ouo.io/thFNIG
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thFNIG HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 18 Nov 2022 05:38:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 18 Nov 2022 06:38:18 GMT
Location: https://ouo.io/thFNIG
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76be5bf06856b4f9-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d27590a1d3cbe1e9632b8ae92aaae3f4
202b34e8a0c3b88c8826fd56c6227b34f2cd6f46
6bcfa518476658128c1fb4ea2435c4e58531454cf97138dce7ece9def589aead
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2289
Expires: Fri, 18 Nov 2022 06:16:27 GMT
Date: Fri, 18 Nov 2022 05:38:18 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:18 GMT
Last-Modified: Fri, 18 Nov 2022 03:57:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 04:45:00 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3198
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19497
Expires: Fri, 18 Nov 2022 11:03:15 GMT
Date: Fri, 18 Nov 2022 05:38:18 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash c40f0b0a7e51ed9c6cdc9c4f4f74fd83
82dcb40288608a00b34025ae79ab30e90b8c4582
863ab040cfafbcc6d4f2e26504d6846c19ed2205a09d81bdf14994b71782b2f6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3972
Cache-Control: max-age=146784
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:18 GMT
Etag: "6376a526-116"
Expires: Sat, 19 Nov 2022 22:24:42 GMT
Last-Modified: Thu, 17 Nov 2022 21:18:30 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xitXkir93/kzOelClol3yAinzE/DdHIqA3Vbiy5zCnmGT80aYSSASLUOgfzLnMuGsg+TPqo3958=
x-amz-request-id: 1V54YY10Z9VBFNDM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 05:15:28 GMT
age: 1370
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:18 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ouo.io/thFNIG
302 Found 571 B IP
Hash f3d0faaffc9fe041f84eb254c0a5fa96
87f93917453b23cfe9269eae37ae479dcbf90050
9188a1ff71b516882e24c35df79ae3774a9ba85a2cc7a402509ee947ea3faa82
GET /thFNIG HTTP/1.1
Host: ouo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: language=eyJpdiI6IlQwSEpVakZ4Nm82ZEVXUDhJcUxYMjMxZXQ3cjM0alBkVm5IYWJ1ZGRxSlk9IiwidmFsdWUiOiJPUFlkREE2b3dDZHJLcVJsUEJuMTd2WEVISHExRGw1bFRlb3ZNTXVhR0tzPSIsIm1hYyI6ImM2ZTM3Y2JjNWFjMWJlYzczNDQ0MzI1YzYxYmUzY2EyNDI0YjQxYTJjZDNkMWZjNDhjY2Y3ZThjMjU1OGE5NTAifQ%3D%3D; 7a73437390da23318f4421e973a3622d22c33edf=eyJpdiI6IkFsOXFoeHoyR1VHQ3NpcTFkZmR3ZkdjNEdiUVlNVmt6cmZqckdKemRnUGs9IiwidmFsdWUiOiJ5UFVcL0hqclVzXC9vNG1VWllpdVBkWUVPMFc2NkhDOFlabUhcL3RvQkNidFJpcENZVDFzcTNQUUt4dTNyV0djdytxVktQTW92cHJ1dllOSWlLSk1ndDAydGRRdXNGSjY1MVVzYUdzSTFNcU5yRkU3Ykh3RlJ5R2JDR0Z3QkpCT3VBRThpdVZVYXNXWlZ1MURQSU04OWRwQ0tWd1JuaWJVQW5qbjN5Y2Foc0xoWWFUTFBoSEJyRXQ3UGFUTWpvcnhXeDFCUE9NT2EwM3VsSkJicVBFOFFlZmhtODExRDdpMUhYSnc0Zkp0NXhHWmdQaHBHY3ZRNFUwSG9JMzFjVkpYSGE5RytTNnNrYXBzN0hnaXMxZytaY2tvRTBrV1pQNEdnV3hrYnhtd3RPK3VSNEdRbE1yUkZXSFRPS1MyNGE5a29jMDJONit1WTlMV0VrRWVWU3JvMmZETVBZQmVSSDNsRHNJSkE3VXp5UDlqdVwvbVlGdGVROU1JZUswNkxxUnd2YkRDIiwibWFjIjoiNjNmZDg5MDBiOGUyMjc5M2U4ODZiYTJlNGIxM2UxMDA5MmU1ZjFlNjc3ZDRkMmMwMGU1NWJmNzc3NjhmMTEzOSJ9; a=sUqa0LOJy4PUXlMNWV2MSfamCp8NRa11; _ga=GA1.2.1244247171.1668748180; _gid=GA1.2.767141689.1668748180; token_QgRnAAAAAAAAKxZ0bn0DRfSKVyfY6I4BGDWg_mk=BAYAY3cTlgFjdxOWgAGBAcAAIN5SW4N0vkMptbTaUSupSLSUI-aHZLfbwILdBkW21pCcwQAgT-JKvnY2um5RZkospezNoKg2kCz4mSSI3ovlJ1RlV_Q
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: text/html; charset=UTF-8
location: https://ouo.press/thFNIG
cache-control: no-cache
set-cookie: ouoio_session=eyJpdiI6InQzMWd4UjNiXC85SFwveXF4ZG9PaitiWlVJa1RmSWwwTHlRTE1vWU1sbFBkVT0iLCJ2YWx1ZSI6ImlLQkJaYjBwd0Y5aXVmeTN6Q2ZlZTNUSlV1SlpFWU9JM1B5K0sxZVYzOWxCemRFMmpuZDRGT0wxQU9tZ2xrNHFFREJLTkdsdGVsSmQwc0owakxJQW53PT0iLCJtYWMiOiJlYTc5NWM2N2VmZTlmOTFhZTlkMjk0YmJkZDRjNDUwOTRkMzdiMWVhM2EwOTM1MmFlODg5YmVmYTUxY2I2NmIwIn0%3D; path=/; httponly
language=eyJpdiI6Ims1dXZNVEh1N2dodnpzamRxRVYxVjhzaXROSFwvelE0MFRTQ0NrVE1Qak5zPSIsInZhbHVlIjoidk9cL1Q4Zk1qM3NVXC9SRThZVERQQmZFMmQyV0QrY0ZPSEhVbUllODZpOTFzPSIsIm1hYyI6IjNmYTBkZjE2ZGQ2ODBiNTQ1YzcwYmRjMjM2NzZlZmNjZWRkOTVkMDMwYjgxZTc0YzJhMGYyZTNjYmU4Mzg3MmIifQ%3D%3D; expires=Wed, 17-Nov-2027 05:38:18 GMT; Max-Age=157680000; path=/; httponly
382a485fb4f3b923b70e9819fa35ce499aa9e85e=eyJpdiI6Ijd0QlhpWmZRRkQzM1hyaVFmUzEycUJmc0c2YkZUakxcL3VrUDN4ZWFua1lNPSIsInZhbHVlIjoia2hlQ1hVSXI4VkI1WWVNK1lPNmJKNjBiMTlHUms3OUZ1YzRTTmg2bkt6VWJaNHN1MXZyZHpBeTZTb2lXME5kRlRhSUZlQkZFRlZzVHI3U3VrSDJCOVRuV1M4eFF4WVwvcmQrQXk2R0VZOWVETzRtTHprMlR4S3VDam5nck1JbTBEQ2hPajlzRnJhRVRvOE1rYzVhazV3UVwvWHpHd3l0SGliZTg3ODZBMDg3aVgwaGtcL3BaMzZtZlNreDVYdnVwQkV4YmdBSGtLbEt3R1IrdEVQSDBpaTkxMEIxS0puZnYxY2J3VVNzV1hkNEpyZ0c4MjFpeFc4S0Z4SDE0bDhaSkRQMU1iNVFpa2tNeXhHSTRudUpNcHdNYUlxRG5zR0ZDWnFsWSttRWZEd2hIM3pMcWNUZzUrWHc1RVBNcmJubjQza0V6QXdoUkFRb1BUU3Y3cjB3anE0dDBBPT0iLCJtYWMiOiJmYzM2YTJhNDRjMjFkNjk2YmIzOWVhNTEyMDJmOGZmZWUzNDBkYzI1NzFmZjNiNWZiN2NhYmM5Mjg1NGQ5NWIzIn0%3D; expires=Fri, 18-Nov-2022 07:38:18 GMT; Max-Age=7200; path=/; httponly
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76be5bf299ec1c0a-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 04:44:49 GMT
cache-control: public,max-age=3600
age: 3210
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2855
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Last-Modified: Fri, 18 Nov 2022 04:50:45 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ouo.press/images/world.png
200 OK 5.7 kB URL HTTP/2 ouo.press/images/world.png
IP
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eea420a8830a6d695114427bf52b556
35579e7f1a656beb3a07a7093166ff37c634bade
70f03c74cc197cf154af36fa552a448d9ffebb55081c96e55ef4cf469123fe22
GET /images/world.png HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/thFNIG
Cookie: ouoio_session=eyJpdiI6InNcL2lXcWhlQWNJYjB6MW1iWmtaOUhWYTBJVENzYTd1OUR5b3A4UEVic21RPSIsInZhbHVlIjoiMUNpb2dseG5cL2dlYVc2Q0ZRbVJmNmtOZVp6RjdER0Q4YkdadzFIUzZ4NDRPR2dWM29cLzVYWUxuSFRxeXF6TjFXaEU2a21pak9YWEVPT3lqcnhXNDRCdz09IiwibWFjIjoiNDlkYzIxMjg4M2Q2YzFlODg5NTc1ZTYwNWE3MzU5OTk5YzNhZDY1ZmEwZjU3NTY4YzdiMWExYmFjZGQwZTE0ZiJ9; language=eyJpdiI6Ikk1cmJUUHRIdG9uNVdNOGRRRkF3cVhyK2FcL0lYaUJrY1grNXA1bnpwamk0PSIsInZhbHVlIjoiRDZjZHBzcCtlRjBcL3FmYW5Ha2llNHFDelltRkJXWUlKZWdPTUNDT2J1SFE9IiwibWFjIjoiYjljNGE2NDI4NzM1MmI3YjZkYTZkNzI2YTZkODQxN2Q0MDA1Yjc1NmE2OTk2YmE2ZmQxOGU2ZmQyOTlkY2FlYiJ9; 1ca6bb225c5e1f6c13487ea2b47a8e2ed8bb849e=eyJpdiI6IjFDaXlzamJ3em0yV2FLYWR5NHFuNmZYam85bGdUVjJORlFwdE1XQVhxVmc9IiwidmFsdWUiOiI5dXpQWDdrTUhkNmFXVXpTWm9KMFZuOVJnWUJETHVkeHlpdHg0bFwvaG5IdThrYXRkSDlPZzVPUk1pYndOV2hubXMyWjhuU0huSzVcLzVBWXFIcnpud0JvVlJ5YWx1dW81WTBhdTlaNWZ5VTNFWjJCMk5maEwxUUNRYU9nVXFjejJubitwajI5NjR2bXBiWTRDWW9zQXFBeVFPeVR4NDY0T0FOekVQVUNyVFhvdDJoMks2MmV2WHErcDVcL242TENFTEJQZzV5dHk1M2R4T1R6V096VCtTWk1od0xjZ0RvOTJXdk1UM2NDUkZkM0tVcU1PdVNlbHBEbUxwS3NCa2xXVVR1RDRQSlFjOU9XVjJQSzZrTXo3OXRsZTdcL3ljUFd2bGoxUm5QQmRTSkFUS1dva3d2cWt4eFBUQlhGOFhjOHVkVXpkc2gxdEV5NTdyN0E4UVlzaGxGUUhtMDd2bVhuRHZuRDlDQVZmdGZPVzlua1ZXSm1uM0xQcVA2c0p4K3NvTWNXIiwibWFjIjoiNzg0NjllOWRkMDczMzY3MzE2ODQ0OTk3ZTdjMzc2ODU1OTcwNDY2ZGRhYjljZWMyNWE2NTY0NDEzMDU4MDhiNCJ9; __cf_bm=FDEW4pNhThJfmFXMU2mFQq.ouiqTiYu_S9GgfwrvFvA-1668749899-0-AbarI/vEwkdkjT93hsO9l7KtO5yLzNoNDVubO1RTWQySGJEJ4dU9VXOFIyYoWN+VJCHXMlWBb4wRuTVbSd+jNZk=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: image/png
content-length: 5692
cache-control: max-age=2592000
cf-bgj: imgq:85,h2pri
cf-polished: status=not_needed
etag: "5549a07c-163c"
expires: Sat, 03 Dec 2022 22:33:44 GMT
last-modified: Wed, 06 May 2015 05:02:52 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1235075
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76be5bf82b1fb505-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 280 B IP
Hash cfb214e5d058f3014d141d3c92742897
4105acf0ffb76e5566b97aed6fe6f99a8bb4ac86
89aa05215cbbb6e2706dac76b91428152bf4f408b0d15e01307a555e00b51e46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2326
Cache-Control: max-age=161370
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Etag: "6376e48f-118"
Expires: Sun, 20 Nov 2022 02:27:49 GMT
Last-Modified: Fri, 18 Nov 2022 01:49:03 GMT
Server: ECS (amb/6B72)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d3ba0eba720a8e5904bee6e804873c24
df1f9c79e39f777ab12225af0af60b9f26af6485
76500b32cbac4ad40e3f42c7dfd46832f3854ba88c3a6d5a9d2b5633e8e1f27b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x
IP
File type ASCII text, with very long lines (884), with no line terminators
Hash d36fbadc19583158e0e17f2600407814
e99295beaa7c52e0b1f42759c67b40aebe4bab10
dbf530370a0136951085663be32f33ad5e3a01e1a2883eebbd518fbee9816f50
GET /recaptcha/api.js?render=6Lcr1ncUAAAAAH3cghg6cOTPGARa8adOf-y9zv2x HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 18 Nov 2022 05:38:19 GMT
date: Fri, 18 Nov 2022 05:38:19 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash cfb214e5d058f3014d141d3c92742897
4105acf0ffb76e5566b97aed6fe6f99a8bb4ac86
89aa05215cbbb6e2706dac76b91428152bf4f408b0d15e01307a555e00b51e46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2326
Cache-Control: max-age=161370
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Etag: "6376e48f-118"
Expires: Sun, 20 Nov 2022 02:27:49 GMT
Last-Modified: Fri, 18 Nov 2022 01:49:03 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 41150a90b15e4fb8eed1d1ce4ff35760
a7910ac0f3e55dbe99e962faa02303813dbc9026
bb8a4b6677818c7acf69e7abd8a78a9afc46e98bdae5262091fee7329bfd5ad9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB8A4B6677818C7ACF69E7ABD8A78A9AFC46E98BDAE5262091FEE7329BFD5AD9"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7057
Expires: Fri, 18 Nov 2022 07:35:56 GMT
Date: Fri, 18 Nov 2022 05:38:19 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BQw6Xy3FogqUBu+EvMKSUQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SE2w6N9BF0hKUVfWISTF9Oni3Ts=
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c15be7bf1c6987951ddd348d6f6b4db1
9faac1fb81abc8fce6d4ae81777c76b8bc11e9b0
7f1d01e3fc0b69e331fd30326ea8fd9b1e3e06a0a93ae4768e7addd03a121025
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ecdn.analysis.fi/static/js/fab.js
200 OK 4.2 kB URL HTTP/2 ecdn.analysis.fi/static/js/fab.js
IP
File type ASCII text, with very long lines (574)
Hash 28a0bef1ecb63168106f97b637ab3414
e577575dd115f6a95aea8c2ae87d2c30c8464728
d8a34aeacc4054bd4e119e538c7eb4956421014f48a9b603d3f9314a7435b5a6
GET /static/js/fab.js HTTP/1.1
Host: ecdn.analysis.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 4240
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
accept-ranges: bytes
date: Fri, 18 Nov 2022 05:23:12 GMT
expires: Fri, 18 Nov 2022 06:23:10 GMT
cache-control: max-age=3600
etag: "61b8b8ab-1090"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q_yATBm4RKNckorpx5NB0k53HFPdtm2L6FNPW5lm0r1THRFsICaIyA==
age: 908
X-Firefox-Spdy: h2
tv.gourdycortes.com/1clkn/16562
200 OK 26 B URL HTTP/1.1 tv.gourdycortes.com/1clkn/16562
IP
File type ASCII text, with no line terminators
Hash 414a242a6fee8464282857e475d3ef61
f669890350347f53aa9bd19c1a355692e8d17d2f
d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
GET /1clkn/16562 HTTP/1.1
