815
date: Thu, 08 Dec 2022 09:52:37 GMT
expires: Thu, 08 Dec 2022 09:52:37 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imasdk.googleapis.com/js/core/bridge3.548.0_pl.html
200 OK 227 kB URL HTTP/2 imasdk.googleapis.com/js/core/bridge3.548.0_pl.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227333 bytes)
Hash 6a8f2c95cfa09d12f11b9fe26313893a
13d44d47aff32fd8fc21c40780538c506ed448f5
ca089b8a1a352276baaadc86790ce84604963527daaf58199fb872aeb8c7a24f
GET /js/core/bridge3.548.0_pl.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 227333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 09:01:34 GMT
expires: Wed, 06 Dec 2023 09:01:34 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Dec 2022 08:54:28 GMT
content-type: text/html
age: 175864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.onnetwork.tv/cnt/a_cnti.png?ts=1670493157495&event=plimpression&d=9074&vs=0&aps=4&playerVisible=0&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&acount=0
200 OK 126 B URL HTTP/2 cdn.onnetwork.tv/cnt/a_cnti.png?ts=1670493157495&event=plimpression&d=9074&vs=0&aps=4&playerVisible=0&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&acount=0
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e714c69ca26dcdabcf9016341f66b5b9
1c78ace0e38129460966521ecb9f3ce70563a5e8
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
GET /cnt/a_cnti.png?ts=1670493157495&event=plimpression&d=9074&vs=0&aps=4&playerVisible=0&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&acount=0 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: image/png
content-length: 126
cache-control: no-cache
last-modified: Thursday, 08-Dec-2022 09:52:38 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
imasdk.googleapis.com/js/core/bridge3.548.0_pl.html
200 OK 227 kB URL HTTP/2 imasdk.googleapis.com/js/core/bridge3.548.0_pl.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39845)
Size 227 kB (227333 bytes)
Hash 6a8f2c95cfa09d12f11b9fe26313893a
13d44d47aff32fd8fc21c40780538c506ed448f5
ca089b8a1a352276baaadc86790ce84604963527daaf58199fb872aeb8c7a24f
GET /js/core/bridge3.548.0_pl.html HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 227333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 09:01:34 GMT
expires: Wed, 06 Dec 2023 09:01:34 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 06 Dec 2022 08:54:28 GMT
content-type: text/html
age: 175864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.onnetwork.tv/cnt/a_cntm.png?ts=1670493157502&i=919027&d=9074&wsc=ab&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&typ=embed&ap=4&vs=40
200 OK 126 B URL HTTP/2 cdn.onnetwork.tv/cnt/a_cntm.png?ts=1670493157502&i=919027&d=9074&wsc=ab&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&typ=embed&ap=4&vs=40
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e714c69ca26dcdabcf9016341f66b5b9
1c78ace0e38129460966521ecb9f3ce70563a5e8
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
GET /cnt/a_cntm.png?ts=1670493157502&i=919027&d=9074&wsc=ab&plist=0&widget=0&initap=4&currap=4&ab=0&cbs=1&co=0&vc=0&pod=0&ppos=0&muted=1&mobile=0&lls=0&typ=embed&ap=4&vs=40 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: image/png
content-length: 126
cache-control: no-cache
last-modified: Thursday, 08-Dec-2022 09:52:38 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.onnetwork.tv/img/black2.mp4
206 Partial Content 2.2 kB URL HTTP/2 cdn.onnetwork.tv/img/black2.mp4
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 5cb95b4168423a49376882e1b2ba6171
8f6cc8c3da7687921eb12ef0d20769b988626f88
6212a4c6fd9be62d0795e3957471693cb344af6f21c2bbe0e957f3ed82520f1b
GET /img/black2.mp4 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: video/mp4
content-length: 2238
last-modified: Tue, 15 Nov 2022 12:58:10 GMT
etag: "63738ce2-8be"
expires: Mon, 26 Jun 2023 09:52:38 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-range: bytes 0-2237/2238
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
200 OK 515 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash dc40a4181097b7ca19cda1f1fdbd0d85
58f05ec64f8955392fd08399583c1e0667419fc9
36d1680cffa3bacc975c38f074ecb0e24de77fa57f97cb48f3e694395f6bc10d
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 08 Dec 2022 09:52:38 GMT
date: Thu, 08 Dec 2022 09:52:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-a7R8N706P0guZJ0GKj73zQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 209db360df4b336bf8214ab153588cd2
79dc9b8dabca3ce1ec609e1cdc2c72df672340cc
e4aee081d074b9c2a8ae63c233f559d47ee3ad832e4a569594314d6e8b4ab33c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4AEE081D074B9C2A8AE63C233F559D47EE3AD832E4A569594314D6E8B4AB33C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Thu, 08 Dec 2022 11:47:45 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 209db360df4b336bf8214ab153588cd2
79dc9b8dabca3ce1ec609e1cdc2c72df672340cc
e4aee081d074b9c2a8ae63c233f559d47ee3ad832e4a569594314d6e8b4ab33c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4AEE081D074B9C2A8AE63C233F559D47EE3AD832E4A569594314D6E8B4AB33C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Thu, 08 Dec 2022 11:47:45 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 209db360df4b336bf8214ab153588cd2
79dc9b8dabca3ce1ec609e1cdc2c72df672340cc
e4aee081d074b9c2a8ae63c233f559d47ee3ad832e4a569594314d6e8b4ab33c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4AEE081D074B9C2A8AE63C233F559D47EE3AD832E4A569594314D6E8B4AB33C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Thu, 08 Dec 2022 11:47:45 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 209db360df4b336bf8214ab153588cd2
79dc9b8dabca3ce1ec609e1cdc2c72df672340cc
e4aee081d074b9c2a8ae63c233f559d47ee3ad832e4a569594314d6e8b4ab33c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4AEE081D074B9C2A8AE63C233F559D47EE3AD832E4A569594314D6E8B4AB33C"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6907
Expires: Thu, 08 Dec 2022 11:47:45 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 30fa154434f09accac037c554f60cf0f
364365c8ac9cabb3c0f81c882212a110946a981b
3ad5fad7ebf8eb427667c23da4b9080503de1383d504b83db0713779fb197609
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdnt.onnetwork.tv/poster/9/1/919027_5m.jpg
200 OK 10 kB URL HTTP/2 cdnt.onnetwork.tv/poster/9/1/919027_5m.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 480x272, components 3\012- data
Hash db28080ad44c46eb449fc250e33a2dc8
40e7b61c98a0085c49ebf8b465dcb846e1830601
37cb31effe0fa7997e40575b2d239b9fd99fa789fa7f4a9e16cd8c55cb86163c
GET /poster/9/1/919027_5m.jpg HTTP/1.1
Host: cdnt.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: image/jpeg
content-length: 10456
last-modified: Thu, 17 Nov 2022 10:35:17 GMT
etag: "63760e65-28d8"
expires: Mon, 26 Jun 2023 09:52:38 GMT
cache-control: max-age=17280000
strict-transport-security: max-age=31536000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
lbs.eu-1-id5-sync.com/lbs/v1
200 OK 34 B URL HTTP/1.1 lbs.eu-1-id5-sync.com/lbs/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7ff07ce4fbaa49260bcbe904a0b73f2c
f8b6eeb070fb513c50e9c4867aa5952db4a39fa6
37f13bec730fa589ff3b7827dc54d4249b79b18ca13a802692825598c97d7c2b
GET /lbs/v1 HTTP/1.1
Host: lbs.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 8 Dec 2022 09:52:38 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
vary: Origin
content-type: application/json
content-length: 34
strict-transport-security: max-age=63072000; includeSubDomains; preload
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 506046428776e579d3a5fe5d80ab3ac0
183a545f79c189f1938d5ef7d6400ab18d1acf07
17138536e63acdc6c6467c7192ff75379abb52703416d8fe933fa29c4a9975c0
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
lbs.eu-1-id5-sync.com/lbs/v1
200 OK 34 B URL HTTP/1.1 lbs.eu-1-id5-sync.com/lbs/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 3e070fdce73c13e13430e78469cfb969
7141b153fb3563c66f60372e20b3eb30fb51e440
a374da6348fed27847503c554becb4b3c7be1b556fa6825b35680bdc5e835b52
GET /lbs/v1 HTTP/1.1
Host: lbs.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 8 Dec 2022 09:52:38 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
vary: Origin
content-type: application/json
content-length: 34
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdn.onnetwork.tv/js/player88/playerl.min.js?s=1670450479
200 OK 67 kB URL HTTP/2 cdn.onnetwork.tv/js/player88/playerl.min.js?s=1670450479
