r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2578
Expires: Fri, 25 Nov 2022 13:17:13 GMT
Date: Fri, 25 Nov 2022 12:34:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5130
Cache-Control: max-age=170549
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:15 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:56:44 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 12:19:06 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 909
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10849
Expires: Fri, 25 Nov 2022 15:35:04 GMT
Date: Fri, 25 Nov 2022 12:34:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: FkcDNhjmGBvklbBVO2Y2ud2rcEpDZ6jTBPh8pXYwtRQqiU/W/L+h3mtXATVSW+TmS/QF89hhpRQ=
x-amz-request-id: BYA5KP3P05QNJWQ7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 11:40:47 GMT
age: 3208
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 12:34:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
topitoffhatco.com/
162.159.135.42301 Moved Permanently 0 B IP 162.159.135.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: topitoffhatco.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 25 Nov 2022 12:34:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://topitoffhatco.com/
CF-Ray: 76fa6adc58ebb4eb-OSL
CF-Cache-Status: DYNAMIC
ki-cache-type: None
Ki-CF-Cache-Status: BYPASS
ki-edge: v=17.9
X-Content-Type-Options: nosniff
X-Edge-Location-Klb: 1
X-Kinsta-Cache: EXPIRED
X-Pingback: http://topitoffhatco.com/xmlrpc.php
X-Redirect-By: WordPress
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ca9wRRQ%2BhKTp%2FzaUIqlaLKmRN6bXYTmSwRwTG2i4W0MpwlOf%2BNHPrTxASmcOFApu0mHJypUS7G2dEtrV2tSgYiwPi%2FQtKcl3ls7ALGHt3fY8s5Yjz3qKLPu9gzPp47Az%2FIAc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 49faf2598223d4a5296f4d1e8317ba92
97035279ed85eadbb706949c8ade5994abceacb8
c275a6f4f899a90c6f41a1053b5e8aa0bbfc39f6ce500a5a9766a4c4355400e0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=154234
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:15 GMT
Etag: "63806dc1-118"
Expires: Sun, 27 Nov 2022 07:24:49 GMT
Last-Modified: Fri, 25 Nov 2022 07:24:49 GMT
Server: nginx
Content-Length: 280
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 12:08:53 GMT
cache-control: public,max-age=3600
age: 1522
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3086
Cache-Control: max-age=163441
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 09:58:17 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 49faf2598223d4a5296f4d1e8317ba92
97035279ed85eadbb706949c8ade5994abceacb8
c275a6f4f899a90c6f41a1053b5e8aa0bbfc39f6ce500a5a9766a4c4355400e0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=154234
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Etag: "63806dc1-118"
Expires: Sun, 27 Nov 2022 07:24:50 GMT
Last-Modified: Fri, 25 Nov 2022 07:24:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash dcfe39b14e1fcdd388715d780aa4d3b6
cb5c259fdd72b0d04d146e2806af80cce8e38290
5d51876874bc09fc38c73d53f1a2dc3238db80d87705b3957891f6f778c2ed70
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4426
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Last-Modified: Fri, 25 Nov 2022 11:20:30 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
push.services.mozilla.com/
35.165.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JAODzjiPBGGeoEBc0B/mgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ss9BT5ovsMvDLahg5dtoQTFnEsk=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 86348c59c5733446124f40fbc069f588
76c261f6a036a38ecc90dcf340f7c94b36193470
6d004884178a3b159c98a4b4d1b3ead45d875ea553c6826b9ecaadea74a1b3f5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6538
Cache-Control: max-age=131238
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:16 GMT
Etag: "637ffa64-118"
Expires: Sun, 27 Nov 2022 01:01:34 GMT
Last-Modified: Thu, 24 Nov 2022 23:12:36 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 280
topitoffhatco.com/
162.159.135.42200 OK 44 kB IP 162.159.135.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7265), with CRLF, LF line terminators
Hash fea25c73b76aaa89829a7b9d636320ea
918667365e0bf9b5acab4d794c3e5cef577d690b
6ab32af19e716f855f8a4286afad326a879e9742d971e7643fa28fe68bde9cf6
GET / HTTP/1.1
Host: topitoffhatco.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:16 GMT
content-type: text/html; charset=UTF-8
cf-ray: 76fa6ae05a13b50f-OSL
link: <https://topitoffhatco.com/wp-json/>; rel="https://api.w.org/", <https://topitoffhatco.com/wp-json/wp/v2/pages/25>; rel="alternate"; type="application/json", <https://topitoffhatco.com/>; rel=shortlink
vary: Accept-Encoding
cf-cache-status: DYNAMIC
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=17.9
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: HIT
x-pingback: https://topitoffhatco.com/xmlrpc.php
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fb%2F8PqP8%2F4UPJdQLIJYg40SOp3ka%2ForfcVlyygIqD%2FyuUtZiRjaXJmxRtv6gB7SRIl3pCestfIdiG%2BFYT%2BBiFrrPFR8DaS57c%2F6dvqm4GFV6W6PoTPifYN7%2FpyUCYuhXKvM9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fast.fonts.net/t/1.css?apiType=css&projectid=71b5b825-2124-4316-9cd7-8560587cf63c
104.17.224.78200 OK 0 B URL HTTP/2 fast.fonts.net/t/1.css?apiType=css&projectid=71b5b825-2124-4316-9cd7-8560587cf63c
