firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 10:52:42 GMT
Expires: Sat, 22 Oct 2022 11:26:04 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LDeUnZwwva3Xlco6Qy4RShVWevxPThDSJtb5vGaRt43t26TN2OHcNA==
Age: 564
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15440
Expires: Sat, 22 Oct 2022 15:19:26 GMT
Date: Sat, 22 Oct 2022 11:02:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9dc4f23f82148797f6d8041bdda3c7f7
6841ded3e2dd94fd762316d01efd43f7aafb8354
e229db1854a85b320cee574e805210f3adf5797136ea820c0a0ce9abcd63d4dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E229DB1854A85B320CEE574E805210F3ADF5797136EA820C0A0CE9ABCD63D4DD"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2409
Expires: Sat, 22 Oct 2022 11:42:15 GMT
Date: Sat, 22 Oct 2022 11:02:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RFK051tS23s54ZJSzzOTcKzuoln8q46vkloFcmNZra09NvMUPWoNGmBnBe0Hk/hq7l0CYmX7RGU=
x-amz-request-id: FVY9XWGY4A0T6M7M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 10:07:35 GMT
age: 3271
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5ca423d8630578af5cd93845c4d4e59e
bd50abe14dad9aa62027ee15bf8828efbc516e98
f65735c0e537582936dc805a640bad56812bbb597d24fc2fc5d2170e9594758e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F65735C0E537582936DC805A640BAD56812BBB597D24FC2FC5D2170E9594758E"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17231
Expires: Sat, 22 Oct 2022 15:49:18 GMT
Date: Sat, 22 Oct 2022 11:02:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 10:43:40 GMT
Expires: Sat, 22 Oct 2022 11:17:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VyW4yl2fA6zGd36iJPIa-EZmquaBnLIby4t_LoHs48-mVvxOXI-Czg==
Age: 1107
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ebdaa5b9b16c93c8047d1b7563c5cced
0a76e0fef08c18b582679d8d8fd2b17be5193793
d1eafaad63f0032f08714bc74b9a3cffa486bf1e37f32b3764207527b9d52e1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1EAFAAD63F0032F08714BC74B9A3CFFA486BF1E37F32B3764207527B9D52E1C"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12091
Expires: Sat, 22 Oct 2022 14:23:38 GMT
Date: Sat, 22 Oct 2022 11:02:07 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 22 Oct 2022 11:02:07 GMT
age: 3402710
x-served-by: cache-fra19141-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
ad.sitemaji.com/ysm_reurl.js
200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Fri, 21 Oct 2022 15:10:12 GMT
expires: Sat, 22 Oct 2022 15:10:12 GMT
cache-control: max-age=86400,public
age: 71515
last-modified: Thu, 20 Jun 2019 08:48:16 GMT
etag: W/"5d0b4850-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 22 Oct 2022 11:02:07 GMT
age: 2800073
x-served-by: cache-fra19175-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/init.js
200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:45 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TKudV0GqDz5a1Le9vUSXSgDvPIg_dOvo6xBzZBNQiV2pPa3q5hsWtQ==
age: 35
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2504
Cache-Control: max-age=164782
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:07 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 08:48:29 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 17c088dedd1cd44b8555b3cecdc74c02
6f27d7bb6e3b99b0b96418222171ba127ed77e53
1d25b3888adc7155ed8032abcd0f6e4a3317d8827d3f28cb238976cb4ddcf7ba
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:07 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "043D5B51D2D3B4F52E7B510AA71EED0B7580A6D2"
Expires: Sat, 22 Oct 2022 22:00:00 GMT
Last-Modified: Sat, 22 Oct 2022 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1733
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e1bd29d918b503-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ebdaa5b9b16c93c8047d1b7563c5cced
0a76e0fef08c18b582679d8d8fd2b17be5193793
d1eafaad63f0032f08714bc74b9a3cffa486bf1e37f32b3764207527b9d52e1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1EAFAAD63F0032F08714BC74B9A3CFFA486BF1E37F32B3764207527B9D52E1C"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12091
Expires: Sat, 22 Oct 2022 14:23:38 GMT
Date: Sat, 22 Oct 2022 11:02:07 GMT
Connection: keep-alive
reurl.cc/stylesheets/rwd/style.css?v=1
200 OK 1.4 kB URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP
Hash 8026d4255acb66d86ae9b4bd68b012db
1df452904fd7debed1a56795625ccdec973a4405
b50950b8cc7284845fa9de5f54e6f7e8d164ed571a4529e05e6132a51b626616
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/dWMEgV
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: text/css
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-9f6"
expires: Sun, 22 Oct 2023 11:02:07 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/loading.js
200 OK 4.9 kB URL HTTP/2 reurl.cc/javascripts/loading.js
IP
Hash 6b8d22d9ddaeefc58711bd63e6d9c778
72e847d0e3928697b963acb029517cb9cb499a9f
af4d95f973283489644afdbc7e37266f3c3f8e02c421fd6e8dd4891d2543175b
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/dWMEgV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-86"
expires: Sun, 22 Oct 2023 11:02:07 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/edmp_init.js
200 OK 662 B URL HTTP/2 cdn.holmesmind.com/js/edmp_init.js
IP
File type ASCII text, with very long lines (662), with no line terminators
Hash f58f8a90686f8ffb3325107e8a788b71
d85d37486b87503e0631ff0ee83d95316783cf09
28248d4886fe85d725c1a6d3b2340a1bde6a7ffcadfac53ada50f78a9e707d5c
GET /js/edmp_init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 662
last-modified: Fri, 12 Mar 2021 02:45:40 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:45 GMT
etag: "f58f8a90686f8ffb3325107e8a788b71"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 485Bn2-eWQ8kE2cJMTk2PMp3reKpKAZAzeu2uptw4D1al3FiX6n2NA==
age: 30
X-Firefox-Spdy: h2
reurl.cc/javascripts/ga2.js?v=2
200 OK 5.6 kB URL HTTP/2 reurl.cc/javascripts/ga2.js?v=2
IP
Hash 0b206b6bc2b0cd7b61cb4b160b4613d3
0a5217c7afb1125f2d56471b74f201f42f5eb6b8
022b6270c5863bcbbc12514772c4dc3a32f0148d8b5cf4b09b70d7f7ae65e42b
GET /javascripts/ga2.js?v=2 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/dWMEgV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-218"
expires: Sun, 22 Oct 2023 11:02:07 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
200 OK 9.6 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP
File type C source, ASCII text, with CRLF line terminators
Hash 760acffabe0db50f11b07aec24b247c5
abe88d6ea4d1991b97348fef54bd444d8abcdf6f
9d50879eaa5642b8cf7aa54a56c90c91beb7c08132e76be852929263a5df7df7
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9628
last-modified: Thu, 20 Oct 2022 05:58:48 GMT
x-amz-version-id: VaSpewhnvI6bFcTAqatFk5SqvLFpxvJd
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:45 GMT
etag: "760acffabe0db50f11b07aec24b247c5"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0DjonUsotyQemn8AwLRviI16VoPSrDk5rQQi_9fxlL2h6qfnpXnZ6A==
age: 52
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vXI4Opiw+VTWhvfVhdtQlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FzVVDE64GoSzx4ywBzMPqw5w4Uk=
cdn.holmesmind.com/js/rtbhouseV2.js
200 OK 2.8 kB URL HTTP/2 cdn.holmesmind.com/js/rtbhouseV2.js
IP
File type ASCII text, with CRLF line terminators
Hash 6a605eea47197fa280f27aaf1fa1521d
98323891b349b333d5aef521c4d33e1b8455e4fb
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
GET /js/rtbhouseV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2773
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:46 GMT
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 570M90Ejm09fb7VY0DYRUWo2cXCxlQlfitgMozxtke_y-ZDxc4ck4g==
age: 52
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/criteoV2.js
200 OK 2.4 kB URL HTTP/2 cdn.holmesmind.com/js/criteoV2.js
IP
File type HTML document, ASCII text, with CRLF line terminators
Hash e8f33fcb581483ced4a09b3c8e7550e4
278fdeb6bf2871b7a3a3ca9becef10582e8e87e0
e2db1774aabd2443e6c741954f5e1071912a7a99f6e4151bc83d342554976d32
GET /js/criteoV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2443
last-modified: Tue, 04 Aug 2020 09:25:12 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:46 GMT
etag: "e8f33fcb581483ced4a09b3c8e7550e4"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GzUpzGxxOMxG6dk_u2Js43dQhmvpZFZawMx0PclPzF-zVuuMTrHvqQ==
age: 52
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
200 OK 3.2 kB URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP
File type ASCII text, with very long lines (3177), with no line terminators
Hash 548ed610a8571343fb3022f543174735
2e9d891cd6e9345ab1b6489030b4a1ccff1c4e54
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:46 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tXRCcjSIpBYZhtLdx_4tnt3ZTUMqp2xEpNM0u5RpGwb4UmB4tFMqqA==
age: 52
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 2eaba36da86177a324dc3f59051e88f8
8248e37c850c10c13b3b55e85e81869984ff98ea
c62416a009668f178cc78773d72276b0d2999cad0ec94cf8ccbfe1090c3bd844
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3676
Cache-Control: max-age=100436
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Etag: "6352a4a8-1d7"
Expires: Sun, 23 Oct 2022 14:56:04 GMT
Last-Modified: Fri, 21 Oct 2022 13:54:48 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
cdn.holmesmind.com/js/bridgewellV3.js
200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:02:08 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vKOGE4a3qCJpADTAQWZC_nrdkZmDLiWLZVgIO0Bvo6WaY7RcadJYFQ==
age: 52
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
IP
Hash 19bb69ec2c69e437abe15201cd9d402a
17a2cc8f14dfffc1f4ac953697a66021bd638431
6ca32825bf4b8db91d4c40ad808ca705821759b82fd399d73b22a03e0638aa07
POST /s/gts1d4/WnnVaKpG-Cc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.holmesmind.com/js/appier_mainV3.js
200 OK 5.9 kB URL HTTP/2 cdn.holmesmind.com/js/appier_mainV3.js
IP
File type ASCII text, with CRLF line terminators
Hash b678af4b54f33f8ef194167ea87bc296
31c5701bf0b65364e4f7eb540d9efb258cf37ef4
fe209c42003e23036615034182bbd3d224e3948a61e192953636b89c8a9ea458
GET /js/appier_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 5925
last-modified: Tue, 18 Oct 2022 09:50:43 GMT
x-amz-version-id: QNf_HVa__9WDJ9903hLaQWAhMnzhWu2z
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:02:08 GMT
etag: "b678af4b54f33f8ef194167ea87bc296"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -2ZxRHioQUkq1XlLdjD-RNJCe5c-iFf7mfi4umYluX6Mc8xn6LBaqQ==
age: 37
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yS/r/FGasx_8C7gf.js?_nc_x=Ij3Wp8lg5Kz
200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yS/r/FGasx_8C7gf.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (5542)
Hash 4cf1fcc02a5ef9bb5026c86e81de86b7
117fee44e5d72d45a18f30ecce0ce1499f4f251b
782aab35ee390e00a0b761ce9fc9409d411f47e3d5e4d1c1d215c7decd955dbc
GET /rsrc.php/v3/yS/r/FGasx_8C7gf.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 18 Oct 2023 07:10:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: TPH8wCpe+btQJshugd6Gtw==
x-fb-debug: bX+X9kj30Bf4tsWdA/Ppzr70aG7gdP5aErJls3GvW2sLjqPeMzTryPTHVPGN8T7JyVBOGtJGJGnGFeFvE1Z6JQ==
content-length: 12272
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yX/r/76tkIkr2Q1e.js?_nc_x=Ij3Wp8lg5Kz
200 OK 7.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yX/r/76tkIkr2Q1e.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (4488)
Hash 3a040f92c6f0bf5a0b7e3a66984923ca
4dfc1824b71c70855b5580accd815e2c1cd05ae8
7a5cfb69fe2ab2532adbc3aa276d1bdfcadb4811de97171fa86cefb4b5e572e9
GET /rsrc.php/v3/yX/r/76tkIkr2Q1e.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 21 Oct 2023 15:07:41 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: OgQPksbwv1oLfjpmmEkjyg==
x-fb-debug: ax1SFQlefOAWtRQEcU5tXXz1R1X+xVBpx4aTDU1R1gs8Oep7HrepdHb47lWfqbAUNHn/39l6IHkOe44kbvbg2A==
priority: u=3,i
content-length: 7028
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y-/r/dmtE6195c4_.js?_nc_x=Ij3Wp8lg5Kz
200 OK 5.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y-/r/dmtE6195c4_.js?_nc_x=Ij3Wp8lg5Kz
IP
File type C source, ASCII text, with very long lines (10494)
Hash 3640fc7180c04a5254d4612136f1688a
1e4e05a7bfc9ccedebe2da739d473ac687ad9743
d7dcbe8b143d5f00dd91f8834059712ff7e778cc9a8246d296cc6073fc10a044
GET /rsrc.php/v3/y-/r/dmtE6195c4_.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:18:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: NkD8cYDASlJU1GEhNvFoig==
x-fb-debug: ZvNdzjaTNkWCF/b23fbkY1vlCoTBkWo4zcjifAqQVRIk1qLMlXy045KN8uLUkwI4tiGlwcDXqj2SL0DDDHD0IA==
content-length: 5804
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y1/r/iKOdrVwIJO6.js?_nc_x=Ij3Wp8lg5Kz
200 OK 8.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y1/r/iKOdrVwIJO6.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (9885)
Hash 002a9c8abdc294791435d5d30a9bcf0a
c47743eebae4ca6e170938b41180472c523ffe4c
f0f2f9725a89823e55c89a7bdbc8130ab0e06d2cecae53cff01e74299edd232f
GET /rsrc.php/v3/y1/r/iKOdrVwIJO6.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:18:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ACqcir3ClHkUNdXTCpvPCg==
x-fb-debug: QOtbBZnD9ynYOkbtXgEXzmPXI8Qg8t04nSFNp/BuC9IcISPW/qB+08EZN/7dyfdNCN1FIHf9V8Nn14Ufu4lVMw==
content-length: 8427
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz
200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz
IP
File type C source, ASCII text, with very long lines (8260)
Hash 423680c027a5a6cbfb893e2bbbe5fb30
d0ec94ab46f900be668765770ae683b1d490ecf6
08db3ae44ff2ed1801c8f61b8ef60cf7e713788d3cdc7b93f1dd15849c2e5c98
GET /rsrc.php/v3/yj/r/5I68SGTEBGz.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 20:11:08 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: QjaAwCelpsv7iT4ru+X7MA==
x-fb-debug: emNmOH/inhw8wUPkGUVLvYM28hso+z5owrNUalWbAwCQaQdwESGPP5pvYsBMRexQgTN1v+k5RvV3GAck6wzdmw==
priority: u=3,i
content-length: 16192
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz
200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (18610)
Hash 05c865bdb03fd355ecf1a3914bcbddca
388bfa02d8f49cd1e562f8e3edb7dbd4d1750526
88b309525161c6f4bfa256662f484c7f88eab8680592e46cc85e94d6a2e2a4ba
GET /rsrc.php/v3/yP/r/1ridkJUzL6Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 22:04:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: BchlvbA/01Xs8aORS8vdyg==
x-fb-debug: l2h5VieRR+5C00L3byj8GZNbzVMJIaiSr/foyROerH6Mc6SfAi/DTVvebb/crSZ8WEVNbsAPOb202hF0xtAiBQ==
content-length: 91043
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6a13149ad059d90f2df73d4f6f557bec
1cc34eda10b27c98283c78da5c789ec2c893e77f
a366838c30f68f5c5ed60d3f24fc71170847837ea807f5a2037e30fe9e14c8eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A366838C30F68F5C5ED60D3F24FC71170847837EA807F5A2037E30FE9E14C8EB"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5565
