firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 20:15:21 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IUzfkX9m6ScPTbHcj1YOmBdIzJuQ3e3Z0v4Ob1cjVi3euOq0uKaSBg==
Age: 1181
www.theraflu.com/RightToRecover/
52.251.65.90301 Moved Permanently 248 B URL HTTP/1.1 www.theraflu.com/RightToRecover/
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0f9bb8c8e5a6409e277c89247ab711dc
9ad3b8c02244b56a00362b303480ed7f89480060
1f242010f4cdcd6a4dce71932f47a8c738e12f1d02469412dd98c5c7e3af0e67
GET /RightToRecover/ HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 20:35:02 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 248
Connection: keep-alive
Set-Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; Path=/
Server: Apache
Location: https://www.theraflu.com/RightToRecover/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7756
Expires: Mon, 26 Sep 2022 22:44:18 GMT
Date: Mon, 26 Sep 2022 20:35:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YsJg7WTiD1jnUnSQgYxS7xqcF4WuxN7xqSXZHEOdfinCF0keOJ9iQQ==
age: 57587
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 20:35:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 20:10:46 GMT
Expires: Mon, 26 Sep 2022 20:29:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JWAHyyzVb5mVNhRApsP77P4qEcJ3s5BaCJWZfRW7KQ8xNf2pjF_vOg==
Age: 1457
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2702
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:03 GMT
Last-Modified: Mon, 26 Sep 2022 19:50:01 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1db3e1d6bf7a5e2d0c87eab75a6e52fe
b923a169beb9248ea6a5070a04b57bc0aa44799b
f35aafc9c21937ac03d9b711aa18ef518aaaec6d0f9dbcecb42f757a0e70915c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleoptimize.com/optimize.js?id=OPT-PKPMGMZ
142.250.74.46200 OK 42 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-PKPMGMZ
IP 142.250.74.46:0
File type ASCII text, with very long lines (1720)
Hash 8651f739f5670bcc4b4e80d058db687e
7a0f39f3a0bcc1eb5a3a1c379646ca00598b5785
7dc7ae256c0fea5f353f918db67742105c432d84ec1f9ca35800a483cdb193f9
GET /optimize.js?id=OPT-PKPMGMZ HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 20:35:03 GMT
expires: Mon, 26 Sep 2022 20:35:03 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 19:38:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42517
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-plus.svg
52.251.65.90200 OK 250 B URL HTTP/2 www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-plus.svg
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 852c5488ba20a3b0939efbb8d5c90d09
d69cb7e1f30c51610540a2b180be68d249318b37
4b80b8965f7ee60f5e8402b880feab41f5cafb0affbe3bef4c9c80eb33055f3c
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-plus.svg HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:03 GMT
content-type: image/svg+xml
content-length: 250
server: Apache
strict-transport-security: max-age=63072000;
last-modified: Thu, 15 Sep 2022 09:23:17 GMT
etag: "228-5e8b3cba60b40-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000, public, s-maxage=86400
X-Firefox-Spdy: h2
www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-minus.svg
52.251.65.90200 OK 192 B URL HTTP/2 www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-minus.svg
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 30af64eb2134107beae3f7865a664436
cb1e87be606dbc91358ba9da3092a1dc6ea50140
3f0b2df84391b35ea21a6a3218f9bc1153593512f5a6b0089c57c705b10d08ec
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-18-px-minus.svg HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:03 GMT
content-type: image/svg+xml
content-length: 192
server: Apache
strict-transport-security: max-age=63072000;
last-modified: Thu, 15 Sep 2022 09:23:19 GMT
etag: "1b5-5e8b3cbc48fc0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000, public, s-maxage=86400
X-Firefox-Spdy: h2
cdns.gigya.com/JS/gigya.js?apikey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ
23.38.201.5200 OK 155 kB URL HTTP/1.1 cdns.gigya.com/JS/gigya.js?apikey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ
IP 23.38.201.5:0
File type ASCII text, with very long lines (53074), with CRLF line terminators
Size 155 kB (154912 bytes)
Hash 40201b0f965a98c800b7a107597ebf14
f594050aae6b4c11e62d88b518323dc2dc42dcef
0e75b8b32107a4d64ed5b5cd45cec2326a6294d19d25769c5dab43943166c1ba
GET /JS/gigya.js?apikey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ HTTP/1.1
Host: cdns.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 154912
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g35
x-callid: e4241600621a42b19681b014b04232cd
x-robots-tag: none
Cache-Control: public, max-age=900, s-maxage=3600
Expires: Mon, 26 Sep 2022 20:50:03 GMT
Date: Mon, 26 Sep 2022 20:35:03 GMT
Connection: keep-alive
www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/theraflu-brand.svg
52.251.65.90200 OK 4.0 kB URL HTTP/2 www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/theraflu-brand.svg
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1582)
Hash dad20907c4c01345563d2d19075485ee
bb2d87d64e732c021f2f7083b1f2264b08537d61
294b4065bbbcd0b361ebc2f64e9af2f3f0e93af6f3514540651e7fa4d8053597
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/theraflu-brand.svg HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:03 GMT
content-type: image/svg+xml
content-length: 4003
server: Apache
strict-transport-security: max-age=63072000;
last-modified: Thu, 15 Sep 2022 09:22:19 GMT
etag: "6103-5e8b3c83108c0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000, public, s-maxage=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js.asset.js/core/design.default.bootstrap.v0-0-1.ts202209240728.js
152.199.21.175200 OK 188 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js.asset.js/core/design.default.bootstrap.v0-0-1.ts202209240728.js
IP 152.199.21.175:0
File type ASCII text, with very long lines (982)
Size 188 kB (188216 bytes)
Hash dccf25798e1461868bf93821c46f3af5
f8c37a565c90650b3e2950ee0225b9cc72453657
a020c725cc5d566b190a1f1966529edeac0a4b41556141667157eafdbdf84ae0
GET /etc/designs/zg/bp-theraflu-refresh/desktop/js.asset.js/core/design.default.bootstrap.v0-0-1.ts202209240728.js HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 35697
cache-control: max-age=86400, public, s-maxage=86400
content-type: application/javascript
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "913cc-5e989723dd700-gzip"
expires: Tue, 27 Sep 2022 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 00:17:00 GMT
server: ECAcc (ska/F7AE)
strict-transport-security: max-age=63072000;
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 188216
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/css.asset.css/core/design.default.bootstrap.v0-0-1.ts202209240724.css
152.199.21.175200 OK 94 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/css.asset.css/core/design.default.bootstrap.v0-0-1.ts202209240724.css
IP 152.199.21.175:0
File type ASCII text, with very long lines (16093)
Hash 11b4969988dc0ffb17ff5048fdef8a8b
64fc06f13639f3f531f6d05f3cab5df8eafc3b77
ad3c7d6066b4f79484c272a25a53ab0494ac6b0b96dfda9d3de354a3d9a0ac11
GET /etc/designs/zg/bp-theraflu-refresh/desktop/css.asset.css/core/design.default.bootstrap.v0-0-1.ts202209240724.css HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 35697
cache-control: max-age=86400, public, s-maxage=86400
content-type: text/css
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "bd953-5e989b2bbd980-gzip"
expires: Tue, 27 Sep 2022 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 00:35:02 GMT
server: ECAcc (ska/F762)
strict-transport-security: max-age=63072000;
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 93450
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.15.44101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.15.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RPmqIxT+C4puEppmPLNyPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BqjG2eBApCerOvhGA3PMz2spWCk=
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/gsk-logo.png?auto=format
151.101.86.208200 OK 1.6 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/gsk-logo.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash f4d1c94fdec7e32e778caa882544af9f
88de4f51590a8ab54702fea5c4d045b1988a0158
2aefaf2bb21644a48498e278a4ab9535d0453a5567e903276bd2b567626e9af3
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/gsk-logo.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:31:55 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 9fd23381948bc7689fc3a16d6718b4a6e92bebcf
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 990188
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10073-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1605
X-Firefox-Spdy: h2
www.theraflu.com/RightToRecover/
52.251.65.90200 OK 25 kB URL HTTP/2 www.theraflu.com/RightToRecover/
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (454), with CRLF, LF line terminators
Hash 1f4cf58d720fafd6254e1a0df766a57c
91c4e83792c7d2dbacab24dd2ca7154062466f5f
5cbbffb7e8d1f5a49aebff16bc1277635da84abd2e672ec587ed1cbc9c5f6553
GET /RightToRecover/ HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514; Path=/; SameSite=None; Secure
ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; Path=/
server: Apache
strict-transport-security: max-age=63072000;
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
link: <https://www.googletagmanager.com>; rel=preconnect; crossorigin, <https://www.googletagmanager.com>; rel=dns-prefetch; crossorigin, <https://a-cf65.ch-static.com>; rel=preconnect; crossorigin, <https://a-cf65.ch-static.com>; rel=dns-prefetch; crossorigin, <https://i-cf65.ch-static.com>; rel=preconnect; crossorigin, <https://i-cf65.ch-static.com>; rel=dns-prefetch; crossorigin
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0, s-maxage=86400
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(3).png?auto=format
151.101.86.208200 OK 3.7 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(3).png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 5b8cd79b21a8f09d676fe380c96989d0
57cbc6aa2c5655929138f0d1e2e3903b675b8548
4af6ea02417fd29e56594c3ebcf28f1b9d4ff18ec741349a0944e21a88918b41
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(3).png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:01:33 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: f048a659fe7ff4733a8ab06cc223b1a8d0ebea9f
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 984810
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10072-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 3742
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(5).png?auto=format
151.101.86.208200 OK 4.5 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(5).png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 26469d9002f0e7e7734e36fca28ee862
006563877b5982e3d7c493023ab72d929d72027f
a15967a083743fdaae0e4a368a90cf5166529fdc2c3eb1680031249bda004929
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(5).png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 04:53:27 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: d818eb78da5752528dfa2c7d931ba3846101b29e