IP 104.17.224.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t/1.css?apiType=css&projectid=71b5b825-2124-4316-9cd7-8560587cf63c HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fast.fonts.net/cssapi/71b5b825-2124-4316-9cd7-8560587cf63c.css
Cookie: __cf_bm=YPYsH5q_Oc8LnHO7hN5vfxVkeOETF4mEZS.xRQoy6eM-1669379657-0-AQJkVbA0GnO8/2Tdl0rywMQ5HC2VLQUi5bknRJGQKXWBT5Be7N+Q8ZO1005PqL/foSkfnre0z8CSCwysCsf6xL0=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:17 GMT
content-type: text/css; charset=utf-8
content-length: 0
x-amz-id-2: iPQk/YDwbsZnZlKVKkjl/0dhqj5n3YSQEBqHipRVcfc0xaPzcavNIa1o23WkcykK2IQP1uu2yAQ=
x-amz-request-id: K067XEZDCT9V7CRQ
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
cache-control: public, max-age=0, s-maxage=604800
x-amz-meta-mtime: 1519217722
x-amz-version-id: null
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fa6ae8cf5f1c0e-OSL
X-Firefox-Spdy: h2
a.remarketstats.com/px/?c=1f7e9c9e6808021
104.26.2.122200 OK 2.3 kB URL HTTP/2 a.remarketstats.com/px/?c=1f7e9c9e6808021
IP 104.26.2.122:0
File type ASCII text, with very long lines (3171)
Hash 7ff16a6151f5735d72fba3a09d72ab62
0e7072ca427d44fc5bb6fe1119f0dc08d2849e1a
df88dd4b8db39a63189a7373244295d5d0106ab56a0a650f8ca13c6f2cf6f8f1
GET /px/?c=1f7e9c9e6808021 HTTP/1.1
Host: a.remarketstats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:16 GMT
content-type: text/javascript
set-cookie: _ccpx=1f7e9c9e6808021; Expires=Sat, 25 Nov 2023 12:34:16 GMT; Path=/; HttpOnly; SameSite=None; Secure
_ccpx_1f7e9c9e6808021=1; Expires=Sat, 25 Nov 2023 12:34:16 GMT; Path=/; HttpOnly; SameSite=None; Secure
_ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:16 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-wv4g4:cc-nginx-c76b96594-wv4g4
x-requestid: c224f93c-fcb9-47d2-88da-f4233cff671e
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ltuQO%2FVY2YNzZ40%2BtlFnOQ4EqYiSiU0N0pweXsOwrhtiQ66Hr9kPAaTBvEq4qAM6ZEZqyoI%2FL3NbU7bt0OtB3%2FjQNBfwXzdgagw6P9j%2FX%2B4RD7B1ZwzpK7arKCzEgAXSZMzKvw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6ae5186fb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/glegoo/v14/_Xmt-HQyrTKWaw25jKOY.woff2
216.58.207.195200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/glegoo/v14/_Xmt-HQyrTKWaw25jKOY.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17604, version 1.0\012- data
Hash 62c81a99d75b94f68162af8e1bd0dba4
d4eb7798a843838f5782b0fe263524fbcc886dc2
f51cb0f5f4008a03c2432bd3656c09a4be658311e9849e423b1591f52f414f71
GET /s/glegoo/v14/_Xmt-HQyrTKWaw25jKOY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 20:12:57 GMT
expires: Tue, 21 Nov 2023 20:12:57 GMT
cache-control: public, max-age=31536000
age: 318080
last-modified: Thu, 21 Apr 2022 17:07:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e68a54b924d5f66234e53c63de0ac8ca
33f41b1e6242315736314681a51ae774a9429193
0524c2d2148b8f7d8b015050b5a18e36427c546cd7461b92d0f74eb42ab58ff5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5988
Cache-Control: max-age=123515
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:17 GMT
Etag: "637fde61-116"
Expires: Sat, 26 Nov 2022 22:52:52 GMT
Last-Modified: Thu, 24 Nov 2022 21:13:05 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 5.3 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d0abcb0eb2fe61f417a1dc0a269eb72
d9530abe9bff630da6a55058d8e197c31363e3ed
aba98dce0a43eef6f82553d4ad8b5febd6dc84e3ebc02b56ced4530200bfdb96
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8263
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:34:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8263
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:34:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8263
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:34:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:46:20 GMT
age: 17277
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb94ecb5881a7e49d964e4287d11e7a4
4b131a189db1b615e2519a28cad83d78297ab67f
f3693e29eb7b72361093434142e3f18969c1a0b02350fab430fa29c7c127bd1a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11401
x-amzn-requestid: 3bc374eb-7d70-4b95-94a7-2ad06cae4726
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtHcmoAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-333793987245ff9e741b9aed;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kkI9Vh2vZeJPwz2JVL5MErsBBwk8-2Jo49yc0sFqv5pxIyBi6azFIw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:00:34 GMT
age: 52423
etag: "4b131a189db1b615e2519a28cad83d78297ab67f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8784bb7a8b88736a6016f712e3183bf3
b0ddc1555d2506177adcdcea77864d75f1245d07
8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 52772
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 29477
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 52778
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:53 GMT
age: 53184
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eaccfd78ba725aeba4b66a345499d2b0
5391d80c3b71902a80e1ef1e4a728154bf774362
86a217e6063fa60eff62355b54ed674f949406b5265a6426002edef7fd69777f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1632
Cache-Control: max-age=143968
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:17 GMT
Etag: "63803f49-1d7"
Expires: Sun, 27 Nov 2022 04:33:45 GMT