Expires: Sat, 22 Oct 2022 12:34:53 GMT
Date: Sat, 22 Oct 2022 11:02:08 GMT
Connection: keep-alive
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
200 OK 338 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (327)
Hash 76f593e842677f73cd0a06232874b2c3
25a13f79478d5a0e286a2299dca2f3b296463079
74dcbe026002f10b703960a500b50dabe518862e568a9e689dec7afa243fa44d
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 04:18:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dvWT6EJnf3PNCgYjKHSyww==
x-fb-debug: jvMMkWp0zEPspJ7WeDDnyXphP79JaCse+ztHPEdhQU9YXagggBpDTu8Jf2ehtU1A6rtF5+qV38QynedsCu5BOg==
content-length: 338
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 22:50:13 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: 6TBMwai3S1JoI37VvgOAe6fwl2WksmrTDvx8J/n3OhkvDiVij59aJ8oY54m6GqU5fY4j1fmOvkR6QRm7kt8TuQ==
content-length: 827
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (8976)
Hash 174ff3b8c8b7f00c28c803e59feb7d19
2f4bf1e0b1dd1eb314d815600c464b50234c107e
0b51f9dc7a21b8e5e6c96be8002460525a065998afbff954b038ab0e0e42618d
GET /rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 21:44:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: F0/zuMi38AwoyAPln+t9GQ==
x-fb-debug: QW2E9+YYu1k+lDn8Y6KH3vVmWIhX1gYoi8srvYhFGqDRlXagHaCDIGoZ/oJDmthxjOqeEVGMOn2o1XUVR5M/rw==
content-length: 6422
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/8Gt1dIKQD8D.css?_nc_x=Ij3Wp8lg5Kz
200 OK 4.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/8Gt1dIKQD8D.css?_nc_x=Ij3Wp8lg5Kz
IP
File type assembler source, ASCII text, with very long lines (2642)
Hash 39e8abe4b84fbbb4f97294db6ba1b2ee
5e9b79d39efab8d0dcbcf62039a582045b4625f1
41a1396888a6656bb13557b0063f083b83a3bc3329607318959e0c6b90e460f8
GET /rsrc.php/v3/yZ/l/0,cross/8Gt1dIKQD8D.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 21 Oct 2023 16:09:12 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Oeir5LhPu7T5cpTba6Gy7g==
x-fb-debug: RHktnGbU8B0DtRtKbEPcKjebvtSI9zgJcM1mwhS+N+HrPRDqXN3Vljy4gceqjzLTHRaSPN4zrmTClm37hdoz2w==
priority: u=3,i
content-length: 4766
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz
200 OK 7.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (2905)
Hash 950c261533c6a05f36c3ec2562963ecb
65cbaffa72eb8dafe5b43aec833435170c02b15d
4c9b051d6cba504010fc8ebdba2ca7da807224e44ad7e9798bb25b90069a3e11
GET /rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 22 Oct 2023 01:06:59 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lQwmFTPGoF82w+wlYpY+yw==
x-fb-debug: 48Cy/X7/DFf/fDB3l++53a+2zNfRbBUJjYvVU1vGubibAGF5RxqWSCBGV4cMFblV01YxTqqqRmeDcVdkWXTfcw==
content-length: 7089
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yW/r/W2FVX4LL8mi.js?_nc_x=Ij3Wp8lg5Kz
200 OK 7.9 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yW/r/W2FVX4LL8mi.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (4651)
Hash 188ee392f89ca54d8ac77753e8b3c59b
a14981f5ca02d4eedefc765d04d83adc9ead7e03
51ec31cf68f863e29130e6ce4917465bc89e2ca8a37f071da53e482a23c31784
GET /rsrc.php/v3/yW/r/W2FVX4LL8mi.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 21 Oct 2023 15:11:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: GI7jkvicpU2Kx3dT6LPFmw==
x-fb-debug: t4wWxj5TlBu+QORmAHwHY5YyaxvNZ4DYMPCSUb5e0yQNBB7LTCVQpVTTp7ojDJLsnsFPqxz1fjUmn6yynMpgWA==
content-length: 7894
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6a13149ad059d90f2df73d4f6f557bec
1cc34eda10b27c98283c78da5c789ec2c893e77f
a366838c30f68f5c5ed60d3f24fc71170847837ea807f5a2037e30fe9e14c8eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A366838C30F68F5C5ED60D3F24FC71170847837EA807F5A2037E30FE9E14C8EB"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5565
Expires: Sat, 22 Oct 2022 12:34:53 GMT
Date: Sat, 22 Oct 2022 11:02:08 GMT
Connection: keep-alive
static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (4061)
Hash d1ba68f146b01f4aef60d79aadb926ea
c6b4703c25d07fd2363e5d67d11e4846d9979b26
abbff04acf96f39a3121ed97505b5a23cbeee9057dd7040c58c4e423c899805d
GET /rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 21:44:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0bpo8UawH0rvYNearbkm6g==
x-fb-debug: iNVBAILEV7J3mL/qwsyOv82as7/LMuQCQc0lJTdvx7eZSPB9V8frrpyZDj//suY0C+9Kuvvjc7auHWsI3+Qdug==
content-length: 7236
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
200 OK 32 kB URL HTTP/2 www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27337)
Hash 49a05c5585b40a46ef700361b1303bc7
dddb0e252a247101e1baa1cca7c13947b470b099
3d8c65dc0b9b073e206809d7af9fb47a9cd042475332dab85c39aab5f5743d76
GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: GbNWqfzXNwFRrzjZpfX06/DXKCKupTglJXJnLmA32nuzurFwFjJPcVX41EiDLASHiFOem+0maloBFeI3yGTQ2Q==
date: Sat, 22 Oct 2022 11:02:07 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
s.yimg.com/dy/ads/native.js
200 OK 30 kB URL HTTP/2 s.yimg.com/dy/ads/native.js
IP
ASN #203220 Yahoo! UK Services Limited
Hash 94635da8a90071ff0acd2aa472406763
c98120688620209acb26c0dc9e7b43de779748ab
5104bd851fd5c399e6892629066209d5809bcf269a0ef7b20b20d45099de556d
GET /dy/ads/native.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: oBL/TgWvLNfLp+lwvfKrJrILN/7psWaC5wBLuJqIkbZRMUpRvgVfQtovbOoRWi4gLwwpKjrTZ70=
x-amz-request-id: 6M8H46YP9DRP9WZ8
date: Sat, 22 Oct 2022 11:01:53 GMT
last-modified: Tue, 08 Feb 2022 12:02:57 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=600
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
etag: "7e002e241fddeeb8dd76383206c47a3d-df"
age: 16
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yf/r/FLvtonlSna1.js?_nc_x=Ij3Wp8lg5Kz
200 OK 15 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yf/r/FLvtonlSna1.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (56534)
Hash e266a3ccc2395fbcb9ddc3e5cf3fe8a4
eb22fd1e27291f601742a4da697539e046b72de5
ea280deb9b1274ac87adf23d5b5f523079d776271b910ee945d0127a2dea806d
GET /rsrc.php/v3/yf/r/FLvtonlSna1.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 19:41:33 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 4majzMI5X7y53cPlzz/opA==
x-fb-debug: AHohIaJGLAo5vInUZFu2+2nqyklIpJX87QhG/r3QSwTdmFFyYAdg11wJF+gVBSdMwJRKgl27YuCyLiOLtWh0Yg==
content-length: 15209
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP
File type ASCII text, with very long lines (64348)
Hash 71875f848896ee82a106224e048bd060
277a624e507dff2cd9cff104aa0c5618ca76e105
a22635e404a419027fc88eee705d254910d05d481953733d5e1fda4bc6ab3c5b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: jaeRR6RzwERTTdIwWj39s87/hgbHRDjC9KV5NG4FahJRtEf30f4IDteJuvL/dq+M+9yeZPzq2gzL7fymnaMOYQ==
content-length: 27027
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yl/r/fYcoadLKcqx.js?_nc_x=Ij3Wp8lg5Kz
200 OK 19 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yl/r/fYcoadLKcqx.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (8610)
Hash 7672fc93ecb0e8b41ddc04281a4d84e0
6d1f880d7eb428ef1d90f1b419a6ecc29c65b5be
17e95d6b2892d21e1f7e0d7774f1528dce2465398c656ccd3006dde54b6c9a75
GET /rsrc.php/v3/yl/r/fYcoadLKcqx.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:18:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dnL8k+yw6LQd3AQoGk2E4A==
x-fb-debug: miZkZITx/O7HVFAPAhnfoeWwHpcl0HgQBF2c30NfkBB3QMwl0uPnkFSyvL87z6m+YFVVc1q1Zwn4MOoObElmsQ==
priority: u=3,i
content-length: 19181
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13847
200 OK 24 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP
Hash 36abed14b52369baefdfdf718308868a
463862ca66e4d64c3d92a7a2d781e1685223e1b4
e154283d46bd679bd3eba73aed81077716eff5e149c1099efcbb2e7a55336262
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 10:59:41 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Tbip8oRqlbfWjaGv-JUZkHB42pFZPowsbr-6nIvmhljaoR7QU_Zaww==
age: 147
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3izWV4/yc/l/en_US/qk2dbOUObQD.js?_nc_x=Ij3Wp8lg5Kz
200 OK 42 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3izWV4/yc/l/en_US/qk2dbOUObQD.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (10798)
Hash 24cc936ff0eabfc4589221f7809fc1b5
61fc32f0b4d1c334a4758e82a134cf9703f1a31a
72a7583ee4d7946e0cb75d3d8b1c3a678366ee62756943e33dc5e8598b40e618
GET /rsrc.php/v3izWV4/yc/l/en_US/qk2dbOUObQD.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 18:42:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: JMyTb/Dqv8RYkiH3gJ/BtQ==
x-fb-debug: MJmV6ObjXDWCmrQ+9K6Bh4LWSOJUEJNny3dKxxg2PEKJkMwSsq5z4k5sFcVZmYKwhlHwhoqLrX1TJNnlQWz96w==
content-length: 42020
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/r/tWToR-gOAEL.js?_nc_x=Ij3Wp8lg5Kz
200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/r/tWToR-gOAEL.js?_nc_x=Ij3Wp8lg5Kz
IP
File type C source, ASCII text, with very long lines (5068)
Hash 012b3f1caf4cdb027750b75ef85c9018
fa29d5ab4307a09c0664009a3726253c9e4eaa82
16fe0a7f52179534fda5d67349a0d0bc28217f30f837be093381809c6b5e529c
GET /rsrc.php/v3/yn/r/tWToR-gOAEL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:18:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ASs/HK9M2wJ3ULde+FyQGA==
x-fb-debug: DMsyRzXNICK5ShF6An4v4hVpVLWb5r0TX9vUG3M9sCzrxuip+N5bKSauxP25nvAu7thAAsWYVLOBrDyBMAzTpw==
priority: u=3,i
content-length: 47802
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3ivrH4/yd/l/en_US/pskpDSZY4R7.js?_nc_x=Ij3Wp8lg5Kz
200 OK 80 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ivrH4/yd/l/en_US/pskpDSZY4R7.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (5723)
Hash cb21d1496d2a0273d86c359250dc03f7
dfcb76046df713a58c34329aa7fb19ab5c8b32ac
79ea5010c2d861e56d02042b5359d95ffcce833c7cb5a91c0215901c0f5f9767
GET /rsrc.php/v3ivrH4/yd/l/en_US/pskpDSZY4R7.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 18 Oct 2023 20:57:38 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: yyHRSW0qAnPYbDWSUNwD9w==
x-fb-debug: dhq49TD0vrsESqpc3iHq0Igxjf4fp9YANqHV1D1V/fjrN2i5FLqHtoDAnQB6c9Eqn3bOjgXYx6rWDEK8OLyR8w==
content-length: 79966
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 22 Oct 2022 10:41:09 GMT
expires: Sat, 22 Oct 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 1259
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img.scupio.com/js/config/17229.json?v=1.0.3839
200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17229.json?v=1.0.3839
IP
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash 1a28c92c08e07fb3ab9d0b3e192eca59
087eca96fb90ac255feeb93ae42886fc4e6522cb
d9e97d5be951a1035510eba85fc81ace987d09dd3271cd6cc15dcb32ab6533dc
GET /js/config/17229.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Sat, 22 Oct 2022 02:20:42 GMT
accept-ranges: bytes
date: Sat, 22 Oct 2022 11:02:08 GMT
expires: Sat, 22 Oct 2022 13:59:41 GMT
cache-control: max-age=10800
etag: "6353537a-1cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P5qJq3JG8Vq1Pzvo7v5e97eWwnELKxdsmOs449FCMAulptoGunXSBw==
age: 147
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/WnnVaKpG-Cc
IP
Hash 19bb69ec2c69e437abe15201cd9d402a
17a2cc8f14dfffc1f4ac953697a66021bd638431
6ca32825bf4b8db91d4c40ad808ca705821759b82fd399d73b22a03e0638aa07
POST /s/gts1d4/WnnVaKpG-Cc HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash 25ac9183a83a947de53a50ab09d848bc
17f29222ead15e887563ba55728cfdc3a03b826f
bc09778716a10eefc5bbc5c30b010bc78ab575d2ecda8325d339b0f56498d549
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 22 Oct 2022 11:02:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 21 Oct 2022 23:06:12 GMT
Expires: Sat, 22 Oct 2022 23:06:12 GMT
ETag: "17f29222ead15e887563ba55728cfdc3a03b826f"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ad2.apx.appier.net/v1/prebid/bid
307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sat, 22 Oct 2022 11:02:08 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad2.apx.appier.net/v1/prebid/bid
307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sat, 22 Oct 2022 11:02:08 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6a13149ad059d90f2df73d4f6f557bec
1cc34eda10b27c98283c78da5c789ec2c893e77f
a366838c30f68f5c5ed60d3f24fc71170847837ea807f5a2037e30fe9e14c8eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A366838C30F68F5C5ED60D3F24FC71170847837EA807F5A2037E30FE9E14C8EB"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5565
Expires: Sat, 22 Oct 2022 12:34:53 GMT
Date: Sat, 22 Oct 2022 11:02:08 GMT
Connection: keep-alive
img.scupio.com/js/ad.js
200 OK 80 kB IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 936c2266764fc5d45091da5793fb6a12
924a7695aa33d93793e0e5fb14eb12ac5859136c
196232bbbafa1a3805efbfdf2f72c58efbee962b000234295fe77e0d7a004240
GET /js/ad.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Sep 2022 02:16:55 GMT
content-encoding: gzip
date: Sat, 22 Oct 2022 11:00:51 GMT
expires: Sat, 22 Oct 2022 11:15:08 GMT
cache-control: max-age=900
etag: W/"6327d117-12f95"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XDABErzL3kH0c7b1X15veGXpKQAlpgpH49wRQmbBF4JvlkzAyZsXxw==
age: 119
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ad2.apx.appier.net/v1/prebid/bid
307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sat, 22 Oct 2022 11:02:08 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png
200 OK 573 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png
IP
File type PNG image data, 13 x 39, 8-bit colormap, non-interlaced\012- data
Hash d3b686ff6004b431d5019e4b51a8cc0d
34ec288bdcad2eada81c75960439bf60b95eb285
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
GET /rsrc.php/v3/yw/r/UXtr_j2Fwe-.png HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/p8bu42UtJUt.css?_nc_x=Ij3Wp8lg5Kz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
expires: Thu, 12 Oct 2023 01:39:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-debug: eGHo1vuk1pvcP/Zt7IvK/i508piCil9G2zlLAqcYVnoyXOJRET/bTa92y1vSTu7CviyVKqPXMWzutSJ1ixCQ3Q==
content-length: 573
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash e8d6c24b9cfbcf3d74ba62b421af29d2
6e6108edf1bdb53a4b8d567da772d5b533c3fd45
972130cbb2c33da191c535df813cf74efd4a24f688df3aab4e07e021a9ea2955
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4554
Cache-Control: max-age=142003
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:08 GMT
Etag: "63534399-1d7"
Expires: Mon, 24 Oct 2022 02:28:51 GMT
Last-Modified: Sat, 22 Oct 2022 01:12:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/yy/r/4wbfVFyWQ0-.js?_nc_x=Ij3Wp8lg5Kz
200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yy/r/4wbfVFyWQ0-.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (65436)
Hash a50dcceab40bd9808de7ba263ff1d9fa
1fc7020f9c51d843ca92b016cfcfabf6ad8e0a5f
13f83ed25695abfe83c5196525f64162716356e787e0813fddf99567ec04c0b7
GET /rsrc.php/v3/yy/r/4wbfVFyWQ0-.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 14 Oct 2023 07:02:28 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: pQ3M6rQL2YCN57omP/HZ+g==