Host: tv.gourdycortes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 05:38:19 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 19-Nov-2022 05:38:19 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 19-Nov-2022 05:38:19 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
ocsp.sectigo.com/
200 OK 471 B IP
Hash 05b0aefa0cfd9e5984c43094ec6adf73
793071f71e9de79ff5fcc887bd86455dd5987afa
50ba8f8de48cd8e45e1ab875ab6068449f1cc560c382f95effd67850aca98742
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 14 Nov 2022 20:46:01 GMT
Expires: Mon, 21 Nov 2022 20:46:00 GMT
Etag: "793071f71e9de79ff5fcc887bd86455dd5987afa"
Cache-Control: max-age=313060,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5bf90f19b500-OSL
cdn.runative-syndicate.com/sdk/v1/n.js
200 OK 5.2 kB URL HTTP/2 cdn.runative-syndicate.com/sdk/v1/n.js
IP
File type ASCII text, with very long lines (591)
Hash e6b953ae4edfbe129269f196fe87eee9
eb99511c1d23000bc72b2c640bbcd5792eb431f2
eb6d42f0cdeddc023b69947db248be42bc66aa2da8c59178b7f22b528c4dd60f
GET /sdk/v1/n.js HTTP/1.1
Host: cdn.runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: application/javascript
content-length: 5220
last-modified: Wed, 23 Mar 2022 15:25:35 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"623b3bef-3202"
age: 8455140
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d60067109a1dde516925adc6dae61944
7388964a860ef47a2783be8847226a93f035bee1
f32a29eeedd047aa1978bb2791059fbda6f3792fe6e171e4762da9e61bb3fe68
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F32A29EEEDD047AA1978BB2791059FBDA6F3792FE6E171E4762DA9E61BB3FE68"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3867
Expires: Fri, 18 Nov 2022 06:42:47 GMT
Date: Fri, 18 Nov 2022 05:38:20 GMT
Connection: keep-alive
itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
403 Forbidden 0 B URL HTTP/1.1 itineraryupper.com/ed/36/01/ed36014633829dc70a42dccaefdf3f11.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /ed/36/01/ed36014633829dc70a42dccaefdf3f11.js HTTP/1.1
Host: itineraryupper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Fri, 18 Nov 2022 05:38:20 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 19292, version 1.0\012- data
Hash 19007b17e56daa60133bce9e9b352a95
bac1384caeae5762e7a1d8c18037f69c8cd21bc4
fd88a03358ba14440b78c6329717bdf6ed1a9fe97c3ad4e0a0a39d31fb1ac546
GET /s/questrial/v18/QdVUSTchPBm7nuUeVf70viFl.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ouo.press
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19292
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 20:03:35 GMT
expires: Tue, 14 Nov 2023 20:03:35 GMT
cache-control: public, max-age=31536000
age: 293685
last-modified: Wed, 27 Apr 2022 16:12:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ecdn.firstimpression.io/fi_client.js
200 OK 94 kB URL HTTP/2 ecdn.firstimpression.io/fi_client.js
IP
File type ASCII text, with very long lines (618)
Hash a78db6261f70895d19026e7260fef73b
0d2fbdc4408bd78c0186891bf494312b9a52983a
f3be9c83164703b3a5a81ce22772f0e97ccf3e64aeff870b94e231d495422f8d
GET /fi_client.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 18 Nov 2022 05:21:56 GMT
server: nginx/1.20.0
x-powered-by: PHP/8.0.14
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 05:21:56 UTC
etag: W/"7243e2b0a172d719d153cb3f2729cde0"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aURAHGyfyg28fb6MplNN9vfS3obEDBlORNOaMy0NpR6xRieFr7qafw==
age: 983
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash db7b8e7970233603905f091a0077a538
8138d6d541ec19153aabbbf60f9ccd7986c2d8f3
0b312b2481d2b7d268f8ee2df9cc2d1ce9e31addae95c06d8410c082e473b19e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:20 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 12:01:30 GMT
Expires: Tue, 22 Nov 2022 12:01:29 GMT
Etag: "8138d6d541ec19153aabbbf60f9ccd7986c2d8f3"
Cache-Control: max-age=367988,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5bfcf9adb500-OSL
cdn.run-syndicate.com/sdk/v1/n.css
200 OK 8.3 kB URL HTTP/2 cdn.run-syndicate.com/sdk/v1/n.css
IP
File type ASCII text, with very long lines (8277), with no line terminators
Hash 37ebbc4b85fb5383d08547f5fe9d8d9f
99dac34980b1fd00028f76e782444bdf948724c5
24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe
GET /sdk/v1/n.css HTTP/1.1
Host: cdn.run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:20 GMT
content-type: text/css
content-length: 8277
etag: "6114dd75-2055"
last-modified: Thu, 12 Aug 2021 08:36:05 GMT
server: nginx
x-robots-tag: noindex, nofollow
age: 22402688
accept-ranges: bytes
X-Firefox-Spdy: h2
c.amazon-adsystem.com/aax2/apstag.js
301 Moved Permanently 167 B URL HTTP/2 c.amazon-adsystem.com/aax2/apstag.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /aax2/apstag.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 167
location: https://d3div1mtym39ic.cloudfront.net/aax2/apstag.js
server: CloudFront
date: Thu, 17 Nov 2022 22:27:03 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront), 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA6-C1, OSL50-P1
x-amz-cf-id: Zijy8izCFwq1nFLDz2cjCpIlFNiAvObEQAjZMJXeEE9hGSbDfd2b_w==
age: 25877
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
200 OK 9.2 kB URL HTTP/2 cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
IP
File type ASCII text, with very long lines (27677)
Hash 644ba7e773cf65b0bad3e0bfd876fadb
62e327afb13b45d6bd9cdb5b77259f4c48667ca5
44e73c184d22730c0b64b805501bad4b2bbbfc4e6a56de8832f0e5c0a211cb52
GET /npm/prebid-universal-creative@latest/dist/creative.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.14.1
x-jsd-version-type: version
etag: W/"6c5a-y+sK0xXzH8ASLq957N20gljeHO8"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 18 Nov 2022 05:38:20 GMT
age: 40475
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9244
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
Hash 5f8ad1299a164a9983306ee36452a1b1
767b42b828eefa141ee40141d62134778ea97b6c
84b0c47f38af045ba5a5d326b8adfb99585ea36cc2aef7b80c070bcf6de50c9b
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:20 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "14CE9E5A43DEAA9D01FDFFCAFD710FD22C4E9D1F"
Expires: Fri, 18 Nov 2022 16:00:00 GMT
Last-Modified: Fri, 18 Nov 2022 04:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 302
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76be5bff3ea90b45-OSL
ocsp.sectigo.com/
200 OK 472 B IP
Hash 4dfffafeadad3ebb4a72ecfebc9d6d33
17c8a80a5470f8c83b442080f1c031df0b3eaee5
23aaf630aabe39bed1e38f4e8517baa069b4a6a37b42cb26fc888b6afcffe2c8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 03:56:20 GMT
Expires: Wed, 23 Nov 2022 03:56:19 GMT
Etag: "17c8a80a5470f8c83b442080f1c031df0b3eaee5"
Cache-Control: max-age=425278,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5bff0b93b500-OSL
lcdn.tsyndicate.com/images/4/1/bb18afba7f36c6d6d993b8757e46342039a372/300x250.webp
200 OK 7.9 kB URL HTTP/2 lcdn.tsyndicate.com/images/4/1/bb18afba7f36c6d6d993b8757e46342039a372/300x250.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 276x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8267b6984f1b3de866ff6d7b509cfdfa
31298138831314383530efdcff2f8f837e17e9ff
7b5b3db26472119b0dafca0a3606c5f2b51c475443acaf41ca191c66cfca3c41
GET /images/4/1/bb18afba7f36c6d6d993b8757e46342039a372/300x250.webp HTTP/1.1
Host: lcdn.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:20 GMT
content-type: image/webp
content-length: 7919
last-modified: Wed, 07 Jul 2021 15:16:49 GMT
server: nginx
x-robots-tag: noindex, nofollow
content-encoding: gzip
vary: Accept-Encoding
etag: W/"60e5c561-1ed8"
age: 9192142
accept-ranges: bytes
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/prebidamp.js
200 OK 140 kB URL HTTP/2 ecdn.firstimpression.io/static/js/prebidamp.js
IP
Size 140 kB (139515 bytes)
Hash bd0e2a290062c00ae9f010dd9b88aace
894d2bdfdea3ef8c3fe621738e302bb75838825e
4608dc3fd1a0863ae62284858b13ae7a787cd67aeddd62bb225759cb899272fb
GET /static/js/prebidamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Tue, 14 Dec 2021 15:30:51 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 18 Nov 2022 05:10:31 GMT
expires: Fri, 18 Nov 2022 06:10:31 GMT
cache-control: max-age=3600
etag: W/"61b8b8ab-4e128"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S9SWXG565USfvMD6pbOz6FycyV77-Hp1L9fPrV-s36eVEJmiJvZR0w==
age: 1669
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FthFNIG&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=84181030
200 OK 8.8 kB URL HTTP/2 cdn.firstimpression.io/delivery/spc_fi.php?id=7419&url=%2FthFNIG&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=84181030
IP
Hash 16a5399fd76a83887722eaf6d774e9aa
8061e8e73d55caffb4c9018ab6940df95594e568
d747c0abf2de5a16a2f3551ccde02b2c8c00c3a85a6d9fea44ee85ba000134fe
GET /delivery/spc_fi.php?id=7419&url=%2FthFNIG&charset=UTF-8&ch=5&ref=ouo.press&viewerId=null&referer=&_firid=84181030 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
date: Fri, 18 Nov 2022 05:38:20 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=GDPR; expires=Sat, 18-Nov-2023 05:38:20 GMT; Max-Age=31536000; path=/; secure; SameSite=none
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ndl4o7mV6fMqJFnf7xEc3xPlc6FUfKwLW7L5DB34pKsiYU0jl1SoKg==
X-Firefox-Spdy: h2
ouo.press/favicon.ico
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/thFNIG
Cookie: ouoio_session=eyJpdiI6InNcL2lXcWhlQWNJYjB6MW1iWmtaOUhWYTBJVENzYTd1OUR5b3A4UEVic21RPSIsInZhbHVlIjoiMUNpb2dseG5cL2dlYVc2Q0ZRbVJmNmtOZVp6RjdER0Q4YkdadzFIUzZ4NDRPR2dWM29cLzVYWUxuSFRxeXF6TjFXaEU2a21pak9YWEVPT3lqcnhXNDRCdz09IiwibWFjIjoiNDlkYzIxMjg4M2Q2YzFlODg5NTc1ZTYwNWE3MzU5OTk5YzNhZDY1ZmEwZjU3NTY4YzdiMWExYmFjZGQwZTE0ZiJ9; language=eyJpdiI6Ikk1cmJUUHRIdG9uNVdNOGRRRkF3cVhyK2FcL0lYaUJrY1grNXA1bnpwamk0PSIsInZhbHVlIjoiRDZjZHBzcCtlRjBcL3FmYW5Ha2llNHFDelltRkJXWUlKZWdPTUNDT2J1SFE9IiwibWFjIjoiYjljNGE2NDI4NzM1MmI3YjZkYTZkNzI2YTZkODQxN2Q0MDA1Yjc1NmE2OTk2YmE2ZmQxOGU2ZmQyOTlkY2FlYiJ9; 1ca6bb225c5e1f6c13487ea2b47a8e2ed8bb849e=eyJpdiI6IjFDaXlzamJ3em0yV2FLYWR5NHFuNmZYam85bGdUVjJORlFwdE1XQVhxVmc9IiwidmFsdWUiOiI5dXpQWDdrTUhkNmFXVXpTWm9KMFZuOVJnWUJETHVkeHlpdHg0bFwvaG5IdThrYXRkSDlPZzVPUk1pYndOV2hubXMyWjhuU0huSzVcLzVBWXFIcnpud0JvVlJ5YWx1dW81WTBhdTlaNWZ5VTNFWjJCMk5maEwxUUNRYU9nVXFjejJubitwajI5NjR2bXBiWTRDWW9zQXFBeVFPeVR4NDY0T0FOekVQVUNyVFhvdDJoMks2MmV2WHErcDVcL242TENFTEJQZzV5dHk1M2R4T1R6V096VCtTWk1od0xjZ0RvOTJXdk1UM2NDUkZkM0tVcU1PdVNlbHBEbUxwS3NCa2xXVVR1RDRQSlFjOU9XVjJQSzZrTXo3OXRsZTdcL3ljUFd2bGoxUm5QQmRTSkFUS1dva3d2cWt4eFBUQlhGOFhjOHVkVXpkc2gxdEV5NTdyN0E4UVlzaGxGUUhtMDd2bVhuRHZuRDlDQVZmdGZPVzlua1ZXSm1uM0xQcVA2c0p4K3NvTWNXIiwibWFjIjoiNzg0NjllOWRkMDczMzY3MzE2ODQ0OTk3ZTdjMzc2ODU1OTcwNDY2ZGRhYjljZWMyNWE2NTY0NDEzMDU4MDhiNCJ9; __cf_bm=FDEW4pNhThJfmFXMU2mFQq.ouiqTiYu_S9GgfwrvFvA-1668749899-0-AbarI/vEwkdkjT93hsO9l7KtO5yLzNoNDVubO1RTWQySGJEJ4dU9VXOFIyYoWN+VJCHXMlWBb4wRuTVbSd+jNZk=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:20 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 14 Feb 2015 06:41:24 GMT
etag: "54deee14-0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 7165