Last-Modified: Fri, 25 Nov 2022 04:06:33 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
a.clickcertain.com/px/ta/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/ta/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/ta/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=1f7e9c9e6808021&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&cn=NO
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:17 GMT
content-type: text/html
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:17 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-8gps5:cc-nginx-c76b96594-8gps5
x-requestid: a0285a49-314d-463f-8404-a42bdb08d5cb
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d8ThBjttDhUnXaF%2BqVXfVoQ%2BQQwm%2FLALz%2BsNm9GMSs%2F5I36PKfeyV0UEHMeMNkagyLfxbbDP%2F9B1imO9D0Fhj4M9fGxlTDC7bY9fuSg6eDcRpxnHCkDm68K0kpMwZ0hhZve9gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6aec9c74b50f-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eaccfd78ba725aeba4b66a345499d2b0
5391d80c3b71902a80e1ef1e4a728154bf774362
86a217e6063fa60eff62355b54ed674f949406b5265a6426002edef7fd69777f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1633
Cache-Control: max-age=143968
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Etag: "63803f49-1d7"
Expires: Sun, 27 Nov 2022 04:33:46 GMT
Last-Modified: Fri, 25 Nov 2022 04:06:33 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
35.227.248.159302 Found 0 B URL HTTP/2 pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /idsync/ex/receive/check?partner_id=3318&partner_device_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP/1.1
Host: pixel.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:18 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1669379658024;Expires=Tue, 24 Jan 2023 12:34:18 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=e113a64e-09d3-48b8-b973-7ff445f0e2bb;Expires=Tue, 24 Jan 2023 12:34:18 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_3WAY_SYNCS=;Expires=Tue, 24 Jan 2023 12:34:18 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://a.clickcertain.com/px/ta/?done=true&ta_id=e113a64e-09d3-48b8-b973-7ff445f0e2bb
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fast.fonts.net/dv2/3/2ef5ecda-1772-45e2-843f-a13f5d76ed3a.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c
104.17.224.78200 OK 30 kB URL HTTP/2 fast.fonts.net/dv2/3/2ef5ecda-1772-45e2-843f-a13f5d76ed3a.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c
IP 104.17.224.78:0
File type Web Open Font Format, TrueType, length 29841, version 1.0\012- data
Hash 941d695dab297d32ca8ddaf2b8962963
dc816a378f2e59374ce24c6e593c48984ba62309
20a19789ccd5241cf8b214fde92416a0b7d2a430859497d4d69a0eab18451071
GET /dv2/3/2ef5ecda-1772-45e2-843f-a13f5d76ed3a.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://fast.fonts.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:18 GMT
content-type: application/octet-stream
content-length: 29841
x-amz-id-2: TKd9l1iXErLVYUt0QtJGH8AtJXgwuIi7ncWRHn1vTMjMVcmcwAEIjJpfKDce9fXV9/0Vn1lAO74=
x-amz-request-id: 7CGR6CB1YPC5ASD2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 13 Nov 2020 15:32:48 GMT
etag: "941d695dab297d32ca8ddaf2b8962963"
x-amz-meta-mtime: 1415136589
x-amz-version-id: null
cf-cache-status: REVALIDATED
expires: Fri, 25 Nov 2022 12:39:18 GMT
cache-control: public, max-age=300
accept-ranges: bytes
set-cookie: __cf_bm=Qa2iuC73tBJ88a8XMJGdQUiBFx13a5n9TbSAnN2cMh4-1669379658-0-AekDsi5LNAV8EEKor2j1ErKZQ2Ay3CxuIlYMdcJwbR71V3ZMbzTZE6w1B3TyhVlOu9BQRswGV0h5tns1YSAuvYY=; path=/; expires=Fri, 25-Nov-22 13:04:18 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76fa6aeb5acb1c0e-OSL
X-Firefox-Spdy: h2
fast.fonts.net/dv2/3/01cb92c2-7cd7-4d08-8c37-95a3623b4634.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c
104.17.224.78200 OK 30 kB URL HTTP/2 fast.fonts.net/dv2/3/01cb92c2-7cd7-4d08-8c37-95a3623b4634.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c
IP 104.17.224.78:0
File type Web Open Font Format, TrueType, length 29926, version 1.0\012- data
Hash f42484b75e7abdfdb8c54a627f257f8e
5cd8029c2a3158e9c01942d5d1a330dfc644fde9
374ce35b6a60f8eb7c8e551ffdb57586dd0967608e97e4db739d14e7281b055b
GET /dv2/3/01cb92c2-7cd7-4d08-8c37-95a3623b4634.woff?d44f19a684109620e4841578a590e8180194de38df0cb2573b9af3b3d8d3e5ea3f68054f9ec5dc23c3163599f3cf55d2aaba5c32fc3d16c77cf2cf5ea11cfebac0ef6c7a3a11ce804bcefb8ea3d86214744b204f9571de369ae2199de76b20261aca1ca72db902489fcfa83c4a4aacb8&projectId=71b5b825-2124-4316-9cd7-8560587cf63c HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://fast.fonts.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:18 GMT
content-type: application/octet-stream
content-length: 29926
x-amz-id-2: vpY9WTgG7xAHw2pqJp4gAPNQmtARTAW7lGA2JphLxrGu7waMddiZl3UDCxiJA7Gka3PZWlFPEIE=
x-amz-request-id: 7CGHZB5R6S1M131W
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Thu, 12 Nov 2020 18:57:11 GMT
etag: "f42484b75e7abdfdb8c54a627f257f8e"
x-amz-meta-mtime: 1400552497
x-amz-version-id: null
cf-cache-status: REVALIDATED
expires: Fri, 25 Nov 2022 12:39:18 GMT
cache-control: public, max-age=300
accept-ranges: bytes
set-cookie: __cf_bm=D88WIBKzomJ2LC89r4k28GPvUrWrhtmkoYcMUEIwPoM-1669379658-0-AfmJt5ZlqZVNs4eeZNb40ZXXA9biesMFK4YXWvG+I7twYMwCxql4nSSImc6JzM+lE7+kvRzzFilP1Qk4rKm8BMU=; path=/; expires=Fri, 25-Nov-22 13:04:18 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76fa6aeb5ae01c0e-OSL