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 661295
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10051-SJC, cache-bma1651-BMA
x-cache: MISS, HIT
vary: Accept, User-Agent
content-length: 4546
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook.png?auto=format
151.101.86.208200 OK 1.2 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 04d80acc0936df200b2425289cb55f94
0616359fb081c5ab2b3589761b928dc4d01be428
32226224fc783f4505f237c1c8b724eabe387796785b714ca907ec91b3544261
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:37:31 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: ed07cc7c8e86c164dbefb6084c1831eced20cbfa
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989852
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10030-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1229
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook-lightblue.png?auto=format
151.101.86.208200 OK 1.3 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook-lightblue.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 0abfa1a72d491ea4c978ee082a7429e9
d33d3f97129fd8c4f7d74fced6fd9c3e3d074a7f
e0887e40e08128ea5ab270e32e3f43762459fa59f4db0c17b6fd3f49d8a542ba
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-facebook-lightblue.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:38:31 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 8742d13ccee26100fd46109083c26f270d01b0d0
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989792
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10040-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1284
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube.png?auto=format
151.101.86.208200 OK 1.4 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 1da33f10bc850d3a4ab49b1dcbe8a045
3bf5835288ccf7ed40bef8576cb3d09cb1c91749
9da515728c9e04f63bfc84894e899fb538ce44ad1c53d2e91e92579ad19c47be
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:38:32 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 428da96c0a64e79c40264081de2a19865d76f712
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989791
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10071-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1393
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Suzen-bio-desktop.jpg.rendition.1920.640.jpg?auto=format
151.101.86.208200 OK 21 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Suzen-bio-desktop.jpg.rendition.1920.640.jpg?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 3f56e3d31634435137fd3d0776498527
281a4161df389a42484a4c94ad9b78cdb638e817
4ca115d953a75e9b6fa8b3c8d3b3cf617f8a69809e23ca34b7f43cd6673f3766
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Suzen-bio-desktop.jpg.rendition.1920.640.jpg?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 07 Sep 2022 08:20:17 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 7d182482f29eedc8bcbaba0e7cfbce316236270a
x-imgix-render-farm: 01.1104
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 1685686
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10044-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 20787
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/right_to_recover_Mariama%e2%80%99s-impact-story.png?auto=format
151.101.86.208200 OK 31 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/right_to_recover_Mariama%e2%80%99s-impact-story.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash ad111312994e49d16633d8ed1fa2e0b5
1e4258e316804f1b0104a8f93635d0c131a11946
0e13ad97140bd3b7cbf1fd131817407f1c3e7a133a7eb95b01f96575bc180281
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/right_to_recover_Mariama%e2%80%99s-impact-story.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 29 Aug 2022 15:15:43 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 64fdef6a67dab3cdf7d756220fb97430ce0d6a2f
x-imgix-render-farm: 01.1
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 2438360
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10042-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 30740
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(4).png?auto=format
151.101.86.208200 OK 4.9 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(4).png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 4a9a4291f5bd55de99d0ec0926b69bc1
a833829ab9213164fb12b634f2b0d9cca88476a4
fa863f7251d06102692d434ab1ebbf60d96c88a028dc4e3801c9bb1fe159bf1a
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(4).png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:01:33 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: ef68e908951b44521e096e688f2259989c53301f
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 984810
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10052-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 4947
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube-lightblue.png?auto=format
151.101.86.208200 OK 1.5 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube-lightblue.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 41b92c2fbb0b36d564fda92f3c3f4588
dd7c041ee8b569d843773f5977ec73468ad1fd71
06c0a8ec8fcbce53e10a7157f2b7aa9cbffbcc8c80d5f26df2481fa38e42731b
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-youtube-lightblue.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:38:32 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 84e78cee14dff1dae4dfcd04f08e83ec510a7169
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989791
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10038-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1462
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter.png?auto=format
151.101.86.208200 OK 1.6 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 27d40a343a7a1b5d5153ead5dcd0f4ed
7f527956733d79c0812a81817b1a601c046d491e
bfd841fc2fd58f52cf9581ffe06f11ae4832e8ea71e6fd2b167658100da09b80
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:38:32 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: d93a5f0e22b7810726cf4896c649982580b5350e
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989791
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10059-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1580
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-TemperatureCheck_icons-yellow-01.png?auto=format
151.101.86.208200 OK 6.2 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-TemperatureCheck_icons-yellow-01.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 55dcc5357307a0a7bd1e54b7528a307a
e639ee05fa62a75e5b27d1d2ea282f09e2dd39bf
292c3ce5a6fd3f0d4eacd5b654b7eceb081efa50d7c3186f4c2d38e943262783
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-TemperatureCheck_icons-yellow-01.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:01:33 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 7eec0c1ee8dc7f94bd87460f6012191d7b9fc289
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 984810
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10082-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 6166
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter-lightblue.png?auto=format
151.101.86.208200 OK 1.6 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter-lightblue.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash f6db4e0ef162c37e7f970bee95a26dde
98ee96c7dc0b77bee9794d3870eb921ef2be4b40
cbbeee8ccca4b8afb33798cbfcfcb398c60c0fe88152aba04e5111e64965f375
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/src/icons/icon-twitter-lightblue.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 09:38:32 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 16539f2482b6378977dbbc62a79c7c75f413fd81
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 989791
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10074-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 1644
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(2).png?auto=format
151.101.86.208200 OK 5.8 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(2).png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash 08d46e7ce2a2310d9d49b9f773752281
788ccb646f53466de9a12f4c86376e90e0841466
90b9bfb68b244ce8a72946f8e48120997077524d713ee8292fd17ab1e8aa8d63
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/MicrosoftTeams-image-(2).png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:01:33 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 16656f4a2f45e21691b21bc158276aba5e8bb261
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 984810
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10061-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 5765
X-Firefox-Spdy: h2
i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Website-logo-lockup-desktop.png?auto=format
151.101.86.208200 OK 7.2 kB URL HTTP/2 i-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Website-logo-lockup-desktop.png?auto=format
IP 151.101.86.208:0
File type ISO Media, AVIF Image\012- data
Hash a1e174eca330fc9f5a303ed05b3184a3
939a5205ebc3e696c6d42641888573c026254ff1
61255616a9eef97c245d1f2bae21d91108285c5bc4647e79fae35e0a86096c2a
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Website-logo-lockup-desktop.png?auto=format HTTP/1.1
Host: i-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 21 Sep 2022 12:34:33 GMT
cache-control: public, max-age=31536000
server: imgix
x-imgix-id: 613397056e5605c9823945cd64f998c8a0f2ab28
x-imgix-render-farm: 01.592
date: Mon, 26 Sep 2022 20:35:03 GMT
age: 460831
accept-ranges: bytes
content-type: image/avif
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10035-SJC, cache-bma1651-BMA
x-cache: HIT, HIT
vary: Accept, User-Agent
content-length: 7214
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Book.woff
152.199.21.175200 OK 32 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Book.woff
IP 152.199.21.175:0
File type Web Open Font Format, CFF, length 32056, version 2.200\012- data
Hash 3bd8ba6801ada458376254eef1dd441e
2679212eef186307e99ec8268f2707faf812e9cb
e09899b8901eea8c77d681427930b5e25aea5ac19bd3a2889c7defc379f7af7c
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Book.woff HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 13674
cache-control: max-age=31536000, public, s-maxage=86400
content-type: font/woff
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "7d38-5e9899d46af80"
expires: Tue, 26 Sep 2023 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 00:29:02 GMT
server: ECAcc (ska/F730)
strict-transport-security: max-age=63072000;
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 32056
X-Firefox-Spdy: h2
a-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-chevron-Desktop.png
152.199.21.175200 OK 127 kB URL HTTP/2 a-cf65.ch-static.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-chevron-Desktop.png
IP 152.199.21.175:0
File type PNG image data, 1920 x 1296, 8-bit/color RGBA, non-interlaced\012- data
Size 127 kB (126655 bytes)
Hash 20cfc4200ad90b41c4398a50d933a72e
7392bbd1a9765693f9df2b7c9c348d055286780b
833032a92ec5061508bc49feef4dc51a676a97d262093d266f6f281425676e16