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76be5c0098e4b505-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3879
Expires: Fri, 18 Nov 2022 06:42:59 GMT
Date: Fri, 18 Nov 2022 05:38:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3879
Expires: Fri, 18 Nov 2022 06:42:59 GMT
Date: Fri, 18 Nov 2022 05:38:20 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 2294f74a2f46e19f7bcca102558ade1f
4797bfac909e222818646e94cb2c617aaf1981e1
86a5ef387e2812ddc36c02c9d71dc4f4dc5c449934052edb6ff7bc3e1dea6802
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 219
Cache-Control: max-age=156737
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:20 GMT
Etag: "6376dab3-1d7"
Expires: Sun, 20 Nov 2022 01:10:37 GMT
Last-Modified: Fri, 18 Nov 2022 01:06:59 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 28051
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:03:27 GMT
age: 27293
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad6fa40-abda-4ea3-b899-aef6906a01e1.jpeg
200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad6fa40-abda-4ea3-b899-aef6906a01e1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93b326374b3808d0af42e295643cdc14
dd691328acf190c745465208f18a41a75878df18
224ac3995e2e78ee5fcc6c5c3d5fb1f4b0ceca1c42b7a1a493c756aa199bf75f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad6fa40-abda-4ea3-b899-aef6906a01e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: ba4e00c8-a996-41f3-b15a-1e304907ca2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw9UpH1ioAMF6ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376a8ea-2f9f794c4de03f8b212e072f;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPflGHjoeNg1X5EszKAaziaZsKFf5hT6LeNPpZQriZ5H1z7Zhh86Ow==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:57 GMT
age: 27743
etag: "dd691328acf190c745465208f18a41a75878df18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
200 OK 12 kB URL HTTP/2 cdn.firstimpression.io/delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459
IP
Hash a9a37e39881b64e6595f91d2392a5c1b
1ea4be3bcca06ced028d8908a9ef9a3a495471ac
de8ddc83c930ca596dc5416ea3986d827a34f7f27b68a9b369b40789f600f9e0
POST /delivery/lg.php?bannerid=65637%7C65638%7C65639%7C83411%7C93863%7C100721&campaignid=18%7C15%7C9%7C44%7C43%7C22&zoneid=110459%7C110459%7C110459%7C110459%7C110459%7C110459 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Fri, 18 Nov 2022 05:38:20 GMT
server: nginx/1.20.0
vary: Accept-Encoding
x-powered-by: PHP/8.0.14
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: https://ouo.press
p3p: CP="CUR ADM OUR NOR STA NID"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xt6RAGU5KxKxf_oEYfn4_KpMIH98Vzdfss_DB9MRIqQNlUVIyILIIQ==
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash d771f0fdad3a963309d13f1dd5fb83cd
e1a11ee086e4f71f207f521dfa967c67fd1a8142
4a197a371d8d1e225c275801e2fe4e392f44d9d367c1e3e20a5b8c5b770048a8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1413
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:20 GMT
Etag: "637615d6-139"
Last-Modified: Fri, 18 Nov 2022 05:14:47 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14649d486602810c1b218b96b27b2cc4
96c6cbfe31e7247c64dfa8c3759967627f8c6286
80f5d7573fd2bf4e6a6038ebf1335d159ad37c391ee539918455963d6ee88654
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F484ffe7b-1073-4220-bf53-ccbfc7e9654e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8884
x-amzn-requestid: 3739b8f5-bb0c-4798-a931-e955dd6df81d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MiGFxoAMFlxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa50-74c24a2f737634b655a5b47c;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d_bLYyZzi1phYwQ2e5uvUmzO0GuvNu9Ubi2PQ0ChilQJegKr3uUiRw==
via: 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:53 GMT
etag: "96c6cbfe31e7247c64dfa8c3759967627f8c6286"
content-type: image/jpeg
age: 27747
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
widgets.outbrain.com/images/widgetIcons/achoice.svg
200 OK 2.7 kB URL HTTP/2 widgets.outbrain.com/images/widgetIcons/achoice.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2290)
Hash 9d26fa4e7238ed94f1d0d92afb453b3e
ae18efe7d09337bf2f580b3f5bc912284aad7821
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
GET /images/widgetIcons/achoice.svg HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/svg+xml
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
content-length: 2735
cache-control: max-age=2592000
expires: Sun, 18 Dec 2022 05:38:20 GMT
date: Fri, 18 Nov 2022 05:38:20 GMT
timing-allow-origin: *, *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cc5d2427cc4ab8fb53bfe81024ac6dfe
7cf63e47ce6934eb4d1b6b6b737e2d0ea92b7694
3d0e364bcb1696e1ee536a16ef491002c05129be72018a9a13a4de5fe4c0b9d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4998f097d23ee5f19cae27d5b938e5fc
4369c8ebe61b9944e639bb2731feb51c5a758fe7
5691c66766c9578e9c4aa71240608653821162c668abc63ee40e553ede2450e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F38915691-004a-4ae6-a5c6-fd071040ffba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6339
x-amzn-requestid: 0be5dee5-272d-4577-ba55-5cdb7935ea60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-MCExBoAMFz6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa4c-15fd613336aa6fcb165d0b26;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NYs-Nf0PzWqhXP5nkvanTjhJ6vfwRIU--YD06RFIGPEuwDCu6fvEPg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:40 GMT
age: 27940
etag: "4369c8ebe61b9944e639bb2731feb51c5a758fe7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash a6eb5971db7b9b8ca899d17a01a3f39b
530902f94af1b9cb968d0a35eb71ccbc8f3fa6e7
e0133a1a4953d1e29f2e00c767f7c2a99f2393a123b2fb90635f7d888d5453eb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 01:55:57 GMT
Expires: Wed, 23 Nov 2022 01:55:56 GMT
Etag: "530902f94af1b9cb968d0a35eb71ccbc8f3fa6e7"
Cache-Control: max-age=418054,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5c010d19b500-OSL
www.gstatic.com/recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js
200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js
IP
File type ASCII text, with very long lines (668)
Size 163 kB (162590 bytes)
Hash 70dc760a0efad09d703883a39f7683b2
2bc70f2a100ff27d27a89d563dfe279590c8336b
2bc59eab94309c59fba62afa40dfd841fb83760714e9ec7248ce3e10ae05fd19
GET /recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 02:22:22 GMT
expires: Sat, 18 Nov 2023 02:22:22 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 23:32:29 GMT
content-type: text/javascript
age: 11758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
200 OK 104 B URL HTTP/2 ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
IP
File type MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors\012- data
Hash 32ac8a9b81788b981a3a7e13c14082d4
fbfd48a2bfe8d4247a975176f88d18c3c2ad1952
00cc7617e054596ff0aaabd8a93a9214dc5304bfe317316022dbf4fb3ea073d2
GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 104
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 12:36:02 GMT
expires: Fri, 18 Nov 2022 12:36:02 GMT
cache-control: public, max-age=86400
age: 61339
last-modified: Tue, 08 May 2012 13:08:06 GMT
content-type: image/x-icon
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FthFNIG&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.page=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=96aabab8-3fb4-41e4-ba08-d5eab9de2686&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8564582741785942
200 OK 348 B URL HTTP/2 fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FthFNIG&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.page=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=96aabab8-3fb4-41e4-ba08-d5eab9de2686&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8564582741785942
IP
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash 9ce10fab5b4cb44380f4301c73e526b5
9d9eae2c4327c63f843afc59d9cd33744ba7b5d3
b63205b89acf4db128eccc21686ad8148514d04b972645ff3b311965dee861b7
GET /a/api/fastlane.json?account_id=18438&site_id=202928&zone_id=1317174&size_id=2&rp_schain=1.0,1!firstimpression.io,7419,1,,,&rf=https%3A%2F%2Fouo.press%2FthFNIG&kw=ouo.press%2Cshortlinks%2Clinkshortener%2CfreeURLshortener&tg_i.ref=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.page=https%3A%2F%2Fouo.press%2FthFNIG&tg_i.domain=ouo.press&tg_i.figroup=a9&tk_flint=pbjs_lite_v6.2.0&x_source.tid=96aabab8-3fb4-41e4-ba08-d5eab9de2686&p_screen_res=1280x1024&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8564582741785942 HTTP/1.1
Host: fastlane.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.4
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://ouo.press
pragma: no-cache
vary: Accept-Encoding
set-cookie: khaos=LAM2LSCQ-1Y-H804; Domain=.rubiconproject.com; Path=/; Expires=Sat, 18-Nov-2023 05:38:21 GMT; Max-Age=31536000; SameSite=None; Secure
audit=1|naVuGyos1qrquASZRJqFTO9DtVM30fCgyAxZlNGFrOjMk0tDBzdSspZjSCqH74hcJhsHlJbldDdJwe9iGXKQTKZr5ZVxLWDe; Domain=.rubiconproject.com; Path=/; Expires=Sat, 18-Nov-2023 05:38:21 GMT; Max-Age=31536000; SameSite=None; Secure
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 348
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=39791301397
200 OK 3.8 kB URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.2.0&cb=39791301397
IP
File type JSON data\012- HTML document text\012- HTML document, ASCII text, with very long lines (6832), with no line terminators
Hash 1d4c7167ca6596a0c59944d8fa60e51c
469f1cf8ad2fb167aec68066bd857e6d5280d82d
bfcf5008382da1d536f98e10ab7b29929732691dbcbdf061f4afd9492cf5206e
POST /cdb?profileId=207&av=34&wv=6.2.0&cb=39791301397 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 487
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:20 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://ouo.press
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 3808
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cc5d2427cc4ab8fb53bfe81024ac6dfe
7cf63e47ce6934eb4d1b6b6b737e2d0ea92b7694
3d0e364bcb1696e1ee536a16ef491002c05129be72018a9a13a4de5fe4c0b9d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
204 No Content 0 B URL HTTP/2 tag.1rx.io/rmp/212927/0/mvo?z=1r&hbv=6.2,2.1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /rmp/212927/0/mvo?z=1r&hbv=6.2,2.1 HTTP/1.1
Host: tag.1rx.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 618
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 18 Nov 2022 05:38:21 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
pragma: no-cache
cache-control: private, max-age=0, no-cache, no-store