X-Firefox-Spdy: h2
a.clickcertain.com/px/ta/?done=true&ta_id=e113a64e-09d3-48b8-b973-7ff445f0e2bb
104.26.8.50204 No Content 0 B URL HTTP/2 a.clickcertain.com/px/ta/?done=true&ta_id=e113a64e-09d3-48b8-b973-7ff445f0e2bb
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/ta/?done=true&ta_id=e113a64e-09d3-48b8-b973-7ff445f0e2bb HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 25 Nov 2022 12:34:18 GMT
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:18 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-tl8rd:cc-nginx-c76b96594-tl8rd
x-requestid: 74ffd270-7f5c-4ea1-8d46-005b45aa871b
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tOZkZGlF3BoDEswq3uKoz51l5IhiUB6GomJYEtlpl0FC%2Bi1w4FavE%2BuIhZQt1t5snYA2aFlINSIZAse7eZoJaJIworKWdd%2Bk%2BpX4iyknfUsbOJv04RYD%2F5C6WzHuc9haBGTzaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6aeecf55b50f-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash c73fdd75eac4ce768a1263d219a851bc
30dfc643989ef33a52da872bd25e6bf30f846a39
ff055e5492417bdffc32e75d467fd2a2d91b1e446e62cdc8b5957e4014bfc0ec
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=127707
Date: Fri, 25 Nov 2022 12:34:18 GMT
Etag: "637ffe9c-1d7"
Expires: Sun, 27 Nov 2022 00:02:45 GMT
Last-Modified: Thu, 24 Nov 2022 23:30:36 GMT
Server: ECS (bsa/EB1B)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mlHkNFvgdAcfj-rx8RxhDind-8f3bpSaw2XvStt3X_5J694LamapAA==
Age: 1929
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4014b3f4adf5c5373118894c244afb12
1198e79d0e1e14408e3c0084a3f479122020a723
affc5983ee364e0310c082b225a90cff4ba2d01b68d2cdaf6b5ecbe780cad66d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5381
Cache-Control: max-age=151315
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Etag: "63804d58-1d7"
Expires: Sun, 27 Nov 2022 06:36:13 GMT
Last-Modified: Fri, 25 Nov 2022 05:06:32 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbds.js
157.240.200.14200 OK 2.2 kB URL HTTP/2 connect.facebook.net/en_US/fbds.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (2888)
Hash 2d28cdf96264395ad73efddf44531086
f8923072ab978adae89131830153dd2f0a563443
f2ee64d0f67a407edb72155329dca2cdba427429648bc189168dd959a9895666
GET /en_US/fbds.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9406e8ca22a23ba7b827b449c3800ab6
etag: "2b95f64245856788856d6a9ed94de128"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 25 Nov 2022 12:39:18 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: LSjN+WJkOVrXPv3fRFMQhg==
x-fb-debug: mgI2DDJyeSXinfmzC4AjmTXm6UG+QbdDMkQfke5kRP+rR7CyEZ6/7hqYVKCv2OnDpEt+7YCLbi+rGW7Bswc/tg==
content-length: 2167
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 12:34:18 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 10:41:08 GMT
expires: Fri, 25 Nov 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 6790
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/all.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/all.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash ffac81787bb1de397daf70a1010cda43
6c8929b5fb80d8c4e74e6125bf294a6a571f401c
d242bb2873c707e3b0af0df249b878e6246fc6f96ec73c37eb267febca9d1da0
GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: e5e1e74c0768b22f54405671eeda173a
etag: "27553a6279e71a6feffb64825833aee5"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 25 Nov 2022 12:44:53 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: /6yBeHux3jl9r3ChAQzaQw==
x-fb-debug: slSgCwAkA3/3H1MWZGP3DVIEins8+AqffOj9B9j+ZeJ3wA5/FzwuVtCDKKhK7+Uvyy4Cy88wNuLxqGzA5VmO/Q==
content-length: 1688
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 12:34:18 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4014b3f4adf5c5373118894c244afb12
1198e79d0e1e14408e3c0084a3f479122020a723
affc5983ee364e0310c082b225a90cff4ba2d01b68d2cdaf6b5ecbe780cad66d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5381
Cache-Control: max-age=151315
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Etag: "63804d58-1d7"
Expires: Sun, 27 Nov 2022 06:36:13 GMT
Last-Modified: Fri, 25 Nov 2022 05:06:32 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
a.clickcertain.com/px/r/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/r/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/r/?ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/px/cont/?c=1f7e9c9e6808021&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&cn=NO
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:17 GMT
content-type: text/html
location: https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dcd338e41%25252d6c48%25252d4397%25252dbfb1%25252dfe8f029b42ad%252526anx_uId%25253d%252524UID
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:17 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-4lq5f:cc-nginx-c76b96594-4lq5f
x-requestid: b388af2a-9691-4f1e-adda-aa1e128dffa4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLqwZYRVD41hFBShwscXGWiRHl9Z0FG6jgBb35mxRWGLYLf4y6qMv9PGc3kkNLgtGxGyUpdzsETRLXxK1ENAZeP3mlS5A15C6FpUKnRWbsQM%2B8YXT7cU17M78bDQWXKFCIna9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6aecac7eb50f-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dcd338e41%25252d6c48%25252d4397%25252dbfb1%25252dfe8f029b42ad%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&_li_chk=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&previous_uuid=4ce19ffefcb34fe796788435c354ccbb