x-fb-debug: RScWd5Gr0CLk1hkmC92B5ELHFrAoN/8eZhxbGXPBisWrA5vmiQUZG/z06SX0Csb86d5K/FxuOjH/I2cQSv8jgA==
content-length: 47769
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sat, 22 Oct 2022 11:02:08 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yN/r/XMcaTtpIKOY.js?_nc_x=Ij3Wp8lg5Kz
200 OK 13 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yN/r/XMcaTtpIKOY.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (7676)
Hash f29d5d901041331ed894c3928759c912
573de73668c36d21002c37c80c4b7a98f40fbd32
2c7fe9b97a244c93e2397c45fc951ad6cae657a69fc324ddac59680637ce3cf7
GET /rsrc.php/v3/yN/r/XMcaTtpIKOY.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 16:49:12 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 8p1dkBBBMx7YlMOSh1nJEg==
x-fb-debug: WhuF3u3dg/zhjdM7PI0/2SgLo2DjlHJCAwOmbnVRU1Worjd1N6kTuS/FZLqjAl6bTPnT36iVrh/xEiCjSLSJvg==
priority: u=3,i
content-length: 12920
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
geo.yahoo.com/b?t=xhkd7&9sdk8454
200 OK 43 B URL HTTP/2 geo.yahoo.com/b?t=xhkd7&9sdk8454
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /b?t=xhkd7&9sdk8454 HTTP/1.1
Host: geo.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:08 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
pragma: no-cache
content-length: 43
content-type: image/gif
x-envoy-upstream-service-time: 1
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yP/r/bqTsO7AYsTd.js?_nc_x=Ij3Wp8lg5Kz
200 OK 80 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yP/r/bqTsO7AYsTd.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (10849)
Hash 64287d8b667f90bb4d471aa7730b1a70
d70f65f780b537b871baaee0f3358200bc6ae1c0
44d63a5f4e608f6f68b499d6134aef185dd2f308abefc12796965d32e6786569
GET /rsrc.php/v3/yP/r/bqTsO7AYsTd.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 13:19:21 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ZCh9i2Z/kLtNRxqncwsacA==
x-fb-debug: ZSRASIM+GBfUXE3yiW5lmEkXJXaIvT0nmtIF6S/c5vyVuTpz2x6xBgnWPFnPfq8jc7a76yV9A8K9kNQWA4wwiA==
content-length: 80466
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/2fdnStv6-XU.js?_nc_x=Ij3Wp8lg5Kz
200 OK 255 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/2fdnStv6-XU.js?_nc_x=Ij3Wp8lg5Kz
IP
Hash 0e01b841370bbbe02d6f4df837dd15f8
85b5d56f0be8ece46823cdb099afda83db1f7eb3
ea10c849b0ed6617d6183e4d6472e1610c91944a2e008c4c68fad146045f294e
GET /rsrc.php/v3/y8/r/2fdnStv6-XU.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 20 Oct 2023 16:56:30 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: DgG4QTcLu+Atb034N90V+A==
x-fb-debug: grislR1XfpOM9kzHObSZbGkkRcRH1ZPZkN3xbCWbtl9KWDbUxSjeY2jIAioTrWKy40IEIdSGGZNrgq2rjRTTKQ==
priority: u=3,i
content-length: 255
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Sat, 22 Oct 2022 11:02:08 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png
200 OK 1.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png
IP
File type PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Hash ac1e1c4d6f16359701b059ed4e8246b4
ff19b30a3b3d8d1765c239b25dbc98cb3263786a
45444d590a67d30e8b2fde01bb6482f829383b64bf14a4b19b86e22fdc319fbb
GET /rsrc.php/v3/yH/r/xgVgalBG80z.png HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/p8bu42UtJUt.css?_nc_x=Ij3Wp8lg5Kz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: rB4cTW8WNZcBsFntToJGtA==
expires: Wed, 11 Oct 2023 04:24:45 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-debug: zGIf5E+7yaeibO5YnboTT6exlxQoLp1SLYLLxI0AGvxBUxB8pCkyGAlWqqH6UfFnbCaWt3sbdd+RH9Q+63ZgaQ==
content-length: 1315
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y0/r/ksSG7BCGzVy.png
200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y0/r/ksSG7BCGzVy.png
IP
File type PNG image data, 65 x 730, 8-bit colormap, non-interlaced\012- data
Hash bb29fc0ca834dad745632b7ba95e8806
221166c768156576b20ad65a7a3021a701da75f4
55e8c619d20bc3f1a22efd0fec83dba0d8bd9e898f0d5847eaff094f0887fad3
GET /rsrc.php/v3/y0/r/ksSG7BCGzVy.png HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: uyn8DKg02tdFYyt7qV6IBg==
expires: Thu, 12 Oct 2023 03:48:10 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-debug: KwAb3lEaRJLLSF6LPfx1LsDsP4EuWQrgyYz3FqaVLvKHuzKh5ezOMt3LJ3aX0CKZIPVkeZf5cWAyxf1N3iE+bw==
content-length: 12111
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
i0.wp.com/golike.tw/wp-content/uploads/2022/10/img_9764-scaled.jpg?fit=2560%2C1920&ssl=1
200 OK 476 kB URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/10/img_9764-scaled.jpg?fit=2560%2C1920&ssl=1
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 476 kB (476332 bytes)
Hash d4047e1498112f6c15ae08967a3206ea
e3d47fd98373b99765148165aee7f08722537758
e996346a6870f38eb4a040b8bda8ff0d4ed7dbb4e0cbda44779f66ae63cae936
GET /golike.tw/wp-content/uploads/2022/10/img_9764-scaled.jpg?fit=2560%2C1920&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:08 GMT
content-type: image/webp
content-length: 476332
last-modified: Fri, 21 Oct 2022 09:16:50 GMT
expires: Sun, 20 Oct 2024 21:16:50 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/10/img_9764-scaled.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "42b104064fcdb937"
vary: Accept
x-nc: HIT arn 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 272
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 007982709e4873f5b5c44bfc51e83554
c00bd7e896e27b314cdfbc34b9280ed8a378160e
30415fd1b7b3259bb6b78801e3419f937f9df905b05a10fbd9a4b1db1b1a176e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "30415FD1B7B3259BB6B78801E3419F937F9DF905B05A10FBD9A4B1DB1B1A176E"
Last-Modified: Thu, 20 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7169
Expires: Sat, 22 Oct 2022 13:01:38 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
mcsd.synergylightingusa.com/css/alert.png
200 OK 1 B URL HTTP/2 mcsd.synergylightingusa.com/css/alert.png
IP
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
GET /css/alert.png HTTP/1.1
Host: mcsd.synergylightingusa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: PHP/5.6.40
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 11:02:09 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 2bf64fbd9b971bf9dd8d1fcb50d5b734
ef5e07bb6a8860a802aa909fecbdc32b8857210d
29a23429814bb9ca0bcdd0b9bf6fedcc42a9d5aa576eaf0123301bd6ba9919a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=157228
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:09 GMT
Etag: "635390dd-117"
Expires: Mon, 24 Oct 2022 06:42:37 GMT
Last-Modified: Sat, 22 Oct 2022 06:42:37 GMT
Server: nginx
Content-Length: 279
img.gbyhn.com.tw/2022/10/1666425420-d863b4fab33ea14616770bd2ebc7f9b6-840x525.jpg
200 OK 129 kB URL HTTP/2 img.gbyhn.com.tw/2022/10/1666425420-d863b4fab33ea14616770bd2ebc7f9b6-840x525.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 840x525, components 3\012- data
Size 129 kB (129082 bytes)
Hash cbd50a68226d7f976366bdca5739c6e5
8d10bef9604a2f4dbe79c17d334350700de6e061
aec6dace78135715faf4bb4b27f4703d09236cde284a71426f148259c1b69399
GET /2022/10/1666425420-d863b4fab33ea14616770bd2ebc7f9b6-840x525.jpg HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/jpeg
content-length: 129082
cache-control: public, max-age=604800
expires: Sat, 29 Oct 2022 08:11:05 GMT
last-modified: Sat, 22 Oct 2022 07:57:01 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 3115
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zk3iXg0YfcsZZTRYUfQmFVV4sHGHzFhyLtbnEU6nrydHw1dCqTSvoQ2b%2Frd0JJk7uC0pP2XYVqqc6RrZJA%2FHSDgooD9UM6tlRuAp0X4KDBzChNqwthd5%2B3Gb%2BuNHQ3rCWqXY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e1bd32fcf7b515-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fdeb35c6ebe843c9779d83884658b3d5
000e798edb1e055c57394f63c306aa49de23e0d8
d5f5bfad18d2a96f073ad2e2d53d888a06ab097e4ee13f89434a16fad7c3d99f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5F5BFAD18D2A96F073AD2E2D53D888A06AB097E4EE13F89434A16FAD7C3D99F"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 22 Oct 2022 17:02:09 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
img.scupio.com/js/config/currency.json
200 OK 108 B URL HTTP/2 img.scupio.com/js/config/currency.json
IP
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash 828dfae14c54162e9f4e48daa78a1af5
45f04b98c8bf7ed4064c55eb830ab68bd0ea8f45
10a16ef90200680ab71a291b9c0aa9f008cbd6b0935548379779aed557e3411d
GET /js/config/currency.json HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 108
server: nginx/1.12.1
last-modified: Fri, 21 Oct 2022 19:15:05 GMT
accept-ranges: bytes
date: Sat, 22 Oct 2022 10:59:12 GMT
expires: Sat, 22 Oct 2022 13:58:46 GMT
cache-control: max-age=10800
etag: "6352efb9-6c"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RyEg_5ntviRdGMVJaBvlODbpqMbIt2_3gF0VbGJuD-xJ6G9wmw5EBA==
age: 203
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0ddf22d8915611aa0474cb78097b0a53
8355d3841f138ea2a10083ede5bdc02456794c9e
bb1ff92ad455cdd415748c501b5d1b220691129e96334252a9ec4cb8354554e1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 10:33:42 GMT
Expires: Wed, 26 Oct 2022 10:33:41 GMT
Etag: "8355d3841f138ea2a10083ede5bdc02456794c9e"
Cache-Control: max-age=343291,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e1bd324dbfb517-OSL
img.racingcharger.tw/wp-content/uploads/202210200206054.jpg
200 OK 96 kB URL HTTP/2 img.racingcharger.tw/wp-content/uploads/202210200206054.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1000x750, components 3\012- data
Hash 049d6edc6470af39817f9de1299af827
c88c2b034ef8ffe6d2ccd65fe960b90fcfb7855a
d83334a88d491dbd43e82180a862bb5a17259ab3eaf00d6adb59a198a3cda2f2
GET /wp-content/uploads/202210200206054.jpg HTTP/1.1
Host: img.racingcharger.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/jpeg
content-length: 96387
last-modified: Thu, 20 Oct 2022 02:06:13 GMT
cache-control: max-age=28800
cf-cache-status: HIT
age: 3114
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFZwvBPDwhnQuYCjqMcnkZWFSlWSwp2NnFMt9vH2rQS5CNS4FR6BD5us8PxBfH4QF8CxewtCCQmqmUkvhzsPRvvO6FolzSOeJXcx2XKk0t5p4NfGse4TfB2KiEGArOK4f1hBhktHrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e1bd337ce1b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creditcards.com.tw/wp-content/uploads/2022/01/%E5%9C%8B%E6%B3%B0%E4%B8%96%E8%8F%AF-CUBE-%E5%8D%A1%EF%BC%8C%E8%87%AA%E9%81%B8%E9%80%9A%E8%B7%AF%E4%B8%89%E9%81%B8%E4%B8%80%EF%BC%8C%E6%9C%80%E9%AB%98-8-%E5%9B%9E%E9%A5%8B-1080x630.jpg?crop=1
200 OK 31 kB URL HTTP/2 creditcards.com.tw/wp-content/uploads/2022/01/%E5%9C%8B%E6%B3%B0%E4%B8%96%E8%8F%AF-CUBE-%E5%8D%A1%EF%BC%8C%E8%87%AA%E9%81%B8%E9%80%9A%E8%B7%AF%E4%B8%89%E9%81%B8%E4%B8%80%EF%BC%8C%E6%9C%80%E9%AB%98-8-%E5%9B%9E%E9%A5%8B-1080x630.jpg?crop=1
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x630, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2e28199590c69a7ff89c9b69bf6580d4
62e6d8ad1620390e1bd2252294e4b8a2fba3ef31
6046aae880fb8460f1f20423612f361a7ad3cb4c33cdd7827c25b2b9e423ccc1
GET /wp-content/uploads/2022/01/%E5%9C%8B%E6%B3%B0%E4%B8%96%E8%8F%AF-CUBE-%E5%8D%A1%EF%BC%8C%E8%87%AA%E9%81%B8%E9%80%9A%E8%B7%AF%E4%B8%89%E9%81%B8%E4%B8%80%EF%BC%8C%E6%9C%80%E9%AB%98-8-%E5%9B%9E%E9%A5%8B-1080x630.jpg?crop=1 HTTP/1.1
Host: creditcards.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/webp
content-length: 31086
strict-transport-security: max-age=31536000
last-modified: Thu, 03 Feb 2022 16:43:52 GMT
expires: Sun, 04 Feb 2024 04:43:52 GMT
cache-control: public, max-age=63115200
x-content-type-options: nosniff
etag: "bf3b96baac8cf61e"
vary: Accept
x-nc: HIT bur 1
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 95a6dde2975fe30ec140dc8b55338ff0
21c920eee53e42d51917ca04ce528445b2c15c28
7661e43c9ed43492ff7dfd2b2b54b4fa18d78a4a609d34849b65ae08a89ce1e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=139623
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:09 GMT
Etag: "63534c18-1d7"
Expires: Mon, 24 Oct 2022 01:49:12 GMT
Last-Modified: Sat, 22 Oct 2022 01:49:12 GMT
Server: nginx
Content-Length: 471
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 007982709e4873f5b5c44bfc51e83554
c00bd7e896e27b314cdfbc34b9280ed8a378160e
30415fd1b7b3259bb6b78801e3419f937f9df905b05a10fbd9a4b1db1b1a176e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "30415FD1B7B3259BB6B78801E3419F937F9DF905B05A10FBD9A4B1DB1B1A176E"
Last-Modified: Thu, 20 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7169
Expires: Sat, 22 Oct 2022 13:01:38 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
mma.prnasia.com/media2/1925013/Rodller_Logo.jpg?p=medium600
200 OK 55 kB URL HTTP/2 mma.prnasia.com/media2/1925013/Rodller_Logo.jpg?p=medium600
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 599x512, components 3\012- data
Hash 56f5d49117e47ee321a2ea2257980c33
d9b5c78a9c7293906483840c33a1269c8226fad5
c09654de4268068355f932ffef9d2b1b17d499e57aa0d6281f87824a85435387
GET /media2/1925013/Rodller_Logo.jpg?p=medium600 HTTP/1.1
Host: mma.prnasia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/jpeg
content-length: 54554
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=1
cf-bgj: h2pri
expires: Sat, 22 Oct 2022 07:31:39 GMT
last-modified: Sat, 22 Oct 2022 07:31:38 GMT
server-timing: intid;desc=5cb9b2a78fa6a543
vary: *, Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: HIT
age: 3116
accept-ranges: bytes
set-cookie: __cf_bm=b2eBNIRj9PZKeZXRgjzrhWKx111kPUOtKd4TBVrSqIU-1666436529-0-AcidUsBTB31tPXYS0Pu6elLR57Ykij5ZczyXtL4FmTWyUqua3DffxFM0eG1llurQOnR+OjtORSGdqfKeZ7Kfano=; path=/; expires=Sat, 22-Oct-22 11:32:09 GMT; domain=.prnasia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75e1bd33cf49b500-OSL
X-Firefox-Spdy: h2
static.wixstatic.com/media/08c74d_6abdfcc327c944bfa5ab93d9e6d0cac9~mv2.jpg/v1/fit/w_1000,h_1000,al_c,q_80/file.png
200 OK 347 kB URL HTTP/2 static.wixstatic.com/media/08c74d_6abdfcc327c944bfa5ab93d9e6d0cac9~mv2.jpg/v1/fit/w_1000,h_1000,al_c,q_80/file.png
IP
File type PNG image data, 1000 x 562, 8-bit/color RGB, non-interlaced\012- data
Size 347 kB (346572 bytes)
Hash f98451169e3c01d23fdd98524a13a05f
19dc5eced6c51c043038685141f39d4bb1454502
42d23d5a22bb2e835e67a0d964763a6237657e68e00f7f6f1f1b5e4857760f7d
GET /media/08c74d_6abdfcc327c944bfa5ab93d9e6d0cac9~mv2.jpg/v1/fit/w_1000,h_1000,al_c,q_80/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.21.4.1
content-length: 346572
access-control-allow-origin: *
wix-tracer: 2GLVLu90vrdv3M8jhsAc7oGQXLP
x-seen-by: image-manipulator-5cdc794f79-pp4lm
timing-allow-origin: *
via: 1.1 google
date: Wed, 19 Oct 2022 08:23:18 GMT
cache-control: public, max-age=2592000, immutable
content-type: image/png
age: 268731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.rayskyinvest.com/wp-content/uploads/2022/10/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%8F%B0%E8%82%A1%E4%B8%8A%E4%B8%80%E8%90%AC%E5%9B%9B%E5%8D%83%E9%BB%9E-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-6-750x375.jpg