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkkFFmhhgxY8q0kGHDRpgWNMrUGNMizIwaOFqMMRMGxwwaLmVEtCHiYZg6YzLSqGEmh40xNci0gFGjxgyUOGyYaWGTxtMaNGzcgEHGBhkZMGn0hEjGzkIZOGLAsPEQTh0xC2fIaOgQIhw4Z2vYkPtwDpyJOmYYXUvy4Zg2eHXQuBE1qk8yZhbakPFQjBs3cWHQWMv0YRs3GHXIuDHDRo62n0PHyAGj9MM6ctjEnQFjNQ0ar2VkREOHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VGWTh04bsLImP9lBu0vcPRwqQMDBkkyPeyVFA415PBRGLWVsRl3Y9ygE0hl7NcfSXP0IJgNhNkgoX82iGGhZpzVsCFJYmjXAwwu9CcifxzCYeIZOOQRwxJHiMGEGGvEoAYZYiixRA5VoEEUE1GYUcYXebiBh0xH4FDHE24wp4UbbRihxg12oDFGEHh8QYYccpCRxRt4xMbEHFPckEUUS2RBHBRHxOGGGEes4QYUZNRwBA1MGFWFDS3A0UQbTFzhhBNKSIFHDlTgEcUNMUQRxBdnVJEEEVJUkcaIRyHWw2KNacgiSWuUkccd1QH4Rh1vlCDDENiVMcccrg4xBxrV0VErG2m4sQatr_Lqa6235lqGGwjVaoYcZZRRaxVSMEEsrnLQcWyyrxrBrLOvQivtq8VWeyyxCNkxHbdDrNrqq7HOWisdaBjhRBJHcPpVgDLYG8OnjNkQlb0znGgvDT2AtVe-o3pVQw9OPGGvDT2oSx6zs9p7Q8SsTizrHCs4EQYdadhRxgpNaEcGGxEmTAYOn9qbg4VjkfFGGxlJ3K5Chn280BY0xNBFW3IEpUMNIq1VWWQ6oFibYXC0gV_QCymt2UNy2JGYDDA8VMYYTUedYmci1FFHGhkR1RoNOZQBw0hqTUUDGTHEQNUNZeTQQgw3rVU3DGHQfcNYaSSmUQwusOYCDTK40JBYVH8ReEY5EG444opjNVYdYWTUxBt6pMEGG2G8UEOKIKBwRa8y3zEHCE5QAYJaKe4Awulu2ECD7HjYLnvVDDGVYgogHLH1Gm-8gLVatdUGghFpMGsGmS-oNToMY40htAgNj1XdF9ZnlP1DbFxfhBMxl2HHF8zKxlANNzBWGg79UX0GZqLBdMNDB50vhhwL4YAD_ub7QhveQIazRKUiIvjSG-LykDcoRDFAI1MeFoIbEThvN735TXBeYDOKzeEFY7lDRrgDv7GgYYT-YZwI5lC1jMjhDXT4WHVaEJ000GEkOXABGcbAnZhd7yBe4qFuLEIzhpQEBzdAG2uyJgI6tEE3RvRXEnOwxNsw0SDokxUcvqCzKCJRifETQQDDgLJqPXALN2FBDG7wM4iIATAJLANN6sCGibQlfBRhWhvOJ4ePpWGBSTtc3G7AFhGMQTUy6IMCAgI%3D&r=1&s=b782aa0d61196dcef3045898ece6da5f798331edcc3e86da57e3c03166a868301668749900&w=t&ir=245x208
200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkkFFmhhgxY8q0kGHDRpgWNMrUGNMizIwaOFqMMRMGxwwaLmVEtCHiYZg6YzLSqGEmh40xNci0gFGjxgyUOGyYaWGTxtMaNGzcgEHGBhkZMGn0hEjGzkIZOGLAsPEQTh0xC2fIaOgQIhw4Z2vYkPtwDpyJOmYYXUvy4Zg2eHXQuBE1qk8yZhbakPFQjBs3cWHQWMv0YRs3GHXIuDHDRo62n0PHyAGj9MM6ctjEnQFjNQ0ar2VkREOHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VGWTh04bsLImP9lBu0vcPRwqQMDBkkyPeyVFA415PBRGLWVsRl3Y9ygE0hl7NcfSXP0IJgNhNkgoX82iGGhZpzVsCFJYmjXAwwu9CcifxzCYeIZOOQRwxJHiMGEGGvEoAYZYiixRA5VoEEUE1GYUcYXebiBh0xH4FDHE24wp4UbbRihxg12oDFGEHh8QYYccpCRxRt4xMbEHFPckEUUS2RBHBRHxOGGGEes4QYUZNRwBA1MGFWFDS3A0UQbTFzhhBNKSIFHDlTgEcUNMUQRxBdnVJEEEVJUkcaIRyHWw2KNacgiSWuUkccd1QH4Rh1vlCDDENiVMcccrg4xBxrV0VErG2m4sQatr_Lqa6235lqGGwjVaoYcZZRRaxVSMEEsrnLQcWyyrxrBrLOvQivtq8VWeyyxCNkxHbdDrNrqq7HOWisdaBjhRBJHcPpVgDLYG8OnjNkQlb0znGgvDT2AtVe-o3pVQw9OPGGvDT2oSx6zs9p7Q8SsTizrHCs4EQYdadhRxgpNaEcGGxEmTAYOn9qbg4VjkfFGGxlJ3K5Chn280BY0xNBFW3IEpUMNIq1VWWQ6oFibYXC0gV_QCymt2UNy2JGYDDA8VMYYTUedYmci1FFHGhkR1RoNOZQBw0hqTUUDGTHEQNUNZeTQQgw3rVU3DGHQfcNYaSSmUQwusOYCDTK40JBYVH8ReEY5EG444opjNVYdYWTUxBt6pMEGG2G8UEOKIKBwRa8y3zEHCE5QAYJaKe4Awulu2ECD7HjYLnvVDDGVYgogHLH1Gm-8gLVatdUGghFpMGsGmS-oNToMY40htAgNj1XdF9ZnlP1DbFxfhBMxl2HHF8zKxlANNzBWGg79UX0GZqLBdMNDB50vhhwL4YAD_ub7QhveQIazRKUiIvjSG-LykDcoRDFAI1MeFoIbEThvN735TXBeYDOKzeEFY7lDRrgDv7GgYYT-YZwI5lC1jMjhDXT4WHVaEJ000GEkOXABGcbAnZhd7yBe4qFuLEIzhpQEBzdAG2uyJgI6tEE3RvRXEnOwxNsw0SDokxUcvqCzKCJRifETQQDDgLJqPXALN2FBDG7wM4iIATAJLANN6sCGibQlfBRhWhvOJ4ePpWGBSTtc3G7AFhGMQTUy6IMCAgI%3D&r=1&s=b782aa0d61196dcef3045898ece6da5f798331edcc3e86da57e3c03166a868301668749900&w=t&ir=245x208
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XkkFFmhhgxY8q0kGHDRpgWNMrUGNMizIwaOFqMMRMGxwwaLmVEtCHiYZg6YzLSqGEmh40xNci0gFGjxgyUOGyYaWGTxtMaNGzcgEHGBhkZMGn0hEjGzkIZOGLAsPEQTh0xC2fIaOgQIhw4Z2vYkPtwDpyJOmYYXUvy4Zg2eHXQuBE1qk8yZhbakPFQjBs3cWHQWMv0YRs3GHXIuDHDRo62n0PHyAGj9MM6ctjEnQFjNQ0ar2VkREOHDpw5Ol68sEMmjxk2Z9SMyYPHjRkXddykGfNGjhs4ctIcjCFjhgvqbV6wcQEHDZwfcHqM0VGWTh04bsLImP9lBu0vcPRwqQMDBkkyPeyVFA415PBRGLWVsRl3Y9ygE0hl7NcfSXP0IJgNhNkgoX82iGGhZpzVsCFJYmjXAwwu9CcifxzCYeIZOOQRwxJHiMGEGGvEoAYZYiixRA5VoEEUE1GYUcYXebiBh0xH4FDHE24wp4UbbRihxg12oDFGEHh8QYYccpCRxRt4xMbEHFPckEUUS2RBHBRHxOGGGEes4QYUZNRwBA1MGFWFDS3A0UQbTFzhhBNKSIFHDlTgEcUNMUQRxBdnVJEEEVJUkcaIRyHWw2KNacgiSWuUkccd1QH4Rh1vlCDDENiVMcccrg4xBxrV0VErG2m4sQatr_Lqa6235lqGGwjVaoYcZZRRaxVSMEEsrnLQcWyyrxrBrLOvQivtq8VWeyyxCNkxHbdDrNrqq7HOWisdaBjhRBJHcPpVgDLYG8OnjNkQlb0znGgvDT2AtVe-o3pVQw9OPGGvDT2oSx6zs9p7Q8SsTizrHCs4EQYdadhRxgpNaEcGGxEmTAYOn9qbg4VjkfFGGxlJ3K5Chn280BY0xNBFW3IEpUMNIq1VWWQ6oFibYXC0gV_QCymt2UNy2JGYDDA8VMYYTUedYmci1FFHGhkR1RoNOZQBw0hqTUUDGTHEQNUNZeTQQgw3rVU3DGHQfcNYaSSmUQwusOYCDTK40JBYVH8ReEY5EG444opjNVYdYWTUxBt6pMEGG2G8UEOKIKBwRa8y3zEHCE5QAYJaKe4Awulu2ECD7HjYLnvVDDGVYgogHLH1Gm-8gLVatdUGghFpMGsGmS-oNToMY40htAgNj1XdF9ZnlP1DbFxfhBMxl2HHF8zKxlANNzBWGg79UX0GZqLBdMNDB50vhhwL4YAD_ub7QhveQIazRKUiIvjSG-LykDcoRDFAI1MeFoIbEThvN735TXBeYDOKzeEFY7lDRrgDv7GgYYT-YZwI5lC1jMjhDXT4WHVaEJ000GEkOXABGcbAnZhd7yBe4qFuLEIzhpQEBzdAG2uyJgI6tEE3RvRXEnOwxNsw0SDokxUcvqCzKCJRifETQQDDgLJqPXALN2FBDG7wM4iIATAJLANN6sCGibQlfBRhWhvOJ4ePpWGBSTtc3G7AFhGMQTUy6IMCAgI%3D&r=1&s=b782aa0d61196dcef3045898ece6da5f798331edcc3e86da57e3c03166a868301668749900&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGRMGRgwbNmi0wJEDB44WNGTAsDHyRo0wLWrEGFNDhhkzM3KQwRFGxMMwdcZkpFHDTA4bNMm0gFGjxgyUOGyYGTmDxtMaNGzcgEHGBhkZNXDQ8AmRjJ2FMnDEWPkQTh0xC2fIaOgQIhw4aGvYkPtwDpyJOnLaWCnDxsMxbfDqoHFD7AwcP8mYWWhDxkMxbtzEhUEDBucZD9u4wahDxo0ZNnK0FU06Rg4YqB_WkcMm7gyPjyGLqCMjIxo6dODM0fHihR0yecywOaNmTB48bsy4qOMmzZg3ctzAkZPmYAwZM1xcb_OCjQs4aOD8gNNjjA6zdOrAcRNGhv0vM25_gaOHSx3PhZHRw1417FRDDmKI0VEMZXT23Rg3yBCGGGOU4R-ANszRg2CE2XAhDIWJsSFnnln1YYjd9QCDCx6daAMcKR4BgxJEvEjGE0MoEUYcR5ARRBtKyJCHG23YcIR8NtBRJBJURAEHFHjo8QUMOOA0wxxuNBGFGkxAkYMTSVxRwxCP3ZBFQ24YQcMVSHxhBhI3QJFEGjbEMEUMcYwBhRFm6HGEa0hckUQQNlgBQxJ6hDFDGVZocUSXWVQRxBdnVJEEEVJUkYaLiLHHmGM4uLhGGXncgZ2Ab9TxRgkyDLFdGXPMweoQc6CBHR2zspGGG2vI2qquvM5a661luIHQrGbIUUYZs1YhBRPC2ioHHcUe26oRyjLbqrPQtjrstMUKi5Ad1mk7RKqrtvpqrLPSgYYRYB7h4lcDyjBvDD18alWo_4Ho1QwqzktDD2DtZW-_AdbQgxNPzGtDD-iep2ys894AsaoSwzrHCk6EQUcadpSxQhPdkcGGhQh7hUO-8-awIVlkvNFGRhGvq9BhHi-0BQ0xdNGWHEIxVMZSdYkxmQ4renQYHG3sB_RCSVP5kBx2KKbSQxsxDTWLFe1WRxoZFQUbDTmUAUMLc8EwFQ1kxBBDS2Xk0EIMVa0UNwxh3FDGDWSloZgIOcTgwmsupORCQ2NN_YXfGQU--IqGI05WHT3pIEITb-iRBhtshPFCDSyCgMIVu8Z8xxwgOEEFCGuxuAMIpLsR0ut4zA4C1QwxxWIKIByx0RpvvKDSWh55BIIRaShrxht4vLAW6DCQNUbQIjBMFnZfTJ-R9Q-xQX0RTsBchh1fKFsbQzXc0BhqOHg29RmalRbWDQ8dRL4YcixkUv3jf9HGG2RAS1S6RgY5vCEuD3mDQhbzM-blYSE0mFoZjjYQ4AiHOC-o2cTm8AKy3CEj32kfWdAAQhAlTgRzoFpGDEgHj2GnBdRJAx3QlgMXkGEM34EZ9Q7yhRvm0CIzYwhIcHADsr0GBkDsjRBtQEQjlignkSkfrODwhZwtsYk5OCLWyBeGk01rgVuIwQ18BhExAEYEBzEDUNgwkbZ4D2pLawP55OCxNBwQaYWzTw7oJ4IxtEYGfVBAQAA%3D&r=1&s=8a485d89768b192db2947ecd3141ae8629b312deebbbd82089d4e104f2adec6e1668749900&w=t&ir=245x208
200 OK 35 B URL HTTP/2 pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGRMGRgwbNmi0wJEDB44WNGTAsDHyRo0wLWrEGFNDhhkzM3KQwRFGxMMwdcZkpFHDTA4bNMm0gFGjxgyUOGyYGTmDxtMaNGzcgEHGBhkZNXDQ8AmRjJ2FMnDEWPkQTh0xC2fIaOgQIhw4aGvYkPtwDpyJOnLaWCnDxsMxbfDqoHFD7AwcP8mYWWhDxkMxbtzEhUEDBucZD9u4wahDxo0ZNnK0FU06Rg4YqB_WkcMm7gyPjyGLqCMjIxo6dODM0fHihR0yecywOaNmTB48bsy4qOMmzZg3ctzAkZPmYAwZM1xcb_OCjQs4aOD8gNNjjA6zdOrAcRNGhv0vM25_gaOHSx3PhZHRw1417FRDDmKI0VEMZXT23Rg3yBCGGGOU4R-ANszRg2CE2XAhDIWJsSFnnln1YYjd9QCDCx6daAMcKR4BgxJEvEjGE0MoEUYcR5ARRBtKyJCHG23YcIR8NtBRJBJURAEHFHjo8QUMOOA0wxxuNBGFGkxAkYMTSVxRwxCP3ZBFQ24YQcMVSHxhBhI3QJFEGjbEMEUMcYwBhRFm6HGEa0hckUQQNlgBQxJ6hDFDGVZocUSXWVQRxBdnVJEEEVJUkYaLiLHHmGM4uLhGGXncgZ2Ab9TxRgkyDLFdGXPMweoQc6CBHR2zspGGG2vI2qquvM5a661luIHQrGbIUUYZs1YhBRPC2ioHHcUe26oRyjLbqrPQtjrstMUKi5Ad1mk7RKqrtvpqrLPSgYYRYB7h4lcDyjBvDD18alWo_4Ho1QwqzktDD2DtZW-_AdbQgxNPzGtDD-iep2ys894AsaoSwzrHCk6EQUcadpSxQhPdkcGGhQh7hUO-8-awIVlkvNFGRhGvq9BhHi-0BQ0xdNGWHEIxVMZSdYkxmQ4renQYHG3sB_RCSVP5kBx2KKbSQxsxDTWLFe1WRxoZFQUbDTmUAUMLc8EwFQ1kxBBDS2Xk0EIMVa0UNwxh3FDGDWSloZgIOcTgwmsupORCQ2NN_YXfGQU--IqGI05WHT3pIEITb-iRBhtshPFCDSyCgMIVu8Z8xxwgOEEFCGuxuAMIpLsR0ut4zA4C1QwxxWIKIByx0RpvvKDSWh55BIIRaShrxht4vLAW6DCQNUbQIjBMFnZfTJ-R9Q-xQX0RTsBchh1fKFsbQzXc0BhqOHg29RmalRbWDQ8dRL4YcixkUv3jf9HGG2RAS1S6RgY5vCEuD3mDQhbzM-blYSE0mFoZjjYQ4AiHOC-o2cTm8AKy3CEj32kfWdAAQhAlTgRzoFpGDEgHj2GnBdRJAx3QlgMXkGEM34EZ9Q7yhRvm0CIzYwhIcHADsr0GBkDsjRBtQEQjlignkSkfrODwhZwtsYk5OCLWyBeGk01rgVuIwQ18BhExAEYEBzEDUNgwkbZ4D2pLawP55OCxNBwQaYWzTw7oJ4IxtEYGfVBAQAA%3D&r=1&s=8a485d89768b192db2947ecd3141ae8629b312deebbbd82089d4e104f2adec6e1668749900&w=t&ir=245x208
IP
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0WUGRMGRgwbNmi0wJEDB44WNGTAsDHyRo0wLWrEGFNDhhkzM3KQwRFGxMMwdcZkpFHDTA4bNMm0gFGjxgyUOGyYGTmDxtMaNGzcgEHGBhkZNXDQ8AmRjJ2FMnDEWPkQTh0xC2fIaOgQIhw4aGvYkPtwDpyJOnLaWCnDxsMxbfDqoHFD7AwcP8mYWWhDxkMxbtzEhUEDBucZD9u4wahDxo0ZNnK0FU06Rg4YqB_WkcMm7gyPjyGLqCMjIxo6dODM0fHihR0yecywOaNmTB48bsy4qOMmzZg3ctzAkZPmYAwZM1xcb_OCjQs4aOD8gNNjjA6zdOrAcRNGhv0vM25_gaOHSx3PhZHRw1417FRDDmKI0VEMZXT23Rg3yBCGGGOU4R-ANszRg2CE2XAhDIWJsSFnnln1YYjd9QCDCx6daAMcKR4BgxJEvEjGE0MoEUYcR5ARRBtKyJCHG23YcIR8NtBRJBJURAEHFHjo8QUMOOA0wxxuNBGFGkxAkYMTSVxRwxCP3ZBFQ24YQcMVSHxhBhI3QJFEGjbEMEUMcYwBhRFm6HGEa0hckUQQNlgBQxJ6hDFDGVZocUSXWVQRxBdnVJEEEVJUkYaLiLHHmGM4uLhGGXncgZ2Ab9TxRgkyDLFdGXPMweoQc6CBHR2zspGGG2vI2qquvM5a661luIHQrGbIUUYZs1YhBRPC2ioHHcUe26oRyjLbqrPQtjrstMUKi5Ad1mk7RKqrtvpqrLPSgYYRYB7h4lcDyjBvDD18alWo_4Ho1QwqzktDD2DtZW-_AdbQgxNPzGtDD-iep2ys894AsaoSwzrHCk6EQUcadpSxQhPdkcGGhQh7hUO-8-awIVlkvNFGRhGvq9BhHi-0BQ0xdNGWHEIxVMZSdYkxmQ4renQYHG3sB_RCSVP5kBx2KKbSQxsxDTWLFe1WRxoZFQUbDTmUAUMLc8EwFQ1kxBBDS2Xk0EIMVa0UNwxh3FDGDWSloZgIOcTgwmsupORCQ2NN_YXfGQU--IqGI05WHT3pIEITb-iRBhtshPFCDSyCgMIVu8Z8xxwgOEEFCGuxuAMIpLsR0ut4zA4C1QwxxWIKIByx0RpvvKDSWh55BIIRaShrxht4vLAW6DCQNUbQIjBMFnZfTJ-R9Q-xQX0RTsBchh1fKFsbQzXc0BhqOHg29RmalRbWDQ8dRL4YcixkUv3jf9HGG2RAS1S6RgY5vCEuD3mDQhbzM-blYSE0mFoZjjYQ4AiHOC-o2cTm8AKy3CEj32kfWdAAQhAlTgRzoFpGDEgHj2GnBdRJAx3QlgMXkGEM34EZ9Q7yhRvm0CIzYwhIcHADsr0GBkDsjRBtQEQjlignkSkfrODwhZwtsYk5OCLWyBeGk01rgVuIwQ18BhExAEYEBzEDUNgwkbZ4D2pLawP55OCxNBwQaYWzTw7oJ4IxtEYGfVBAQAA%3D&r=1&s=8a485d89768b192db2947ecd3141ae8629b312deebbbd82089d4e104f2adec6e1668749900&w=t&ir=245x208 HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: text/plain; charset=utf-8
content-length: 35
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
ib.adnxs.com/ut/v3/prebid
200 OK 145 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash c20ee67ee7711240a1f44f023508c8d3
19ad89140238fb8eac48debceea0fc0ba7e3c221
d6a3173f4a30fed8fb4001e68c3f59f547905b7ae19fc0ba2b8cc82221c27a8b
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 682
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 145
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 2a7a0b29-6911-479f-a17e-edf363c1b07a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/ut/v3/prebid
200 OK 144 B URL HTTP/1.1 ib.adnxs.com/ut/v3/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 0f9876bcbc08dd7810390bf184eb6d55
7494e8b4d386d7188d8100aa066fafb109c2060c
483f21eeb19f42711e2b4f6e54605895e510e8df628a7efd9ee5f636cf1ccf7a
POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 561
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 144
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ouo.press
AN-X-Request-Uuid: 4116d304-868c-4da3-8d63-f74e69280a96
Set-Cookie: icu=ChgIw6tREAoYASABKAEwzbTcmwY4AUABSAEQzbTcmwYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 16-Feb-2023 05:38:21 GMT; Domain=.adnxs.com; Secure; HttpOnly
uuid2=402250587798457686; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 16-Feb-2023 05:38:21 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
204 No Content 0 B URL HTTP/2 c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/prod/config?src=600&u=https%3A%2F%2Fouo.press&pubid=4cd01fd0-0780-4b33-a4da-c39467660185 HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Fri, 18 Nov 2022 00:16:43 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qWt4c7c4MucdSGZXaluA1UHF5JWu09DHkEHkEwmLjehpdZymiC-viA==
age: 19297
X-Firefox-Spdy: h2
aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FthFNIG&pid=Kxt0y5XZJVY34&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