52.7.98.67303 See Other 0 B URL HTTP/1.1 i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dcd338e41%25252d6c48%25252d4397%25252dbfb1%25252dfe8f029b42ad%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&_li_chk=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&previous_uuid=4ce19ffefcb34fe796788435c354ccbb
IP 52.7.98.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253dcd338e41%25252d6c48%25252d4397%25252dbfb1%25252dfe8f029b42ad%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&_li_chk=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&previous_uuid=4ce19ffefcb34fe796788435c354ccbb HTTP/1.1
Host: i.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 303 See Other
Date: Fri, 25 Nov 2022 12:34:18 GMT
Content-Length: 0
Connection: keep-alive
Location: https://a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253dcd338e41%252d6c48%252d4397%252dbfb1%252dfe8f029b42ad%2526anx_uId%253d%2524UID&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
Set-Cookie: _li_ss=MgYIkgEQ2BM; Max-Age=2592000; Expires=Sun, 25 Dec 2022 12:34:18 GMT; SameSite=None; Path=/s; Secure
lidid=15b23021-618c-4f85-ab7f-b14b2c005ee3; Max-Age=63072000; Expires=Sun, 24 Nov 2024 12:34:18 GMT; SameSite=None; Path=/; Domain=liadm.com; Secure
Request-Time: 2
Strict-Transport-Security: max-age=31536000; includeSubDomains
www.facebook.com/tr/?id=1375399606109183&ev=PixelInitialized&dl=https%3A%2F%2Ftopitoffhatco.com%2F&rl=&if=false&ts=1669379657736
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=1375399606109183&ev=PixelInitialized&dl=https%3A%2F%2Ftopitoffhatco.com%2F&rl=&if=false&ts=1669379657736
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=1375399606109183&ev=PixelInitialized&dl=https%3A%2F%2Ftopitoffhatco.com%2F&rl=&if=false&ts=1669379657736 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 25 Nov 2022 12:34:18 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/all.js?hash=49b06aaa886c85d8a72c34c6d5435590
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/all.js?hash=49b06aaa886c85d8a72c34c6d5435590
IP 157.240.200.14:0
File type ASCII text, with very long lines (18605)
Hash 56c89b235f8f19b7ecdcac43602ecb2e
f7d496f39858751502a9139cd50fcd23d1bd4e70
319e3bb380ef07ab5e3b4dddde23d00dce41bc783e9646f35f0c6dd56bc3297d
GET /en_US/all.js?hash=49b06aaa886c85d8a72c34c6d5435590 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 0d8de330bb0a2dd687e05a8090e25e6f
etag: "fcea6f98753a02bb1c3c618c0766ad81"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 25 Nov 2023 11:11:45 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: VsibI1+PGbfs3KxDYC7LLg==
x-fb-debug: h8Y9C+XHfCj7g8FVHumEbUXtXKjrYKj1hAscL0huC/W3y19USARf08bcIo61fGGoWKSqYWwE+/b03Fa/dEazmQ==
content-length: 88226
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 12:34:18 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-25689854-1&cid=487218195.1669379658&jid=2115139676&gjid=1085409743&_gid=85151324.1669379658&_u=IEBAAEAAAAAAACAAI~&z=361691867
142.251.1.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-25689854-1&cid=487218195.1669379658&jid=2115139676&gjid=1085409743&_gid=85151324.1669379658&_u=IEBAAEAAAAAAACAAI~&z=361691867
IP 142.251.1.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-25689854-1&cid=487218195.1669379658&jid=2115139676&gjid=1085409743&_gid=85151324.1669379658&_u=IEBAAEAAAAAAACAAI~&z=361691867 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://topitoffhatco.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 12:34:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a54c80dec1c95f72609427d03724eeff
6f1afb5ac564d8f2daf59fe962fb059dcdb201f1
ac57e57ff83ab2ced0f8d7c0f806ebacae13fae70995eb076269a0b65ac81ff9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3975
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Last-Modified: Fri, 25 Nov 2022 11:28:03 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
player.vimeo.com/api/player.js
162.159.128.61200 OK 6.3 kB URL HTTP/1.1 player.vimeo.com/api/player.js
IP 162.159.128.61:0
File type Unicode text, UTF-8 text, with very long lines (21087)
Hash be35514553399a516ec9a8a782341d76
cc471c8a2ad4a645656f72e0833a3cd1a9131b63
ab060007b859a933f8fb7bbc505c9c0a06eef5813ab909d9f09f9656c2d53505
GET /api/player.js HTTP/1.1
Host: player.vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 12:34:18 GMT
Content-Type: application/javascript;charset=utf-8
Content-Length: 6272
Connection: keep-alive
x-xss-protection: 1; mode=block
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
x-content-type-options: nosniff
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Fri, 25 Nov 2022 12:57:38 GMT
x-host: player-57c7694bdc-xjdt7
via: 1.1 varnish, 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-varnish-cache: 0
x-vserver: playproxy-rollout-prod-varnish-0
x-backend-proxy: playproxy1
x-bapp-server: player-57c7694bdc-xjdt7
Accept-Ranges: bytes
Age: 400
X-Served-By: cache-bma1634-BMA
X-Cache: HIT
X-Cache-Hits: 687
X-Timer: S1669379659.658596,VS0,VE0
Vary: Accept-Encoding
X-Player-Backend: p