IP
Hash b7f89f606bacc45b16d05ef7ccf77437
f6f30630f773a458fbfbeaf9e4c179424cb251c8
d91e135d760f839f5a5b6dd2d8f5990cafd38adb899b3facd276cb51074394c8
GET /js/player88/playerl.min.js?s=1670450479 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/javascript
last-modified: Wed, 07 Dec 2022 22:01:19 GMT
vary: Accept-Encoding
etag: W/"63910d2f-3eec1"
expires: Mon, 26 Jun 2023 09:52:37 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
lbs.eu-1-id5-sync.com/lbs/v1
200 OK 34 B URL HTTP/1.1 lbs.eu-1-id5-sync.com/lbs/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 85e6163b00316374acec562ecde9d531
a0cf47129c7921b1c51675fd768d4ec845ea639e
416908bf8e7466a3fc7b76ffe58b4be855df37f981a8aa9241c508d996f8aea4
GET /lbs/v1 HTTP/1.1
Host: lbs.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 8 Dec 2022 09:52:38 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
vary: Origin
content-type: application/json
content-length: 34
strict-transport-security: max-age=63072000; includeSubDomains; preload
lbs.eu-1-id5-sync.com/lbs/v1
200 OK 34 B URL HTTP/1.1 lbs.eu-1-id5-sync.com/lbs/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash a1d9da8731ff03d39e8f51d1d0b63857
a03265d7b51a4f17b8f98933f66613f240066913
67f400b2dd5d2b0630390916b5b82843081cd5120cd76323cca89ee8ee9b0992
GET /lbs/v1 HTTP/1.1
Host: lbs.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 8 Dec 2022 09:52:38 GMT
access-control-allow-origin: https://ga.mcxsureshot.com
vary: Origin
content-type: application/json
content-length: 34
strict-transport-security: max-age=63072000; includeSubDomains; preload
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 499cb4d62e4413dcc6e45f6b4ea338d5
2e2bef679b8912a73694b271714badceb48ff292
34050896fe7bb34f3542c777c6b2c998e15caeeb47d5bc7aaabe41742a5c0ea9
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 08:46:55 GMT
expires: Thu, 08 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 3943
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s0.2mdn.net/instream/video/client.js
200 OK 17 kB URL HTTP/2 s0.2mdn.net/instream/video/client.js
IP
File type ASCII text, with very long lines (2156)
Hash 49295de6ccd23cf80b6418a2d209868f
42a955b4560bb22cb9b5b39577f7a691ea345018
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
GET /instream/video/client.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 16746
date: Thu, 08 Dec 2022 09:52:38 GMT
expires: Thu, 08 Dec 2022 09:52:38 GMT
cache-control: private, max-age=900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1646897766&t=pageview&_s=1&dl=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&dp=%2Fab%2Foptad360_com&ul=en-us&de=UTF-8&dt=Player&sd=24-bit&sr=1280x1024&vp=640x360&je=0&_u=IGhAAEABAAAAACAAsD~&jid=1220899929&gjid=1363108816&cid=192307762.1670493158&tid=UA-135216642-1&_gid=1364448552.1670493158&_r=1&_slc=1&z=1695919826
200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1646897766&t=pageview&_s=1&dl=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&dp=%2Fab%2Foptad360_com&ul=en-us&de=UTF-8&dt=Player&sd=24-bit&sr=1280x1024&vp=640x360&je=0&_u=IGhAAEABAAAAACAAsD~&jid=1220899929&gjid=1363108816&cid=192307762.1670493158&tid=UA-135216642-1&_gid=1364448552.1670493158&_r=1&_slc=1&z=1695919826
IP
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j98&aip=1&a=1646897766&t=pageview&_s=1&dl=https%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&dp=%2Fab%2Foptad360_com&ul=en-us&de=UTF-8&dt=Player&sd=24-bit&sr=1280x1024&vp=640x360&je=0&_u=IGhAAEABAAAAACAAsD~&jid=1220899929&gjid=1363108816&cid=192307762.1670493158&tid=UA-135216642-1&_gid=1364448552.1670493158&_r=1&_slc=1&z=1695919826 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://ga.mcxsureshot.com
date: Thu, 08 Dec 2022 09:52:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.onnetwork.tv/js/player88/player_utils.min.js?s=1670450479
200 OK 3.8 kB URL HTTP/2 cdn.onnetwork.tv/js/player88/player_utils.min.js?s=1670450479
IP
Hash e4c1fc64aab50b85d0bb0801d6a77f6f
1135a9eabbbe6f6e3ccd79b82668528b1aab04c4
6436694e03961ce3913d8a1e489af494640d2e41d20f12c375c1df09c55d6f6c
GET /js/player88/player_utils.min.js?s=1670450479 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/javascript
last-modified: Wed, 07 Dec 2022 22:01:19 GMT
vary: Accept-Encoding
etag: W/"63910d2f-2c6a"
expires: Mon, 26 Jun 2023 09:52:37 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb44b614b8381a20ddc7cac6e5228f29
b8c381ae5dea1755066f7d450fdc5b7046e5d441
b4ffb9c2ea3aae0c8d2f1d713c10be2d4c008518a0c30e166da9f1e4ef58ba23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4FFB9C2EA3AAE0C8D2F1D713C10BE2D4C008518A0C30E166DA9F1E4EF58BA23"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4009
Expires: Thu, 08 Dec 2022 10:59:27 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb44b614b8381a20ddc7cac6e5228f29
b8c381ae5dea1755066f7d450fdc5b7046e5d441
b4ffb9c2ea3aae0c8d2f1d713c10be2d4c008518a0c30e166da9f1e4ef58ba23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4FFB9C2EA3AAE0C8D2F1D713C10BE2D4C008518A0C30E166DA9F1E4EF58BA23"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4009
Expires: Thu, 08 Dec 2022 10:59:27 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb44b614b8381a20ddc7cac6e5228f29
b8c381ae5dea1755066f7d450fdc5b7046e5d441
b4ffb9c2ea3aae0c8d2f1d713c10be2d4c008518a0c30e166da9f1e4ef58ba23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4FFB9C2EA3AAE0C8D2F1D713C10BE2D4C008518A0C30E166DA9F1E4EF58BA23"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4009
Expires: Thu, 08 Dec 2022 10:59:27 GMT
Date: Thu, 08 Dec 2022 09:52:38 GMT
Connection: keep-alive
cdn.onnetwork.tv/css/websites/optad/general.css
200 OK 183 B URL HTTP/2 cdn.onnetwork.tv/css/websites/optad/general.css
IP
Hash 26beadbd2407ac1a5bcabe5f959368eb
3550cb06025b13412b591f09183cbda0805d84e2
7cc880e3e2866f343d22241d9c6ef350fff31714b9a30249f31a104edc50efbb
GET /css/websites/optad/general.css HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: text/css
last-modified: Sun, 27 Mar 2022 07:49:33 GMT
vary: Accept-Encoding
etag: W/"6240170d-268"
expires: Mon, 26 Jun 2023 09:52:38 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash e823649d6e67f7655ae25a69d20159c9
013359814344b7c15da24a2857a3354e16bd4c34
ba9c8fb40060f9f4c381dfb9843f52af35ee7114c6454884edc03bdf6b22683e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4462
Cache-Control: max-age=119099
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Etag: "6390d0b3-139"
Expires: Fri, 09 Dec 2022 18:57:37 GMT
Last-Modified: Wed, 07 Dec 2022 17:43:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
gum.criteo.com/syncframe?origin=publishertag&topUrl=ga.mcxsureshot.com&gdpr=1&gdpr_consent=CPjsQbtPjsQbtAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ga.mcxsureshot.com&gdpr=1&gdpr_consent=CPjsQbtPjsQbtAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 4560120ccc2d41b17f21a2e78c2816fc
6d744dc7e21148bbee1823fb958d49890ab55519
06e15ea1132def40be437eebb12d9bf63cc6deb48ddad212f168eb8120596bac
GET /syncframe?origin=publishertag&topUrl=ga.mcxsureshot.com&gdpr=1&gdpr_consent=CPjsQbtPjsQbtAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=40ebcadc-227a-44ee-868f-78480bdf717f; expires=Tue, 02 Jan 2024 09:52:38 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 863381
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
id5-sync.com/g/v2/231.json
200 1.3 kB URL HTTP/1.1 id5-sync.com/g/v2/231.json
IP
File type JSON data\012- , ASCII text, with very long lines (1315), with no line terminators
Hash 37c3e75f32713b5936fcdffc5917dfd1
6f8cb23c754449e98b00169675f7259439924b11
6dddf3b7d907c1e5f437b77b20c23e6fed82ce6319481a879cffa6cd90a60051
POST /g/v2/231.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 774
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=25fc4df9-af33-68ac-b5a4-930577723bff#1670493158867#1; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
id5-sync.com/g/v2/231.json
200 1.3 kB URL HTTP/1.1 id5-sync.com/g/v2/231.json
IP
File type JSON data\012- , ASCII text, with very long lines (1315), with no line terminators
Hash b1fdcf12ac2ee4b0ad745a4866f8f7a1
9dea90faba82a4deecff7c991d6a2970b93184b8
b064969d3b3a93e35895222111a05e6c7a7e82e63c20af16666fe9a185ba204a
POST /g/v2/231.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 774
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=25fc4df9-af33-68ac-b5a4-930577723bff#1670493158870#1; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