200 OK 165 B URL HTTP/2 aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FthFNIG&pid=Kxt0y5XZJVY34&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
IP
File type ASCII text, with no line terminators
Hash 524702d9c4ac8c61e27c3d850412f10f
199d4d5b602799e1a01577115d249b9707dbf37a
7e4302335da0ce23c817a82d8d34836aef6ef7fb136f731d4ba29a7e4d762a7b
GET /e/dtb/bid?src=600&u=https%3A%2F%2Fouo.press%2FthFNIG&pid=Kxt0y5XZJVY34&cb=0&ws=728x90&v=22.1107.1609&t=2000&slots=%5B%7B%22sd%22%3A%2293863%22%2C%22s%22%3A%5B%22728x90%22%5D%7D%5D&schain=1.0%2C1!firstimpression.io%2C7419%2C1%2C%2C%2C&pubid=4cd01fd0-0780-4b33-a4da-c39467660185&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/1.1
Host: aax-dtb-cf.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 165
server: Server
date: Fri, 18 Nov 2022 05:38:21 GMT
x-amz-rid: N2YTJJFQBEE2YSZ429YY
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
timing-allow-origin: *
strict-transport-security: max-age=47474747; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZWVZHIhgHiTplH1Pfyi_iM55oiwpbhYqgIfF_9eI4UEoPvMDyp1Kgw==
X-Firefox-Spdy: h2
cdn.firstimpression.io/tracking/habit/v1?b=1
200 OK 2 B URL HTTP/2 cdn.firstimpression.io/tracking/habit/v1?b=1
IP
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /tracking/habit/v1?b=1 HTTP/1.1
Host: cdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 624
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: OAID=GDPR
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
date: Fri, 18 Nov 2022 05:38:21 GMT
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-request-method: *
access-control-allow-methods: OPTIONS, GET, POST
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: z5McILEfhIk4Z496ETvSUPqNDGwedAVDJcGW2o9FfVnI3QX8vJo69Q==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 68427e6f05592e1b9b60325069b58048
fb83669427d9b3fc044ff9341de85fb92ab5a446
3c9795295ee0ed75248eb6f96dc49e90cdcfbe61b3960d888fc3f6fa1b533311
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109340
Date: Fri, 18 Nov 2022 05:38:21 GMT
Etag: "63760ed9-1d7"
Expires: Sat, 19 Nov 2022 12:00:41 GMT
Last-Modified: Thu, 17 Nov 2022 10:37:13 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YCmA6h-em-Nhoie2ENyWjLHdGZYgVFe-ueKl7rK_AyUcipj1EgX2ww==
Age: 5008
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain
302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: GYT3VJMVZ8BG0NK0A9SZ
Set-Cookie: ad-id=A7DduOfaiUeZiLWjThWCS2M|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 05:38:21 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
200 OK 64 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t
IP
File type HTML document, ASCII text
Hash be99f9f8ced5e5eb1f9721d861712f89
4291ee98f7ce20471796ec89961abb1acb2af1d8
f17fe415b91a13ea86b93344389e18c996384323ca3c2f4267b18c96b8314a12
GET /s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_n-onetag_pm-db5_rbd_n-MediaNet_cnv_n-Outbrain&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64
Connection: keep-alive
x-amz-rid: AW2FZ3ZR2EADFHY0ER3S
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 42d9905242c3e30c294a2c8247b6b661
e2308c25122469c841cf698fc32c400cbf637e5d
85b179e90aad4c990acf6401ba85e64c00b7424f76989af357cec975129a3dd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85B179E90AAD4C990ACF6401BA85E64C00B7424F76989AF357CEC975129A3DD9"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8466
Expires: Fri, 18 Nov 2022 07:59:27 GMT
Date: Fri, 18 Nov 2022 05:38:21 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 42d9905242c3e30c294a2c8247b6b661
e2308c25122469c841cf698fc32c400cbf637e5d
85b179e90aad4c990acf6401ba85e64c00b7424f76989af357cec975129a3dd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85B179E90AAD4C990ACF6401BA85E64C00B7424F76989AF357CEC975129A3DD9"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8466
Expires: Fri, 18 Nov 2022 07:59:27 GMT
Date: Fri, 18 Nov 2022 05:38:21 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 313 B IP
Hash 6e369bc5d6ecb758d6de1de951deeb02
2bc4d2b6953b805dcce4e94894b4c248eae5ed8b
77ce111f8d1bb9fb94b4a90015d39423d3acd52c252ad64fea314d08421875a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2452
Cache-Control: max-age=94541
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:21 GMT
Etag: "6375df06-139"
Expires: Sat, 19 Nov 2022 07:54:02 GMT
Last-Modified: Thu, 17 Nov 2022 07:13:10 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash cb06b2ef1c78fb21fe42d27d93c4d581
1db11b95917e01d1980178823c83002fd87831f6
a2be7e8a252d12bfce70882f99bad3864408ad2d1fa90107a5fd7b995092eeb8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=167782
Date: Fri, 18 Nov 2022 05:38:21 GMT
Etag: "6376ed14-1d7"
Expires: Sun, 20 Nov 2022 04:14:43 GMT
Last-Modified: Fri, 18 Nov 2022 02:25:24 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VVgSHDaWlI-WQUWDV5bUBxK9Szqom5dW4QVRroDQ5eYOTTh1aElQ-Q==
Age: 6559
ghent-aws-fr.bidswitch.net/imp/0.0118/BSWhttp_A_B_Bb-eu1.marketperf.com_Bc_Bdbx8b2j01h_Bps_Bz_B9ea90213d995c3ccfe828a2d408921af_Cap_R_I_WAUCTION__PRICE_X_Jbdk_Rcriteo__fiInstance__110459__0__3472400645964570__unit_Jbsw__size_R728x90_Jbsw__uuid_RM2__7d6cc50eb8ba9033d7d2a7bd2f07e393/tbEPEcP_PsvxU0nsE5KV8I22bfudi-HhIH0Sa0kceHYNXq9JbxkzWL4-V1XRJyPOgyGEtMU9BxRRmMcTWsrB861DqnWKgK_ha2wcGcCvujQvKAk9TmvX-W8oo2bK6bijiCGpHeHAgksS9bhAVMd27tfMtMJ8XnYgHzcpnvWsh2IdixGKSjxSx6p1KvIWLRLm9RAAp75p28MT_8c-dp3861VnUH0SzJhETmcu4z6OnqX7d3Wb8iocZVhOl4jBqlDlYJqbabAUm4Bt6PcrsOlpcQoLxffNclv72VG64YSqGZAmuV9iGa3m00O5ZRXDSBgGg7nouXOiHATOYITjApgQQX3CoLdTmeBQK7V48c_ARMv5kRtHQ5hrCQyl1ZWhWIReYscdod5nt1ezqpaT8CoDY-ZwXRDM990tAxsNfPSSM4lioE3whqubHHAm3se7MtfDDTYosPPUDzFdVkrVyi_5S1UqSRHonaTn9peVFzJ_6ahJMvL0MwDPTZ6Iz2TlMnulD85H5Oi76gJ5LPa___oLiOY7WzJYg1Cs2teUBGKTwQunb5FeStKtt0v7ZD7oULfL7iVmhdouV7NyhH3qFQevFZaAbOxPaBQHNCQzP6fBAhK8NZ4pY9KEwNj6AZGgehHpQnxrQj44_hqhKcsTRXJmybB048heW3egUqefWkEdcI6w5YmMyRfrYP80-SjEzRBK2tpr2TupQzBpmPrAE2-N8w30wWO6C1XY5SQ-tW31K4t_b6KI-L7Ac3_5M4DgjaPQXbRWYM8q4O5jAMs1iSyLS65pn6GuFOYfpNxHI98LjMzsUKAa0htYZUCa08ONucP5I5o9LsTrm4Uhx_LVCen2MnN85zhz9kejOQE068FPdllwakAks3zgIjZmIyZJp-bYag7cHT8VpVEdkOijB1iz--0OGzqo2-tOCBjHvNZZORgJH7HxZacv80Qfy4_jJy5aSKDFNnmemskcWKKHShCTAANCLtu0faQFwR13j3j7whz4IB85D0Q7XdqJIEI/
200 OK 43 B URL HTTP/1.1 ghent-aws-fr.bidswitch.net/imp/0.0118/BSWhttp_A_B_Bb-eu1.marketperf.com_Bc_Bdbx8b2j01h_Bps_Bz_B9ea90213d995c3ccfe828a2d408921af_Cap_R_I_WAUCTION__PRICE_X_Jbdk_Rcriteo__fiInstance__110459__0__3472400645964570__unit_Jbsw__size_R728x90_Jbsw__uuid_RM2__7d6cc50eb8ba9033d7d2a7bd2f07e393/tbEPEcP_PsvxU0nsE5KV8I22bfudi-HhIH0Sa0kceHYNXq9JbxkzWL4-V1XRJyPOgyGEtMU9BxRRmMcTWsrB861DqnWKgK_ha2wcGcCvujQvKAk9TmvX-W8oo2bK6bijiCGpHeHAgksS9bhAVMd27tfMtMJ8XnYgHzcpnvWsh2IdixGKSjxSx6p1KvIWLRLm9RAAp75p28MT_8c-dp3861VnUH0SzJhETmcu4z6OnqX7d3Wb8iocZVhOl4jBqlDlYJqbabAUm4Bt6PcrsOlpcQoLxffNclv72VG64YSqGZAmuV9iGa3m00O5ZRXDSBgGg7nouXOiHATOYITjApgQQX3CoLdTmeBQK7V48c_ARMv5kRtHQ5hrCQyl1ZWhWIReYscdod5nt1ezqpaT8CoDY-ZwXRDM990tAxsNfPSSM4lioE3whqubHHAm3se7MtfDDTYosPPUDzFdVkrVyi_5S1UqSRHonaTn9peVFzJ_6ahJMvL0MwDPTZ6Iz2TlMnulD85H5Oi76gJ5LPa___oLiOY7WzJYg1Cs2teUBGKTwQunb5FeStKtt0v7ZD7oULfL7iVmhdouV7NyhH3qFQevFZaAbOxPaBQHNCQzP6fBAhK8NZ4pY9KEwNj6AZGgehHpQnxrQj44_hqhKcsTRXJmybB048heW3egUqefWkEdcI6w5YmMyRfrYP80-SjEzRBK2tpr2TupQzBpmPrAE2-N8w30wWO6C1XY5SQ-tW31K4t_b6KI-L7Ac3_5M4DgjaPQXbRWYM8q4O5jAMs1iSyLS65pn6GuFOYfpNxHI98LjMzsUKAa0htYZUCa08ONucP5I5o9LsTrm4Uhx_LVCen2MnN85zhz9kejOQE068FPdllwakAks3zgIjZmIyZJp-bYag7cHT8VpVEdkOijB1iz--0OGzqo2-tOCBjHvNZZORgJH7HxZacv80Qfy4_jJy5aSKDFNnmemskcWKKHShCTAANCLtu0faQFwR13j3j7whz4IB85D0Q7XdqJIEI/
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /imp/0.0118/BSWhttp_A_B_Bb-eu1.marketperf.com_Bc_Bdbx8b2j01h_Bps_Bz_B9ea90213d995c3ccfe828a2d408921af_Cap_R_I_WAUCTION__PRICE_X_Jbdk_Rcriteo__fiInstance__110459__0__3472400645964570__unit_Jbsw__size_R728x90_Jbsw__uuid_RM2__7d6cc50eb8ba9033d7d2a7bd2f07e393/tbEPEcP_PsvxU0nsE5KV8I22bfudi-HhIH0Sa0kceHYNXq9JbxkzWL4-V1XRJyPOgyGEtMU9BxRRmMcTWsrB861DqnWKgK_ha2wcGcCvujQvKAk9TmvX-W8oo2bK6bijiCGpHeHAgksS9bhAVMd27tfMtMJ8XnYgHzcpnvWsh2IdixGKSjxSx6p1KvIWLRLm9RAAp75p28MT_8c-dp3861VnUH0SzJhETmcu4z6OnqX7d3Wb8iocZVhOl4jBqlDlYJqbabAUm4Bt6PcrsOlpcQoLxffNclv72VG64YSqGZAmuV9iGa3m00O5ZRXDSBgGg7nouXOiHATOYITjApgQQX3CoLdTmeBQK7V48c_ARMv5kRtHQ5hrCQyl1ZWhWIReYscdod5nt1ezqpaT8CoDY-ZwXRDM990tAxsNfPSSM4lioE3whqubHHAm3se7MtfDDTYosPPUDzFdVkrVyi_5S1UqSRHonaTn9peVFzJ_6ahJMvL0MwDPTZ6Iz2TlMnulD85H5Oi76gJ5LPa___oLiOY7WzJYg1Cs2teUBGKTwQunb5FeStKtt0v7ZD7oULfL7iVmhdouV7NyhH3qFQevFZaAbOxPaBQHNCQzP6fBAhK8NZ4pY9KEwNj6AZGgehHpQnxrQj44_hqhKcsTRXJmybB048heW3egUqefWkEdcI6w5YmMyRfrYP80-SjEzRBK2tpr2TupQzBpmPrAE2-N8w30wWO6C1XY5SQ-tW31K4t_b6KI-L7Ac3_5M4DgjaPQXbRWYM8q4O5jAMs1iSyLS65pn6GuFOYfpNxHI98LjMzsUKAa0htYZUCa08ONucP5I5o9LsTrm4Uhx_LVCen2MnN85zhz9kejOQE068FPdllwakAks3zgIjZmIyZJp-bYag7cHT8VpVEdkOijB1iz--0OGzqo2-tOCBjHvNZZORgJH7HxZacv80Qfy4_jJy5aSKDFNnmemskcWKKHShCTAANCLtu0faQFwR13j3j7whz4IB85D0Q7XdqJIEI/ HTTP/1.1
Host: ghent-aws-fr.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Fri, 18 Nov 2022 05:38:21 GMT
Set-Cookie: tuuid=600970a7-caf6-4240-87a8-355ccc7b2758; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
Content-Length: 43
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash a30b582a2573caa5e8bdbb23b2f09139
2f24807376faaa14ca2b67db13e9d5830a6086c9
ca749e187a0f56bff342818f212d6389919129bcdaea0a8c08b16e6727f51fc1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 13:56:49 GMT
Expires: Tue, 22 Nov 2022 13:56:48 GMT
Etag: "2f24807376faaa14ca2b67db13e9d5830a6086c9"
Cache-Control: max-age=374906,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5c05ba90b4eb-OSL
aws-fr-sync.bidswitch.net/sync?ssp=criteo&dsp_id=436&imp=1
302 Found 0 B URL HTTP/2 aws-fr-sync.bidswitch.net/sync?ssp=criteo&dsp_id=436&imp=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=criteo&dsp_id=436&imp=1 HTTP/1.1
Host: aws-fr-sync.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:21 GMT
content-length: 0
location: https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=criteo&dsp_id=436&imp=1
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=0bc4248b-4217-48a3-addd-7e03133ca891; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749901; path=/; expires=Sat, 18-Nov-2023 05:38:21 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=criteo&dsp_id=436&imp=1
200 OK 43 B URL HTTP/2 aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=criteo&dsp_id=436&imp=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?ssp=criteo&dsp_id=436&imp=1 HTTP/1.1
Host: aws-fr-sync.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c091ce43675a739dd10980101ef72b6e
c1203f22df1e091a804b89088d8456c80be4e03b
e8ed84213a311ba765acd59c30677e19c66aa23e00d22f042f233133d4facb09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8ED84213A311BA765ACD59C30677E19C66AA23E00D22F042F233133D4FACB09"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5751
Expires: Fri, 18 Nov 2022 07:14:13 GMT
Date: Fri, 18 Nov 2022 05:38:22 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash a30b582a2573caa5e8bdbb23b2f09139
2f24807376faaa14ca2b67db13e9d5830a6086c9