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Theraflu-chevron-Desktop.png HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/css.asset.css/core/design.default.bootstrap.v0-0-1.ts202209240724.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 65069
cache-control: max-age=31536000, public, s-maxage=86400
content-type: image/png
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "1eebf-5e8b50ac599c0"
last-modified: Thu, 15 Sep 2022 10:52:31 GMT
server: ECAcc (ska/F74F)
strict-transport-security: max-age=63072000;
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 126655
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Medium.woff
152.199.21.175200 OK 33 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Medium.woff
IP 152.199.21.175:0
File type Web Open Font Format, CFF, length 32584, version 2.200\012- data
Hash a8f102217d90998886dfa1bfd6138983
cf2fc2ded6379d1239bb12b18af31d958e24a7d0
84b08206e98c7c8daf067d0301b3319a1723bb65f97177c1e6203ffc4a261682
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Medium.woff HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 7149
cache-control: max-age=31536000, public, s-maxage=86400
content-type: font/woff
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "7f48-5e98bf15a323b"
expires: Tue, 26 Sep 2023 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 03:15:42 GMT
server: ECAcc (ska/F7B8)
strict-transport-security: max-age=63072000;
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 32584
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff2
152.199.21.175200 OK 33 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff2
IP 152.199.21.175:0
File type Web Open Font Format (Version 2), CFF, length 33304, version 0.0\012- data
Hash 19915f0090a1219e9e8981a1ab8d456e
a7e7342a8f0f464bb0995bac8fe0e4716458f7c6
d585ea90b33024f593c4a3665e8767e9dfdf8b84b7b0874a163c266b8b2f3ab1
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff2 HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 9386
cache-control: max-age=31536000, public, s-maxage=86400
content-type: font/woff2
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "8218-5e98d4fa34e22"
expires: Tue, 26 Sep 2023 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 04:53:39 GMT
server: ECAcc (ska/F753)
strict-transport-security: max-age=63072000;
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 33304
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5CHPKDL
142.250.74.72200 OK 84 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5CHPKDL
IP 142.250.74.72:0
File type Unicode text, UTF-8 text, with very long lines (41689)
Hash c62d9e3d045fc196a11077e4e4825bc6
f2042178bd44f0b87b0c875bbca02ef1427dac81
a5b0506424483d73c7797ab255b0d0294e30b87efdea1dc67353a518d7f7e843
GET /gtm.js?id=GTM-5CHPKDL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 26 Sep 2022 20:35:03 GMT
expires: Mon, 26 Sep 2022 20:35:03 GMT
cache-control: private, max-age=900
last-modified: Mon, 26 Sep 2022 20:06:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 84074
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Bold.woff
152.199.21.175200 OK 33 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Bold.woff
IP 152.199.21.175:0
File type Web Open Font Format, CFF, length 32652, version 2.200\012- data
Hash 5f1899145c804141a929bcc8a985ebc3
e17d8865398e492d4140d2f6a117ecd0b6c9e6df
11b1ed45698d8402655737dc3f812a2e5d436383daa6c1f3c9d1e28f8ed580fe
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamNarrow-Bold.woff HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
age: 7149
cache-control: max-age=31536000, public, s-maxage=86400
content-type: font/woff
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "7f8c-5e969e2d4fb80"
expires: Tue, 26 Sep 2023 20:35:03 GMT
last-modified: Sat, 24 Sep 2022 10:37:50 GMT
server: ECAcc (ska/F73D)
strict-transport-security: max-age=63072000;
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 32652
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.ssolink.js
152.199.21.175200 OK 1.2 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.ssolink.js
IP 152.199.21.175:0
File type ASCII text, with very long lines (534)
Hash 9805d51e43fbcde94b4121443abf0e4d
f015157c57f4072c701189c7a81e7234795ff398
151d9cb37b6d0bd90c4c98562e6baa828f3bf5b0e1c42ff6a9ce813aec595120
GET /etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.ssolink.js HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 9386
cache-control: max-age=86400, public, s-maxage=86400
content-type: application/javascript
date: Mon, 26 Sep 2022 20:35:03 GMT
etag: "9a6-5e98d4fa55d82-gzip"
expires: Tue, 27 Sep 2022 20:35:03 GMT
last-modified: Mon, 26 Sep 2022 04:53:39 GMT
server: ECAcc (ska/F6F3)
strict-transport-security: max-age=63072000;
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 1189
X-Firefox-Spdy: h2
www.theraflu.com/RightToRecover/.token.json
52.251.65.90200 OK 2 B URL HTTP/2 www.theraflu.com/RightToRecover/.token.json
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /RightToRecover/.token.json HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514; gig_canary=false; gig_canary_ver=13406-3-27737055
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:03 GMT
content-type: application/json;charset=iso-8859-1
content-length: 2
server: Apache
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
expires: -1
x-frame-options: SAMEORIGIN
cache-control: no-cache
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.extension.js
152.199.21.175200 OK 2.7 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.extension.js
IP 152.199.21.175:0
File type ASCII text, with very long lines (574)
Hash 68615725cf7ef7202db266ea6d610064
d4426611b3d29198f34335a021842f1d7f740378
4a75846e65c3ce5c4a8e4ccb177d65d59feba142e4eec3a643e0543f3f4a4f8c
GET /etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.extension.js HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 9386
cache-control: max-age=86400, public, s-maxage=86400
content-type: application/javascript
date: Mon, 26 Sep 2022 20:35:04 GMT
etag: "2334-5e98b6e35b19b-gzip"
expires: Tue, 27 Sep 2022 20:35:04 GMT
last-modified: Mon, 26 Sep 2022 02:39:02 GMT
server: ECAcc (ska/F6AE)
strict-transport-security: max-age=63072000;
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 2749
X-Firefox-Spdy: h2
www.theraflu.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/languages/czech.lng
52.251.65.90200 OK 273 B URL HTTP/2 www.theraflu.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/languages/czech.lng
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text
Hash 8f5cd490c9e1b56131fb99a67be85fea
841d1dee144d9fb34314c9dab6bfb5c81e0f098d
a4a9122cf39f13c8cf5a556d17e2d2b6c04767a4ef602dcd79715c95b5376a7d
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/languages/czech.lng HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514; gig_canary=false; gig_canary_ver=13406-3-27737055
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-length: 273
server: Apache
strict-transport-security: max-age=63072000;
last-modified: Sat, 24 Sep 2022 07:19:43 GMT
etag: "111-5e9671e4fc1c0"
accept-ranges: bytes
expires: Tue, 27 Sep 2022 20:35:04 GMT
x-frame-options: SAMEORIGIN
cache-control: max-age=86400, public, s-maxage=86400
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.adobeaudience.extension.js
152.199.21.175200 OK 438 B URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.adobeaudience.extension.js
IP 152.199.21.175:0
File type ASCII text, with very long lines (521)
Hash 18e936f9bc814fe12b09ca37aa287008
710294a14b0fb8b72217c814b4cbdcadee821ded
431eaeeffe8327ea5c35caa4854b6ae5db10f3c85cf63b00189180e97348a487
GET /etc/designs/zg/bp-theraflu-refresh/desktop/js/components/gigya.raas.adobeaudience.extension.js HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 9386
cache-control: max-age=86400, public, s-maxage=86400
content-type: application/javascript
date: Mon, 26 Sep 2022 20:35:04 GMT
etag: "321-5e98aa4cb3212-gzip"
expires: Tue, 27 Sep 2022 20:35:04 GMT
last-modified: Mon, 26 Sep 2022 01:42:43 GMT
server: ECAcc (ska/F7B3)
strict-transport-security: max-age=63072000;
vary: Accept-Encoding
x-cache: HIT
x-frame-options: SAMEORIGIN
content-length: 438
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 137d72233caf3ddbf4cbceef8ea0adbb
57dbb03ac2887335418c1e16a11f73ebf21a0b2d
70681cef09d9be7efec0a5f6a9cbeb77c21aad9c46650c5003b21c63ee29999a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6036
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:04 GMT
Last-Modified: Mon, 26 Sep 2022 18:54:28 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.16.148.64200 OK 7.2 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (21747)
Hash cef0e6a73f52f72e73d57867726399ff
2611e0920611a653446508e5f3de017900cc49f2
97cc12a095136523b16da09953e6f3e405b658978cb37cbc3d3ccb9f94faf0a6
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-type: application/javascript
content-length: 7151
content-encoding: gzip
content-md5: zvDmpz9S9y5z1XhncmOZ/w==
last-modified: Mon, 26 Sep 2022 10:18:21 GMT
etag: 0x8DA9FA8703463F4
x-ms-request-id: a3c13a8c-901e-0131-0998-d1c564000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 10342
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8afa924b50c-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/consent/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d.json
104.16.148.64200 OK 1.5 kB URL HTTP/2 cdn.cookielaw.org/consent/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (3829), with no line terminators
Hash d7469bd6c7120d2c261c6e4d5c95c59c
f1c7d2ae2194ebb4100b1f746cf34397df3c33ff
cce4e4912f487cfdbfd4ecff9b404d2493f50eb35c40eec21cd161c07ed82983
GET /consent/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d/69b1977b-e59e-4b20-b8ff-1f5bc6b0174d.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-type: application/x-javascript
content-length: 1491
cache-control: public, max-age=14400
content-encoding: gzip
content-md5: 10ab1scSDSwmHG5NXJXFnA==
last-modified: Thu, 02 Jun 2022 20:51:13 GMT
etag: 0x8DA44D9A16BDC45
x-ms-request-id: a98665e3-701e-00da-3e68-7b7dcd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 11033
expires: Tue, 27 Sep 2022 00:35:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8afdc0db521-OSL
X-Firefox-Spdy: h2
a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff
152.199.21.175200 OK 35 kB URL HTTP/2 a-cf65.ch-static.com/etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff
IP 152.199.21.175:0
File type Web Open Font Format, CFF, length 34700, version 0.0\012- data
Hash 45e4707923c0470b1f8686d02eb5ded2
fe47cc51f9aeba9409ef82336b40d1ea4a24c7b4
570c43086cde7e26fb4eaedba2f0360ce566720f760be20d53e59b60f9eb64eb
GET /etc/designs/zg/bp-theraflu-refresh/desktop/assets/fonts/custom/GothamForThera-BlkItalic.woff HTTP/1.1
Host: a-cf65.ch-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://a-cf65.ch-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000, public, s-maxage=86400
content-type: font/woff
date: Mon, 26 Sep 2022 20:35:04 GMT
etag: "878c-5e989efd41bc0"
expires: Tue, 26 Sep 2023 20:35:04 GMT
last-modified: Mon, 26 Sep 2022 00:52:07 GMT
server: Apache