id5-sync.com/g/v2/231.json
200 1.3 kB URL HTTP/1.1 id5-sync.com/g/v2/231.json
IP
File type JSON data\012- , ASCII text, with very long lines (1315), with no line terminators
Hash fd029879fce8d6bbbe16059e3e05c77a
1d94053c6532d45d02b8e59ab71c17eab694ad45
4360f9bfc99cb986b9cca9a84e7c3c4af0f669699b10db6744edb6c1a63ac955
POST /g/v2/231.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 774
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://ga.mcxsureshot.com
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=25fc4df9-af33-68ac-b5a4-930577723bff#1670493158870#1; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdnx.onnetwork.tv/sd/9/1/919027.mp4?sev=8s3eKaeUl1TBELaXt01pQw&e=1670503957&u=9074
206 Partial Content 34 kB URL HTTP/2 cdnx.onnetwork.tv/sd/9/1/919027.mp4?sev=8s3eKaeUl1TBELaXt01pQw&e=1670503957&u=9074
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 3ba0e80507ba914b4b1398ee6f242b51
1f71279d17f342c041faf77a5d7169ec98ac0f9d
4f60c70339b21c1dbd44f726c52eab11edd992c4d396f457a2504b058f2babed
GET /sd/9/1/919027.mp4?sev=8s3eKaeUl1TBELaXt01pQw&e=1670503957&u=9074 HTTP/1.1
Host: cdnx.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: video/mp4
content-length: 8016814
last-modified: Thu, 17 Nov 2022 10:36:58 GMT
etag: "63760eca-7a53ae"
strict-transport-security: max-age=31536000
access-control-allow-origin: *
content-range: bytes 0-8016813/8016814
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&gjid=1363108816&_gid=1364448552.1670493158&_u=IGhAAEAAAAAAACAAsD~&z=1121865410
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&gjid=1363108816&_gid=1364448552.1670493158&_u=IGhAAEAAAAAAACAAsD~&z=1121865410
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&gjid=1363108816&_gid=1364448552.1670493158&_u=IGhAAEAAAAAAACAAsD~&z=1121865410 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ga.mcxsureshot.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Dec 2022 09:52:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:38 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=rAdJ_F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNDRmV3TmpxT2slMkJSJTJGV2xYbElwWllQSg; expires=Tue, 02 Jan 2024 09:52:38 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 286240
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 5814ad3b7f0d449d58b5505e41a3f293
66fe5d7620cc08430e8c06b981dd034307dbbc8d
aac640fcca4acaf55321ba49f1eb08c3a29d771445b35a33213aa627900d2579
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4708
Cache-Control: max-age=91608
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Etag: "6390645a-139"
Expires: Fri, 09 Dec 2022 11:19:26 GMT
Last-Modified: Wed, 07 Dec 2022 10:00:58 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
200 OK 443 B IP
Hash 6fb642dd2fb621f94d504b9f80f3b830
65c0626ce2b0a2d753eeef2b6c3aa334cec220e3
a69f2b44c3f622c0da32487a58797f8a39a35734fbdf3abdae37188e4335fccb
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=rAdJ_F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNDRmV3TmpxT2slMkJSJTJGV2xYbElwWllQSg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=bYdniV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNEWVZjUnVGcDhHaHVPVTBOS285VFA0; expires=Tue, 02 Jan 2024 09:52:38 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 457966
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&_u=IGhAAEAAAAAAACAAsD~&z=145689624
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&_u=IGhAAEAAAAAAACAAsD~&z=145689624
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-135216642-1&cid=192307762.1670493158&jid=1220899929&_u=IGhAAEAAAAAAACAAsD~&z=145689624 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 09:52:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.onnetwork.tv/cnt/a_cntg.png?ts=1670493158455&d=9074&wsc=ab&typ=embed&mobile=0&c=24
200 OK 126 B URL HTTP/2 cdn.onnetwork.tv/cnt/a_cntg.png?ts=1670493158455&d=9074&wsc=ab&typ=embed&mobile=0&c=24
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e714c69ca26dcdabcf9016341f66b5b9
1c78ace0e38129460966521ecb9f3ce70563a5e8
a607b3c3e0d09d7f339e0035f16f99bf93637dee0eb27b2b9c447701fefa2ace
GET /cnt/a_cntg.png?ts=1670493158455&d=9074&wsc=ab&typ=embed&mobile=0&c=24 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:39 GMT
content-type: image/png
content-length: 126
cache-control: no-cache
last-modified: Thursday, 08-Dec-2022 09:52:39 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
onetag-sys.com/usync/?cb=1670493156322&gdpr=0
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?cb=1670493156322&gdpr=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?cb=1670493156322&gdpr=0 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
onetag-sys.com/usync/?cb=1670493156320&gdpr=0
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?cb=1670493156320&gdpr=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?cb=1670493156320&gdpr=0 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
ssp.wp.pl/bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter
200 OK 281 B URL HTTP/2 ssp.wp.pl/bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter
IP
ASN #12827 Wirtualna Polska Media S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477), with no line terminators
Hash 3cc5bd08b7a270b10e3937d69295cce8
342d412c14becbf1fecd3091e0be6355791762fa
ed13833f42b1b6b979d0e7ac1e570dddf6ed8c1ec002c4f13e421e67d3af42ef
GET /bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter HTTP/1.1
Host: ssp.wp.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html; charset=utf-8
content-length: 281
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 15:46:02 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 5.6 kB URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with no line terminators
Hash 916ef6e8503799294bbe2dbe746d2e5b
96d00a83fd631a5400d9123f240325ce696c4ab0
df7d8f0bfc0a18fa3144d303027e498babd6764cc14a69cb5322713043c63a1e
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 210
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160120&gdpr=0&gdpr_consent=
200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160120&gdpr=0&gdpr_consent=
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?kdntuid=1&p=160120&gdpr=0&gdpr_consent= HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=74113
expires: Fri, 09 Dec 2022 06:27:53 GMT
date: Thu, 08 Dec 2022 09:52:40 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ssp.wp.pl/bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter
200 OK 281 B URL HTTP/2 ssp.wp.pl/bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter
IP
ASN #12827 Wirtualna Polska Media S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477), with no line terminators
Hash 3cc5bd08b7a270b10e3937d69295cce8
342d412c14becbf1fecd3091e0be6355791762fa
ed13833f42b1b6b979d0e7ac1e570dddf6ed8c1ec002c4f13e421e67d3af42ef
GET /bidder/usersync?tcf=2&pvid=77451648582341510000&sn=mc_adapter HTTP/1.1
Host: ssp.wp.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html; charset=utf-8
content-length: 281
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 15:46:02 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
acdn.adnxs.com/dmp/async_usersync.html
200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 09 Dec 2022 09:52:42 GMT
Date: Thu, 08 Dec 2022 09:52:40 GMT
Connection: keep-alive
Vary: Accept-Encoding
acdn.adnxs.com/dmp/async_usersync.html
200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 09 Dec 2022 09:52:42 GMT
Date: Thu, 08 Dec 2022 09:52:40 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 678e8ad01e942df5e790a7f4b1890758
e10de3f11460a992601fac3d3dcc7c3c30f215dc
160c48844b81c65e3ec937d83be3c4078be50899ef981e3aca8146f9120f7456
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 12 Dec 2022 07:01:11 GMT
ETag: "e10de3f11460a992601fac3d3dcc7c3c30f215dc"
Last-Modified: Thu, 08 Dec 2022 07:01:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2298
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77649c0ae9bcfab8-OSL
ib.adnxs.com/async_usersync?cbfn=queuePixels
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: bbba6dc5-a7c8-497a-8ffe-d008025da320
Set-Cookie: uuid2=6262939258926088025; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:40 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
gem.gbc.criteo.com/newidsd