ca749e187a0f56bff342818f212d6389919129bcdaea0a8c08b16e6727f51fc1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2022 05:38:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 15 Nov 2022 13:56:49 GMT
Expires: Tue, 22 Nov 2022 13:56:48 GMT
Etag: "2f24807376faaa14ca2b67db13e9d5830a6086c9"
Cache-Control: max-age=374905,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76be5c05f9e0b500-OSL
x.bidswitch.net/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:22 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=a03524b5-8226-45a3-86a0-04f0811e2f86; path=/; expires=Sat, 18-Nov-2023 05:38:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749902; path=/; expires=Sat, 18-Nov-2023 05:38:22 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1668749902; path=/; expires=Sat, 18-Nov-2023 05:38:22 GMT; domain=.bidswitch.net; samesite=none; secure
c=1668749902; path=/; expires=Sat, 18-Nov-2023 05:38:22 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
e1.marketperf.com/c/jg3jngy2e5lqioh?d=1668749900185&yca=-2&ycountry=NO&zref=5382104103580276&ycp=61269&clicktag=https%3A%2F%2Fb-eu1.marketperf.com%2Fc%2Fdbx8b2j01h%2Fp%2F11998%2F9848%2F13%2F0%2F0%2F0%2F0%2F1.154%2F0%2F0%2F0%2F36%2F0%2F5382104103580276%2F4652%2F0%2F9ea90213d995c3ccfe828a2d408921af%3F%26t%3Dc%26re%3D&gdpr=1&gdpr_consent=&oath_page=https%3A%2F%2Fouo.press%2FthFNIG&csrand=63771a4d0a073.3064534990.1571b071fc.4572.3680927.9c8b7ad38e&r=
200 OK 47 kB URL HTTP/2 e1.marketperf.com/c/jg3jngy2e5lqioh?d=1668749900185&yca=-2&ycountry=NO&zref=5382104103580276&ycp=61269&clicktag=https%3A%2F%2Fb-eu1.marketperf.com%2Fc%2Fdbx8b2j01h%2Fp%2F11998%2F9848%2F13%2F0%2F0%2F0%2F0%2F1.154%2F0%2F0%2F0%2F36%2F0%2F5382104103580276%2F4652%2F0%2F9ea90213d995c3ccfe828a2d408921af%3F%26t%3Dc%26re%3D&gdpr=1&gdpr_consent=&oath_page=https%3A%2F%2Fouo.press%2FthFNIG&csrand=63771a4d0a073.3064534990.1571b071fc.4572.3680927.9c8b7ad38e&r=
IP
Hash 0e4c489ff6dcf5ae8965d230f9968057
777c8fb91aebbe2f372c0ebc397e5ae3a77e44aa
921283c02116388ff3aaadf55f7477344851d091a2428001fb98eb852124b855
GET /c/jg3jngy2e5lqioh?d=1668749900185&yca=-2&ycountry=NO&zref=5382104103580276&ycp=61269&clicktag=https%3A%2F%2Fb-eu1.marketperf.com%2Fc%2Fdbx8b2j01h%2Fp%2F11998%2F9848%2F13%2F0%2F0%2F0%2F0%2F1.154%2F0%2F0%2F0%2F36%2F0%2F5382104103580276%2F4652%2F0%2F9ea90213d995c3ccfe828a2d408921af%3F%26t%3Dc%26re%3D&gdpr=1&gdpr_consent=&oath_page=https%3A%2F%2Fouo.press%2FthFNIG&csrand=63771a4d0a073.3064534990.1571b071fc.4572.3680927.9c8b7ad38e&r= HTTP/1.1
Host: e1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: application/javascript
p3p: policyref="https://www.marketperf.com/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
timing-allow-origin: *
report-to: { "url": "https://e1.marketperf.com/reports", "max_age": 10886400, "include_subdomains":true }
set-cookie: ue=163771a4dd0091971133563; expires=Mon, 18-Dec-2023 05:38:21 GMT; path=/; domain=.e1.marketperf.com; SameSite=None; Secure
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
b-eu1.marketperf.com/c/dbx8b2j01h/p/11998/9848/13/0/0/0/0/1.154/0/0/0/36/0/5382104103580276/4652/0/9ea90213d995c3ccfe828a2d408921af?&t=v&h=16372afd5ee8c7455051903
200 OK 43 B URL HTTP/2 b-eu1.marketperf.com/c/dbx8b2j01h/p/11998/9848/13/0/0/0/0/1.154/0/0/0/36/0/5382104103580276/4652/0/9ea90213d995c3ccfe828a2d408921af?&t=v&h=16372afd5ee8c7455051903
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /c/dbx8b2j01h/p/11998/9848/13/0/0/0/0/1.154/0/0/0/36/0/5382104103580276/4652/0/9ea90213d995c3ccfe828a2d408921af?&t=v&h=16372afd5ee8c7455051903 HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: image/gif
server: nginx
report-to: { "url": "https://b.marketperf.com/reports", "max_age": 10886400, "include_subdomains":true }
p3p: policyref="https://www.marketperf.com/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=15&user_group=8&gdpr=0&gdpr_consent=
200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=15&user_group=8&gdpr=0&gdpr_consent=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=15&user_group=8&gdpr=0&gdpr_consent= HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ouo.press/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
b-eu1.marketperf.com/bsw_sync?h=16372afd5ee8c7455051903&bsw_group_id=2&bsw_custom_parameter=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393&bsw_exp=1&gdpr=0&gdpr_consent=&origin=m
302 Found 314 B URL HTTP/2 b-eu1.marketperf.com/bsw_sync?h=16372afd5ee8c7455051903&bsw_group_id=2&bsw_custom_parameter=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393&bsw_exp=1&gdpr=0&gdpr_consent=&origin=m
IP
Hash 077d34b9decf907aad6a16b6e83ca632
1e1a18d55f38b7203ca0d75a5206df4cc1881542
fe601ebd50952972d8f08a9f4aabdeb798c0aa4508998bfe012cc317a23031f7
GET /bsw_sync?h=16372afd5ee8c7455051903&bsw_group_id=2&bsw_custom_parameter=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393&bsw_exp=1&gdpr=0&gdpr_consent=&origin=m HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: text/html; charset=UTF-8
location: https://x.bidswitch.net/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=1&user_group=2&gdpr=0&gdpr_consent=&bsw_param=M2_7d6cc50eb8ba9033d7d2a7bd2f07e393
server: nginx
set-cookie: ui=16372afd5ee8c7455051903; expires=Mon, 18-Dec-2023 05:38:21 GMT; path=/; domain=.marketperf.com; SameSite=None; Secure
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash e0e62391672f062eaeb99842f6a3895e
9eb182fc3f6761627b022e9aad7d98674132ef1e
d0e4462153aca82e596b79fd8e03f58e544046c04042489e023cef4edc3db0c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1494
Cache-Control: max-age=131391
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:23 GMT
Etag: "637672b8-139"
Expires: Sat, 19 Nov 2022 18:08:14 GMT
Last-Modified: Thu, 17 Nov 2022 17:43:20 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=Lhllzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhuQ0dWeXF1MmlJSFdMazVBZzBESm1Uek80YTlwdkNSenUlMkJETllhZVV4OQ; expires=Wed, 13 Dec 2023 05:38:23 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 288127
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
200 OK 30 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP
Hash 8e0412e61ce4efb1a899ce3f5b913ba2
b445a92143a94c3beac1bb79b396df708607c5dd
ecc4beb9bcdeda75e732276637190e534c13c36377d9314ceacb9851429459e8
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:23 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-16294"
expires: Sat, 19 Nov 2022 05:38:23 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
e1.marketperf.com/c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/1
200 OK 356 B URL HTTP/2 e1.marketperf.com/c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d3838634898a5038b50f1bb3cda35e38
760892d51ee44e73265889ff9caf55212b27c2b8
acdb7d4d8758f23857928e43f9ad7a1838861304104cf8b7361e6874d37f9155
GET /c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/1 HTTP/1.1
Host: e1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903; ue=163771a4dd0091971133563
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:23 GMT
content-type: image/gif
X-Firefox-Spdy: h2
acdn.adnxs.com/dmp/async_usersync.html
200 OK 17 kB URL HTTP/1.1 acdn.adnxs.com/dmp/async_usersync.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (52990)
Hash 9c6b5ce6b3452e98573e6409c34dd73c
de607fadef62e36945a409a838eb8fc36d819b42
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
GET /dmp/async_usersync.html HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
ETag: "623de86a-cf34"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Sat, 19 Nov 2022 05:38:26 GMT
Date: Fri, 18 Nov 2022 05:38:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Nov 2022 05:38:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/async_usersync?cbfn=queuePixels
307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/async_usersync?cbfn=queuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /async_usersync?cbfn=queuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://acdn.adnxs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Fri, 18 Nov 2022 05:38:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
AN-X-Request-Uuid: 76bd61f6-6395-44fd-ae6d-91cdc1f4ce34
Set-Cookie: uuid2=5360220327944148969; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 16-Feb-2023 05:38:24 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
eus.rubiconproject.com/usync.js
200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (18728)
Hash 2b13aa1f9b257a3b66bc1edc156b1ba4
5f85cf9d04ad4eec35d0c3f61f16a0e804af5c44
626ea2bcc3a90aef6259d6c47a027eb9b0fa7cc3c99756df60c94e0c6aa836cf
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 17 Nov 2022 08:33:23 GMT
Content-Encoding: gzip
Content-Length: 10065
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=10448
Expires: Fri, 18 Nov 2022 08:32:32 GMT
Date: Fri, 18 Nov 2022 05:38:24 GMT
Connection: keep-alive
Vary: Accept-Encoding
ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://acdn.adnxs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 18 Nov 2022 05:38:24 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 87eaf095-df80-4297-ae71-09f752c01e93
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 279 B IP
Hash ae8a28c6662c958c7cdfb3a4d4f12032
f974c73b2662df0dca01f55cfc7e5e01e8148ca0
ca382bc3a270a84c6e5b2d44b6b7ea7b2d06fe80153dc95781efd6e48bd610bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5253
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:24 GMT
Last-Modified: Fri, 18 Nov 2022 04:10:51 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
302 Found 295 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d351a54e6fea94972b95c8719be0dbb3
6424de15817cddfb627c824dc22cab864126f4de
3b0b2e461988f20a8cf9708bb322f65030782172eadf9ddf3237da1f036839a1
GET /pixel?google_nid=rubicon&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
date: Fri, 18 Nov 2022 05:38:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 295
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 18-Nov-2022 05:53:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.rubiconproject.com/exchange/sync.php?p=a9us
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Content-Type: image/gif
token.rubiconproject.com/token?pid=2974&pt=n&a=1
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1 HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Fri, 18 Nov 2022 05:38:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash eaa6a3200eda9bf5788df6d9eb04d84c
12efbb66692df6d76c1103b152808d751c0e49f1
6d815027ae40ea2603c0ed5adac0821cd5526f11c2eeb0ada5294b6f2ec3492d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash ae8a28c6662c958c7cdfb3a4d4f12032
f974c73b2662df0dca01f55cfc7e5e01e8148ca0
ca382bc3a270a84c6e5b2d44b6b7ea7b2d06fe80153dc95781efd6e48bd610bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5253
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:24 GMT
Last-Modified: Fri, 18 Nov 2022 04:10:51 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 471 B IP
Hash 4bb4b397c70958a0bad1794b80b4ec1b
99e299bcc2651baefcdb67b45efb134d13c2227b