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=3NpKITdr28C2rEa9qyL8_CBBdOJJuVQ66wXwX7Qama8-1669379658-0-AbiZ0N0AxmiX57tcsnflc1I8VR4XHD43gW24kNrRWt4+wfunGRzt2gx432TuM56/zZZ4vyCQpAITfWMxuASV3Ck=; path=/; expires=Fri, 25-Nov-22 13:04:18 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 76fa6af28d770b65-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d3d2d21ac304813a16da64921ce18ba4
98b1762c675c61eeb18254986461e6b1074ebc92
af00429c189464ddb8df704dc48035421f943444df6ca17390fb97466c2e7e9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 12:34:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dcd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad%26anx_uId%3d%24UID
142.250.74.98302 Found 509 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dcd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad%26anx_uId%3d%24UID
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (332), with CRLF, LF line terminators
Hash 9ba7e49cb32588066ec392cde17fbd7d
92bf2b7dc1db8755caf0f80526e5c87218375b6d
0f09f29ecbe2b83d3eaed6cd74f767c9d9b63930128ab137f6f0ae8b6e579117
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dcd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad%26anx_uId%3d%24UID HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_tc=
date: Fri, 25 Nov 2022 12:34:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 509
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 25-Nov-2022 12:49:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_tc=
142.250.74.98302 Found 455 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_tc=
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash cd152b91f09fe731e85d60ab897b4db3
ad7d6012b19a58f13b637ea518ea27ea161b74bc
49b902e5b5ea362b5bfac0ae1a4ddae66c4c448ca42e34e00a4fdbd7832f35d2
GET /pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_error=3
date: Fri, 25 Nov 2022 12:34:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 455
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash cd247e58b53e2acf3434be6b567dc181
1f8de63c38e71e28403dbef5dca97ab541509685
412f45ed34719ea59061f4d5c039aa1c7c498cc2d7e402dfe81e85a0a42a1dd4
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155528
Date: Fri, 25 Nov 2022 12:34:18 GMT
Etag: "63806b05-1d7"
Expires: Sun, 27 Nov 2022 07:46:26 GMT
Last-Modified: Fri, 25 Nov 2022 07:13:09 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rKKyEitLmUyzf6UlRAgFQh64J7b9dfe-myP5o-VkKI5gjGcNf9q99A==
Age: 1997
vimeo.com/api/oembed.json?url=http://vimeo.com/106542024
162.159.138.60200 OK 737 B URL HTTP/1.1 vimeo.com/api/oembed.json?url=http://vimeo.com/106542024
IP 162.159.138.60:0
File type JSON data\012- , ASCII text, with very long lines (1416), with no line terminators
Hash cc3604f37bc77507c5c86f8272e0c84f
d89d2a26ecca147e07feb3743c60be111c2c6bd0
ef175ff35df91b24cdeaebfe0037d724eaa1814f008abbcf54ab8fe471b1d77a
GET /api/oembed.json?url=http://vimeo.com/106542024 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://topitoffhatco.com
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: application/json
Content-Length: 737
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
x-content-type-options: nosniff
x-frame-options: sameorigin
last-modified: Fri, 25 Nov 2022 12:16:24 GMT
etag: "e95a78301d282f81d7f14931eb10cd8add002447"
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy-report-only: default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp
x-bapp-server: pweb-ffcd48d6b-ssqvn
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-varnish-cache: 0
x-vserver: webproxy-rollout-prod-varnish-1
x-backend-proxy: webproxy2
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 0
X-Served-By: cache-iad-kiad7000048-IAD, cache-bma1654-BMA
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1669379659.764939,VS0,VE257
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=EuS6l0NgZeFsoR8YMEPW_bLHmRTo3hjiCuoDPkYi3Sw-1669379659-0-AQcMzWOWkfHqj9FCnyCXg7/RVciZKqJAxvZhIrLouhaYkx0Mr4hPv7nhUgs/lf3WcNphypT3QHCBSbmdQfUDGLU=; path=/; expires=Fri, 25-Nov-22 13:04:19 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 76fa6af31a1fb529-OSL
secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=$UID
37.252.173.215307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=$UID
IP 37.252.173.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=$UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41-6c48-4397-bfb1-fe8f029b42ad%26anx_uId%3D%24UID
AN-X-Request-Uuid: 4f5b3b72-3051-4942-8d45-33a76892cb05
Set-Cookie: uuid2=5355996677149734042; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 23-Feb-2023 12:34:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41-6c48-4397-bfb1-fe8f029b42ad%26anx_uId%3D%24UID
37.252.173.215302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41-6c48-4397-bfb1-fe8f029b42ad%26anx_uId%3D%24UID
IP 37.252.173.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41-6c48-4397-bfb1-fe8f029b42ad%26anx_uId%3D%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=0
AN-X-Request-Uuid: e88e0137-da94-4d5f-872c-9135d21885cb
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
a.browserspeed.support/cs?puid=6e1d843d-732b-511b-a1b2-c0b42224778e&pid=lc
44.237.162.242302 Found 24 B URL HTTP/2 a.browserspeed.support/cs?puid=6e1d843d-732b-511b-a1b2-c0b42224778e&pid=lc
IP 44.237.162.242:0
File type HTML document, ASCII text
Hash cd5fa747861f510d1d45ab9dc80a16a0
90d910869fbe5e0f79b7f7e58f59f5303f46ad78