200 OK 102 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
Hash e74ea72fea904f9bf78906f8e792ff67
2d54011bda5ccd99acf3ef0d7a1ed5989a31f4c5
366387be3b9447e45e0a816907b70ee8759b91495b5f0bba2af1248d40bfa2b4
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 68745
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
200 OK 5.5 kB URL HTTP/2 ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (15844), with no line terminators
Hash 7725e8e949141c8ded449d86975d4c04
8cd8c314a2002cc26f821d331ab9512f52a551a2
a0c49aacf6f552bce544eb8516404f696918253cd934a6404ebeafd71f8780ae
GET /AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=74113
expires: Fri, 09 Dec 2022 06:27:53 GMT
date: Thu, 08 Dec 2022 09:52:40 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
onetag-sys.com/usync/?pubId=2bb78272a859ca6
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2bb78272a859ca6
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2bb78272a859ca6 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
ib.adnxs.com/async_usersync?cbfn=queuePixels
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 32974b6d-f6ea-49ba-879a-49dd98cdbc40
Set-Cookie: uuid2=736780313733524003; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:40 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 7862b329-c869-479b-9da0-370b7fbd81b6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
200 OK 60 B URL HTTP/2 image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
IP
File type ASCII text, with no line terminators
Hash 69adb6ba874ddb5850bc25d93063dae3
240a32199c04624b5568cbbbd2a6270e2f6818d1
90893e3cef85ea47b62a20bb18b79446e53be8ba77f844764b57f8bc7236ff9a
GET /AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB HTTP/1.1
Host: image6.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=UTF-8
expires: Wed, 8 Mar 2023 01:46:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 08 Dec 2022 09:52:39 GMT
content-length: 60
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 5233f4c23fce58f05bfffddcebe927a2
b5fce38b2bb0e1231f61c02e10d0c34981c1d49a
5572636232cf47823fe3dcc21ea0ba3584feec99588b31e1fbe2a9fbb6be0c7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4139
Cache-Control: max-age=155456
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63915ffd-118"
Expires: Sat, 10 Dec 2022 05:03:36 GMT
Last-Modified: Thu, 08 Dec 2022 03:54:37 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1
200 OK 22 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 91d4898f938e4920ac88f87453b33933
1bd4a04303c2501101656075ad8304e1a84eb91e
93ecc6762eafd376cbe2fd18250fa9f12c90f9a86b481430ef29ec40716d8f35
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ga.mcxsureshot.com/
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ga.mcxsureshot.com
server-processing-duration-in-ticks: 394720
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
302 Found 0 B URL HTTP/2 s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID HTTP/1.1
Host: s.ad.smaato.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: CloudFront
date: Thu, 08 Dec 2022 09:52:40 GMT
content-length: 0
cache-control: no-cache, must-revalidate
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.quantumdex.io/setuid?bidder=smaato&uid=d04eae73
set-cookie: SCM=d04eae73; Expires=Thu, 29 Dec 2022 09:52:40 GMT; Domain=.smaato.net; SameSite=None; Path=/; Secure
SCMp=d04eae73; Expires=Sun, 18 Dec 2022 21:52:40 GMT; Domain=.smaato.net; Path=/; SameSite=None; Secure
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sXmGTae7iBAIwlN4YOteO19kIPDOf_ynWRpVI74x2r_RvCBYUT3BLw==
X-Firefox-Spdy: h2
id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
200 43 B URL HTTP/1.1 id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Thu, 08-Dec-2022 09:57:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Thu, 08 Dec 2022 09:52:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
dnacdn.net/dna
200 OK 132 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 298778de533cb25b618263ad0bd038e4
3afd73e14977d9fadf04954f468ede60c0cb19f2
d5735fb160b30e02208acf027f0ed716a62fed2574e9e2efa36b4478a49159dc
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Cookie: browser_data=bYdniV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNEWVZjUnVGcDhHaHVPVTBOS285VFA0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:39 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=I5nPuF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNCeTlYQ3UlMkY5MkRFYVpuRmRhaUdqdmU; expires=Tue, 02 Jan 2024 09:52:40 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ga.mcxsureshot.com
server-processing-duration-in-ticks: 294721
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E
302 Found 154 B URL HTTP/2 hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 52558d05355ee6e9d14ff3cf8a5a3ef0
52cfd7dd3859dc0578849a7b1c91bb8f91ad84c2
bac5546ea0f819f461c9023592ec2398a45a6c3aab78e55fed8b7c908dce6060
GET /cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dmedianet%26uid%3D%3Cvsid%3E HTTP/1.1
Host: hbx.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: Apache
content-length: 154
content-type: text/html
location: https://sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
set-cookie: data-pbs=setstatuscode~~1;Expires=Fri, 08 Dec 2023 09:52:40 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=86400 ; includeSubDomains
x-mnet-hl2: E
expires: Thu, 08 Dec 2022 09:52:40 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 08 Dec 2022 09:52:40 GMT
X-Firefox-Spdy: h2
sync.quantumdex.io/usersync/pbjs
200 OK 909 B URL HTTP/2 sync.quantumdex.io/usersync/pbjs
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (3653), with no line terminators
Hash 56c6445bd06ce33bbc65ea30a092e8db
fff67deb0cccc6cc698ae9232c5ca00752f351d4
955cb20835877e38ab24bba9d9f82c27db7cf528e2e34e1422abac8bde9a7a55
GET /usersync/pbjs HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html
set-cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c; expires=Sun, 18 Dec 2022 09:52:40 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0b3fa50a2b-ARN
content-encoding: gzip
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=pbs-valueimpression&endpoint=us-east HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Dec 2022 09:52:40 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
200 OK 280 B IP
Hash 5233f4c23fce58f05bfffddcebe927a2
b5fce38b2bb0e1231f61c02e10d0c34981c1d49a
5572636232cf47823fe3dcc21ea0ba3584feec99588b31e1fbe2a9fbb6be0c7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4139
Cache-Control: max-age=155456
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63915ffd-118"
Expires: Sat, 10 Dec 2022 05:03:36 GMT
Last-Modified: Thu, 08 Dec 2022 03:54:37 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
onetag-sys.com/usync/?pubId=2bb78272a859ca6
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2bb78272a859ca6
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2bb78272a859ca6 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1
200 OK 874 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1
IP
Hash 78956fa304d71141d9f3d0f28d242e42
7686284d4922e6c2f9f880391b558ffb818610e0
394f42294694cc00526698acb6c5f007528f30f7758bf821aa14023a2e7393e3
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fga.mcxsureshot.com%2F&domain=ga.mcxsureshot.com&cw=1&pbt=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:39 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://ga.mcxsureshot.com
server-processing-duration-in-ticks: 1373579
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=pbs-valueimpression&endpoint=us-east HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 08 Dec 2022 09:52:40 GMT
Connection: keep-alive
Vary: Accept-Encoding
ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
302 Found 0 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 08 Dec 2022 09:52:40 GMT
content-length: 0
location: /usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
cf-ray: 77649c0c7f26b4f9-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=Y5Gz6GbHAEpLu2B0Z9gYvAAA; Path=/; Domain=casalemedia.com; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=667; Path=/; Domain=casalemedia.com; Expires=Wed, 08 Mar 2023 09:52:40 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=667; Path=/; Domain=casalemedia.com; Expires=Wed, 08 Mar 2023 09:52:40 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xylU8FL8E5RNHL7rlAUU2IaNqwRvjFrfUEL8jSfg7Owj01F7a4ZsT6fWC05x4TF0f5qOvYIF5a%2FI9NxWyLOSsf96FL2UJ1qop%2BPUmN4AtRlzSrSIAKOkHE7HHJXayACQcBvZkvyGEcUmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sync.quantumdex.io/setuid?bidder=smaato&uid=d04eae73