set-cookie: ApplicationGatewayAffinityCORS=d625583a4d6fda0f8ecdd2f81c3a0e5b; Path=/; SameSite=None; Secure
ApplicationGatewayAffinity=d625583a4d6fda0f8ecdd2f81c3a0e5b; Path=/
strict-transport-security: max-age=63072000;
x-frame-options: SAMEORIGIN
content-length: 34700
X-Firefox-Spdy: h2
cdns.us1.gigya.com/sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true
23.38.201.5200 OK 1.3 kB URL HTTP/1.1 cdns.us1.gigya.com/sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true
IP 23.38.201.5:0
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash b8e64e30dea1ce52902c3821a5e0f900
f7ac1723476e65a56c2c3ea15a71a48a5bd627c7
f58b8b9af594345db97466ecbaf55e1457ae3484a5e7ecced077d474a88876f9
GET /sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true HTTP/1.1
Host: cdns.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 1343
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g36
x-callid: c19a887e63d04b95929dfb41eb61f482
Accept-Ranges: bytes
x-robots-tag: none
Cache-Control: public, max-age=86400, s-maxage=72000
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 232765f10178d8b3ae3863e391f68d9f
f4298326c8177b9f2cb37712ad9f8827c6c63781
8da28782fb6c1a9905e4047af0978e4eb685c62d3a44fd2a5021cb3b14ad8dbd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 20:35:04 GMT
Last-Modified: Mon, 26 Sep 2022 19:23:37 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zxuwplTv2cjTUsODCsbSsW3du1ASrjanz7BNHYi61mpIoNTFgmTVxg==
Age: 4287
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 05b78e1ba009c6108951ba7f6d157cd3
abe395636aa00940bdf2c3c9db9c3886e2ded105
8e063a443ee9d11a6e948de4d7801fc4bac32d5c25da99d20c0840f769fea292
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 20:35:04 GMT
Last-Modified: Mon, 26 Sep 2022 19:23:06 GMT
Server: ECS (nyb/1D0A)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HrUBtWuty_R7ZW5AFCCpFjT7h85qveflduiQb55BeZf4JSnLqUAJOw==
Age: 4318
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 05b78e1ba009c6108951ba7f6d157cd3
abe395636aa00940bdf2c3c9db9c3886e2ded105
8e063a443ee9d11a6e948de4d7801fc4bac32d5c25da99d20c0840f769fea292
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 20:35:04 GMT
Last-Modified: Mon, 26 Sep 2022 19:35:39 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tfCYsJxvjKpfOnRTm9Wa0609Fb6tTX18wiLFixg1zp4QAku9dDxjqQ==
Age: 3565
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 05b78e1ba009c6108951ba7f6d157cd3
abe395636aa00940bdf2c3c9db9c3886e2ded105
8e063a443ee9d11a6e948de4d7801fc4bac32d5c25da99d20c0840f769fea292
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 20:35:04 GMT
Last-Modified: Mon, 26 Sep 2022 19:36:15 GMT
Server: ECS (nyb/1D15)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wC-Sg-n_lNH8mm_Og0bAbuvasCUA7B0JwGrUkPk7q2iNXOy-SXC_og==
Age: 3529
d22xmn10vbouk4.cloudfront.net/5a3192ca6f1b11eaa422f218989845bc.js
54.230.245.175200 OK 24 kB URL HTTP/2 d22xmn10vbouk4.cloudfront.net/5a3192ca6f1b11eaa422f218989845bc.js
IP 54.230.245.175:0
File type ASCII text, with very long lines (10567), with CRLF, LF line terminators
Hash bb376a04021aa2caa80c0ad9a02332a5
0e06a15f754b1c87fe948ac185390527ba1bb406
f8be91ad6ef9e5b10b4bffbcc69f2f6ffcdbf3bf5fbafb0749ac5d46d569abe2
GET /5a3192ca6f1b11eaa422f218989845bc.js HTTP/1.1
Host: d22xmn10vbouk4.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
date: Mon, 26 Sep 2022 19:16:14 GMT
last-modified: Mon, 26 Sep 2022 19:15:17 GMT
etag: W/"efd1e5aabc62d60b3789b0eac1107851"
cache-control: public, max-age=601
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lm9o27d0LMHrcb0VpWMG_zXPzgRm2BD8JvaLVsCh8KXmoPrzdH8cKg==
age: 4731
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------77263088716288069261673310329
Content-Length: 6206
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:04 GMT
Server: Apache
Connection: keep-alive
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------320177545640662529272939773047
Content-Length: 1804
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:04 GMT
Server: Apache
Connection: keep-alive
api.userway.org/api/tunings/XJzryPgNCX
54.187.202.233200 OK 2.1 kB URL HTTP/2 api.userway.org/api/tunings/XJzryPgNCX
IP 54.187.202.233:0
File type JSON data\012- , ASCII text, with very long lines (2119), with no line terminators
Hash 9e412b89e58e9515aaa350f4a4124d28
ca2509585d10edcb3332c354d55679364f0f815f
b684ceeeeeaa61d2adef766020aa00039bb4a426a2f8d6b646eec80eca00e90b
POST /api/tunings/XJzryPgNCX HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1434
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-type: application/json; charset=utf-8
content-length: 2119
x-service-version: uw-pr
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
etag: W/"847-yiUJWF0Q7cszMsNU1VZ5Nk8PgV8"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10574
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10574
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10574
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10574
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10574
Expires: Mon, 26 Sep 2022 23:31:18 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c11e6fef1be62b971bd9daf378bfc95
ef9d756cbcda72cf7ef5029b7d384cd1fbaed633
b8369f83d6dddcd2355b81d8eb200791788165e56881ce21e1a1e9c8bb1bb2ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feddf5115-4c67-4a03-b497-8b149b3c332c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13584
x-amzn-requestid: 198bd2b4-d4ae-4f19-a500-463aee52b890
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHgFdNoAMFwEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc9-19a1f7d2102820da4b21f18b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yl8BCwdlIePsc4gIX4IYH0L6NHipn_5fBsa9nyYy14w0m49jPUYXBw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:51 GMT
age: 81433
etag: "ef9d756cbcda72cf7ef5029b7d384cd1fbaed633"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rN_8rm10Pxb0AUKW6ECfNulcYxBaS7FgGD15gT14dX-FlsGJfqahxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:35 GMT
age: 82649
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef17205adb2b478d3bff54b048208d22
12aac1bd22e675f09a220de08b4656e801c2e647
620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Iy0oyFx_T6CEuOQckEzvUQOUo307Jm_OgJzomWlMz9BhgD3eOaysdA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 18:14:05 GMT
age: 8459
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a90590f26bae9ad9e95ffdfbfb7dd21d
cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:02:10 GMT
age: 81174
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 80688
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 80064
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdns.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en
23.38.201.5200 OK 140 kB URL HTTP/1.1 cdns.gigya.com/js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en
IP 23.38.201.5:0
File type ASCII text, with very long lines (65446), with CRLF line terminators
Size 140 kB (139756 bytes)
Hash 8e8c69186053fae586de13cbfe68a2f0
b2e2e1341deca54b3a6ad10ce2fc0ea1842ea747
ec795c1d1bae6725850d8d31f72fcae3a1c3d992b31cf79695bb2c77bb2d76a8
GET /js/gigya.services.plugins.base.min.js?services=gigya.services.accounts.plugins.screenSet&lang=en HTTP/1.1
Host: cdns.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 139756
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g42
x-callid: 4d6d7d3566ae4a9fb33279775ced62b5
x-robots-tag: none
Cache-Control: public, max-age=900, s-maxage=3600
Expires: Mon, 26 Sep 2022 20:50:04 GMT
Date: Mon, 26 Sep 2022 20:35:04 GMT
Connection: keep-alive
www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Video-thumbnail-desktop.jpg
52.251.65.90200 OK 176 kB URL HTTP/2 www.theraflu.com/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Video-thumbnail-desktop.jpg
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Size 176 kB (176113 bytes)
Hash 9a4657bc31254277e8ea70a5d9eb82c2
c1fd34fb7f23b72a19bf8fb8646f7769409e5f99
c634d77a70da4a4fe58fe1e1f55133e2555663eaf6e81593bd8b2870c1ae3794
GET /content/dam/cf-consumer-healthcare/bp-theraflu/en_US/pages/right-to-rest-and-recover/Video-thumbnail-desktop.jpg HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514; gig_canary=false; gig_canary_ver=13406-3-27737055
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-type: image/jpeg
content-length: 176113
server: Apache
strict-transport-security: max-age=63072000;
last-modified: Thu, 15 Sep 2022 13:16:45 GMT
etag: "2aff1-5e8b70e972940"
accept-ranges: bytes
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000, public, s-maxage=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e96f1b914664df9ad1c811e7bce50381
7c42432c50efbde369b528e8005aa165ef3557c4
f43f80ef094f38dcd74df23460fd95dc4acda12cf9b9691161f849342e8f1659
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2365
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Last-Modified: Mon, 26 Sep 2022 19:55:40 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
cdn.userway.org/widgetapp/2022-09-26/locales/en-US.json
185.76.9.17200 OK 42 kB URL HTTP/2 cdn.userway.org/widgetapp/2022-09-26/locales/en-US.json
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type JSON data\012- , ASCII text, with very long lines (433), with no line terminators
Hash 32a592502ab7a813330ac4f1bf9d7e56
6fea708c6f78bf5b73e6312838347ba6dce7e303
7467495535f37ca68fd642ba50adb814e508ccb3bcf0dc54af2a47af407f7b1f
GET /widgetapp/2022-09-26/locales/en-US.json HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/json
access-control-allow-origin: https://www.theraflu.com
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Mon, 26 Sep 2022 09:48:03 GMT
etag: W/"0c4b53012957584c54e80867ff489590"
cache-control: max-age=25920000, public
via: 1.1 1cc4305a3ce000ca199328864ca1c98e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Um4nnBUo2iQeWtbUYbOtLWQm5vy3-IVDtba8eB1DXWbNtoBwSX6y4Q==
age: 256
x-accel-expires: @1690106176
server: CDN77-Turbo
vary: Origin
x-77-nzt: AblMCQ0s4sb/uZUAAA
x-77-nzt-ray: N/gnoCsZB4U
x-cache: HIT
x-age: 38329
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.36.0/otBannerSdk.js
104.16.148.64200 OK 88 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.36.0/otBannerSdk.js
IP 104.16.148.64:0
File type ASCII text, with very long lines (65455)
Hash f1ab43064d4f7b6ad3b55e61d409e190
575bcf046b389c83f6fcec86e6ed6da17e3781f2
0b3616e851b71b089f74fed7435f29086a38c9d1853fc76996aaf6c6d2ad0f90
GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/javascript
content-length: 87793
content-encoding: gzip
content-md5: 8atDBk1Pe2rTtV5h1AnhkA==
last-modified: Tue, 07 Jun 2022 19:29:06 GMT
etag: 0x8DA48BBFD0F8D63
x-ms-request-id: 23691863-101e-00c1-31b0-7a535f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 10337
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8b69c6bb50c-OSL
X-Firefox-Spdy: h2
cdns.us1.gigya.com/sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true
23.38.201.5200 OK 1.3 kB URL HTTP/1.1 cdns.us1.gigya.com/sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true
IP 23.38.201.5:0
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash b8e64e30dea1ce52902c3821a5e0f900
f7ac1723476e65a56c2c3ea15a71a48a5bd627c7