5bdd19de1ad3c04f1a88334882b16565cef8ac274902e671a72ebebdb35c697c
GET /cs?puid=6e1d843d-732b-511b-a1b2-c0b42224778e&pid=lc HTTP/1.1
Host: a.browserspeed.support
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.clickcertain.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: awselb/2.0
date: Fri, 25 Nov 2022 12:34:19 GMT
content-type: text/html; charset=utf-8
content-length: 24
location: https://a.browserspeed.support/
set-cookie: tuid=8df285e7-a6f1-4911-809c-a4665627cc69; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
i.vimeocdn.com/video/489793115-6583ab1bc50548a063079ef91f73415d33bf3babb7d350ecb77425cc2971e70d-d_640
151.101.86.109200 OK 16 kB URL HTTP/2 i.vimeocdn.com/video/489793115-6583ab1bc50548a063079ef91f73415d33bf3babb7d350ecb77425cc2971e70d-d_640
IP 151.101.86.109:0
File type ISO Media, AVIF Image\012- data
Hash 3c4959988c92c11065c4a291e8b922f8
19bac922508c06c65b5c99884ada4d7f5185a127
82c59f06024d64185d0c3aa36d2aa29b6987bd7cfeb35a61c7b2c30288c89851
GET /video/489793115-6583ab1bc50548a063079ef91f73415d33bf3babb7d350ecb77425cc2971e70d-d_640 HTTP/1.1
Host: i.vimeocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/avif
etag: 3c4959988c92c11065c4a291e8b922f8
x-viewmaster-lossless-format: automatic
viewmaster-server: viewmaster-us-central1-84bn
cache-control: public, max-age=2592000
via: vvarnish, 1.1 varnish, 1.1 varnish
x-backend-server: varnish
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
access-control-max-age: 86400
accept-ranges: bytes
date: Fri, 25 Nov 2022 12:34:19 GMT
age: 92614
x-served-by: cache-dfw-kdfw8210074-DFW, cache-bma1630-BMA
x-cache: miss, HIT, MISS
x-cache-hits: 16, 0
x-timer: S1669379659.182222,VS0,VE125
vary: Accept
content-length: 15662
X-Firefox-Spdy: h2
a.browserspeed.support/
44.237.162.242200 OK 4 B IP 44.237.162.242:0
File type ASCII text, with no line terminators
Hash 72054d9a6fbdcc7df012e19f32345b65
52dd4c74c813db3790179c4f236ceadaca3467a8
c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: a.browserspeed.support
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: tuid=8df285e7-a6f1-4911-809c-a4665627cc69
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: awselb/2.0
date: Fri, 25 Nov 2022 12:34:19 GMT
content-type: application/json; charset=utf-8
content-length: 4
set-cookie: tuid=8df285e7-a6f1-4911-809c-a4665627cc69; Path=/; Domain=a.browserspeed.support; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 86776344fc6dd826ff48ca2f315dec8a
23054ddd051e653c90cc3232bbe1ecb88820b29a
7a6a778b4a383d8385e3843a7fd1ad88a5e7182d5627740511dd2c83a6f264c1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 22 Nov 2022 13:56:48 GMT
Expires: Tue, 29 Nov 2022 13:56:47 GMT
Etag: "23054ddd051e653c90cc3232bbe1ecb88820b29a"
Cache-Control: max-age=349947,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fa6af76bd50b45-OSL
a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=0
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=0
IP 104.26.8.50:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=0 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:19 GMT
content-type: text/html
location: https://x.bidswitch.net/sync?dsp_id=179&user_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&expires=5&user_group=0
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:19 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-dclk6:cc-nginx-c76b96594-dclk6
x-requestid: 758ad1ad-eb0e-4e72-ae70-b886396b5b33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMolGngk006SiJbv50aRj62q8fGbpipBpU2rtkarplbPFPcSd%2FwzyfWD1TWvLVrODoCrCNkZqzayuk6KJfo7VD3yTnSwJ6jmIMVohWqoDu6%2FLSKYjn%2FKw1NVVhr5%2BeL3oYDy5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6af53f1eb50f-OSL
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&expires=5&user_group=0
18.184.69.226200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&expires=5&user_group=0
IP 18.184.69.226:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=179&user_id=cd338e41-6c48-4397-bfb1-fe8f029b42ad&expires=5&user_group=0 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:19 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=2379696&t=2
37.252.173.215307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=2379696&t=2
IP 37.252.173.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=2379696&t=2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D2379696%26t%3D2
AN-X-Request-Uuid: c98643a5-9499-4fc3-bd52-5c5153946747
Set-Cookie: uuid2=1349169956150323811; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 23-Feb-2023 12:34:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D2379696%26t%3D2
37.252.173.215200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D2379696%26t%3D2
IP 37.252.173.215:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D2379696%26t%3D2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://topitoffhatco.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 25 Nov 2022 12:34:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 33b341b3-4ed3-4d26-a5a8-9d48209935ca
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2C''F)XuN!@wnf-Te9(>wL5L!!'6g$Xx-M; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 23-Feb-2023 12:34:19 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
a.clickcertain.com/px/cont/?c=1f7e9c9e6808021&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&cn=NO