f7f7d3d7d5d4d647f441bb2b85686dfe076f7fac1bf3cec3afdf3fd295094e46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5216
Cache-Control: max-age=166071
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 05:38:24 GMT
Etag: "6376eba7-1d7"
Expires: Sun, 20 Nov 2022 03:46:15 GMT
Last-Modified: Fri, 18 Nov 2022 02:19:19 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash d22aedc8cc8b91a51dc12b0c2174aeec
0488c30f3bc76b1d9e5dde6f19e6fa639c3ad7ce
6ea007e509ccec805ce396df01c9331b9ebaae31e3d0adf73f1709e4efd2f951
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169699
Date: Fri, 18 Nov 2022 05:38:24 GMT
Etag: "63770632-1d7"
Expires: Sun, 20 Nov 2022 04:46:43 GMT
Last-Modified: Fri, 18 Nov 2022 04:12:34 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: adOm0nkyf22q8dhfivM6jS4Pr4JPV7r-ZqGUHAUpFk4_nLvvu4J7wQ==
Age: 2049
s.tribalfusion.com/z/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
200 OK 43 B URL HTTP/2 s.tribalfusion.com/z/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /z/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180 HTTP/1.1
Host: s.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:24 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache, private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76be5c18cef70b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Fri, 18 Nov 2022 05:38:24 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: ZPQWBZC24MT9RJAS2CQT
Set-Cookie: ad-id=AyXb4IVvLEEVnvHJqAjajUs|t; Domain=.amazon-adsystem.com; Expires=Sat, 01-Jul-2023 05:38:24 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
sync.srv.stackadapt.com/sync?nid=14
302 Found 121 B URL HTTP/1.1 sync.srv.stackadapt.com/sync?nid=14
IP
File type HTML document, ASCII text
Hash 7498fb925883d1631a59ab0ed7aef16d
4940a494cb14dec045181e74f8140d1e0b856625
910591cadaa6743933c754d45d5ceb2a129d4ec17a155340fac82c34e9bddfe3
GET /sync?nid=14 HTTP/1.1
Host: sync.srv.stackadapt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Nov 2022 05:38:24 GMT
Location: https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=WATtyGKwTg1EzvEr7DgeW1taKpo
Set-Cookie: sa-user-id=s%3A0-5804edc8-62b0-4e0d-44ce-f12bec381e5b.c4BmsmwWPF%2FlhqACiPgKjXFlRyN%2Bz1tpnRnN8pry1xU; Max-Age=31536000; Secure; SameSite=None
sa-user-id-v2=s%3AWATtyGKwTg1EzvEr7DgeW1taKpo.rGNQUm9MDNkFvr7P193Zrw2Ph39j0uu%2BLFQPB0OA4DQ; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None
Content-Length: 121
Connection: keep-alive
pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=WATtyGKwTg1EzvEr7DgeW1taKpo
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=WATtyGKwTg1EzvEr7DgeW1taKpo
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=731524&nid=3858&put=WATtyGKwTg1EzvEr7DgeW1taKpo HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Content-Type: image/gif
b1sync.zemanta.com/usersync/rubicon/
302 Found 109 B URL HTTP/1.1 b1sync.zemanta.com/usersync/rubicon/
IP
File type HTML document, ASCII text
Hash da91b0bebbbc88996f7fbc89fb2e26ed
b5d4536ac72b8ae1b84f19e04b8fc89b03b9af7d
23465be5cbf42ea06d10032446b2950d4e0993c70f5a7e7af666480d5ce65800
GET /usersync/rubicon/ HTTP/1.1
Host: b1sync.zemanta.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Content-Length: 109
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
Pragma: no-cache
Date: Fri, 18 Nov 2022 05:38:24 GMT
pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=144598&nid=3992&expires=30&put= HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Content-Type: image/gif
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Fri, 18 Nov 2022 05:38:25 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: MV9HVKE38ACTJD7DGE0R
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9cfc27674d77acc9a288f821d62aa4c7
d81f9f7cf0a2d7c42d70b6787f6340940463dd87
f5ed3a6629e4b7992759e7cf223c3645143baa92d783accfb3633573266efdc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5ED3A6629E4B7992759E7CF223C3645143BAA92D783ACCFB3633573266EFDC1"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13803
Expires: Fri, 18 Nov 2022 09:28:28 GMT
Date: Fri, 18 Nov 2022 05:38:25 GMT
Connection: keep-alive
a.tribalfusion.com/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
302 Found 36 B URL HTTP/2 a.tribalfusion.com/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
IP
File type ASCII text, with no line terminators
Hash 3d7d43b880a1a4d37b0b7058f65e16ad
15888f516b97156f47c11e374f5a149d1f2bd0a3
a3b8571ca52c51c6c0841aad271acd499ad71a35636fde91971d9e62cfb752d3
GET /i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:24 GMT
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 845
cache-control: no-cache, private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aBnoeUqZbaOT6iPqcgTUMZcrwd7MRWMUwdauFZcc0yZc; path=/; domain=.tribalfusion.com; expires=Thu, 16-Feb-2023 05:38:24 GMT; SameSite=None; Secure;
ANON_ID_old=aBnoeUqZbaOT6iPqcgTUMZcrwd7MRWMUwdauFZcc0yZc; path=/; domain=.tribalfusion.com; expires=Thu, 16-Feb-2023 05:38:24 GMT;
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76be5c17ae670b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
b-eu1.marketperf.com/c/dbx8b2j01h/ps/z/9ea90213d995c3ccfe828a2d408921af
200 OK 43 B URL HTTP/2 b-eu1.marketperf.com/c/dbx8b2j01h/ps/z/9ea90213d995c3ccfe828a2d408921af
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /c/dbx8b2j01h/ps/z/9ea90213d995c3ccfe828a2d408921af HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:25 GMT
content-type: image/gif
server: nginx
cache-control: no-cache, must-revalidate
p3p: policyref="https://www.marketperf.com/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
X-Firefox-Spdy: h2
rcp.c.appier.net/rbcm
302 Found 131 B IP
File type HTML document, ASCII text
Hash 0d6f46a04002b8efb68eb8a167bd62fd
e80e7b91bcec8f416d7026c6d5b611ac807c82cc
3c7c13010405646ab56c932e7940c007957066c4d1a6248ed5b47f88845d151a
GET /rbcm HTTP/1.1
Host: rcp.c.appier.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 18 Nov 2022 05:38:25 GMT
content-type: text/html; charset=utf-8
content-length: 131
cache-control: no-store
location: https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=9Do4JfjzDru_P8HQURp3Yw&expires=365
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=9Do4JfjzDru_P8HQURp3Yw; Path=/; Domain=c.appier.net; Expires=Sat, 18 Nov 2023 05:38:25 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=9Do4JfjzDru_P8HQURp3Yw&expires=365
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=9Do4JfjzDru_P8HQURp3Yw&expires=365
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=70596&nid=3632&put=9Do4JfjzDru_P8HQURp3Yw&expires=365 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Content-Type: image/gif
b-eu1.marketperf.com/ps/vt
204 No Content 0 B URL HTTP/2 b-eu1.marketperf.com/ps/vt
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ps/vt HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 155
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 18 Nov 2022 05:38:27 GMT
server: nginx
cache-control: no-cache, must-revalidate
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
X-Firefox-Spdy: h2
s.marketperf.com/f/nat/n.js?282
200 OK 0 B URL HTTP/2 s.marketperf.com/f/nat/n.js?282
IP
GET /f/nat/n.js?282 HTTP/1.1
Host: s.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Tue, 08 Nov 2022 02:25:25 GMT
last-modified: Wed, 12 Oct 2022 12:33:30 GMT
etag: W/"f114a699de89663c1001bb36d59473a8"
x-amz-version-id: 2udkC4SVxeOyEmCTUqNke3gRDdAcvKnV
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tKW5f5x-EOAHFwkerDEK9qf-cOZ_rtJ6ZuiA6sPSZx3ObHqmWngeGg==
age: 875577
X-Firefox-Spdy: h2
s.marketperf.com/f/nat/iab.native.js?ver=194887
200 OK 0 B URL HTTP/2 s.marketperf.com/f/nat/iab.native.js?ver=194887
IP
GET /f/nat/iab.native.js?ver=194887 HTTP/1.1
Host: s.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Thu, 03 Nov 2022 21:00:37 GMT
last-modified: Wed, 12 Oct 2022 12:33:30 GMT
etag: W/"e2bcba26a64516fd73b4feef5b5f5cf4"
x-amz-version-id: ENHeoeWDRqdxOtWX8DDJXXn9SyZUj.Ez
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: T1f4znNzvSLjOGjPhDqdqxQ2j5xv1HC8DH_jmTdfsGdM5Op8BE0yJQ==
age: 1240664
X-Firefox-Spdy: h2
s.marketperf.com/i/logo/logo.svg?1
200 OK 0 B URL HTTP/2 s.marketperf.com/i/logo/logo.svg?1
IP
GET /i/logo/logo.svg?1 HTTP/1.1
Host: s.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
date: Sat, 05 Nov 2022 07:31:43 GMT
last-modified: Wed, 12 Oct 2022 12:33:31 GMT
etag: W/"4be427cedd3219e080773c1c9b680b30"
x-amz-version-id: KZmcGVgUZp4LYlj0qZ2ou4MLuug0Oy5f
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ygN3T2sTCaH1gtUxEq_fCtRLxVtTIKaXLg57XuJNInfOVIiEu-_aTw==
age: 1116399
X-Firefox-Spdy: h2
e1.marketperf.com/c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/5
200 OK 0 B URL HTTP/2 e1.marketperf.com/c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/5
IP
GET /c/jg3jngy2e5lqioh/tv/87988/fa69552caf3d579b46e7698d9fc39637/5 HTTP/1.1
Host: e1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903; ue=163771a4dd0091971133563
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:27 GMT
content-type: image/gif
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=Lhllzl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhuQ0dWeXF1MmlJSFdMazVBZzBESm1Uek80YTlwdkNSenUlMkJETllhZVV4OQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=qhNvSF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhuQ0dWeXF1MmlJSFdMazVBZzBESm1NJTJGRmtXdzZ6RnYzJTJCRWdtU0ZEQWNy; expires=Wed, 13 Dec 2023 05:38:23 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 321633
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ouo.press/thFNIG
200 OK 0 B IP
GET /thFNIG HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
set-cookie: ouoio_session=eyJpdiI6InNcL2lXcWhlQWNJYjB6MW1iWmtaOUhWYTBJVENzYTd1OUR5b3A4UEVic21RPSIsInZhbHVlIjoiMUNpb2dseG5cL2dlYVc2Q0ZRbVJmNmtOZVp6RjdER0Q4YkdadzFIUzZ4NDRPR2dWM29cLzVYWUxuSFRxeXF6TjFXaEU2a21pak9YWEVPT3lqcnhXNDRCdz09IiwibWFjIjoiNDlkYzIxMjg4M2Q2YzFlODg5NTc1ZTYwNWE3MzU5OTk5YzNhZDY1ZmEwZjU3NTY4YzdiMWExYmFjZGQwZTE0ZiJ9; path=/; httponly
language=eyJpdiI6Ikk1cmJUUHRIdG9uNVdNOGRRRkF3cVhyK2FcL0lYaUJrY1grNXA1bnpwamk0PSIsInZhbHVlIjoiRDZjZHBzcCtlRjBcL3FmYW5Ha2llNHFDelltRkJXWUlKZWdPTUNDT2J1SFE9IiwibWFjIjoiYjljNGE2NDI4NzM1MmI3YjZkYTZkNzI2YTZkODQxN2Q0MDA1Yjc1NmE2OTk2YmE2ZmQxOGU2ZmQyOTlkY2FlYiJ9; expires=Wed, 17-Nov-2027 05:38:19 GMT; Max-Age=157680000; path=/; httponly
1ca6bb225c5e1f6c13487ea2b47a8e2ed8bb849e=eyJpdiI6IjFDaXlzamJ3em0yV2FLYWR5NHFuNmZYam85bGdUVjJORlFwdE1XQVhxVmc9IiwidmFsdWUiOiI5dXpQWDdrTUhkNmFXVXpTWm9KMFZuOVJnWUJETHVkeHlpdHg0bFwvaG5IdThrYXRkSDlPZzVPUk1pYndOV2hubXMyWjhuU0huSzVcLzVBWXFIcnpud0JvVlJ5YWx1dW81WTBhdTlaNWZ5VTNFWjJCMk5maEwxUUNRYU9nVXFjejJubitwajI5NjR2bXBiWTRDWW9zQXFBeVFPeVR4NDY0T0FOekVQVUNyVFhvdDJoMks2MmV2WHErcDVcL242TENFTEJQZzV5dHk1M2R4T1R6V096VCtTWk1od0xjZ0RvOTJXdk1UM2NDUkZkM0tVcU1PdVNlbHBEbUxwS3NCa2xXVVR1RDRQSlFjOU9XVjJQSzZrTXo3OXRsZTdcL3ljUFd2bGoxUm5QQmRTSkFUS1dva3d2cWt4eFBUQlhGOFhjOHVkVXpkc2gxdEV5NTdyN0E4UVlzaGxGUUhtMDd2bVhuRHZuRDlDQVZmdGZPVzlua1ZXSm1uM0xQcVA2c0p4K3NvTWNXIiwibWFjIjoiNzg0NjllOWRkMDczMzY3MzE2ODQ0OTk3ZTdjMzc2ODU1OTcwNDY2ZGRhYjljZWMyNWE2NTY0NDEzMDU4MDhiNCJ9; expires=Fri, 18-Nov-2022 07:38:19 GMT; Max-Age=7200; path=/; httponly