200 OK 43 B URL HTTP/2 sync.quantumdex.io/setuid?bidder=smaato&uid=d04eae73
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /setuid?bidder=smaato&uid=d04eae73 HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0c38ad0a2b-ARN
X-Firefox-Spdy: h2
ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
AN-X-Request-Uuid: e1a4cc49-ebe7-4385-9c4f-19f4f905eb59
Set-Cookie: uuid2=6142912509818937861; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:40 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
eus.rubiconproject.com/usync.js
200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
File type ASCII text, with very long lines (18728)
Hash 3ae0328310f55e40b71aad52848db78e
317e743a6d03e9cedf8fd3eb059a1e40486abff7
c8e83d858318335d67a8b311926eb759031c0a29685c247c9d3243d80364b7ce
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-valueimpression&endpoint=us-east
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 08 Dec 2022 02:06:38 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=58410
Expires: Fri, 09 Dec 2022 02:06:10 GMT
Date: Thu, 08 Dec 2022 09:52:40 GMT
Connection: keep-alive
Vary: Accept-Encoding
ups.analytics.yahoo.com/ups/58424/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58424/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58424/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 08 Dec 2022 09:52:40 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58424/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOizkWMCEKBAq7G9gC4eH6PNCBklHJYFEgEBAQEFk2ObYwAAAAAA_eMAAA&S=AQAAAsy1w1OZ6qn2GaQu7k6kPME; Expires=Fri, 8 Dec 2023 15:52:40 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash ef2a1df1faf7c2072fe238fed3118c13
6574ec8fffde7fc5a5fc9f70de69bf239f568ab4
d2ca430b748ce16aedd9308000d58c08d8a778a8d400de01fde36a5e20bb5f95
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 04:09:17 GMT
Expires: Tue, 13 Dec 2022 04:09:16 GMT
Etag: "6574ec8fffde7fc5a5fc9f70de69bf239f568ab4"
Cache-Control: max-age=410795,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77649c0d0be0b51b-OSL
ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
200 OK 108 B URL HTTP/2 ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 7ee15503aa07eac9da2f20892846159a
79d8af49692750ed9eae9b1965840dfe93107180
5d93b02bdcd8341e0d8c6e4959ba25230279781bef6cda208c0a996794da2358
GET /usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1 HTTP/1.1
Host: ssum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html
cf-ray: 77649c0c7f28b4f9-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3VqaIcT%2BmAIWJ7s%2B2f1xBMYzrjkdPTPp58Rau%2FRO1Es829zy4%2F71wdNeoDYyNiZf82VOKhhWuzso4OYv%2FqlvtdLyOqmZOh5qwml7rmbKGvRXKT5jxwEe5FKCb5xVPCzuMZQHmsYWn0f8FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash ff581accdde51438cc10cf43347f1b84
435710b07fe5fe34d17fc02691ce24ebd0f5e6fc
64eaae056d7260d43b3c5f345838bf83a415e45408b5fbbc67077abf87d14503
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:23:23 GMT
Expires: Mon, 12 Dec 2022 11:23:22 GMT
Etag: "435710b07fe5fe34d17fc02691ce24ebd0f5e6fc"
Cache-Control: max-age=350441,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77649c0d2c3bb51e-OSL
ups.analytics.yahoo.com/ups/58424/occ?verify=true
204 No Content 108 B URL HTTP/2 ups.analytics.yahoo.com/ups/58424/occ?verify=true
IP
Hash 7ee15503aa07eac9da2f20892846159a
79d8af49692750ed9eae9b1965840dfe93107180
5d93b02bdcd8341e0d8c6e4959ba25230279781bef6cda208c0a996794da2358
GET /ups/58424/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:40 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOizkWMCEF0rD7d9OAo3KY2qMTgXVbcFEgEBAQEFk2ObYwAAAAAA_eMAAA&S=AQAAAo0N0WK835wfeuUHkU0t6uQ; Expires=Fri, 8 Dec 2023 15:52:40 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D831F0B92-9AFA-433A-B4B7-298D2B51A2EF%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
200 OK 953 B URL HTTP/2 ads.pubmatic.com/AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D831F0B92-9AFA-433A-B4B7-298D2B51A2EF%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (1720), with no line terminators
Hash 499546dec064c08e4c7c354bab138f7f
f155d071d071e4e7c1d45e22943915df9d9f2b75
1a9219bc3962479cfa6ff0ca64e2f810aab8b816ae4f937b252d0ca044d693b4
GET /AdServer/js/cl_partner.html?pid=2&gdpr=0&gdpr_consent=&rdu=https%3A%2F%2Fsimage4.pubmatic.com%2FAdServer%2FSPug%3Fo%3D3%26u%3D831F0B92-9AFA-433A-B4B7-298D2B51A2EF%26vcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%23%23P_UID HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://simage4.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 17 Aug 2016 09:36:32 GMT
etag: "fa18f0-6b8-53a413358bd01"
server: Apache
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 953
content-type: text/html; charset=UTF-8
cache-control: max-age=158384
expires: Sat, 10 Dec 2022 05:52:24 GMT
date: Thu, 08 Dec 2022 09:52:40 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 32922f835a72a4939b1a595f942be9dc
84184a058c1e3a2bf3c9105df342e38d91e64411
eacbeb14bd7e0c1ecd83a9c3410e7e89cfd2b5b5cb74a383b9d612eaffc13191
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=160112
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63916f7b-1d7"
Expires: Sat, 10 Dec 2022 06:21:12 GMT
Last-Modified: Thu, 08 Dec 2022 05:00:43 GMT
Server: ECS (nyb/1DCD)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wOxRpVvIuWwQQXuNX5dA6Yvw6uN-UGgxMkYZEvSyy22eRunSCHN3MA==
Age: 4829
ocsp.sectigo.com/
200 OK 471 B IP
Hash ff581accdde51438cc10cf43347f1b84
435710b07fe5fe34d17fc02691ce24ebd0f5e6fc
64eaae056d7260d43b3c5f345838bf83a415e45408b5fbbc67077abf87d14503
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 11:23:23 GMT
Expires: Mon, 12 Dec 2022 11:23:22 GMT
Etag: "435710b07fe5fe34d17fc02691ce24ebd0f5e6fc"
Cache-Control: max-age=350441,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77649c0c2e95b517-OSL
ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
302 Found 0 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: /match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
tuuid=1732b707-3f40-5256-b4fc-eaa5d76d594d; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
ut=Y5Gz6AAMZ8g3J9dAT5DX4rE0JmXs3Z9xAVkliQ==; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
content-length: 0
X-Firefox-Spdy: h2
sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
200 OK 43 B URL HTTP/2 sync.quantumdex.io/setuid?bidder=medianet&uid=0000EEA
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /setuid?bidder=medianet&uid=0000EEA HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0d099c0a2b-ARN
X-Firefox-Spdy: h2
usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
204 No Content 0 B URL HTTP/2 usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID HTTP/1.1
Host: usermatch.targeting.unrulymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:40 GMT
X-Firefox-Spdy: h2
match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
204 No Content 0 B URL HTTP/2 match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP/1.1
Host: match.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:40 GMT
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 87c8796d22231862d7db8920bbbe9b5c
d11ffd2f88366d16bbbc3479f8fccfa8cf426ec8
a5743aeef381944cbd309ec6419ec8b5d40d93c3159f8ce07f3b91d8782e038f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 21:10:03 GMT
Expires: Thu, 08 Dec 2022 21:10:03 GMT
ETag: "d11ffd2f88366d16bbbc3479f8fccfa8cf426ec8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
204 No Content 0 B URL HTTP/2 usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID HTTP/1.1
Host: usermatch.targeting.unrulymedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 08 Dec 2022 09:52:40 GMT
X-Firefox-Spdy: h2
ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
200 OK 68 B URL HTTP/2 ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
GET /match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP/1.1
Host: ads.betweendigital.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
tuuid=5f3241a0-feb5-5256-a082-7c45c313cfad; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
ut=Y5Gz6AAOGWCuzoKuCdlyHu9EPhujhqneHntwHA==; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=.betweendigital.com