200 OK 30 kB URL HTTP/2 www.rayskyinvest.com/wp-content/uploads/2022/10/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%8F%B0%E8%82%A1%E4%B8%8A%E4%B8%80%E8%90%AC%E5%9B%9B%E5%8D%83%E9%BB%9E-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-6-750x375.jpg
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 750x375, components 3\012- data
Hash 0693633b18fcf5409772278cfe6d27d0
52a32bcd6000661de7c6ca8200892a3431b1d3b8
ebb76b4c926dc7291a41ce0bb64ed9d3433fe7e7ca91de44a33678d1fe76d3c1
GET /wp-content/uploads/2022/10/%E6%96%87%E7%AB%A0%E5%B0%81%E9%9D%A2size-%E5%8F%B0%E8%82%A1%E4%B8%8A%E4%B8%80%E8%90%AC%E5%9B%9B%E5%8D%83%E9%BB%9E-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-%E7%9A%84%E8%A4%87%E6%9C%AC-6-750x375.jpg HTTP/1.1
Host: www.rayskyinvest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/jpeg
content-length: 30497
last-modified: Fri, 21 Oct 2022 11:04:51 GMT
etag: "63527cd3-7721"
expires: Sat, 21 Oct 2023 15:57:24 GMT
cache-control: max-age=31536000
x-cdn-c: static
x-sg-cdn: 1
x-proxy-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15570
Expires: Sat, 22 Oct 2022 15:21:39 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
cdn.holmesmind.com/js/drawV2.js
200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/drawV2.js
IP
File type ASCII text, with very long lines (5112), with CRLF line terminators
Hash 84d8b1a745228113e60f5e62f0eff6d3
10cd995dbb7293ca49d9bdd93145bf12cb89bdac
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
GET /js/drawV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10359
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:01:50 GMT
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: daWD4dR1E3a5_WEFfKP_1VFUCFKXURAZfV1U96K_Pwxz-jSiPMO8Qw==
age: 49
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15570
Expires: Sat, 22 Oct 2022 15:21:39 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash 0ddf22d8915611aa0474cb78097b0a53
8355d3841f138ea2a10083ede5bdc02456794c9e
bb1ff92ad455cdd415748c501b5d1b220691129e96334252a9ec4cb8354554e1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 19 Oct 2022 10:33:42 GMT
Expires: Wed, 26 Oct 2022 10:33:41 GMT
Etag: "8355d3841f138ea2a10083ede5bdc02456794c9e"
Cache-Control: max-age=343291,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e1bd342fbfb517-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15570
Expires: Sat, 22 Oct 2022 15:21:39 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 46777
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a361cef05d531426819a2bffd8ab1e47
9c8050ffd0de58005705219ec70b6e4352e35b5e
0c3c48b96adb7c1dc8a8c3771878dcbab80bbbb9f2d6998038bf5d43831b578b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428e118d-55db-4b2d-9dc1-0adbc5a4021a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8856
x-amzn-requestid: 84cc5c28-b71f-4ada-9d3b-e67e820cd080
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzHcsoAMFuNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-6b44e77726dc2003052ce387;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qZ8wiQp_Cnx6_fT-TrOCKmkrcpYHyhByOvYpgE9XWkA0VUGxjs6cSw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:06 GMT
age: 46563
etag: "9c8050ffd0de58005705219ec70b6e4352e35b5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.6257328335757084
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.6257328335757084
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6257328335757084 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:08 GMT
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26c47e4b0147f8dee3e71a53a8f2830c
381edb4758da428db5ffe884f8fb38bf11044f69
b507898359abbcb1f57821c147a58df66d7e81acc198afc997527b58cd835b39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff28bcb97-99c1-48e0-b7d7-8bfe823abaa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11151
x-amzn-requestid: 5c32e307-f2a7-4050-a96f-a47667ec4752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-NEFTKoAMFsSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b9-2fc77f394ca297126abaed94;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JOZwwfasalOC-qk9FERBCqhR9jOp1svTRJxaA40zR6p6yta1_W1dVA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:06:07 GMT
age: 46562
etag: "381edb4758da428db5ffe884f8fb38bf11044f69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3115260eb9719ae554419f2bb7e380
84313fb0c475be46e05130e3329eed2147ecef04
4b73275dde10c2170cb5d85e6d7db7904e12f60117fdb57572a078e1f30cfcea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B73275DDE10C2170CB5D85E6D7DB7904E12F60117FDB57572A078E1F30CFCEA"
Last-Modified: Fri, 21 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15671
Expires: Sat, 22 Oct 2022 15:23:20 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab87aab0-810c-4802-b916-33df64c58282.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab87aab0-810c-4802-b916-33df64c58282.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a978fd293cc29ff1d630769f0a67767c
ab6e54e09c9d4413f67a4fd6ab92a66752ce460b
db97e0cb71710517f4b45d847da7657105a3b96f0a718bad5dec4c638bca2723
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab87aab0-810c-4802-b916-33df64c58282.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5420
x-amzn-requestid: 8a891168-aafa-42ff-a565-9b94bb49b16c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-m4GAOIAMFnBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353115f-17f47980582256e6080184de;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QB8hjxot2IEDAfDhMSEpT9T_GyA3_teTwFFXfPP5y_hK0KMQNLBZ8A==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:15:51 GMT
age: 45978
etag: "ab6e54e09c9d4413f67a4fd6ab92a66752ce460b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3115260eb9719ae554419f2bb7e380
84313fb0c475be46e05130e3329eed2147ecef04
4b73275dde10c2170cb5d85e6d7db7904e12f60117fdb57572a078e1f30cfcea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B73275DDE10C2170CB5D85E6D7DB7904E12F60117FDB57572A078E1F30CFCEA"
Last-Modified: Fri, 21 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15671
Expires: Sat, 22 Oct 2022 15:23:20 GMT
Date: Sat, 22 Oct 2022 11:02:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4fb0f4c9ac5a88678baf456107f5341
f6c54dbdfad7e243fe38c03f004c4c79f96b2892
b2fc6c453d7ed610521fcf34d7736a20191d86b485fd57236d2d2c4849cbb8d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7821
x-amzn-requestid: b3b72561-80fd-4b73-862c-ad070f135634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzEkrIAMFmrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-73f427947c17f35667c0b443;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mq7h4TJkHKd-I9c01ao1yJ3izpJLRiMG_Sk3_e2pQDGCyunY2RlI3Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 46777
etag: "f6c54dbdfad7e243fe38c03f004c4c79f96b2892"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 46572
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 436
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.9340570762850261
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.9340570762850261
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.9340570762850261 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:08 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.742928284385536
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.742928284385536
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.742928284385536 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:08 GMT
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.6316986338127653
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.6316986338127653
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6316986338127653 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 454
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:08 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 2bf64fbd9b971bf9dd8d1fcb50d5b734
ef5e07bb6a8860a802aa909fecbdc32b8857210d
29a23429814bb9ca0bcdd0b9bf6fedcc42a9d5aa576eaf0123301bd6ba9919a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=157228
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:09 GMT
Etag: "635390dd-117"
Expires: Mon, 24 Oct 2022 06:42:37 GMT
Last-Modified: Sat, 22 Oct 2022 06:42:37 GMT
Server: nginx
Content-Length: 279
static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/MC2tUExv7W_.css?_nc_x=Ij3Wp8lg5Kz
200 OK 4.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/MC2tUExv7W_.css?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (10262)
Hash 885fef28bd0c7a25f03828c4387ebf6f
50f16dba096779ebc358771e84d2a68f68bc5363
f3e6692eaf9a447f638f0c9036c4da552d48671325a9f5855c067df65e19f604
GET /rsrc.php/v3/y_/l/0,cross/MC2tUExv7W_.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 19 Oct 2023 18:06:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: iF/vKL0MeiXwOCjEOH6/bw==
x-fb-debug: bKydoid1N9HgcRmZWB4OSzBfLMoYcjJxLoE8PBhs/aAN1KRK/9DSS8xE2Hv6MwKxN730++ncpkyj+iQJfd35vA==
content-length: 4427
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y5/r/sDdqCaJ5A6D.js?_nc_x=Ij3Wp8lg5Kz
200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y5/r/sDdqCaJ5A6D.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (15785)
Hash 6432043d7330bf4ddd0ae10b06de64ae
b1ca5d41a89417e6181ed0b804a00f43ffe023f4
cf5ef73c846b5c357d41418c7026e6525c378d5c51b59de4ee8099d779e72c53
GET /rsrc.php/v3/y5/r/sDdqCaJ5A6D.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 18 Oct 2023 20:53:37 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ZDIEPXMwv03dCuELBt5krg==
x-fb-debug: PdLTcp1fwjwJ5rQ9++9cd7nWAIm9K43YBti9vL49s+IPJ7RPJAloZTW1FVvJFtCM8JSchYA6UjVYM1DL2T2GrA==
priority: u=3,i
content-length: 16297
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yQ/r/3wX2w-O_9zc.js?_nc_x=Ij3Wp8lg5Kz
200 OK 1.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yQ/r/3wX2w-O_9zc.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (1491)
Hash e0e53f8b49bf0ffb37c775b9c288a5c2
ade21104d506e6c9d4946e1afc9b88d80da7333c
5aa28d70ec74ee4b45e03fb453bb4adc23da65fbeb93c581411f0076b1444eb0
GET /rsrc.php/v3/yQ/r/3wX2w-O_9zc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 19:38:03 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 4OU/i0m/D/s3x3W5woilwg==
x-fb-debug: l6E4RMBLjBg3zEUxb9/7GiZ4vN1Q6yDQkdrIrJvFuG/d4MwNYaEh8/Wvl8p727zIL9JstGJjFzZovnmGvuytPQ==
content-length: 1286
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 314 B IP
Hash 729afe227a054223351d4b9c2298da27
bd3282cce335d373ab9a9151ce377a95ca72bd11
31088c82041e452824447527cc3711cb09e476a3af439587af779620073c8556
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2311
Cache-Control: max-age=143378
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:09 GMT
Etag: "635351bc-13a"
Expires: Mon, 24 Oct 2022 02:51:47 GMT
Last-Modified: Sat, 22 Oct 2022 02:13:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 314
static.xx.fbcdn.net/rsrc.php/v3iEBX4/yg/l/en_US/L3rRYxmZ_M5.js?_nc_x=Ij3Wp8lg5Kz
200 OK 6.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEBX4/yg/l/en_US/L3rRYxmZ_M5.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (5962)
Hash ba1e18b79724944f946c55a1dc9d4682
f8298c56161c54c767a04a7d6536c62c5214d497
149e9937131b6e28ab9b176a7b5e52780b3bcf86befbdc1f9e6ca7157a756965
GET /rsrc.php/v3iEBX4/yg/l/en_US/L3rRYxmZ_M5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 13 Oct 2023 17:18:19 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: uh4Yt5cklE+UbFWh3J1Ggg==
x-fb-debug: TK6lnnYC020wYNhVx6QgUH9wXutebl4+U64i2PFF9huOISR6wSsQpJBc0gwgWazKoGwDY2/y7zROAXAwZosMXg==
priority: u=3,i
content-length: 6746
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yH/r/MDNj1eUK5bV.js?_nc_x=Ij3Wp8lg5Kz
200 OK 10 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/r/MDNj1eUK5bV.js?_nc_x=Ij3Wp8lg5Kz
IP
File type ASCII text, with very long lines (18915)
Hash fa4ad18d1fc36fa88e3680c20e1d1a61
bde4d3abf73cbd341a347979ac28fad8b2835910
141314a07b3470d7bbbec5a711fb10382865d915a1450620c15de95501b96606
GET /rsrc.php/v3/yH/r/MDNj1eUK5bV.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 19:38:02 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +krRjR/Db6iONoDCDh0aYQ==
x-fb-debug: 2Cl7GQSgM5MHTF0jyYR7RjYw1mMOAuZeAAif+EWBYPG0DkZKMwLu+Tzfu4z+VUyefkhQTU1H0M2ovAldfPjR5w==
content-length: 10426
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 437
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.3359181771066746
200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.3359181771066746
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17253&cb=0.3359181771066746 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=ae4kbztvlmxbwpwyn2rsqv0m; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=ae4kbztvlmxbwpwyn2rsqv0m; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CFA20221022190209849101; domain=scupio.com; expires=Fri, 22-Oct-2027 11:02:09 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Length: 0
blog.alphaloan.co/wp-content/uploads/2022/10/%E4%BF%A1%E7%94%A8%E8%B2%B8%E6%AC%BE%E5%8F%AF%E4%BB%A5%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E5%97%8E%EF%BC%9F%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E7%AB%9F%E7%84%B6%E8%A6%81%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%EF%BC%9F%E5%85%8D%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E6%96%B9%E5%BC%8F%E5%A4%A7%E5%85%AC%E9%96%8B%EF%BC%81.jpg
200 OK 136 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/10/%E4%BF%A1%E7%94%A8%E8%B2%B8%E6%AC%BE%E5%8F%AF%E4%BB%A5%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E5%97%8E%EF%BC%9F%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E7%AB%9F%E7%84%B6%E8%A6%81%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%EF%BC%9F%E5%85%8D%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E6%96%B9%E5%BC%8F%E5%A4%A7%E5%85%AC%E9%96%8B%EF%BC%81.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, resolutionunit=2], baseline, precision 8, 1640x924, components 3\012- data
Size 136 kB (136191 bytes)
Hash 49883c96217c16746d43f0c6fcb8dbee
050529a7fba5313699996ce8c72867467acf7a92
b3105908d85e5136b409669ee0615fcd3b289a8cef67dc3e2fd77fe7481775e2
GET /wp-content/uploads/2022/10/%E4%BF%A1%E7%94%A8%E8%B2%B8%E6%AC%BE%E5%8F%AF%E4%BB%A5%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E5%97%8E%EF%BC%9F%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E7%AB%9F%E7%84%B6%E8%A6%81%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%EF%BC%9F%E5%85%8D%E4%BB%98%E9%81%95%E7%B4%84%E9%87%91%E6%8F%90%E6%97%A9%E9%82%84%E6%AC%BE%E6%96%B9%E5%BC%8F%E5%A4%A7%E5%85%AC%E9%96%8B%EF%BC%81.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: image/jpeg
content-length: 136191
strict-transport-security: max-age=31536000
last-modified: Mon, 03 Oct 2022 04:45:24 GMT
etag: "633a68e4-213ff"