f58b8b9af594345db97466ecbaf55e1457ae3484a5e7ecced077d474a88876f9
GET /sdk.config.get?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&httpStatusCodes=true HTTP/1.1
Host: cdns.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&version=latest&build=13398
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 1343
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g36
x-callid: c19a887e63d04b95929dfb41eb61f482
Accept-Ranges: bytes
x-robots-tag: none
Cache-Control: public, max-age=86400, s-maxage=72000
Date: Mon, 26 Sep 2022 20:35:05 GMT
Connection: keep-alive
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
172.64.146.158200 OK 13 kB URL HTTP/2 geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP 172.64.146.158:0
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (53139), with no line terminators
Hash cede7ebd191698da35c5ecc0d704ccf3
155fe739d05afbcaa1d91397b174d8aa33dc09e1
56ae6f53101d66140cf44d390ff19b95620a5db83b3b89b15b8e33a8c845cb14
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 750ec8b63d781c02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.36.0/assets/otPcTab.json
104.16.148.64200 OK 14 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.36.0/assets/otPcTab.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (37301)
Hash ea155ca8cc90fbd4c449cf8168c818f8
0d0ae87d1ced1889a86f97086ca424a17cf5b184
135fe68f0ad25cd33ca3adaccad60f3982c47a6720d891213ae092fc6918459e
GET /scripttemplates/6.36.0/assets/otPcTab.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/json
content-length: 14326
content-encoding: gzip
content-md5: 6hVcqMyQ+9TESc+BaMgY+A==
last-modified: Tue, 07 Jun 2022 19:28:58 GMT
etag: 0x8DA48BBF7D88A93
x-ms-request-id: 0b9931d2-a01e-015f-0b68-7b6c4d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 11033
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8b77f9bb521-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.36.0/assets/otFlat.json
104.16.148.64200 OK 3.0 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.36.0/assets/otFlat.json
IP 104.16.148.64:0
File type JSON data\012- , ASCII text, with very long lines (10856)
Hash 7ce5fbe5bf203b5a2225493fdfa3eead
4f04eae8090af533d2b7c8b3091b9c83aa4cf122
3e7afb94c1398ebb805b81f4237b9906ddc8b5ea083c87e6440c1a4ac2a269be
GET /scripttemplates/6.36.0/assets/otFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/json
content-length: 2959
content-encoding: gzip
content-md5: fOX75b8gO1oiJUk/36PurQ==
last-modified: Tue, 07 Jun 2022 19:28:56 GMT
etag: 0x8DA48BBF6CB86AA
x-ms-request-id: 26fde1c0-001e-0091-4b68-7b4c57000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 11033
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8b77f99b521-OSL
X-Firefox-Spdy: h2
socialize.us1.gigya.com/socialize.getIDs?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&includeTicket=true&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&sdk=js_latest&sdkBuild=13398&format=json
104.88.25.30200 OK 387 B URL HTTP/1.1 socialize.us1.gigya.com/socialize.getIDs?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&includeTicket=true&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&sdk=js_latest&sdkBuild=13398&format=json
IP 104.88.25.30:0
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash d4ce68df049d5cb0c960b87466ca36d5
ed2eb710ee4b3d7c1563d8dbf75c6dc56b37e15b
39d384f315ccf61f878b3ec1a362357b9594066f55230ab77485db0052cf8b7a
GET /socialize.getIDs?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&includeTicket=true&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&sdk=js_latest&sdkBuild=13398&format=json HTTP/1.1
Host: socialize.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdns.us1.gigya.com
Connection: keep-alive
Referer: https://cdns.us1.gigya.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 387
Cache-Control: private
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Access-Control-Allow-Origin: https://cdns.us1.gigya.com
Access-Control-Max-Age: 86400
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g49
x-callid: 44253954e83547079c55a7677838c440
x-robots-tag: none
Date: Mon, 26 Sep 2022 20:35:05 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=31
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8014ea74946aee77ef2f3b9a264be553
fda85fc27ac2f811e543c11436cf5623cbd46bb2
271b1db0f8cff912a931b78cedb32fd59adeb60025dbcbd7cc5add7d03c82f7c
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 26 Sep 2022 18:47:10 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bnuys0qTGsm7EFoD3bm7XKO76kPc-YUeV2oDJd5JqkfL885wsn8C2g==
Age: 25333
cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css
104.16.148.64200 OK 20 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css
IP 104.16.148.64:0
File type ASCII text, with very long lines (43670)
Hash fac6fe9b5afe072ec6b12e03a82c174f
cc090bf3b08db4193d08f9380ba5bb5b4b52cc3a
db48e53fc21df1b391392ecd5f3d9288dcb43ea8c17a8ac0ffc341f85d9bcb84
GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: text/css
content-md5: /wtHD+oYY7dZRzCx50GZrQ==
last-modified: Tue, 07 Jun 2022 19:29:11 GMT
x-ms-request-id: 8aabd03c-701e-001d-3c68-7b010c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 11033
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8b77f9db521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ce9fa7c0f8c668afd33a2fa65bf285e5
0333c06c16ea38e346cee9aad19965aa9d2729b1
50b7e5b9d9833fbd2c737642a86c63217f3296fb4bce6c7a876e4cde3dcddbd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a6a622459e93134f2a6fa008e26ceee0
7f797c40d60ce008b1cd5b4fcbe6786537ce2d1a
b289d9acf3ca227dd635803a39c05ee4d8f4ae6f807473e1339f22d12e3bd3c2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
9174324.fls.doubleclick.net/activityi;src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
142.250.74.70200 OK 395 B URL HTTP/2 9174324.fls.doubleclick.net/activityi;src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (593), with no line terminators
Hash efa72799e0d0fbd0a5e473dd5963e7c7
508d49177a97c6ee97d27554f9a93a1a9d10b1b6
731f38b26502319862c8a4df2e722ebbf8fbc78a4435d99d93fb91c7eb1aafe8
GET /activityi;src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F? HTTP/1.1
Host: 9174324.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 395
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 26-Sep-2022 20:50:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82a6d7
Content-Length: 3480
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:05 GMT
Server: Apache
Connection: keep-alive
5116519.fls.doubleclick.net/activityi;src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
142.250.74.70200 OK 359 B URL HTTP/2 5116519.fls.doubleclick.net/activityi;src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (468), with no line terminators
Hash 45aaffc4f7d88b619802a27cfdbe7b4c
d7b86f9ef41d0e98881978fced39ca643eb0591b
9133e1557f10de6ac82a5a65465e29fb9b0b550c15f19794d65096692e518baa
GET /activityi;src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F? HTTP/1.1
Host: 5116519.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 359
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 26-Sep-2022 20:50:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
5116519.fls.doubleclick.net/activityi;src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
142.250.74.70200 OK 359 B URL HTTP/2 5116519.fls.doubleclick.net/activityi;src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (468), with no line terminators
Hash 0896cbfe05ecb3b73725049b73bb99a5
9d168157ded548e2ddac3266ffebefaf0c5ef223
7dfa2918cb815cb804c5d21d13da40f19999d949459a137e434f74c86509e7ef
GET /activityi;src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F? HTTP/1.1
Host: 5116519.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 359
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 26-Sep-2022 20:50:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6237
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Last-Modified: Mon, 26 Sep 2022 18:51:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ce9fa7c0f8c668afd33a2fa65bf285e5
0333c06c16ea38e346cee9aad19965aa9d2729b1
50b7e5b9d9833fbd2c737642a86c63217f3296fb4bce6c7a876e4cde3dcddbd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api
142.250.74.174200 OK 959 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.174:0
File type ASCII text, with very long lines (509)
Hash 69a0d294f604b2bb14661a119791f168
205ae0191c14f18c56ba37a93468932355187503
0c2380ae15f28f0741a296268bf68d2220f18f4883ed1613620ba290f7131fe0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Mon, 26 Sep 2022 20:35:04 GMT
date: Mon, 26 Sep 2022 20:35:04 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=nK_uhY-Oa3Q; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=vQjlbEGPHXs; Domain=.youtube.com; Expires=Sat, 25-Mar-2023 20:35:04 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+159; expires=Wed, 25-Sep-2024 20:35:04 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=1E8D423C356A6527040D5017349F6405; domain=.bing.com; expires=Sat, 21-Oct-2023 20:35:05 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3D4E949A4F734134AA2558C170A9631E Ref B: OSL30EDGE0220 Ref C: 2022-09-26T20:35:05Z
date: Mon, 26 Sep 2022 20:35:05 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: a4MymgCNJnc6h8gXdat13EwAgCEmWFho9bUmvLJb5WZN6KDUjvSFPMfQGilnocZRNdyqjTdYlO8pak/dqwqkaQ==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Mon, 26 Sep 2022 20:35:05 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&gjid=883523747&_gid=2141813307.1664224504&_u=YGBAgEABAAAAAE~&z=285316611
64.233.162.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&gjid=883523747&_gid=2141813307.1664224504&_u=YGBAgEABAAAAAE~&z=285316611
IP 64.233.162.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&gjid=883523747&_gid=2141813307.1664224504&_u=YGBAgEABAAAAAE~&z=285316611 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.theraflu.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Sep 2022 20:35:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6237
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Last-Modified: Mon, 26 Sep 2022 18:51:08 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c45e82fb37cbd95ddc4a58136db21aea
19fb1e9f5c97d807e44f915ae24b10843f17a2e6
7abf388c20b8b040f17ee991519437d536056dc98ea0d458eb426cdfc3aa2756
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3679
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Last-Modified: Mon, 26 Sep 2022 19:33:46 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdns.us1.gigya.com/gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398
23.38.201.5200 OK 32 kB URL HTTP/1.1 cdns.us1.gigya.com/gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398
IP 23.38.201.5:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63746), with CRLF, LF line terminators
Hash 482fb105b9e095dc52085f49830855cd
92dd8eb828510eef8838a46f4dcab5ee6f467642
f324a56c8fbba234d3a02e0829d76a0d1737b73ead6d6424b119d19e8a6b72ff
GET /gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398 HTTP/1.1
Host: cdns.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 31513
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g35