content-length: 68
X-Firefox-Spdy: h2
ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
204 No Content 0 B URL HTTP/1.1 ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Thu, 08 Dec 2022 09:52:40 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
X-Sovrn-Pod: ad_ap7ams1
sync.quantumdex.io/setuid?bidder=ix&uid=0
200 OK 43 B URL HTTP/2 sync.quantumdex.io/setuid?bidder=ix&uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /setuid?bidder=ix&uid=0 HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ssum-sec.casalemedia.com/
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0d9a3c0a2b-ARN
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 3402bb71371c7646e6d4b3f8e90d2f34
ef24feb89cf95041cc4e1956d36a99a5a8c05b66
0f1af1d571415fe4dad5dbd1e0c2499e4c3bd07cc9a81005ea9f54d3582b5c4d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98789
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63908091-1d7"
Expires: Fri, 09 Dec 2022 13:19:09 GMT
Last-Modified: Wed, 07 Dec 2022 12:01:21 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Z2n6wrHyuyrfqkm5cTsYFSziz9CZwHpOOiFfnNQzNexqJ8XIcd1_ZA==
Age: 4668
match.adsrvr.org/track/cmf/rubicon
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/rubicon
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/rubicon HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
cti.w55c.net/ct/cms-2c-rubicon.html
200 OK 13 kB URL HTTP/2 cti.w55c.net/ct/cms-2c-rubicon.html
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (53556)
Hash 8974e4d91b50a8be2c3f32001ba7d48d
24538387df9c9f0811c7d275c419d909fb850954
ebdff3f1eb36e3953db7b49208c2b46079113e731db92b9f8b73d719c1e0b49f
GET /ct/cms-2c-rubicon.html HTTP/1.1
Host: cti.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 470270
cache-control: no-cache, must-revalidate
content-type: text/html
date: Thu, 08 Dec 2022 09:52:40 GMT
etag: "3055990060"
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Thu, 14 Oct 2021 17:36:30 GMT
p3p: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
pragma: no-cache
server: ECS (ska/F708)
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
content-length: 12841
X-Firefox-Spdy: h2
sync.quantumdex.io/setuid?bidder=appnexus&uid=0
200 OK 43 B URL HTTP/2 sync.quantumdex.io/setuid?bidder=appnexus&uid=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
GET /setuid?bidder=appnexus&uid=0 HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sync.quantumdex.io/
Connection: keep-alive
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: image/gif
content-length: 43
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0dca7c0a2b-ARN
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
302 Found 295 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d351a54e6fea94972b95c8719be0dbb3
6424de15817cddfb627c824dc22cab864126f4de
3b0b2e461988f20a8cf9708bb322f65030782172eadf9ddf3237da1f036839a1
GET /pixel?google_nid=rubicon&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
date: Thu, 08 Dec 2022 09:52:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 295
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 10:07:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cti.w55c.net/ct/cms-2-rubicon.min.js
200 OK 2.6 kB URL HTTP/2 cti.w55c.net/ct/cms-2-rubicon.min.js
IP
File type ASCII text, with very long lines (7803)
Hash 070130b03e9e59115db0e9840dde8376
01bfed4fa7e05c54040a4eded0fcb177aadfa907
61f9d78aa092c4b7073547c86387a858aae3dfcf0e63a82b36fca86553eeeff4
GET /ct/cms-2-rubicon.min.js HTTP/1.1
Host: cti.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cti.w55c.net/ct/cms-2c-rubicon.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 576877
cache-control: no-cache, must-revalidate
content-type: text/javascript
date: Thu, 08 Dec 2022 09:52:40 GMT
etag: "2570506054"
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Thu, 14 Oct 2021 17:36:33 GMT
p3p: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
pragma: no-cache
server: ECS (ska/F71B)
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
content-length: 2630
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Thu, 08 Dec 2022 09:52:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 10ae015a481b29d89da500c7d98243cf
11c12f0aeda31b6da539b9e6022033e29a124307
d654fa17b63be027de9d2554c7dc0c2d83bd57c8b343734e7f5d9d73bd87d8ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4524
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "639138b1-1d7"
Last-Modified: Thu, 08 Dec 2022 08:37:16 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 10ae015a481b29d89da500c7d98243cf
11c12f0aeda31b6da539b9e6022033e29a124307
d654fa17b63be027de9d2554c7dc0c2d83bd57c8b343734e7f5d9d73bd87d8ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4560
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Last-Modified: Thu, 08 Dec 2022 08:36:40 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
403 Forbidden 986 B URL HTTP/2 sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 13aca58ebe1f82c823dbcee66621dfb9
f700fa4c8db10be3df5fb575c6fbef9daa5d5ea5
9554d09a719c10b6a735f8629c634cf66c7d1081eb53282cca9826b756399bca
GET /profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54 HTTP/1.1
Host: sync.intentiq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: CloudFront
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html
content-length: 986
x-cache: Error from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: L7rj-J9-qSCVQuPCJpRA4LIqLLmgJ-R25oCHRfMG4QhYSvLuYTGKbw==
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 71RY6GX9WGD7MNNYP51V
Set-Cookie: ad-id=A0HyuKSQKkjKs_9jOIUHKYs|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 09:52:40 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
token.rubiconproject.com/token?pid=36584
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=36584
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=36584 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
token.rubiconproject.com/token?pid=27&a=1
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=27&a=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=27&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
token.rubiconproject.com/token?pid=2249&pt=n
302 Found 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2249&pt=n
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2249&pt=n HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
content-length: 0
simage4.pubmatic.com/AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
200 OK 348 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP
File type ASCII text, with very long lines (468)
Hash 4ffb929ffc3770d1925bf0c5ce1b4854
6f3ade694714ccbdfd5db077ce8b19bc490be9c7
ffbe6917f7ab4058e1525a81b8583a70d0526c77dcd85ba8e1eee39a9751cff0
GET /AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:39 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
200 OK 43 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 8T2EHRTPBYZV5BKB2BHK
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.digicert.com/
200 OK 76 kB IP
Hash f3c32d0578ed9b6a66e22691eed15730
4c6616616d3e5eea343a3fcb65402bae4c333d95
ce6f8e22d3c5b90ffd4c86bcc13ca11c6da30541183cef64296d4bf0fcc4a18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3105
Cache-Control: max-age=132490
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63910a51-1d7"
Expires: Fri, 09 Dec 2022 22:40:50 GMT
Last-Modified: Wed, 07 Dec 2022 21:49:05 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
pixel.rubiconproject.com/exchange/sync.php?p=a9us
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif
sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
302 Moved Temporarily 0 B URL HTTP/1.1 sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Date: Thu, 08 Dec 2022 09:52:40 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 180 1fd3e2d master cdg-pixel-x33 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=f6866391-b3e8-4800-ab4f-3545b8f2c722; domain=.mathtag.com; path=/; expires=Fri, 05-Jan-2024 09:52:40 GMT; SameSite=None; Secure
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=f6866391-b3e8-4800-ab4f-3545b8f2c722
Expires: Thu, 08 Dec 2022 09:52:39 GMT
ocsp.digicert.com/
200 OK 312 B IP
Hash b42ccbeb034ec7fff08b997734fd1e9a
02a910876f2f78b312b41afdb724e7bf323f97dc
ddb2658d02242ece014057e03325405f08b6909bb9702f0153ee232eeea0aa01
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4441