expires: Sat, 29 Oct 2022 11:02:09 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams BYPASS
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 27e0f37562427780ad2cb81a3ce11f40
b08e73146329fcdd0acd054bc2e3045029f5713e
72dc2795cdf3ae6230739f3da5b413a3cd22c1dc755dbfb7c1b8a26e68a2f746
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 09:44:58 GMT
Expires: Fri, 28 Oct 2022 09:44:57 GMT
Etag: "b08e73146329fcdd0acd054bc2e3045029f5713e"
Cache-Control: max-age=513167,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e1bd351914b517-OSL
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=88707890612
204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=88707890612
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=88707890612 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:09 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=MRXfu9gFBCOGZvLesc1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=MRXfu9gFBCOGZvLesc1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:09 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.7536057221144875
200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.7536057221144875
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17229&cb=0.7536057221144875 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=sb4mjlywjrjvp5xid1ejiade; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=sb4mjlywjrjvp5xid1ejiade; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CFA20221022190209839320; domain=scupio.com; expires=Fri, 22-Oct-2027 11:02:09 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Length: 0
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=yx-QU9Q2COa2rZJdsc1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=yx-QU9Q2COa2rZJdsc1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:09 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=M3aFg0pAAn-q1uAOsc1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=M3aFg0pAAn-q1uAOsc1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:09 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=8yNgAU0WBG2RZ3FGsc1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=8yNgAU0WBG2RZ3FGsc1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:09 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=381&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
200 OK 2.2 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=381&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
IP
Hash f419aadbf136ff24e18463bd704d919b
2e01c079a6dfc11c4ee38e17f936eb8d63230803
f805f6122b856abfe6e768ed1805b478c0c8ecfa73f9d2a6d9d6f3061e17c087
GET /adserver/ads.js?z=13856&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=381&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=50072518291
204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=50072518291
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=50072518291 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:09 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.6565996438045977
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.6565996438045977
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.6565996438045977 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 456
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:09 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 27e0f37562427780ad2cb81a3ce11f40
b08e73146329fcdd0acd054bc2e3045029f5713e
72dc2795cdf3ae6230739f3da5b413a3cd22c1dc755dbfb7c1b8a26e68a2f746
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 09:44:58 GMT
Expires: Fri, 28 Oct 2022 09:44:57 GMT
Etag: "b08e73146329fcdd0acd054bc2e3045029f5713e"
Cache-Control: max-age=513167,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e1bd363fb1b50f-OSL
t.ssp.hinet.net/
200 OK 529 B IP
ASN #3462 Data Communication Business Group
Hash 6fd6c69c1c3ecf9d809c0b609527073a
117f17713fb9886e49fdf34339aba0e1faf85e21
e94485ed6099714bbba6744b32373e14e084841e04306a3a21e8645082601021
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=1e1e90d2-64cf-4d0c-9732-4e4c36932909; expires=Mon, 21-Oct-2024 11:02:09 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yx/r/re1hPxQECWj.png
200 OK 2.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yx/r/re1hPxQECWj.png
IP
File type PNG image data, 25 x 281, 8-bit colormap, non-interlaced\012- data
Hash 8bb456647dce20d407811b3ddcae0999
c4df3fb38a35fd018a2f0f7a7009fa9aacac40db
fcdaa4a9116d5ab88233e3349fea2428f2a4c46b3538900117cef9c8c1d31f0c
GET /rsrc.php/v3/yx/r/re1hPxQECWj.png HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yZ/l/0,cross/8Gt1dIKQD8D.css?_nc_x=Ij3Wp8lg5Kz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: i7RWZH3OINQHgRs93K4JmQ==
expires: Wed, 11 Oct 2023 04:25:41 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-fb-rlafr: 0
x-fb-debug: WYRijveFsmR0wpONnVSJ3RcngVhlGMM64eThSQFLVqOo3YNiwrLBNJ4tRuRmjY022v3YpH/3xI/7Z7L77PVbtg==
priority: u=6
content-length: 2674
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 605 B IP
ASN #3462 Data Communication Business Group
Hash fe49fed50d423cad2ae46c3c88daf628
6f70ecefef2edc7f12a70cbb540b12f33475267d
2eb7cca2551abdc85ed5233b7617bdd6f4a1f4626fc8c962b065bfdf70330a7e
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f; expires=Mon, 21-Oct-2024 11:02:09 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1666436543238&hb=1&ver=1.21
200 OK 18 kB URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1666436543238&hb=1&ver=1.21
IP
Hash 4cbdb2c3928cbb7bfe28b892e20a4c02
8f8e9d3f6c1764cb8f50a2920734a58f0742547a
92cb7c01281384135438191f6bda4b2f829ce031becec9f30889a202bf58e930
POST /adserver/prebid.json?cb=1666436543238&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 41
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&gjid=734030722&_gid=1454634190.1666436543&_u=IEBAAEAAAAAAACAAI~&z=113419654
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&gjid=734030722&_gid=1454634190.1666436543&_u=IEBAAEAAAAAAACAAI~&z=113419654
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&gjid=734030722&_gid=1454634190.1666436543&_u=IEBAAEAAAAAAACAAI~&z=113419654 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 22 Oct 2022 11:02:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
scontent-lhr8-2.xx.fbcdn.net/v/t39.30808-6/310837032_470729091743996_7043640141462266882_n.jpg?stp=dst-jpg_s350x350&_nc_cat=102&ccb=1-7&_nc_sid=8024bb&_nc_ohc=9KGUbA1behMAX8hboZM&_nc_ht=scontent-lhr8-2.xx&oh=00_AT9cIO8-rEMtEY7TXrChKTmttvoYJZhzAqVOECGhNtkabw&oe=63599502
200 OK 16 kB URL HTTP/2 scontent-lhr8-2.xx.fbcdn.net/v/t39.30808-6/310837032_470729091743996_7043640141462266882_n.jpg?stp=dst-jpg_s350x350&_nc_cat=102&ccb=1-7&_nc_sid=8024bb&_nc_ohc=9KGUbA1behMAX8hboZM&_nc_ht=scontent-lhr8-2.xx&oh=00_AT9cIO8-rEMtEY7TXrChKTmttvoYJZhzAqVOECGhNtkabw&oe=63599502
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x199, components 3\012- data
Hash 2e201a3b46b7a2b52bca18761f9825ec
d4b0ed6c8b1c65a71f2e9e0f83d5b88d74af533c
33f6bc0adeba4b0413282fd51af1a0ed5c9151354796ee4e8e69c426d69c3451
GET /v/t39.30808-6/310837032_470729091743996_7043640141462266882_n.jpg?stp=dst-jpg_s350x350&_nc_cat=102&ccb=1-7&_nc_sid=8024bb&_nc_ohc=9KGUbA1behMAX8hboZM&_nc_ht=scontent-lhr8-2.xx&oh=00_AT9cIO8-rEMtEY7TXrChKTmttvoYJZhzAqVOECGhNtkabw&oe=63599502 HTTP/1.1
Host: scontent-lhr8-2.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 04 Oct 2022 15:29:28 GMT
x-haystack-needlechecksum: 3749454857
x-needle-checksum: 1682053463
content-type: image/jpeg
content-digest: adler32=509086550
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 15455
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:09 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=300&h=250
204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=300&h=250
IP
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=300&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 22 Oct 2022 11:02:09 GMT
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
Connection: close
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 06210a4a9db522652fd6aabfa05b2653
630b4ef71ec82a3970927a328d279035eaaa1267
5100e1703020fdef7d473c91e1c88dfb734083057f431feeefaaa24838990a21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=GrjvKgrmAfirL6ecsc1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=GrjvKgrmAfirL6ecsc1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:09 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=970&h=250
204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=970&h=250
IP
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FdWMEgV&host=reurl.cc&xr=0&w=970&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Sat, 22 Oct 2022 11:02:09 GMT
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
Connection: close
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
200 OK 22 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
IP
Hash 80519cf52096dac58cd26f274a9924da
3221a556164fb5b8d25aa37a09f45b88a0e4b8b5
66b829456386c376bd32b0ac7ac12cf61fc5278a79f368a72a9bad5f85726f32
GET /landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
200 OK 48 kB URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
IP
ASN #3462 Data Communication Business Group
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=8, height=0, bps=8, xresolution=110, yresolution=118, resolutionunit=2, width=0], baseline, precision 8, 970x250, components 3\012- data
Hash a06621da052a3d68d5224335607b7be9
5f4bdcbe8daca4c030c20d0a32ac76c037c162d8
1219005b1ac715570be263a42b98d63280456e8fc7fcdfdf704536cfe5f9e9b2
GET /cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
img.scupio.com/js/adsbyscupio.js?v=1.0.2
200 OK 60 kB URL HTTP/2 img.scupio.com/js/adsbyscupio.js?v=1.0.2
IP
Hash cc4f1989041a094bbb9dc5db0791afdd
61e9a41d6222d317ba31a8f39b9d8df3f264f09c
c53af1be564d36092591dc6cc3929f48e4312f56b4bb698f593aa131524a0651
GET /js/adsbyscupio.js?v=1.0.2 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 19 Apr 2021 03:30:31 GMT
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:10 GMT
expires: Sat, 22 Oct 2022 14:01:26 GMT
cache-control: max-age=10800
etag: W/"607cf957-11ab"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3HNrsWAsvz8qzRkwvS-BFf0Kqlzsgkwp4EwaRyN90AP0dAOjlDHrjw==
age: 44
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 314 B IP
Hash fb66e5061c9867884c8cbea212d81a27
063ee458e03219f0c8ecd74ea71d0f7195c1b37a
c126fab4739f14df7c65b6303c253cbf959431dd861d605e6024e90553200e29
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4377
Cache-Control: max-age=112660
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:10 GMT
Etag: "6352d1ad-13a"
Expires: Sun, 23 Oct 2022 18:19:50 GMT
Last-Modified: Fri, 21 Oct 2022 17:06:53 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 314
cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined
302 Found 357 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8ae62012c02a967549fabdb763f939d4
0ab2cf1e280ded94c255d27a16edcc49b387a92d
2e1b344188e23472a164288a32c49737920129da4565ed5c282cf18b59b32c72
GET /pixel?google_nid=clickforce_dmp&google_cm&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_tc=
date: Sat, 22 Oct 2022 11:02:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 357
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 22-Oct-2022 11:17:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 60fcf0b588f9927fde2759de6b3e3fed
f564b9ea498a878638fa3a374bf6fdfe468559ad
ae3eb07b4b347d54014f24971dafb4dccbc009c397caec6a78403e92e65f3cbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d8ad2cc67fe4edf14ed9497ee349419b
b11f1d3df0e57e5967f39f8dfeb97af5138edd5f
b459e908234aaa71dd46eafb74920476176f9f8136fc2df0cdd7eecb744d35c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_tc=
302 Found 316 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_tc=
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 57cf41297cbc7be1254541ec7694f5b2
20a5952eab4f6a8a6126212b3f9a3e1c1955b09c
4b862ef7684016fd69deb69f770955dad8c2d80502620a8a28f9e155b1d748d6
GET /pixel?google_nid=clickforce_dmp&google_cm=&cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://m.holmesmind.com/ml/google?cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_error=3
date: Sat, 22 Oct 2022 11:02:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 316
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&_u=IEBAAEAAAAAAACAAI~&z=424078940
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&_u=IEBAAEAAAAAAACAAI~&z=424078940
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=139760107.1666436543&jid=615895296&_u=IEBAAEAAAAAAACAAI~&z=424078940 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 22 Oct 2022 11:02:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
200 OK 42 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
IP
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d8ad2cc67fe4edf14ed9497ee349419b
b11f1d3df0e57e5967f39f8dfeb97af5138edd5f
b459e908234aaa71dd46eafb74920476176f9f8136fc2df0cdd7eecb744d35c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=f7cc15e8-f3ac-4027-b54b-9a243df420d9
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=f7cc15e8-f3ac-4027-b54b-9a243df420d9
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=a546ca&cid=%%%20Partner%20Cookie%20Here%20%%&mp=f7cc15e8-f3ac-4027-b54b-9a243df420d9 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=131&profileId=184&cb=17441789605
200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=131&profileId=184&cb=17441789605
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash f84a2032ca8ed7d72e05b6fd543397e6
450d6f1878fb8bf842355428cb4afe56d9ad9681
0f644489c1bb6dc2a5c99ef2ab935a4b7ae851d2471f0626eaddcf3fc35367f4
POST /cdb?ptv=131&profileId=184&cb=17441789605 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=131&profileId=184&cb=31857586952
200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=131&profileId=184&cb=31857586952
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash a008c07062908adfca6f7f07c145eaa9
45669e3a33a282be533abb54088d8bff357a99ff
5f24dad76946edfe45d9cc0e2f87da01407f7c67812babe138f59108ccc018b3
POST /cdb?ptv=131&profileId=184&cb=31857586952 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=131&profileId=184&cb=80530904015
200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=131&profileId=184&cb=80530904015
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 03b4feb7f0d1d9156aa2fc238cad0a1b
a2a856461de94d7f4f5039212b021ffab7a3b58a
6c12f3e1f760f1f7ec064d37c86975619452d552e3141bedf02478d310bea8ce
POST /cdb?ptv=131&profileId=184&cb=80530904015 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
f7cc15e8-f3ac-4027-b54b-9a243df420d9.t.ssp.hinet.net/pixel?bd=f7cc15e8-f3ac-4027-b54b-9a243df420d9&t=50ef57&referrer=