x-callid: 177bcc0b24f14178b3c6a02439317f63
Accept-Ranges: bytes
x-robots-tag: none
Cache-Control: public, max-age=86400, s-maxage=3600
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
cdns.us1.gigya.com/gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398
23.38.201.5200 OK 32 kB URL HTTP/1.1 cdns.us1.gigya.com/gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398
IP 23.38.201.5:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (63746), with CRLF, LF line terminators
Hash 482fb105b9e095dc52085f49830855cd
92dd8eb828510eef8838a46f4dcab5ee6f467642
f324a56c8fbba234d3a02e0829d76a0d1737b73ead6d6424b119d19e8a6b72ff
GET /gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398 HTTP/1.1
Host: cdns.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 31513
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g35
x-callid: 177bcc0b24f14178b3c6a02439317f63
Accept-Ranges: bytes
x-robots-tag: none
Cache-Control: public, max-age=86400, s-maxage=3600
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748
52.46.128.147302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748
IP 52.46.128.147:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748 HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Mon, 26 Sep 2022 20:35:06 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: MHGYBVC4FGA650GWQQMZ
Set-Cookie: ad-id=A4ggOiXqI0SjnAqHQl9KxEo|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Apr-2023 20:35:06 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.co/i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27
104.244.42.133200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27
IP 104.244.42.133:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=7a84550e-c4b8-4c95-b625-38c496493d8e; Max-Age=63072000; Expires=Wed, 25 Sep 2024 20:35:06 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 10d13ec774b04ff7
strict-transport-security: max-age=0
x-response-time: 105
x-connection-hash: 1075d1d4c6fa36cb821c3666c171186cb3bd7996647edc31537750f9bfd1ad31
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&_u=YGBAgEABAAAAAE~&z=715592374
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&_u=YGBAgEABAAAAAE~&z=715592374
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-38587364-3&cid=2137369781.1664224504&jid=1025774477&_u=YGBAgEABAAAAAE~&z=715592374 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 79775ecc866c1ed5eed67130694cff87
7c7e3db11f9e5db5377eb14acf095c01c9fa07b4
1a6d4b8a200ff0a129849d5b4268aa553b2feb7de3ef6eaa93abafa8032666b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 111
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:06 GMT
Last-Modified: Mon, 26 Sep 2022 20:33:15 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 312
cdn.userway.org/widgetapp/2022-09-26/remediation/remediation_1664187619569.js
185.76.9.17200 OK 38 kB URL HTTP/2 cdn.userway.org/widgetapp/2022-09-26/remediation/remediation_1664187619569.js
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (31998)
Hash 8ca813011b536610a98cf994fff9a501
a1f0cabfcca60d57272238c4b0b33991a62fd47b
dc1ad55c580f003e8e9933841542aa241db1d625c8220ef99eab58d2ccb823bb
GET /widgetapp/2022-09-26/remediation/remediation_1664187619569.js HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Mon, 26 Sep 2022 10:23:11 GMT
etag: W/"b4514ca785a87369ee4d6af12fa65508"
cache-control: max-age=25920000, public
vary: Accept-Encoding
via: 1.1 844de3d616579278fb702fc6b9b5c9a2.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: ZZBw0qci7L9mvZaGnAfgGze0217y2oDyJePehtQcgyp4q8SJoO9oIg==
age: 405
x-accel-expires: @1690108781
server: CDN77-Turbo
x-77-nzt: AblMCQ35/qT/jIsAAA
x-77-nzt-ray: xJkXYbz2f1M
x-cache: HIT
x-age: 35724
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 20:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/action/0?ti=36002515&Ver=2&mid=87b26503-8916-4ccf-a28c-21948f39420e&sid=b37319a03dda11ed990ae158445dfb06&vid=b37318203dda11edb6ed5381d82948a8&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&p=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&r=<=3116&evt=pageLoad&sv=1&rn=996955
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=36002515&Ver=2&mid=87b26503-8916-4ccf-a28c-21948f39420e&sid=b37319a03dda11ed990ae158445dfb06&vid=b37318203dda11edb6ed5381d82948a8&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&p=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&r=<=3116&evt=pageLoad&sv=1&rn=996955
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=36002515&Ver=2&mid=87b26503-8916-4ccf-a28c-21948f39420e&sid=b37319a03dda11ed990ae158445dfb06&vid=b37318203dda11edb6ed5381d82948a8&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&p=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&r=<=3116&evt=pageLoad&sv=1&rn=996955 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=29215B0A05066BFC34B5492104F36AFA; domain=.bing.com; expires=Sat, 21-Oct-2023 20:35:06 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F55D452E9AA04AA9A9DCDD2936F92EE7 Ref B: OSL30EDGE0220 Ref C: 2022-09-26T20:35:06Z
date: Mon, 26 Sep 2022 20:35:06 GMT
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27
104.244.42.67200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27
IP 104.244.42.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=aee2e4d6-cc1c-4d0b-9016-4a23d6d7345e&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1497c00a-67e8-4fd0-b939-9f8ca997ec5b&tw_document_href=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4o1k&type=javascript&version=2.3.27 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_py/JlsqLtqZnXcDKIqz5wQ=="; Max-Age=63072000; Expires=Wed, 25 Sep 2024 20:35:06 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: d0f3bfd9ba48a27b
strict-transport-security: max-age=631138519
x-response-time: 109
x-connection-hash: c20f530dfe09422781b8a8dcc00559dbcefc9f03be5db9c26a7940a1021d6014
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.2200 OK 396 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash ba776a2d427c069f91ee0c9cb8324f2e
ea3418b4dda173faa5ee3b657d30531c3ac105b8
2cce63e8ad78d4a49c122e795cc685246427daf59e49db4424b059b1db211b83
GET /ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://9174324.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 396
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdns.us1.gigya.com/sdk.config.get?apiKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&httpStatusCodes=true
23.38.201.5200 OK 1.3 kB URL HTTP/1.1 cdns.us1.gigya.com/sdk.config.get?apiKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&httpStatusCodes=true
IP 23.38.201.5:0
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash cd5bbfc879c196ed08226fa339d058bb
953c2fb0c2869ba8f4fcec185f388a4ddfcd7a64
843a9faf18c90938bf7c7e9d94e704167b51292619fd21892be2b9a9adc94099
GET /sdk.config.get?apiKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&httpStatusCodes=true HTTP/1.1
Host: cdns.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdns.us1.gigya.com/gs/sso.htm?APIKey=3_99l72FT8LLNTQuIz09azS3_QunznLcu8dzx_lvIrd3MpjgC79FdUh_wmipBaT1Rz&ssoSegment=&version=latest&build=13398
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 1337
Content-Encoding: gzip
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g51
x-callid: 52a13607ace0424abf7531c3f81f1af1
Accept-Ranges: bytes
x-robots-tag: none
Cache-Control: public, max-age=86400, s-maxage=72000
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
adservice.google.com/ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.2200 OK 362 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (467), with no line terminators
Hash f3d78722dbf70a9a852e6241dfaeb594
c757f40d5a931ec662394e77d6204409ed5e0026
a2a0c49c1d8b92821aa93b82fe71b5960949a0a806232c024e8b0a1d9fd6204d
GET /ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5116519.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 362
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.2200 OK 359 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (467), with no line terminators
Hash 437a31870e0fa2e7c7c105fd02c1fe9a
b067eada8a8805f2fee0a9793536fcae80c409ea
91746c700b0f9c70df5dd3edb9b8c4e6cadf41f33a45e7cc665a2c26db2a5e54
GET /ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5116519.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 359
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748&dcc=t
52.46.128.147200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748&dcc=t
IP 52.46.128.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /iui3?d=forester-did&ex-fargs=%3Fid%3Daf4b6613-c033-8ad1-f6b4-14b4b67e9503%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.theraflu.com&ex-hargs=v%3D1.0%3Bc%3D1766344630501%3Bp%3DAF4B6613-C033-8AD1-F6B4-14B4B67E9503>mcb=1916865748&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Mon, 26 Sep 2022 20:35:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: K3HMGFCB5XZ7HBATSKF9
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
adservice.google.no/ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.130200 OK 177 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 9393b28661a65a763699c108887882eb
c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
GET /ddm/fls/i/src=9174324;type=unvfls;cat=unvfls;ord=1930380095798;gtm=2wg9l0;auiddc=1608560174.1664224504;u1=respiratory;u2=theraflu;u3=www.theraflu.com;u4=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F;u5=%2FRightToRecover%2F;u6=;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Mon, 26 Sep 2022 20:35:06 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.130200 OK 177 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 9393b28661a65a763699c108887882eb
c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
GET /ddm/fls/i/src=5116519;type=therpgvw;cat=therpgvw;ord=1566611027611;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Mon, 26 Sep 2022 20:35:06 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
142.250.74.130200 OK 177 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 9393b28661a65a763699c108887882eb
c237ba6491e6fb9ca57da33dd9d048ca8e86cfda
2bdce28c6fb3cb210861d4aba734ab7aedfc979a8fa273512a61d8cf8afc78b0
GET /ddm/fls/i/src=5116519;type=therartr;cat=therartr;ord=4053211432519;gtm=2wg9l0;auiddc=1608560174.1664224504;~oref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 20:35:06 GMT
expires: Mon, 26 Sep 2022 20:35:06 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/36002515.js
13.107.21.200200 OK 667 B URL HTTP/2 bat.bing.com/p/action/36002515.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash 2d727da2e362b8cf7a86da6440faada4
7461257ed1e022e95674e83b6dbcd810ced927a7
d2217e61c0048dad14c2eb1c4a7b0dff9e4a75cbeeb1a102e3f3130728e1890b
GET /p/action/36002515.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=60
content-length: 667
content-type: application/javascript; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: MUID=3204BDFCD0E766E407EAAFD7D11267A3; domain=.bing.com; expires=Sat, 21-Oct-2023 20:35:06 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 69AABF89B70541B5866C1BCE16970158 Ref B: OSL30EDGE0220 Ref C: 2022-09-26T20:35:06Z