Cache-Control: max-age=112560
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "6390b73f-138"
Expires: Fri, 09 Dec 2022 17:08:40 GMT
Last-Modified: Wed, 07 Dec 2022 15:54:39 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 312
pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=f6866391-b3e8-4800-ab4f-3545b8f2c722
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=f6866391-b3e8-4800-ab4f-3545b8f2c722
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=4222&nid=1512&put=f6866391-b3e8-4800-ab4f-3545b8f2c722 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif
ocsp.digicert.com/
200 OK 471 B IP
Hash 35f84b79ea77a294eda791c95ca65c5f
f3a745a80ddcb1a0fa2a41add2ca27d16d581134
676dbd61920ca4d0bac57c356c970e17ffcef45ad15f603d348eb96b7f98956c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3805
Cache-Control: max-age=149410
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "639149ad-1d7"
Expires: Sat, 10 Dec 2022 03:22:50 GMT
Last-Modified: Thu, 08 Dec 2022 02:19:25 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D32128%26nid%3D2915%26put%3D[sas_uid]
302 Found 0 B URL HTTP/1.1 sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D32128%26nid%3D2915%26put%3D[sas_uid]
IP
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?gdpr=0&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D32128%26nid%3D2915%26put%3D[sas_uid] HTTP/1.1
Host: sync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
content-length: 0
date: Thu, 08 Dec 2022 09:52:40 GMT
cache-control: no-cache,no-store
location: https://sync.smartadserver.com:443/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
pragma: no-cache
set-cookie: TestIfCookie=ok; expires=Mon, 01 Jan 0001 00:00:00 GMT; domain=.smartadserver.com; path=/
TestIfCookieP=ok; expires=Fri, 08 Dec 2023 09:52:40 GMT; domain=.smartadserver.com; path=/
pbw=%24b%3d12100%3b%24o%3d11100; expires=Fri, 08 Dec 2023 09:52:40 GMT; domain=.smartadserver.com; path=/
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID
302 Found 0 B URL HTTP/2 ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID HTTP/1.1
Host: ssp.disqus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sync.quantumdex.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 08 Dec 2022 09:52:40 GMT
content-length: 0
location: https://cs.iqzone.com/a6da5bf591376177b08e1eb90117169d.gif?puid=[UID]&gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3DCid1YS1iZDkzYzVhNi1hNDhhLTMwNjItYTllYi00OWRiMWIyZDIwNGEQ____________ASpgaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj16ZXRhLWdsb2JhbCZ1aWQ9dWEtYmQ5M2M1YTYtYTQ4YS0zMDYyLWE5ZWItNDlkYjFiMmQyMDRhMgIaEjgB
vary: origin
cache-control: no-store
pragma: no-cache
expires: 0
set-cookie: zeta-ssp-user-id=ua-bd93c5a6-a48a-3062-a9eb-49db1b2d204a; Max-Age=31536000; Expires=Fri, 08 Dec 2023 09:52:40 GMT; Path=/; Domain=disqus.com; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 4070621ca644d7841d0aba68a8d900c4
38e6616ffdce5b6488fab512d438e06c1cdea3d0
5af42f55fcfc1c201aee386ae41ba73811b6eec6a72f2d2a620aa5596f3caada
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93393
Date: Thu, 08 Dec 2022 09:52:40 GMT
Etag: "63906cd0-1d7"
Expires: Fri, 09 Dec 2022 11:49:13 GMT
Last-Modified: Wed, 07 Dec 2022 10:37:04 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RuUkpwjo8FCXAZmJ91BwXhDAGT_e-QmrdNPONcSsfZ0p6tel4I8uBA==
Age: 4329
sync.smartadserver.com/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
200 OK 0 B URL HTTP/1.1 sync.smartadserver.com/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
IP
ASN #201081 SmartAdServer SAS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1 HTTP/1.1
Host: sync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-length: 0
date: Thu, 08 Dec 2022 09:52:40 GMT
pm.w55c.net/pingmatch.gif
302 0 B URL HTTP/1.1 pm.w55c.net/pingmatch.gif
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pingmatch.gif HTTP/1.1
Host: pm.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cti.w55c.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302
Cache-Control: no-cache, must-revalidate
Date: Thu, 08 Dec 2022 09:52:40 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://pm.w55c.net/pingmatch.gif?scc=1
Pragma: no-cache
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0c6774dcbd8510e59@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=4epdDmE41P3dA55; Domain=.w55c.net; Expires=Sun, 07-Jan-2024 19:52:41 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive
pixel-us-east.rubiconproject.com/exchange/sync.php?p=pbs-valueimpression
204 No Content 0 B URL HTTP/1.1 pixel-us-east.rubiconproject.com/exchange/sync.php?p=pbs-valueimpression
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=pbs-valueimpression HTTP/1.1
Host: pixel-us-east.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 0190a17a18f2299b1b85aeb1793e601c
Content-Type: image/gif
pm.w55c.net/pingmatch.gif?scc=1
204 0 B URL HTTP/1.1 pm.w55c.net/pingmatch.gif?scc=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pingmatch.gif?scc=1 HTTP/1.1
Host: pm.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cti.w55c.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204
Cache-Control: no-cache, must-revalidate
Date: Thu, 08 Dec 2022 09:52:40 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0c6774dcbd8510e59@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Connection: keep-alive
b1sync.zemanta.com/usersync/rubicon/
302 Found 109 B URL HTTP/1.1 b1sync.zemanta.com/usersync/rubicon/
IP
File type HTML document, ASCII text
Hash da91b0bebbbc88996f7fbc89fb2e26ed
b5d4536ac72b8ae1b84f19e04b8fc89b03b9af7d
23465be5cbf42ea06d10032446b2950d4e0993c70f5a7e7af666480d5ce65800
GET /usersync/rubicon/ HTTP/1.1
Host: b1sync.zemanta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Content-Length: 109
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
Pragma: no-cache
Date: Thu, 08 Dec 2022 09:52:41 GMT
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: B09AZ2JND22F5VJX3675
Set-Cookie: ad-id=Azakb8Yd30remw3j3vGzb54|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 09:52:41 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ib.adnxs.com/async_usersync?cbfn=queuePixels
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 1b1564f1-719e-4a59-98d8-307336267e13
Set-Cookie: uuid2=4224199262581708061; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:41 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=144598&nid=3992&expires=30&put= HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9cd79c6ed730b550df10ca9951377aa3
28a9b8fa861d38db372cb16ed4a55bf48ef37f3b
cc243feae33d3ff19445489f57af3ea575c6d0952ca61405e2b3e871ad515101
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=118509
Date: Thu, 08 Dec 2022 09:52:41 GMT
Etag: "6390cdd6-1d7"
Expires: Fri, 09 Dec 2022 18:47:50 GMT
Last-Modified: Wed, 07 Dec 2022 17:31:02 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZdyavjbHRO5MmDzPSg69v6KKTinj_xxZQe3Zu2EZR0qftfV6LZyjbg==
Age: 4608
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 0b0a626a-8d72-437b-afb7-c616fbcb963d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/async_usersync?cbfn=queuePixels
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 05bddd54-2148-41e4-8f4f-061ab336c346
Set-Cookie: uuid2=3986517649005975179; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Mar-2023 09:52:41 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: deaf4674-6bd0-4df2-a785-716e6e9e31b3
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Thu, 08 Dec 2022 09:52:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 2VVX3Y2GBZK5KH07DHK6
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
www.storygize.net/ccm/729e4e94-63c3-438d-8ce4-184eb34e703f
302 Found 0 B URL HTTP/1.1 www.storygize.net/ccm/729e4e94-63c3-438d-8ce4-184eb34e703f
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ccm/729e4e94-63c3-438d-8ce4-184eb34e703f HTTP/1.1
Host: www.storygize.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
cache-control: no-cache, no-store, must-revalidate
expires: 0
Location: https://pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=37cf273d-6031-4a9e-b4c2-17b86d952301
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Pragma: no-cache
set-cookie: U=; Max-Age=0; Expires=Thu, 08 Dec 2022 09:52:41 GMT; Path=/; Domain=.storygize.net
Content-Length: 0
Connection: keep-alive
pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=37cf273d-6031-4a9e-b4c2-17b86d952301
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=37cf273d-6031-4a9e-b4c2-17b86d952301
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=1172318&nid=5570&put=37cf273d-6031-4a9e-b4c2-17b86d952301 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f95b187e6a28596aac27b2a147b93c10
db840bba2a1b203955970300dd4799be965d66c0
a27c431a9eb0c40cd38865cb2d175b27572b82fb67b4b958578b1c5f03757204
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A27C431A9EB0C40CD38865CB2D175B27572B82FB67B4B958578B1C5F03757204"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6477
Expires: Thu, 08 Dec 2022 11:40:38 GMT
Date: Thu, 08 Dec 2022 09:52:41 GMT
Connection: keep-alive
rcp.c.appier.net/rbcm
302 Found 131 B IP
File type HTML document, ASCII text
Hash 8e1d038c886a37f519a511211b1536ab
ce8985c4cae3133c6341b223f8203ae3b4a477b7
6bc7b93573d20a6792ea3705633746af97d457b88d745bf4f099414073f80330
GET /rbcm HTTP/1.1
Host: rcp.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 08 Dec 2022 09:52:41 GMT
content-type: text/html; charset=utf-8
content-length: 131
cache-control: no-store
location: https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=T2B7jQLvAQ-lS1aZ6bORYw&expires=365
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=T2B7jQLvAQ-lS1aZ6bORYw; Path=/; Domain=c.appier.net; Expires=Fri, 08 Dec 2023 09:52:41 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=T2B7jQLvAQ-lS1aZ6bORYw&expires=365
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=T2B7jQLvAQ-lS1aZ6bORYw&expires=365
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=70596&nid=3632&put=T2B7jQLvAQ-lS1aZ6bORYw&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif
www.bigmp3db.com/1duwt.json
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 313
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
cdn.onnetwork.tv/js/player90/embed.min.js?s=1670407359
200 OK 0 B URL HTTP/2 cdn.onnetwork.tv/js/player90/embed.min.js?s=1670407359
IP
GET /js/player90/embed.min.js?s=1670407359 HTTP/1.1
Host: cdn.onnetwork.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://video.onnetwork.tv/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: XO.webservantpro
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/javascript
last-modified: Wed, 07 Dec 2022 10:02:39 GMT
vary: Accept-Encoding
etag: W/"639064bf-11889"
expires: Mon, 26 Jun 2023 09:52:37 GMT
pragma: public
cache-control: max-age=17280000, public
strict-transport-security: max-age=31536000
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 207
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 210
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:36 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=mcxsureshot.com&sn=FirefoxSyncframe&so=0&topUrl=ga.mcxsureshot.com&info=bYdniV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNEWVZjUnVGcDhHaHVPVTBOS285VFA0&idsd=-405907259,2026847496&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=mcxsureshot.com&sn=FirefoxSyncframe&so=0&topUrl=ga.mcxsureshot.com&info=bYdniV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNEWVZjUnVGcDhHaHVPVTBOS285VFA0&idsd=-405907259,2026847496&cw=1&lsw=1
IP
GET /sid/json?origin=publishertag&domain=mcxsureshot.com&sn=FirefoxSyncframe&so=0&topUrl=ga.mcxsureshot.com&info=bYdniV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czR2b2VsMXBNUjYlMkZhczMxZjVZJTJGckNEWVZjUnVGcDhHaHVPVTBOS285VFA0&idsd=-405907259,2026847496&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ga.mcxsureshot.com&gdpr=1&gdpr_consent=CPjsQbtPjsQbtAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 6331496
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Fri, 09 Dec 2022 09:52:38 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
std.wpcdn.pl/wpjslib6/wpjslib-sync.js
200 OK 0 B URL HTTP/2 std.wpcdn.pl/wpjslib6/wpjslib-sync.js
IP
ASN #12827 Wirtualna Polska Media S.A.
GET /wpjslib6/wpjslib-sync.js HTTP/1.1
Host: std.wpcdn.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ssp.wp.pl
Connection: keep-alive
Referer: https://ssp.wp.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: application/javascript
last-modified: Wed, 07 Dec 2022 13:29:04 GMT
x-rgw-object-type: Normal
etag: W/"d8dfe523e4b7b95464256857c269aeaa"
cache-control: max-age=900, stale-while-revalidate=86400
content-encoding: br
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-max-age: 300
timing-allow-origin: *
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.min.js?f76a5ef
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.min.js?f76a5ef
IP
ASN #24940 Hetzner Online GmbH
GET /1duwt.min.js?f76a5ef HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
cache-control: max-age=300
expires: Thu, 08-Dec-2022 11:57:35 EET
duration: 627962
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
get.optad360.io/sf/prebid7.11.1.js
200 OK 0 B URL HTTP/2 get.optad360.io/sf/prebid7.11.1.js
IP
GET /sf/prebid7.11.1.js HTTP/1.1
Host: get.optad360.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 20 Nov 2022 01:07:21 GMT
last-modified: Fri, 02 Sep 2022 05:12:45 GMT
etag: W/"7cb55d774e623c3e166bda0a818df497"
cache-control: public, max-age=360000000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: biC6ZPtwHIr2wIY8h185S4q95c5HIfNFtgVPi2-iz-c4FeNdj1oXBw==
age: 1586715
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 82
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
simage4.pubmatic.com/AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
200 OK 0 B URL HTTP/2 simage4.pubmatic.com/AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy=
IP
GET /AdServer/SPug?o=1&p=160120&sc=1&u=831F0B92-9AFA-433A-B4B7-298D2B51A2EF&rs=3&gdpr=0&gdpr_consent=&us_privacy= HTTP/1.1
Host: simage4.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:39 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
www.bigmp3db.com/1duwt.json
200 OK 0 B URL HTTP/2 www.bigmp3db.com/1duwt.json
IP
ASN #24940 Hetzner Online GmbH
POST /1duwt.json HTTP/1.1
Host: www.bigmp3db.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 280
Origin: https://ga.mcxsureshot.com
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 09:52:37 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
ga.mcxsureshot.com/metformin-puren-9184
200 OK 0 B URL HTTP/2 ga.mcxsureshot.com/metformin-puren-9184
IP
GET /metformin-puren-9184 HTTP/1.1
Host: ga.mcxsureshot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:35 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.15
cache-control: max-age=86400
expires: Fri, 09 Dec 2022 09:52:35 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kiAzvfx%2BTAoHnBDJlwBAKEQZ9WeSdnSInfbdS1aMM8mYMROEZ0wRf9tksIkK%2FRDvg1wQek16NL8G7QDySijYYlTV%2BJCjb6eSMCOaetyBJdHIfU5qpZ%2FNgtlMQqok2HZJ9fPpTvk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77649beaae28b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:38 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 119037
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_31bg0
200 OK 0 B URL HTTP/2 widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_31bg0
IP
GET /v1/urls/count.json?url=http%3A%2F%2Fga.mcxsureshot.com%2Fmetformin-puren-9184&callback=window._ate.cbs.rcb_31bg0 HTTP/1.1
Host: widgets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-content-type-options: nosniff
access-control-allow-origin: *
content-type: application/javascript
cache-control: must-revalidate, max-age=887
expires: Thu, 08 Dec 2022 10:07:37 GMT
x-envoy-upstream-service-time: 3
x-pinterest-rid: 2573257221029222
date: Thu, 08 Dec 2022 09:52:37 GMT
age: 0
content-encoding: br
vary: accept-encoding
accept-ranges: none
X-Firefox-Spdy: h2
sync.quantumdex.io/usersync/pbjs
200 OK 0 B URL HTTP/2 sync.quantumdex.io/usersync/pbjs
IP
GET /usersync/pbjs HTTP/1.1
Host: sync.quantumdex.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ga.mcxsureshot.com/
Cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 09:52:40 GMT
content-type: text/html
set-cookie: uid=879b7a94-b156-4262-9f72-7f4de9cd864c; expires=Sun, 18 Dec 2022 09:52:40 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 77649c0a8ee40a2b-ARN
content-encoding: gzip
X-Firefox-Spdy: h2
188.114.96.1
216.58.207.234
37.59.235.100
23.38.200.189
69.173.144.138
185.177.94.108
104.22.36.96
185.184.8.90
212.77.99.29
37.157.6.233
87.250.251.119
188.42.191.196
172.105.213.147
54.239.33.159
104.88.9.101