200 OK 0 B URL HTTP/2 f7cc15e8-f3ac-4027-b54b-9a243df420d9.t.ssp.hinet.net/pixel?bd=f7cc15e8-f3ac-4027-b54b-9a243df420d9&t=50ef57&referrer=
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=f7cc15e8-f3ac-4027-b54b-9a243df420d9&t=50ef57&referrer= HTTP/1.1
Host: f7cc15e8-f3ac-4027-b54b-9a243df420d9.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 57 B IP
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash d5965b4b95d454b9a05f0fb4e859adde
8f016df56a6377ecf41f1bd89aab6253710c20f5
5d078f8782a120d80812a5a2e59e2dc3f871f3ae57d9696f188c135b0778f1a9
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=b4d2c374-6138-44fe-afe7-da848cb80583; expires=Mon, 21-Oct-2024 11:02:09 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:10 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=cfIkBIffBC2ARtsjss1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=cfIkBIffBC2ARtsjss1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:10 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:10 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=LoSRmTjYBJaYHk9Xss1TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=LoSRmTjYBJaYHk9Xss1TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:10 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.13534862213201782
204 No Content 0 B URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.13534862213201782
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /recweb/prebid.aspx?cb=0.13534862213201782 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private
content-type: text/html
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sat, 22 Oct 2022 11:02:10 GMT
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=725299fb-3441-47d7-9a8d-cbee2b426a57
200 OK 52 B URL HTTP/2 t.ssp.hinet.net/emome2?u=725299fb-3441-47d7-9a8d-cbee2b426a57
IP
ASN #3462 Data Communication Business Group
Hash c8ac5b094845b0b18fec7081bc0f0c82
d03e6d146d8d204fb9960b0aa4b3be27f67b27d9
a1248fdc6c418dffd4f546298556996787584539c9cfbde3f3117c094db0afa9
GET /emome2?u=725299fb-3441-47d7-9a8d-cbee2b426a57 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 96408654f3c0571a2c7f50230b3e6b25
279f6f349e7606b239d0ce741ad23b8568173574
e72114e3125f75fb7653f0e678205cb7dc2778eff1fb174d9df6f2eadf4fa461
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5168
Cache-Control: max-age=149440
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:11 GMT
Etag: "63535e43-139"
Expires: Mon, 24 Oct 2022 04:32:51 GMT
Last-Modified: Sat, 22 Oct 2022 03:06:43 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=xDdfjV80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnF0ZHhGNHg0Q3AlMkY2d1N5OGVrYTZHaW5LUnMzb3M5bG5lcCUyRnFxbXFJQ1A; expires=Thu, 16 Nov 2023 11:02:11 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 254212
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=P7dU4l80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3YxYVlnY1pyTUVuQTZpd2U1VXlkUjM; expires=Thu, 16 Nov 2023 11:02:11 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 270684
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 6056850c7bc6024b63d3fb0e3b2b5cbd
76963ce21d64b0af8f86b069527623d8ef5eeee0
7769bea1c8964ee9e209c2563be55b2b90da002cb9d5a905d78e01f400826413
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 571
Cache-Control: max-age=166092
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:11 GMT
Etag: "6353b144-139"
Expires: Mon, 24 Oct 2022 09:10:23 GMT
Last-Modified: Sat, 22 Oct 2022 09:00:52 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 313 B IP
Hash 6056850c7bc6024b63d3fb0e3b2b5cbd
76963ce21d64b0af8f86b069527623d8ef5eeee0
7769bea1c8964ee9e209c2563be55b2b90da002cb9d5a905d78e01f400826413
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 586
Cache-Control: max-age=166107
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:11 GMT
Etag: "6353b144-139"
Expires: Mon, 24 Oct 2022 09:10:38 GMT
Last-Modified: Sat, 22 Oct 2022 09:00:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 313
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:11 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1666436543200&hb=1&ver=1.21
200 OK 20 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1666436543200&hb=1&ver=1.21
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /adserver/prebid.json?cb=1666436543200&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 39
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:10 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
reurl.cc/javascripts/renews.js
200 OK 325 B URL HTTP/2 reurl.cc/javascripts/renews.js
IP
Hash fb7f250be1a675f14e9d3eb8cb172d32
18635fdc1f0af50a654f67e4297d392acb6e4da1
568872f161b5118d2fbaf0e6215dc36cb1034217009e63b72f3bd5ec1e08cc9d
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/dWMEgV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-19c"
expires: Sun, 22 Oct 2023 11:02:07 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.6295560160410716
200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.6295560160410716
IP
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 06b52e5b352ad714a16228e4682e8cb7
924f44927f43c20d71da6b37e024782ccddae180
4067f915024cbe953deaaa7d5cc8b71051d81176712afdbfd7041edacb47ceba
POST /adpinline/bidinfo.aspx?cb=0.6295560160410716 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 921
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=sfbh2bylx4waxnijtk2snjkn; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=sfbh2bylx4waxnijtk2snjkn; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CZA20221022190211841050; domain=scupio.com; expires=Fri, 22-Oct-2027 11:02:11 GMT; path=/; secure; SameSite=None
gx=H4sIADM%2bVGMA%2fxNmYGDg4uaY0Hj19Z3OWdYCrEIsHPYCTADLmW2zFwAAAA%3d%3d; domain=scupio.com; expires=Sun, 22-Oct-2023 11:02:11 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Sat, 29-Oct-2022 11:02:11 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:10 GMT
Content-Length: 1474
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.26317413250517785
200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.26317413250517785
IP
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 912a1a7b678c11812024688a579db4dc
3a47a41b59193808ee96318a59fb247434d6a2d0
c6fb15719a70e4a5128a1b26076a294613eb86ec375cd5a814831a7f91bec8c6
POST /adpinline/bidinfo.aspx?cb=0.26317413250517785 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 920
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=55rthygw5trfe4jj22j5onim; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=55rthygw5trfe4jj22j5onim; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CXA20221022190211438244; domain=scupio.com; expires=Fri, 22-Oct-2027 11:02:11 GMT; path=/; secure; SameSite=None
gx=H4sIADM%2bVGMA%2fxNmYGDg4ua4tG7xmzuds6wFWIVYOOwFmAD6SSCpFwAAAA%3d%3d; domain=scupio.com; expires=Sun, 22-Oct-2023 11:02:11 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Sat, 29-Oct-2022 11:02:11 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:11 GMT
Content-Length: 1475
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:11 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=jNk2B48nCeGCe5y-s81TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=jNk2B48nCeGCe5y-s81TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
fcm.holmesmind.com/cm.php
200 OK 86 B URL HTTP/2 fcm.holmesmind.com/cm.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash e02eca272e85b72ba06c1c824a7613de
1953e84b63858e024ee1a9f6edcefc3b0438349a
c5edc489b4fa1c36555976fac5d862b7c29b3883aecf029bd19e472158bd1fb5
GET /cm.php HTTP/1.1
Host: fcm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:11 GMT
server: Apache/2.4.29 (Ubuntu)
set-cookie: fcm=1;Expires=Sunday, 23-Oct-2022 11:02:11 UTC;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
vary: Accept-Encoding
content-encoding: gzip
content-length: 86
content-type: text/html; charset=UTF-8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 45 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash ad2191c30fe5b7429d23c4e089b1f256
fecc31f2be0470b2437d768f865a7030b6305446
5b11c9cdc56d517fed852b7406ec1d7aadbdd25d60e43aece9d768dd70afc0a9
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:11 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 276273
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
date: Sat, 22 Oct 2022 11:02:11 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=133&o=4&d=1&b=3&ts=1&ii=2&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
200 OK 1.2 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=133&o=4&d=1&b=3&ts=1&ii=2&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
IP
File type HTML document text\012- HTML document, ASCII text, with very long lines (1099)
Hash dff9081c9b343aa6d51484179032299a
59770b07d1ce5c459f1794b47d5c435fb84e71e7
351fbbabce635cedf4644c781d39326c49c9ce4864015b954ff3daee0cc0fed4
GET /adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=133&o=4&d=1&b=3&ts=1&ii=2&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.117.js
200 OK 33 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.117.js
IP
File type HTML document, ASCII text, with very long lines (65354)
Hash 1aa5d634a66764eaf67154bcb7c70312
231bebe758ff6159c295b53347633be08d75180b
71124d371cae09e16cd9e3f9fcffb2fb4abf89922b8bd5287c69c0fa9f475e39
GET /js/ld/publishertag.prebid.117.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: text/javascript
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
etag: W/"61cc54f6-15c19"
expires: Sun, 23 Oct 2022 11:02:10 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 22 Oct 2022 11:02:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sat, 22 Oct 2022 11:02:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.js
200 OK 9.5 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
File type ASCII text, with very long lines (18097)
Hash aeaa0bbf44a86e731521fd1a5014fe73
f1e5097bada39ecc55f2653c8026b4a48f25d34f
7aba7fe9165ef68e0c5828677611e7e1c302e2ad21a9b112f623389282b8ab5c
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 17 Oct 2022 18:37:59 GMT
Content-Encoding: gzip
Content-Length: 9456
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=32140
Expires: Sat, 22 Oct 2022 19:57:51 GMT
Date: Sat, 22 Oct 2022 11:02:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
ag.gbc.criteo.com/newidsd
200 OK 41 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
Hash a291d8b106153abf331dee8a1e3e3224
0633b677e1342e47ae5a569b0fb978d3f1344f1e
b7b64e032f796b55dc1f466b3bc1d7eee4216c196cecd533554b4a8609860357
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 116508
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=131&profileId=184&cb=75918752560
200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=131&profileId=184&cb=75918752560
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 6b045e7ca778ba0fd4d528d6750a14b7
469e360da77e8dae2c2cb99b048e30bf6fe28910
fee52b8c6f359297e7dfe913c6de058b3f34f6c80d004169c0236e8c512fefd3
POST /cdb?ptv=131&profileId=184&cb=75918752560 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ads.aralego.com/sdk
301 Moved Permanently 0 B IP
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
ocsp.digicert.com/
200 OK 278 B IP
Hash f3d3d2060fc69e4dcb4836ffbdba92aa
8c4eae7f4ff12923895c818dae44822c6ff035f2
1a7a82abed00618f2de9b89e0d591c0bf825b73c0bef8dda19f99349569987b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6235
Cache-Control: max-age=170655
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:11 GMT
Etag: "6353acf7-116"
Expires: Mon, 24 Oct 2022 10:26:26 GMT
Last-Modified: Sat, 22 Oct 2022 08:42:31 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 278
cdn.aralego.net/ucfad/sdk/us-east/sdk
200 OK 44 kB URL HTTP/2 cdn.aralego.net/ucfad/sdk/us-east/sdk
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (43705), with no line terminators
Hash 0edbdb34f8b86da4290bfd11394f5a36
3452910b1954171c86caec8b08c4301b961e71fd
28bf646c6e799ca96adb3a5b48fe882639d31e27102cad9ed2979555da55944a
GET /ucfad/sdk/us-east/sdk HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:11 GMT
content-type: application/octet-stream
content-length: 43705
last-modified: Thu, 22 Sep 2022 10:05:53 GMT
etag: "632c3381-aab9"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 858
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdW8FfNKnw4O5bd8nMOMbVcrdehGRHSniOl1O1opemR5dSDz8m%2FHA4RCZphEc2RojJVw%2BucvegEWHFZZHLy1rmLg%2Fci0CHEJGSn62ZSa8Jr%2BNfCr2xuFr6f8TKMUlRh3Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e1bd428b1e0b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 437 B IP
ASN #3462 Data Communication Business Group
File type ASCII text, with very long lines (333), with no line terminators
Hash 3852be48b799c0afaafd2ba1fcb66a6f
1d418dbcb267ae82a70d657b35d6acebfb236dd8
19f966301f8a2b16f961ad950ec8eca56be94b81f37ac9d598a1ea3025637d8e
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f; expires=Mon, 21-Oct-2024 11:02:10 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash f3d3d2060fc69e4dcb4836ffbdba92aa
8c4eae7f4ff12923895c818dae44822c6ff035f2
1a7a82abed00618f2de9b89e0d591c0bf825b73c0bef8dda19f99349569987b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4036
Cache-Control: max-age=168456
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:11 GMT
Etag: "6353acf7-116"
Expires: Mon, 24 Oct 2022 09:49:47 GMT
Last-Modified: Sat, 22 Oct 2022 08:42:31 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.21014321811118342
200 OK 155 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.21014321811118342
IP
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash a3d8e5ff0987f530af829545f5ff0f57
39ddea5cc087b9e27d27ea5e472d062f9c9897b6
6e1131be760ccc559cf74db75a8ac72150e2c8288fe5a58fa48fe80b1938ebc8
GET /ssp/initid.aspx?mode=L&cb=0.21014321811118342 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=szfx1ydzfbwusb0lkypj4e21; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:10 GMT
Content-Length: 155
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CZA20221022190211841050
302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CZA20221022190211841050
IP
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CZA20221022190211841050 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Sat, 22 Oct 2022 11:02:11 GMT
connection: close
bidder.criteo.com/cdb?ptv=131&profileId=184&cb=67919446517
200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=131&profileId=184&cb=67919446517
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 350b5b50caa7a4c7ac555e502a48977d
34a67139dc0ee432f7c00f3095875cb4f56691af
af474b5c40b8a695b51ec2b6754b34180165e734147e548d3e9109c125121b02
POST /cdb?ptv=131&profileId=184&cb=67919446517 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221022190211438244
302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221022190211438244