date: Mon, 26 Sep 2022 20:35:06 GMT
X-Firefox-Spdy: h2
api.userway.org/api/br-links/v0/links
54.187.202.233200 OK 288 B URL HTTP/2 api.userway.org/api/br-links/v0/links
IP 54.187.202.233:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 6a77b206c7ad3e4fe046fbb5d36b1fd8
93fa8f7bb08b2476bc4091ad0b55ab4a23bc984a
fed77687078ed067705e6034ff8245c4049d1797ea05bd2c1167536111faac7b
POST /api/br-links/v0/links HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 8819
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:06 GMT
content-type: application/json; charset=utf-8
content-length: 288
x-service-version: apps-bf5bf1e2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
etag: W/"120-k/qPe7CLJHa8QJGtC1WrSiO8mEo"
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=421904308779386&ev=PageView&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&rl=&if=false&ts=1664224504518&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664224504514.883196832&ic=&it=1664224504128&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=421904308779386&ev=PageView&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&rl=&if=false&ts=1664224504518&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664224504514.883196832&ic=&it=1664224504128&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=421904308779386&ev=PageView&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&rl=&if=false&ts=1664224504518&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664224504514.883196832&ic=&it=1664224504128&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 20:35:06 GMT
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82aacd
Content-Length: 6218
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:06 GMT
Server: Apache
Connection: keep-alive
www.clarity.ms/tag/uet/36002515
13.107.219.53200 OK 1.7 kB URL HTTP/2 www.clarity.ms/tag/uet/36002515
IP 13.107.219.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1733), with no line terminators
Hash 8cf567febc1180c159a58a9f268c759c
24d0c13fc6801e4a354834f5b53396af60ef592e
4b8d7d73f3d9ab8b288ec286d3e6f70494c387f5a244bf688b46a166d0b4ed11
GET /tag/uet/36002515 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-length: 1733
content-type: application/x-javascript
expires: -1
set-cookie: CLID=f62464d61f11447f80b0347df7ecf435.20220926.20230926; expires=Tue, 26 Sep 2023 20:35:06 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+gwyYwAAAABXc7ZFAQG8S4ZNlCs7InUfT1NMMjMxMDUwMjA1MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Mon, 26 Sep 2022 20:35:05 GMT
X-Firefox-Spdy: h2
accounts.us1.gigya.com/accounts.getScreenSets?screenSetIDs=Theraflu-Coupons-Mail&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json&httpStatusCodes=true
104.88.25.30200 OK 8.5 kB URL HTTP/1.1 accounts.us1.gigya.com/accounts.getScreenSets?screenSetIDs=Theraflu-Coupons-Mail&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json&httpStatusCodes=true
IP 104.88.25.30:0
File type JSON data\012- , ASCII text, with very long lines (42508), with CRLF line terminators
Hash 3e3d2bb20fd9c4e513af8ae8a94a914c
d4721b1b471b3be773c7a64fbbf0c39e17cda75f
e98da08d692f09a687ff736b1b4b388a880b17b09c0bbcb2f812a2bb5a4ee849
GET /accounts.getScreenSets?screenSetIDs=Theraflu-Coupons-Mail&include=html%2Ccss%2Cjavascript%2Ctranslations%2C&lang=en&APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json&httpStatusCodes=true HTTP/1.1
Host: accounts.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdns.us1.gigya.com
Connection: keep-alive
Referer: https://cdns.us1.gigya.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 8491
Cache-Control: private
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Access-Control-Allow-Origin: https://cdns.us1.gigya.com
Access-Control-Max-Age: 86400
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g34
x-callid: bc449309a4c64fe0800216ccfc499de9
x-robots-tag: none
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=92, origin; dur=20
region1.google-analytics.com/g/collect?v=2&tid=G-4Q47Q3C7RV>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-4Q47Q3C7RV>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-4Q47Q3C7RV>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.theraflu.com
date: Mon, 26 Sep 2022 20:35:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-TN9NWLYCYS>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-TN9NWLYCYS>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-TN9NWLYCYS>m=2oe9l0&_p=338027413&cid=2137369781.1664224504&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664224504&sct=1&seg=0&dl=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&dt=The%20Right%20to%20Rest%20and%20Recovery%20%7C%20Theraflu&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://www.theraflu.com
date: Mon, 26 Sep 2022 20:35:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82aadc
Content-Length: 4826
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:06 GMT
Server: Apache
Connection: keep-alive
cdns1.gigya.com/gs/i//accounts/bigLoader.gif
23.38.201.5200 OK 3.2 kB URL HTTP/1.1 cdns1.gigya.com/gs/i//accounts/bigLoader.gif
IP 23.38.201.5:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash a37126b1e2632a3835efd51fb6ea1e25
773351a0c289630004ad75a0d53c9accff3ec750
45a4c07e164d3d803b62494a3d2ded0555eee1c6fb4940de3f98fa9c4fb08c7e
GET /gs/i//accounts/bigLoader.gif HTTP/1.1
Host: cdns1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 3208
Last-Modified: Tue, 28 Jun 2022 00:03:07 GMT
Accept-Ranges: bytes
x-version: 1
x-legacyproxy: true
x-server: us1d-web505
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-robots-tag: none
Cache-Control: max-age=86400
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
accounts.us1.gigya.com/accounts.getSchema?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json
104.88.25.30200 OK 8.5 kB URL HTTP/1.1 accounts.us1.gigya.com/accounts.getSchema?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json
IP 104.88.25.30:0
File type JSON data\012- , ASCII text, with CRLF line terminators
Hash 4376266a3f1eac2d25378470a48fe3df
907be391a9ec417a4621ec1fb8f35e3a83e0d978
d391656303331bfbaba9ff2553e3012361230909289684d90252ba63c6a20698
GET /accounts.getSchema?APIKey=3_bzpjRk206ccefb3vooht5EOg-NJ0nhkhK9Lq59aZsSrDwCdGo510HRGBdrvh6SzZ&source=showScreenSet&sdk=js_latest&pageURL=https%3A%2F%2Fwww.theraflu.com%2F&gmid=gmid.ver4.AcbH3pHrtg.UHQYoATJYDT4IwjZnpqEEYQ_RjaxwQo4PiIxpyjjlhXgOkz_XRbmjBxAL6SNQmNz.esrDIhmpZOmFJO-vhTzVJ2aMbYu8_pFgJXSverMc7Ti_1G7jr9_BJlgQ9IwyFADrckuXk_h5lIRvTZJ1WpVKXA.sc3&ucid=xUrQsnkJ2zk5LpUoACPYlQ&sdkBuild=13398&format=json HTTP/1.1
Host: accounts.us1.gigya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdns.us1.gigya.com
Connection: keep-alive
Referer: https://cdns.us1.gigya.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 8480
Cache-Control: private
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Access-Control-Allow-Origin: https://cdns.us1.gigya.com
Access-Control-Max-Age: 86400
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-soa: true, Gator
x-server: us1d-nomad-g45
x-callid: 75a8fa02547645aa971fec70cf57a8ab
x-robots-tag: none
Date: Mon, 26 Sep 2022 20:35:06 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=26
insight.adsrvr.org/track/up?adv=2obq2qw&ref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&upid=4uicnfj&upv=1.1.0
35.71.131.137200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=2obq2qw&ref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&upid=4uicnfj&upv=1.1.0
IP 35.71.131.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track/up?adv=2obq2qw&ref=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&upid=4uicnfj&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 88 kB IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type gzip compressed data, from Unix\012- data
Hash ee6708910322628c469fb01cce3903d0
d71d71c873e1930e844ac33baf1a45eab3bb4e81
47197a5969b99f20b396543b3761fa71823b046914020b81e1d2fbc1102a32e3
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&RedC=c.clarity.ms&MXFR=15846641337D639A03DA746A377D6D2A
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=15846641337D639A03DA746A377D6D2A; domain=.clarity.ms; expires=Sat, 21-Oct-2023 20:35:06 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Mon, 26 Sep 2022 20:35:06 GMT
content-length: 0
X-Firefox-Spdy: h2
api.userway.org/api/br-links/v0/pdf-links
54.187.202.233200 OK 16 B URL HTTP/2 api.userway.org/api/br-links/v0/pdf-links
IP 54.187.202.233:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ec5d45508e224c9f29b3c26885b8957f
338af3ce8b975ad06e6b963c291770bb394a63f9
7d64c0f6803a5aa71811cd41042f1ec93970a2108b6f2525bba1266e275f97ff
POST /api/br-links/v0/pdf-links HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 256
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:06 GMT
content-type: application/json; charset=utf-8
content-length: 16
x-service-version: apps-bf5bf1e2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
etag: W/"10-M4rzzouXWtBua5Y8KRdwuzlKY/k"
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.clarity.ms/eus2/s/0.6.41/clarity.js
13.107.219.53200 OK 27 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.41/clarity.js
IP 13.107.219.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (54809)
Hash 711ce4d4e622fdd1544c1f1f3fa1410f
0fb948b631c5b9005ead8be7aad9229e06169afe
796fa80928f48ac1769baad6e0422b9234e46b5adaa0843768a0a0c09c92453d
GET /eus2/s/0.6.41/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8d107429df470"
vary: Accept-Encoding
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+gwyYwAAAACMm8n5ijMcQJaeh6aGOBSvT1NMMjMxMDUwMjA1MDI5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Mon, 26 Sep 2022 20:35:06 GMT
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&RedC=c.clarity.ms&MXFR=15846641337D639A03DA746A377D6D2A
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&RedC=c.clarity.ms&MXFR=15846641337D639A03DA746A377D6D2A
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&RedC=c.clarity.ms&MXFR=15846641337D639A03DA746A377D6D2A HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&MUID=2DBB7EA212C462A52E066C891331637C
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=2DBB7EA212C462A52E066C891331637C; domain=c.bing.com; expires=Sat, 21-Oct-2023 20:35:07 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 90084048480A453997023CC81CF2B135 Ref B: OSL30EDGE0220 Ref C: 2022-09-26T20:35:07Z
date: Mon, 26 Sep 2022 20:35:06 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&MUID=2DBB7EA212C462A52E066C891331637C
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&MUID=2DBB7EA212C462A52E066C891331637C
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=AA7584157AC1434FAB5015BB1C020811&MUID=2DBB7EA212C462A52E066C891331637C HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
accept-ranges: bytes
etag: "8d3298b0aac7d81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Mon, 26-Sep-2022 20:45:07 GMT; path=/; SameSite=None; Secure;
date: Mon, 26 Sep 2022 20:35:06 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1596
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.theraflu.com