104.26.8.50200 OK 0 B URL HTTP/2 a.clickcertain.com/px/cont/?c=1f7e9c9e6808021&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&cn=NO
IP 104.26.8.50:0
GET /px/cont/?c=1f7e9c9e6808021&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&cn=NO HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:17 GMT
content-type: text/html
etag: W/"Y2QzMzhlNDFnNmM0OGc0Mzk3Z2JmYjFnZmU4ZjAyOWI0MmFkLXow"
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:17 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-r7cwm:cc-nginx-c76b96594-r7cwm
x-requestid: 3ee772b0-fc6c-476e-8b4f-09f7db05fcc4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H19zajvk4464254CWjEIvCAetKM8v9zD0L3BF9CxOkxckarAl3CSM39OszcMSb%2BcIM%2BMS8rnOO2ZHVYCHex4vr55qbAt5GZKosF1K%2B9uZD0u8jRqhKKFPgJqowBy50Cj5Fefxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6aebab66b50f-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Glegoo
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Glegoo
IP 142.250.74.10:0
GET /css?family=Glegoo HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 12:34:16 GMT
date: Fri, 25 Nov 2022 12:34:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7CIndie+Flower:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COswald:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7CIndie+Flower:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COswald:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.10:0
GET /css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7CIndie+Flower:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COswald:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 12:34:16 GMT
date: Fri, 25 Nov 2022 12:34:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253dcd338e41%252d6c48%252d4397%252dbfb1%252dfe8f029b42ad%2526anx_uId%253d%2524UID&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253dcd338e41%252d6c48%252d4397%252dbfb1%252dfe8f029b42ad%2526anx_uId%253d%2524UID&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad
IP 104.26.8.50:0
GET /px/li/?redir=https%3a%2f%2fcm%2eg%2edoubleclick%2enet%2fpixel%3fgoogle_nid%3dclickcertain%26google_cm%3d1%26google_sc%3d1%26redir%3dhttps%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fbidswitch%252f%253fdone%253dtrue%2526ccid%253dcd338e41%252d6c48%252d4397%252dbfb1%252dfe8f029b42ad%2526anx_uId%253d%2524UID&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:18 GMT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3dcd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad%26anx_uId%3d%24UID
set-cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad; Expires=Sat, 25 Nov 2023 12:34:18 GMT; Path=/; HttpOnly; SameSite=None; Secure
x-frontend: cc-nginx-c76b96594-wv4g4:cc-nginx-c76b96594-wv4g4
x-requestid: 0602ec50-5c05-4a3a-897c-e317c186ee67
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2%2FNhWVZW8r%2BUSmBEySCFAXsM51Q4qcRwhcF%2BPnIrJmflKsko6h9Mn70meMqAt5fYBIL27RtmeApZlJOPVmDZxiaZvfynR7VNeTRLq08uKYkpGX7NjB70ACk1ty03JGgh4QRfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6af17aa5b50f-OSL
X-Firefox-Spdy: h2
fast.fonts.net/cssapi/71b5b825-2124-4316-9cd7-8560587cf63c.css
104.17.224.78200 OK 0 B URL HTTP/2 fast.fonts.net/cssapi/71b5b825-2124-4316-9cd7-8560587cf63c.css
IP 104.17.224.78:0
GET /cssapi/71b5b825-2124-4316-9cd7-8560587cf63c.css HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://topitoffhatco.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 12:34:17 GMT
content-type: text/css; charset=utf-8
x-amz-id-2: V9o7Z07V6fGU6NaWFtCnJMIEjt0gcDHx9Vv5GA6nypx0nekynU5Waa1CWTHLvYAdtiOel6/B3us=
x-amz-request-id: K06EA4SXZT4SSC6T
last-modified: Wed, 17 Feb 2021 07:21:55 GMT
etag: W/"581cc648e1f87ea19c6ee277fd9ab265"
x-amz-meta-mtime: 1407880809
x-amz-version-id: null
cf-cache-status: REVALIDATED
expires: Fri, 25 Nov 2022 12:39:17 GMT
cache-control: public, max-age=300
set-cookie: __cf_bm=YPYsH5q_Oc8LnHO7hN5vfxVkeOETF4mEZS.xRQoy6eM-1669379657-0-AQJkVbA0GnO8/2Tdl0rywMQ5HC2VLQUi5bknRJGQKXWBT5Be7N+Q8ZO1005PqL/foSkfnre0z8CSCwysCsf6xL0=; path=/; expires=Fri, 25-Nov-22 13:04:17 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fa6ae44a901c0e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_error=3
104.26.8.50302 Found 0 B URL HTTP/2 a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_error=3
IP 104.26.8.50:0
GET /px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3Dcd338e41%2D6c48%2D4397%2Dbfb1%2Dfe8f029b42ad%26anx_uId%3D%24UID&google_error=3 HTTP/1.1
Host: a.clickcertain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.clickcertain.com/
Connection: keep-alive
Cookie: _ccpx_u=cd338e41%2d6c48%2d4397%2dbfb1%2dfe8f029b42ad
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 25 Nov 2022 12:34:18 GMT
content-type: text/html
location: https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=cd338e41-6c48-4397-bfb1-fe8f029b42ad&anx_uId=$UID
x-frontend: cc-nginx-c76b96594-8gps5:cc-nginx-c76b96594-8gps5
x-requestid: d53fd9cc-3427-44f3-a5a9-01a8ffe25bee
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cmLkeECSg0DllM4naUxdPe%2F76%2Bt77g1%2FSz%2Fo7mYUjq8YS3I5LBrtfLwavc2OAyLpBYgjqfh5GbZx%2BXgLM4tQiGLHze9E1G7DT2C0201PPQGAqcCSgP6ZV5snWEoyThkptEA8sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fa6af38d1bb50f-OSL
X-Firefox-Spdy: h2