IP
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CXA20221022190211438244 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
set-cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 111
date: Sat, 22 Oct 2022 11:02:11 GMT
connection: close
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 5f1d025b1a923389aee149e0cbbcad5a
f988a5b822c51fe2d71ee7343732254604b8024d
4f8f83e9bab4efcb56b61f08b6ce57dfb50e822c1de9fd089614d084d2f072ca
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 11:02:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 26 Oct 2022 08:07:09 GMT
ETag: "f988a5b822c51fe2d71ee7343732254604b8024d"
Last-Modified: Sat, 22 Oct 2022 08:07:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1096
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e1bd43de68b503-OSL
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:11 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:11 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
200 OK 305 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP
ASN #30633 LEASEWEB-USA-WDC
Hash 590d78a3181d236bae0751369c69143b
bdb4c45318aab5234d158dd3949292121f4b4f8f
5e7e2750e5376b4cce88dc1d60ab6df4ddc9232374160255b9306d0c7cbb5f4a
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
content-type: text/html; charset=utf-8
content-length: 46
vary: Accept-Encoding
date: Sat, 22 Oct 2022 11:02:11 GMT
connection: close
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: GET,POST,OPTIONS
set-cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
content-type: text/html; charset=utf-8
content-length: 46
vary: Accept-Encoding
date: Sat, 22 Oct 2022 11:02:11 GMT
connection: close
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.3998909776904047&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
200 OK 552 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.3998909776904047&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 6c953e9565094a7ed7ec437722149c59
e62714301252f34839df79c25079b070211cd6ec
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.3998909776904047&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
X-Adtype: html
X-Width: 300
X-Height: 250
X-AdStyle: banner
X-AdSource: PSA
Content-Type: text/html; charset=utf-8
Content-Length: 552
Vary: Accept-Encoding
Date: Sat, 22 Oct 2022 11:02:11 GMT
Connection: close
ocsp.digicert.com/
200 OK 471 B IP
Hash 230be722247918a73bb5ec81b5d239ab
abb171637c08d595fddf71b5e1abd5b466f31ef7
67bda11ef457dbae82a279222703212acc4b299d899864c527141d926cef1f1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3659
Cache-Control: max-age=137138
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:12 GMT
Etag: "6353341b-1d7"
Expires: Mon, 24 Oct 2022 01:07:50 GMT
Last-Modified: Sat, 22 Oct 2022 00:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.30596832930087514&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
200 OK 555 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.30596832930087514&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash db2b88caa2c34dc0d6153583839218f2
1752062cf41f0778d347bc5e115d1caef1233630
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FdWMEgV&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.30596832930087514&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:11 GMT; Secure; SameSite=None
X-Adtype: html
X-Width: 300
X-Height: 250
X-AdStyle: banner
X-AdSource: PSA
Content-Type: text/html; charset=utf-8
Content-Length: 555
Vary: Accept-Encoding
Date: Sat, 22 Oct 2022 11:02:11 GMT
Connection: close
securepubads.g.doubleclick.net/tag/js/gpt.js
200 OK 28 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP
Hash fb31323dda8c66b73077fdbc17c1e9a2
7a12c83c8b9d4c741b54eda1244671f149caaf3f
a4912e2a4f033b71c2dcb9aee1569096a2283ea371677f7ba6e5df8c5219b195
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27349
date: Sat, 22 Oct 2022 11:02:12 GMT
expires: Sat, 22 Oct 2022 11:02:12 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1371 / 424 of 1000 / last-modified: 1666390088"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/show_ads.js
200 OK 40 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP
File type ASCII text, with very long lines (2554)
Hash 63466df67e217910be067e1949e00257
3ce3be3330cf36b21d193474862d959a4e552a80
a632aaad55c21fe5cb8f4d8660760bb978eecacb2447be0d9f1ce52a89ebf455
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 22 Oct 2022 11:02:12 GMT
expires: Sat, 22 Oct 2022 11:02:12 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 5137257447078685018
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 39988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
m.holmesmind.com/ml/google?cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_error=3
200 OK 0 B URL HTTP/2 m.holmesmind.com/ml/google?cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_error=3
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ml/google?cf_uid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&uu_m=undefined&google_error=3 HTTP/1.1
Host: m.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsqVXdqq7HIXcWeXOfgeVfrxfjw5If44KAsncc7G5GvOp9teYzOAcrN9PNmJSvUsdCrbYVM17AdYpV3Rb6K6dC8uA
expires: Sat, 22 Oct 2022 12:02:12 GMT
date: Sat, 22 Oct 2022 11:02:12 GMT
cache-control: public, max-age=3600
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 0
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-storage-class: REGIONAL
accept-ranges: bytes
content-length: 0
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
200 OK 35 B URL HTTP/1.1 sync.aralego.com/idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}&
IP
ASN #30633 LEASEWEB-USA-WDC
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /idsync?gdpr=1&euconsent-v2=${GDPR_CONSENT_607}& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
set-cookie: euconsent-v2=; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:12 GMT; Secure; SameSite=None
gdpr=1; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:12 GMT; Secure; SameSite=None
sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Sun, 22 Oct 2023 11:02:12 GMT; Secure; SameSite=None
content-type: image/gif
content-length: 35
date: Sat, 22 Oct 2022 11:02:12 GMT
connection: close
adservice.google.no/adsid/integrator.js?domain=cdn.aralego.net
200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=cdn.aralego.net
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cdn.aralego.net HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 11:02:12 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cdn.aralego.net HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=cdn.aralego.net
IP
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=cdn.aralego.net HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
204 No Content 0 B URL HTTP/1.1 pixel-apac.rubiconproject.com/exchange/sync.php?p=xapi-bridgewell
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=xapi-bridgewell HTTP/1.1
Host: pixel-apac.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 808ed95536e7f55d8adbcb9fc76d309d
Content-Type: image/gif
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:12 GMT
Content-Length: 0
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash da8807c6af2451da0a685a3c68d63077
a543920204460eb88c588cd077b36a88ff735cef
bb0321415e69692b18380a0c6bd30c8cabf8b5756fedc4c021ce92524988ccc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d9b26a6fb942b512fd0fd7dfdd31bf1a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
200 OK 3.1 kB URL HTTP/2 d9b26a6fb942b512fd0fd7dfdd31bf1a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: d9b26a6fb942b512fd0fd7dfdd31bf1a.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 22 Oct 2022 11:02:12 GMT
expires: Sun, 22 Oct 2023 11:02:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
200 OK 250 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
IP
File type ASCII text, with very long lines (383), with no line terminators
Hash 9eb918c5bd57073f3e0be03dd783b7d3
e8df2d98f4a620317f9905417e6ff056c00b0da8
b095a9b7df98ca40e4b095501c062cbb84d913fd22c56ff95cfa3490948e7c2d
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
cache-control: private
content-length: 250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
df0af7270000121b19d1a3c42b789f94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
200 OK 3.1 kB URL HTTP/2 df0af7270000121b19d1a3c42b789f94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: df0af7270000121b19d1a3c42b789f94.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 22 Oct 2022 11:02:12 GMT
expires: Sun, 22 Oct 2023 11:02:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
200 OK 249 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1
IP
File type ASCII text, with very long lines (383), with no line terminators
Hash 3dd4ead2616178f7050ce503684895d1
33a1c88272b8b775c18d91d19f21d4219e9ed73d
19a288b89e34c0748a0d2c2811f5e8effbc554ad00d1fa80b64eed039a441169
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
cache-control: private
content-length: 249
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash da8807c6af2451da0a685a3c68d63077
a543920204460eb88c588cd077b36a88ff735cef
bb0321415e69692b18380a0c6bd30c8cabf8b5756fedc4c021ce92524988ccc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 9548c9753766c064281382773a5bb5fb
9fd0ffcca2333027d6b127080ab97d6fb8d06712
2195932a1137889394b79e3acf2a6cf8d0a0711d5fe1d487d483453a2b1dfbad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 11:02:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 22 Oct 2022 11:02:12 GMT
Content-Length: 0
t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 6.4 kB URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
File type gzip compressed data, max compression\012- data
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /cm?c=50ef57&cid=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:11 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546440&bpp=18&bdt=542&idt=358&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=1&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=383170083&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=509&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=168901460&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070425%2C44774606%2C44775016%2C31069794%2C31068920&oid=2&pvsid=1135339490771547&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.7ibjsb39omcq&fsb=1&dtd=432
302 Found 66 B URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546440&bpp=18&bdt=542&idt=358&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=1&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=383170083&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=509&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=168901460&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070425%2C44774606%2C44775016%2C31069794%2C31068920&oid=2&pvsid=1135339490771547&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.7ibjsb39omcq&fsb=1&dtd=432
IP
Hash 320a34d5c6720a08d09ecc5e381d014e
47a21f29664d7ec124cf13b7ed4bd39b07f2ea52
19da131ca5051b33145bce435f851db93c69219792cf46a7302b3f4c11e9c08b
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F12679&adk=3645501049&adf=2645242783&pi=t.ma~as.2784%2F12679&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546440&bpp=18&bdt=542&idt=358&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=1&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=383170083&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=509&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=168901460&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070425%2C44774606%2C44775016%2C31069794%2C31068920&oid=2&pvsid=1135339490771547&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.7ibjsb39omcq&fsb=1&dtd=432 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://cdn.doublemax.net/tos_zone/pb_adx/common/451.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 22 Oct 2022 11:02:12 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 22-Oct-2022 11:17:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 13:50:45 GMT
expires: Sat, 21 Oct 2023 13:50:45 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 76287
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash eddc08ea920505a09c0950835bdbfb79
92e273257c404b4b69a316029f14b088f8779221
8830b190cb8238d25e9224614962fbd50e23d26ba0531230d62976f7eefb7a3e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 22 Oct 2022 11:02:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 21 Oct 2022 23:24:17 GMT
Expires: Sat, 22 Oct 2022 23:24:17 GMT
ETag: "92e273257c404b4b69a316029f14b088f8779221"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546404&bpp=18&bdt=506&idt=336&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=2&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=1751481749&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=302892277&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706%2C44773614%2C31070423%2C44770881%2C44775016&oid=2&pvsid=885242252740332&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wmtrknkzzn47&fsb=1&dtd=428
200 OK 24 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546404&bpp=18&bdt=506&idt=336&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=2&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=1751481749&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=302892277&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706%2C44773614%2C31070423%2C44770881%2C44775016&oid=2&pvsid=885242252740332&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wmtrknkzzn47&fsb=1&dtd=428
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (57225), with no line terminators
Hash 410143abb8bcc4a80392facd21fa8337
68d8031b0dc8ca1f74b74275a478f6467a4bf1a5
fac3f4a838ce49fbe6c68824e1e077d05714d1a08c0cfb65017070c89c080dc6
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FdWMEgV&ea=0&wgl=1&dt=1666436546404&bpp=18&bdt=506&idt=336&shv=r20221019&mjsv=m202210130101&ptt=5&saldr=sa&correlator=2671058675484&frm=23&ife=1&pv=2&ga_vid=139760107.1666436543&ga_sid=1666436547&ga_hid=1751481749&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=302892277&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706%2C44773614%2C31070423%2C44770881%2C44775016&oid=2&pvsid=885242252740332&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wmtrknkzzn47&fsb=1&dtd=428 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 22 Oct 2022 11:02:13 GMT
server: cafe
content-length: 24063
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 22-Oct-2022 11:17:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 22 Oct 2022 11:02:13 GMT
cache-control: private
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