access-control-allow-credentials: true
x-powered-by: ASP.NET
date: Mon, 26 Sep 2022 20:35:07 GMT
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82aeb5
Content-Length: 5076
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:07 GMT
Server: Apache
Connection: keep-alive
api.userway.org/api/br-links/v0/links
54.187.202.233200 OK 16 B URL HTTP/2 api.userway.org/api/br-links/v0/links
IP 54.187.202.233:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ec5d45508e224c9f29b3c26885b8957f
338af3ce8b975ad06e6b963c291770bb394a63f9
7d64c0f6803a5aa71811cd41042f1ec93970a2108b6f2525bba1266e275f97ff
OPTIONS /api/br-links/v0/links HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:07 GMT
x-service-version: apps-bf5bf1e2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82b29d
Content-Length: 1052
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:08 GMT
Server: Apache
Connection: keep-alive
api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F/DESKTOP/WIDGET_ON/status
54.187.202.233200 OK 77 B URL HTTP/2 api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F/DESKTOP/WIDGET_ON/status
IP 54.187.202.233:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f3b84edcbb7d7e1cf47c38c8fe97788f
c182d12eb6d689d4709df844be807e636534e0d6
d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c
GET /api/a11y-data/v0/page/https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F/DESKTOP/WIDGET_ON/status HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:10 GMT
content-type: application/json; charset=utf-8
content-length: 77
x-service-version: seo-w-627375bc
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
etag: W/"4d-wYLRLrbWidRwnfhEvoB+Y2U04NY"
vary: Accept-Encoding
X-Firefox-Spdy: h2
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=----1837b82bd2d
Content-Length: 714
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:11 GMT
Server: Apache
Connection: keep-alive
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------263622214622597509463000781614
Content-Length: 480
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:11 GMT
Server: Apache
Connection: keep-alive
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------38022714791135958165250529093
Content-Length: 480
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:11 GMT
Server: Apache
Connection: keep-alive
collect.analyze.ly/
54.209.90.36204 No Content 0 B IP 54.209.90.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: collect.analyze.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------366063826016109435341261350538
Content-Length: 482
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Cache-Control: private
Date: Mon, 26 Sep 2022 20:35:11 GMT
Server: Apache
Connection: keep-alive
privacyportal-de.onetrust.com/request/v1/consentreceipts
172.64.146.158201 Created 0 B URL HTTP/2 privacyportal-de.onetrust.com/request/v1/consentreceipts
IP 172.64.146.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Generic/Spear Phishing
POST /request/v1/consentreceipts HTTP/1.1
Host: privacyportal-de.onetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7846
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 201 Created
date: Mon, 26 Sep 2022 20:35:11 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 750ec8db2a1db4f7-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
104.16.148.64200 OK 0 B URL HTTP/2 cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
IP 104.16.148.64:0
GET /logos/static/poweredBy_ot_logo.svg HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: image/svg+xml
content-md5: LpuayL42jB78xRllx0vkOw==
last-modified: Mon, 26 Sep 2022 10:18:29 GMT
x-ms-request-id: 0b54b3e5-701e-013b-5d99-d1dced000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 10343
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 750ec8b7ee75b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.userway.org/widgetapp/images/body_wh.svg
185.76.9.17200 OK 0 B URL HTTP/2 cdn.userway.org/widgetapp/images/body_wh.svg
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /widgetapp/images/body_wh.svg HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Sun, 17 Jul 2022 17:46:41 GMT
etag: W/"2ec2767a3bb93656fb9b75c893d7be75"
cache-control: max-age=25920000, public
via: 1.1 d945a5fbc073d46145c31f513978802c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: HwCzRD4licj1cSq1_vIVScUcRxfJPh3n1-AqopiW73dzqfaWu9j8AA==
age: 4
x-accel-expires: @1684925414
server: CDN77-Turbo
x-77-nzt: AblMCQ3aGTL/E6NPAA
x-77-nzt-ray: KvDfhTlNbVg
x-cache: HIT
x-age: 5219091
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.userway.org/widgetapp/2022-09-26/remediation/mega_menu_helper1664187619569.js
185.76.9.17200 OK 0 B URL HTTP/2 cdn.userway.org/widgetapp/2022-09-26/remediation/mega_menu_helper1664187619569.js
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /widgetapp/2022-09-26/remediation/mega_menu_helper1664187619569.js HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:06 GMT
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Mon, 26 Sep 2022 10:23:11 GMT
etag: W/"958b69af992f3dd795e8cc5960298ea2"
cache-control: max-age=25920000, public
vary: Accept-Encoding
via: 1.1 163a559a90b919cdbd95acf4deecc98a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: mqKnleiqkO_jGNdT5t5tX1x-q46e156HRjuVrCa_FYmcNNPiOFOcag==
age: 441
x-accel-expires: @1690108863
server: CDN77-Turbo
x-77-nzt: AblMCQ3KpYb/O4sAAA
x-77-nzt-ray: eyQJWgHa8rg
x-cache: HIT
x-age: 35643
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
api.userway.org/api/br-links/v0/links
54.187.202.233200 OK 0 B URL HTTP/2 api.userway.org/api/br-links/v0/links
IP 54.187.202.233:0
OPTIONS /api/br-links/v0/links HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:06 GMT
x-service-version: apps-bf5bf1e2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
X-Firefox-Spdy: h2
cdn.userway.org/widget.js
185.76.9.17200 OK 0 B URL HTTP/2 cdn.userway.org/widget.js
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /widget.js HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:04 GMT
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Mon, 26 Sep 2022 10:23:13 GMT
etag: W/"280d8acc7862faf24ac1e5ac38b57abd"
cache-control: max-age=3600, public
vary: Accept-Encoding
via: 1.1 d945a5fbc073d46145c31f513978802c.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: bSUJo4vC0jKcmEWoqIwBxTk_GvP1yQI_m6S12-YV5oY_cjKEqaUH3A==
age: 2966
x-accel-expires: @1664227336
server: CDN77-Turbo
x-77-nzt: AblMCQ3Pawn/AAMAAA
x-77-nzt-ray: n37ZsckpEIU
x-cache: HIT
x-age: 768
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
api.userway.org/api/br-links/v0/pdf-links
54.187.202.233200 OK 0 B URL HTTP/2 api.userway.org/api/br-links/v0/pdf-links
IP 54.187.202.233:0
OPTIONS /api/br-links/v0/pdf-links HTTP/1.1
Host: api.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.theraflu.com/
Origin: https://www.theraflu.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:06 GMT
x-service-version: apps-bf5bf1e2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-headers: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
X-Firefox-Spdy: h2
cdn.userway.org/remediations/consolidated/1826520/8hRBq7x16KSF1b4o.json
185.76.9.17200 OK 0 B URL HTTP/2 cdn.userway.org/remediations/consolidated/1826520/8hRBq7x16KSF1b4o.json
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /remediations/consolidated/1826520/8hRBq7x16KSF1b4o.json HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.theraflu.com
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: application/json
access-control-allow-origin: https://www.theraflu.com
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Mon, 26 Sep 2022 15:06:15 GMT
etag: W/"cc616cc8785090bc98992697d53bc5c9"
cache-control: public, max-age=31536000
vary: Accept-Encoding, Origin
via: 1.1 210fa10efb175d891774d170436663b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: SK1KTj0U7XMGtDPrB_lWK5k8l6oXor6KAJNSTGuwfkvXyYlibl7Fbg==
age: 7388
x-accel-expires: @1695748416
server: CDN77-Turbo
x-77-nzt: AblMCQ1Szfn/OS8AAA
x-77-nzt-ray: a/OZcBPtW8c
x-cache: HIT
x-age: 12089
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn.userway.org/widgetapp/images/spin_wh.svg
185.76.9.17200 OK 0 B URL HTTP/2 cdn.userway.org/widgetapp/images/spin_wh.svg
IP 185.76.9.17:0
ASN #60068 Datacamp Limited
GET /widgetapp/images/spin_wh.svg HTTP/1.1
Host: cdn.userway.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Sep 2022 20:35:05 GMT
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
last-modified: Sun, 17 Jul 2022 17:46:41 GMT
etag: W/"8e0a35946bf39d10f46a1f1653366a0a"
cache-control: max-age=25920000, public
vary: Accept-Encoding
via: 1.1 e9eeb72bccacc26d81e7bd02c27d126a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: I05P2SSE_QxfpVPuYbWf3m5i9Dza0PgdBinx1J5QkY838yjlvCZIgA==
age: 4
x-accel-expires: @1684925414
server: CDN77-Turbo
x-77-nzt: AblMCQ0qKn3/E6NPAA
x-77-nzt-ray: vxVmJAPLmro
x-cache: HIT
x-age: 5219091
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
www.theraflu.com/RightToRecover/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/Theraflu_Badge_Brandmark_1000.png
52.251.65.90404 Not Found 0 B URL HTTP/2 www.theraflu.com/RightToRecover/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/Theraflu_Badge_Brandmark_1000.png
IP 52.251.65.90:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /RightToRecover/content/dam/cf-consumer-healthcare/bp-theraflu/en_US/global/logo/Theraflu_Badge_Brandmark_1000.png HTTP/1.1
Host: www.theraflu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.theraflu.com/RightToRecover/
Cookie: ApplicationGatewayAffinity=10572c55e27a732a27adc05931861514; ApplicationGatewayAffinityCORS=10572c55e27a732a27adc05931861514; gig_canary=false; gig_canary_ver=13406-3-27737055; OptanonConsent=isIABGlobal=false&datestamp=Mon+Sep+26+2022+20%3A35%3A03+GMT%2B0000+(Coordinated+Universal+Time)&version=6.36.0&hosts=&consentId=40f2b7a1-3036-4456-997f-67b1a81f405b&interactionCount=0&landingPath=https%3A%2F%2Fwww.theraflu.com%2FRightToRecover%2F&groups=1%3A1%2C3%3A1%2C2%3A1%2C4%3A1%2C5%3A1; _gcl_au=1.1.1608560174.1664224504; _ga=GA1.1.2137369781.1664224504; _gid=GA1.2.2141813307.1664224504; _dc_gtm_UA-38587364-3=1; _gat_UA-135635203-1=1; _ga_4Q47Q3C7RV=GS1.1.1664224504.1.0.1664224504.0.0.0; _ga_TN9NWLYCYS=GS1.1.1664224504.1.0.1664224504.0.0.0; _uetsid=b37319a03dda11ed990ae158445dfb06; _uetvid=b37318203dda11edb6ed5381d82948a8; _fbp=fb.1.1664224504514.883196832
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 26 Sep 2022 20:35:06 GMT
content-type: text/html; charset=UTF-8
server: Apache
strict-transport-security: max-age=63072000;
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
link: <https://www.googletagmanager.com>; rel=preconnect; crossorigin, <https://www.googletagmanager.com>; rel=dns-prefetch; crossorigin, <https://a-cf65.ch-static.com>; rel=preconnect; crossorigin, <https://a-cf65.ch-static.com>; rel=dns-prefetch; crossorigin, <https://i-cf65.ch-static.com>; rel=preconnect; crossorigin, <https://i-cf65.ch-static.com>; rel=dns-prefetch; crossorigin
x-frame-options: SAMEORIGIN
cache-control: public, max-age=0, s-maxage=86400
X-Firefox-Spdy: h2