200 OK 48 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP
File type ASCII text, with very long lines (3502)
Hash 6c2c63267761d8c4ba9b942285af1c7b
ab3ec2bef8bd96c11825750a32f7329ed1b8a9b7
8f8ddd950720d607c6e62539b2e0781ba3a283df23ea35d55fb6b261202d0db0
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 47476
date: Sat, 22 Oct 2022 11:02:13 GMT
expires: Sat, 22 Oct 2022 11:02:13 GMT
cache-control: private, max-age=3000
etag: "1666179788250400"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
200 OK 1.4 kB URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP
File type JSON data\012- , ASCII text, with very long lines (1120)
Hash fe4269a0509263a22048f7850ec0ac52
633580bb2d4f579369be91749d3e58bb1e07af94
cca6c631e8107fe07104dfcf452cce5410a6859b9e57d3b0b03129d156036ddb
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://img.scupio.com/
Origin: https://img.scupio.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:13 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 557264
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
200 OK 14 kB URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP
File type JSON data\012- , ASCII text, with very long lines (1863)
Hash b9446a60b9ec9d79c0a2067e78a935b5
18fc98f7d6b35a23678e2106dfe053af51a6c617
80336eb108569ff12f7b299211dbea6db55eab23a00989068e45467172a4d80e
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 531979
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.doublemax.net/tos_zone/pb_adx/common/451.html
200 OK 258 B URL HTTP/2 cdn.doublemax.net/tos_zone/pb_adx/common/451.html
IP
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f37fdd9b131d352b351775ce55bdd908
23e082434020ece26080a9b3abc3bad2bc221e3d
d34f6791093494692bf9603540a25f601f57426d0fcb65612ecde013e2ab25f0
GET /tos_zone/pb_adx/common/451.html HTTP/1.1
Host: cdn.doublemax.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 258
last-modified: Mon, 07 Aug 2017 03:20:35 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 22 Oct 2022 11:02:14 GMT
etag: "f37fdd9b131d352b351775ce55bdd908"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 77ERhuMxxl18KdF_nm9AZdvFZVY7lXF9lKcl_f8w9KfaBkhUOMnyHA==
X-Firefox-Spdy: h2
cdn.doublemax.net/js/init.js
200 OK 2.4 kB URL HTTP/2 cdn.doublemax.net/js/init.js
IP
Hash 413b5a85d26cf015421a596ff67e96f4
3c73b981496543dac2f1c9bbc9b3bff5ccea796a
865f612414f7f816909d7117c55c307cc15309a5b27e05a4c6039b5b85c7de49
GET /js/init.js HTTP/1.1
Host: cdn.doublemax.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/tos_zone/pb_adx/common/451.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
server: AmazonS3
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:08 GMT
etag: W/"439e160b698f1ec2efb45c3b6cd6b265"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wb1q7F7hUtl0ScQ2LUo4CPauwD0ger6sL5I3EJhalbV0M3Y05AUY3w==
age: 7
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13856
200 OK 23 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13856
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (14552)
Hash 194bb9ad5d936b9cb58b19d5d7829448
9d4f5c7a6666ee84e69722633db5c572c09a84ea
4416303a6154391d4db4625c14b595c28e2293a1e0ed7db5cf518a2446502b06
GET /adserver/Preset.js?z=13856 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 10:59:41 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pBJGpfj4NvvjMTWJPXS5d9Ha4asM50Euo7pFwHUYY5lCIXOnblgOTg==
age: 147
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D58498%26Tags%3D2010%2C2525%2C2526%2C2558%2C2613%2C2575%2C2576%2C2577%2C2622%2C2200%2C2190%2C2188%2C2189%2C2181%2C2100%2C2099%2C2912%2C2921
200 OK 20 B URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D58498%26Tags%3D2010%2C2525%2C2526%2C2558%2C2613%2C2575%2C2576%2C2577%2C2622%2C2200%2C2190%2C2188%2C2189%2C2181%2C2100%2C2099%2C2912%2C2921
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D58498%26Tags%3D2010%2C2525%2C2526%2C2558%2C2613%2C2575%2C2576%2C2577%2C2622%2C2200%2C2190%2C2188%2C2189%2C2181%2C2100%2C2099%2C2912%2C2921 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:14 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 56 B IP
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 4524dd2d0d28adacb734dddf01081180
63c9698ab22316114bb3160b74b82ce73bc45ec0
384af7450095b8599455cfbe2f24844fda962c1dd4a863245fb10e4ad6a038dc
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:14 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f; expires=Mon, 21-Oct-2024 11:02:14 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
2f94996a-34cb-4e9f-b4ae-ed17b169436f.t.ssp.hinet.net/pixel?bd=2f94996a-34cb-4e9f-b4ae-ed17b169436f&t=cf&referrer=https%3A%2F%2Fdoublemax.net
200 OK 0 B URL HTTP/2 2f94996a-34cb-4e9f-b4ae-ed17b169436f.t.ssp.hinet.net/pixel?bd=2f94996a-34cb-4e9f-b4ae-ed17b169436f&t=cf&referrer=https%3A%2F%2Fdoublemax.net
IP
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=2f94996a-34cb-4e9f-b4ae-ed17b169436f&t=cf&referrer=https%3A%2F%2Fdoublemax.net HTTP/1.1
Host: 2f94996a-34cb-4e9f-b4ae-ed17b169436f.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:14 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 572
Origin: null
Referer: https://cdn.doublemax.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Sat, 22 Oct 2022 11:02:15 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=ANMlyN9KAfmh9qQLt81TYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=ANMlyN9KAfmh9qQLt81TYw; Path=/; Domain=c.appier.net; Expires=Sun, 22 Oct 2023 11:02:15 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=500&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=500&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
IP
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=500&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=ClhBl180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3VoOHM0ZXBwbzMxOEx0Y2I1Z3pPJTJGZw&idsd=-120687736,1999665483
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=ClhBl180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3VoOHM0ZXBwbzMxOEx0Y2I1Z3pPJTJGZw&idsd=-120687736,1999665483
IP
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=ClhBl180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3VoOHM0ZXBwbzMxOEx0Y2I1Z3pPJTJGZw&idsd=-120687736,1999665483 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1054520
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
200 OK 0 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
IP
GET /landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.0
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/dWMEgV
200 OK 0 B IP
Analyzer Verdict Alert openphish Key Bank
GET /dWMEgV HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://mcsd.synergylightingusa.com/DclneAttmpt/ibxkey
content-encoding: gzip
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13848
200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13848
IP
GET /adserver/Preset.js?z=13848 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 10:59:41 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: togK0XxxzEMLgOGnYcQsM7tSh65WbvV2eLwjwduhsIigBF4rXpswhA==
age: 147
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
200 OK 0 B URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:08 GMT
expires: Mon, 21 Nov 2022 11:00:06 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: pD8hFEbgFiVqMcmdpPF3hc881DZSzVboBLU41p33ca37MwB6bbdlBA==
age: 121
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:14 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 107961
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/utag.js
200 OK 0 B IP
ASN #3462 Data Communication Business Group
GET /utag.js HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: application/javascript
last-modified: Mon, 25 Jul 2022 06:51:32 GMT
vary: Accept-Encoding
etag: W/"62de3d74-134a"
expires: Sat, 22 Oct 2022 11:12:09 GMT
cache-control: max-age=600
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 0 B IP
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f; expires=Mon, 21-Oct-2024 11:02:10 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f
IP
ASN #3462 Data Communication Business Group
GET /cm?c=cf&cid=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1&mp=2f94996a-34cb-4e9f-b4ae-ed17b169436f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:14 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FdWMEgV&caps=16&cb=jsonpCallback0
200 OK 0 B URL HTTP/2 ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FdWMEgV&caps=16&cb=jsonpCallback0
IP
GET /nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FdWMEgV&caps=16&cb=jsonpCallback0 HTTP/1.1
Host: ads.yap.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding, User-Agent
content-encoding: gzip
date: Sat, 22 Oct 2022 11:02:08 GMT
age: 0
strict-transport-security: max-age=31536000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13857
200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13857
IP
GET /adserver/Preset.js?z=13857 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 10:52:24 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: G46HM6E1f0Hd3fmXGZ0n0FF1VAyAvirXZyutIeHVC_Zh2tgKt68P-g==
age: 586
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
200 OK 0 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc
IP
GET /landing.php?CFFPCKUUIDMAIN=2396-wkdKV5FTRv0Ug5gsuChVN7prFyteFD2n&CFFPCKUUID=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&url=https%3A%2F%2Freurl.cc%2FdWMEgV&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9
IP
ASN #3462 Data Communication Business Group
GET /emome2?u=f7cc15e8-f3ac-4027-b54b-9a243df420d9 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:10 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D55976%26Tags%3D2527%2C2621%2C2583%2C2618%2C2091%2C2090%2C2390%2C2391%2C2304%2C2307
200 OK 0 B URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D55976%26Tags%3D2527%2C2621%2C2583%2C2618%2C2091%2C2090%2C2390%2C2391%2C2304%2C2307
IP
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D55976%26Tags%3D2527%2C2621%2C2583%2C2618%2C2091%2C2090%2C2390%2C2391%2C2304%2C2307 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:12 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D53736%26Tags%3D2009%2C2005%2C2004%2C2003
200 OK 0 B URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D53736%26Tags%3D2009%2C2005%2C2004%2C2003
IP
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1%26SID%3D53736%26Tags%3D2009%2C2005%2C2004%2C2003 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:15 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=P7dU4l80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3YxYVlnY1pyTUVuQTZpd2U1VXlkUjM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=WxgUl180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3VraWhlWUhMb1JCSjlWSXF0NTJqMmc; expires=Thu, 16 Nov 2023 11:02:11 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 236113
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13849
200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13849
IP
GET /adserver/Preset.js?z=13849 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 11:02:10 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4vl1P1oCV_-i4JYt3X6R1tWV60Uep90a__X0mWi-JKiEG70ox6ESNw==
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 0 B IP
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=f7cc15e8-f3ac-4027-b54b-9a243df420d9; expires=Mon, 21-Oct-2024 11:02:09 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 0 B IP
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:09 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=725299fb-3441-47d7-9a8d-cbee2b426a57; expires=Mon, 21-Oct-2024 11:02:09 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
IP
GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 12 Oct 2023 14:01:29 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FvCDsjtWXbnS8g0a11kzwQ==
x-fb-debug: vTFpfwJ2NAZ8rbHyOkgzS5/dqvj0zZrlP55oZKwbSCbiZKdsltWJSGo7GCxFeXMy2VxbXjIki9I+P3G0HP9S3g==
content-length: 1657
x-fb-trip-id: 1679558926
date: Sat, 22 Oct 2022 11:02:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 777004
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=451
200 OK 0 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=451
IP
GET /adserver/Preset.js?z=451 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: P=639055-wy3mlRpuKnh7HOhJgx87pb899OAA5cE1; Vision=20221022-23:59,20221022-22,20221022-22,20221022-23:59; C=null; RK=null; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==; fcm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sat, 22 Oct 2022 11:02:14 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://cdn.doublemax.net
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P56QZMQAY7aO4HnfxQplIstZe6uiEI6qaPiv21iMRIHFIYmqtI5sGQ==
X-Firefox-Spdy: h2
t.ssp.hinet.net/
200 OK 0 B IP
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.doublemax.net
Connection: keep-alive
Referer: https://cdn.doublemax.net/
Cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Sat, 22 Oct 2022 11:02:14 GMT
access-control-allow-origin: https://cdn.doublemax.net
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=2f94996a-34cb-4e9f-b4ae-ed17b169436f; expires=Mon, 21-Oct-2024 11:02:14 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: text/javascript
last-modified: Sat, 01 Oct 2022 02:55:29 GMT
etag: W/"6337ac21-161a8"
expires: Sun, 23 Oct 2022 11:02:10 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
200 OK 0 B URL HTTP/2 reurl.cc/javascripts/pixel.js
IP
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/dWMEgV
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sat, 22 Oct 2022 11:02:07 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-1ad"
expires: Sun, 22 Oct 2023 11:02:07 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=P7dU4l80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3YxYVlnY1pyTUVuQTZpd2U1VXlkUjM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:10 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=ClhBl180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3oxNzBiWHU4WWh5NndqRThpVVlFV3VoOHM0ZXBwbzMxOEx0Y2I1Z3pPJTJGZw; expires=Thu, 16 Nov 2023 11:02:11 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 276920
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=422&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=422&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P
IP
GET /adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FdWMEgV&n=422&o=4&d=1&b=3&ts=1&ii=3&FPCK=401-LmBzmqkumth9oHL3m9gWKnBcRiNAyuEX&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 11:02:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
35.185.130.121
157.240.221.16
104.18.32.68
151.101.85.229
54.230.111.38
23.36.77.32
185.235.84.67
103.132.192.30
54.250.169.244