__cf_bm=FDEW4pNhThJfmFXMU2mFQq.ouiqTiYu_S9GgfwrvFvA-1668749899-0-AbarI/vEwkdkjT93hsO9l7KtO5yLzNoNDVubO1RTWQySGJEJ4dU9VXOFIyYoWN+VJCHXMlWBb4wRuTVbSd+jNZk=; path=/; expires=Fri, 18-Nov-22 06:08:19 GMT; domain=.ouo.press; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 76be5bf518fdb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
b-eu1.marketperf.com/c/dbx8b2j01h/ps/hp/9ea90213d995c3ccfe828a2d408921af
200 OK 0 B URL HTTP/2 b-eu1.marketperf.com/c/dbx8b2j01h/ps/hp/9ea90213d995c3ccfe828a2d408921af
IP
GET /c/dbx8b2j01h/ps/hp/9ea90213d995c3ccfe828a2d408921af HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:21 GMT
content-type: image/gif
server: nginx
cache-control: no-cache, must-revalidate
X-Firefox-Spdy: h2
b-eu1.marketperf.com/bsw_sync?bsw_group_id=8&bsw_exp=15&gdpr=0&gdpr_consent=&origin=a
302 Found 0 B URL HTTP/2 b-eu1.marketperf.com/bsw_sync?bsw_group_id=8&bsw_exp=15&gdpr=0&gdpr_consent=&origin=a
IP
GET /bsw_sync?bsw_group_id=8&bsw_exp=15&gdpr=0&gdpr_consent=&origin=a HTTP/1.1
Host: b-eu1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: text/html; charset=UTF-8
location: https://x.bidswitch.net/sync?dsp_id=436&ssp=&user_id=16372afd5ee8c7455051903&expires=15&user_group=8&gdpr=0&gdpr_consent=
server: nginx
X-Firefox-Spdy: h2
e1.marketperf.com/c/jg3jngy2e5lqioh/ps/m/fa69552caf3d579b46e7698d9fc39637/9e4947f35751465411fd1a4f5c358c78/?o=0.7
200 OK 0 B URL HTTP/2 e1.marketperf.com/c/jg3jngy2e5lqioh/ps/m/fa69552caf3d579b46e7698d9fc39637/9e4947f35751465411fd1a4f5c358c78/?o=0.7
IP
POST /c/jg3jngy2e5lqioh/ps/m/fa69552caf3d579b46e7698d9fc39637/9e4947f35751465411fd1a4f5c358c78/?o=0.7 HTTP/1.1
Host: e1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 22247
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903; ue=163771a4dd0091971133563
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: image/gif
access-control-allow-origin: https://ouo.press
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 64020
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ouo.press/css/link-safe.css
200 OK 0 B URL HTTP/2 ouo.press/css/link-safe.css
IP
GET /css/link-safe.css HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/thFNIG
Cookie: ouoio_session=eyJpdiI6InNcL2lXcWhlQWNJYjB6MW1iWmtaOUhWYTBJVENzYTd1OUR5b3A4UEVic21RPSIsInZhbHVlIjoiMUNpb2dseG5cL2dlYVc2Q0ZRbVJmNmtOZVp6RjdER0Q4YkdadzFIUzZ4NDRPR2dWM29cLzVYWUxuSFRxeXF6TjFXaEU2a21pak9YWEVPT3lqcnhXNDRCdz09IiwibWFjIjoiNDlkYzIxMjg4M2Q2YzFlODg5NTc1ZTYwNWE3MzU5OTk5YzNhZDY1ZmEwZjU3NTY4YzdiMWExYmFjZGQwZTE0ZiJ9; language=eyJpdiI6Ikk1cmJUUHRIdG9uNVdNOGRRRkF3cVhyK2FcL0lYaUJrY1grNXA1bnpwamk0PSIsInZhbHVlIjoiRDZjZHBzcCtlRjBcL3FmYW5Ha2llNHFDelltRkJXWUlKZWdPTUNDT2J1SFE9IiwibWFjIjoiYjljNGE2NDI4NzM1MmI3YjZkYTZkNzI2YTZkODQxN2Q0MDA1Yjc1NmE2OTk2YmE2ZmQxOGU2ZmQyOTlkY2FlYiJ9; 1ca6bb225c5e1f6c13487ea2b47a8e2ed8bb849e=eyJpdiI6IjFDaXlzamJ3em0yV2FLYWR5NHFuNmZYam85bGdUVjJORlFwdE1XQVhxVmc9IiwidmFsdWUiOiI5dXpQWDdrTUhkNmFXVXpTWm9KMFZuOVJnWUJETHVkeHlpdHg0bFwvaG5IdThrYXRkSDlPZzVPUk1pYndOV2hubXMyWjhuU0huSzVcLzVBWXFIcnpud0JvVlJ5YWx1dW81WTBhdTlaNWZ5VTNFWjJCMk5maEwxUUNRYU9nVXFjejJubitwajI5NjR2bXBiWTRDWW9zQXFBeVFPeVR4NDY0T0FOekVQVUNyVFhvdDJoMks2MmV2WHErcDVcL242TENFTEJQZzV5dHk1M2R4T1R6V096VCtTWk1od0xjZ0RvOTJXdk1UM2NDUkZkM0tVcU1PdVNlbHBEbUxwS3NCa2xXVVR1RDRQSlFjOU9XVjJQSzZrTXo3OXRsZTdcL3ljUFd2bGoxUm5QQmRTSkFUS1dva3d2cWt4eFBUQlhGOFhjOHVkVXpkc2gxdEV5NTdyN0E4UVlzaGxGUUhtMDd2bVhuRHZuRDlDQVZmdGZPVzlua1ZXSm1uM0xQcVA2c0p4K3NvTWNXIiwibWFjIjoiNzg0NjllOWRkMDczMzY3MzE2ODQ0OTk3ZTdjMzc2ODU1OTcwNDY2ZGRhYjljZWMyNWE2NTY0NDEzMDU4MDhiNCJ9; __cf_bm=FDEW4pNhThJfmFXMU2mFQq.ouiqTiYu_S9GgfwrvFvA-1668749899-0-AbarI/vEwkdkjT93hsO9l7KtO5yLzNoNDVubO1RTWQySGJEJ4dU9VXOFIyYoWN+VJCHXMlWBb4wRuTVbSd+jNZk=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: text/css
cache-control: max-age=86400
cf-bgj: minify
cf-polished: status=cannot_optimize
etag: W/"5d951ace-1830"
expires: Fri, 18 Nov 2022 11:56:50 GMT
last-modified: Wed, 02 Oct 2019 21:46:54 GMT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20489
vary: Accept-Encoding
server: cloudflare
cf-ray: 76be5bf82b1cb505-OSL
content-encoding: br
X-Firefox-Spdy: h2
hhklc.com/c.js
200 OK 0 B IP
GET /c.js HTTP/1.1
Host: hhklc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: application/javascript
last-modified: Fri, 11 Nov 2022 16:10:23 GMT
etag: W/"636e73ef-2218"
server-asp-net: Asp Net
expires: Fri, 18 Nov 2022 05:47:58 GMT
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgAnPLlH6J4%2BubOf3OwyDVpx%2FNL7IhHi8bMldlq6mPe5B90v9iir9wJnEdxh%2BbJus64BqVFnwW8Imr8Qe765NId5OJ8H1WmUZpInsW8GYStSsjvLkZKLMB%2FkiZE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76be5bf8b8eb0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,thFNIG&adtype=label-under&callback=callback_QitE7
200 OK 0 B URL HTTP/2 run-syndicate.com/do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,thFNIG&adtype=label-under&callback=callback_QitE7
IP
ASN #24940 Hetzner Online GmbH
GET /do2/048b86cb1ea4453a9397baf204dd5474/dynamic?format=jsonp&count=2&w=1280&h=1024&keywords=ouo,press,short,links,link,shortener,free,URL,shortener,Free,URL,shorten,service,ouo,press,thFNIG&adtype=label-under&callback=callback_QitE7 HTTP/1.1
Host: run-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:20 GMT
content-type: application/javascript; charset=utf-8
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: f2bde54f4651d90b
set-cookie: ts_uid=5f0349e0-210f-4d11-87e9-13406e90a7e7; expires=Thu, 18 May 2023 05:38:20 GMT; domain=.run-syndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
ecdn.firstimpression.io/static/js/fiamp.js
200 OK 0 B URL HTTP/2 ecdn.firstimpression.io/static/js/fiamp.js
IP
GET /static/js/fiamp.js HTTP/1.1
Host: ecdn.firstimpression.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx/1.20.0
last-modified: Fri, 08 Apr 2022 08:48:22 GMT
access-control-allow-origin: *
content-encoding: gzip
date: Fri, 18 Nov 2022 05:29:56 GMT
expires: Fri, 18 Nov 2022 06:29:54 GMT
cache-control: max-age=3600
etag: W/"624ff6d6-1b8e9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zeOEYDTLZQuNW7Ch--OtyWkrvyO_DJRCEDhASQhOqE6oIBsYZmnkzQ==
age: 506
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 70158
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cat.fr.eu.criteo.com/tpd?dd=1G6pwl9PJTJGdkhjNWJXVFRSVTMyanc3cVZFUyUyQktDMXkxVGZ4cUZlYktMbzh4UTdRSlhXVGxiQ3V4WncwYzdiZGRBNFFITVFPQlNBSzNyYVNzQTc1TVVpQmF4UWtkJTJGbXRwYTNGUmNjJTJGaFJGZW43Sm5IOWl5eiUyRlZFRHhPU1FNV0hqQWpQcVVhYkclMkZBUXRSVndCNHBTRE9hNE92dVhNVEQzU0NuelZIU2FvNm15R1B3V2xpT3ZFaVV3b0I3N1V4cFFZMTJuZUZHVkxPajZIelN1NnNrSG5mS28lMkJrR29pUHFITVlrWVJOZmRseUJmVWglMkZNTCUyQlJNJTJCVndFa3lrY01hVWdNV3ZMUGNtU0l2U0JRdnk4czBuZ3JkQ3EwJTJGWGNkOXRWSHc2TnpTcm95OHdIJTJGc2tOdlZaWGF0SXU0NWtZOEpVeU4lMkJjTklnWmFoYWlqakZEVFJVVFolMkIwNXJMYTQlMkZtWXdvJTJGSU5EUjlGYXc2TVhKS2FVM3o0Z0h0NzdyckpnYklSU3hMa0ZFN2lVSnV1U3Z5bUNyeXMlMkYzM1VqbnZ5WjU3NUI0UGE0cktQd3pER090ajd2ZFJDZ2JWS25JeTYybXhlQXJsRmtuaEdLNUlqVjlLbWFvS0FWRkNvWDBNeDJvZnF1OXJqQmdwVUUxOUNsOTBkM0VudmZxVFZKMFlBTGk1M0o0RXFVRWlQek85UDROYnoyOEJpdlBNVyUyQm5iV21jYkpmMHF1ZWdlU1lpZnhCWVU4VEZkOUkyOWclMkY5bU1obWlRcGJQMWxGeFBMSnd3RUJLZGIlMkZubmFKNTFMa0hTVGE0OVJCaXh3UVBSU01DRnZJaXNmbyUzRA
200 OK 0 B URL HTTP/2 cat.fr.eu.criteo.com/tpd?dd=1G6pwl9PJTJGdkhjNWJXVFRSVTMyanc3cVZFUyUyQktDMXkxVGZ4cUZlYktMbzh4UTdRSlhXVGxiQ3V4WncwYzdiZGRBNFFITVFPQlNBSzNyYVNzQTc1TVVpQmF4UWtkJTJGbXRwYTNGUmNjJTJGaFJGZW43Sm5IOWl5eiUyRlZFRHhPU1FNV0hqQWpQcVVhYkclMkZBUXRSVndCNHBTRE9hNE92dVhNVEQzU0NuelZIU2FvNm15R1B3V2xpT3ZFaVV3b0I3N1V4cFFZMTJuZUZHVkxPajZIelN1NnNrSG5mS28lMkJrR29pUHFITVlrWVJOZmRseUJmVWglMkZNTCUyQlJNJTJCVndFa3lrY01hVWdNV3ZMUGNtU0l2U0JRdnk4czBuZ3JkQ3EwJTJGWGNkOXRWSHc2TnpTcm95OHdIJTJGc2tOdlZaWGF0SXU0NWtZOEpVeU4lMkJjTklnWmFoYWlqakZEVFJVVFolMkIwNXJMYTQlMkZtWXdvJTJGSU5EUjlGYXc2TVhKS2FVM3o0Z0h0NzdyckpnYklSU3hMa0ZFN2lVSnV1U3Z5bUNyeXMlMkYzM1VqbnZ5WjU3NUI0UGE0cktQd3pER090ajd2ZFJDZ2JWS25JeTYybXhlQXJsRmtuaEdLNUlqVjlLbWFvS0FWRkNvWDBNeDJvZnF1OXJqQmdwVUUxOUNsOTBkM0VudmZxVFZKMFlBTGk1M0o0RXFVRWlQek85UDROYnoyOEJpdlBNVyUyQm5iV21jYkpmMHF1ZWdlU1lpZnhCWVU4VEZkOUkyOWclMkY5bU1obWlRcGJQMWxGeFBMSnd3RUJLZGIlMkZubmFKNTFMa0hTVGE0OVJCaXh3UVBSU01DRnZJaXNmbyUzRA
IP
GET /tpd?dd=1G6pwl9PJTJGdkhjNWJXVFRSVTMyanc3cVZFUyUyQktDMXkxVGZ4cUZlYktMbzh4UTdRSlhXVGxiQ3V4WncwYzdiZGRBNFFITVFPQlNBSzNyYVNzQTc1TVVpQmF4UWtkJTJGbXRwYTNGUmNjJTJGaFJGZW43Sm5IOWl5eiUyRlZFRHhPU1FNV0hqQWpQcVVhYkclMkZBUXRSVndCNHBTRE9hNE92dVhNVEQzU0NuelZIU2FvNm15R1B3V2xpT3ZFaVV3b0I3N1V4cFFZMTJuZUZHVkxPajZIelN1NnNrSG5mS28lMkJrR29pUHFITVlrWVJOZmRseUJmVWglMkZNTCUyQlJNJTJCVndFa3lrY01hVWdNV3ZMUGNtU0l2U0JRdnk4czBuZ3JkQ3EwJTJGWGNkOXRWSHc2TnpTcm95OHdIJTJGc2tOdlZaWGF0SXU0NWtZOEpVeU4lMkJjTklnWmFoYWlqakZEVFJVVFolMkIwNXJMYTQlMkZtWXdvJTJGSU5EUjlGYXc2TVhKS2FVM3o0Z0h0NzdyckpnYklSU3hMa0ZFN2lVSnV1U3Z5bUNyeXMlMkYzM1VqbnZ5WjU3NUI0UGE0cktQd3pER090ajd2ZFJDZ2JWS25JeTYybXhlQXJsRmtuaEdLNUlqVjlLbWFvS0FWRkNvWDBNeDJvZnF1OXJqQmdwVUUxOUNsOTBkM0VudmZxVFZKMFlBTGk1M0o0RXFVRWlQek85UDROYnoyOEJpdlBNVyUyQm5iV21jYkpmMHF1ZWdlU1lpZnhCWVU4VEZkOUkyOWclMkY5bU1obWlRcGJQMWxGeFBMSnd3RUJLZGIlMkZubmFKNTFMa0hTVGE0OVJCaXh3UVBSU01DRnZJaXNmbyUzRA HTTP/1.1
Host: cat.fr.eu.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:20 GMT
content-type: image/gif
server: Kestrel
cache-control: no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 596485
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
style.ad6.fr/js/ads/img.htm?2
200 OK 0 B URL HTTP/2 style.ad6.fr/js/ads/img.htm?2
IP
GET /js/ads/img.htm?2 HTTP/1.1
Host: style.ad6.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:22 GMT
content-type: text/html
last-modified: Thu, 11 Jun 2015 10:12:09 GMT
vary: Accept-Encoding
etag: W/"55795ef9-279"
expires: Sun, 18 Dec 2022 05:38:22 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2
ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
200 OK 0 B URL HTTP/2 ouo.press/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ouo.press
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/thFNIG
Cookie: ouoio_session=eyJpdiI6InNcL2lXcWhlQWNJYjB6MW1iWmtaOUhWYTBJVENzYTd1OUR5b3A4UEVic21RPSIsInZhbHVlIjoiMUNpb2dseG5cL2dlYVc2Q0ZRbVJmNmtOZVp6RjdER0Q4YkdadzFIUzZ4NDRPR2dWM29cLzVYWUxuSFRxeXF6TjFXaEU2a21pak9YWEVPT3lqcnhXNDRCdz09IiwibWFjIjoiNDlkYzIxMjg4M2Q2YzFlODg5NTc1ZTYwNWE3MzU5OTk5YzNhZDY1ZmEwZjU3NTY4YzdiMWExYmFjZGQwZTE0ZiJ9; language=eyJpdiI6Ikk1cmJUUHRIdG9uNVdNOGRRRkF3cVhyK2FcL0lYaUJrY1grNXA1bnpwamk0PSIsInZhbHVlIjoiRDZjZHBzcCtlRjBcL3FmYW5Ha2llNHFDelltRkJXWUlKZWdPTUNDT2J1SFE9IiwibWFjIjoiYjljNGE2NDI4NzM1MmI3YjZkYTZkNzI2YTZkODQxN2Q0MDA1Yjc1NmE2OTk2YmE2ZmQxOGU2ZmQyOTlkY2FlYiJ9; 1ca6bb225c5e1f6c13487ea2b47a8e2ed8bb849e=eyJpdiI6IjFDaXlzamJ3em0yV2FLYWR5NHFuNmZYam85bGdUVjJORlFwdE1XQVhxVmc9IiwidmFsdWUiOiI5dXpQWDdrTUhkNmFXVXpTWm9KMFZuOVJnWUJETHVkeHlpdHg0bFwvaG5IdThrYXRkSDlPZzVPUk1pYndOV2hubXMyWjhuU0huSzVcLzVBWXFIcnpud0JvVlJ5YWx1dW81WTBhdTlaNWZ5VTNFWjJCMk5maEwxUUNRYU9nVXFjejJubitwajI5NjR2bXBiWTRDWW9zQXFBeVFPeVR4NDY0T0FOekVQVUNyVFhvdDJoMks2MmV2WHErcDVcL242TENFTEJQZzV5dHk1M2R4T1R6V096VCtTWk1od0xjZ0RvOTJXdk1UM2NDUkZkM0tVcU1PdVNlbHBEbUxwS3NCa2xXVVR1RDRQSlFjOU9XVjJQSzZrTXo3OXRsZTdcL3ljUFd2bGoxUm5QQmRTSkFUS1dva3d2cWt4eFBUQlhGOFhjOHVkVXpkc2gxdEV5NTdyN0E4UVlzaGxGUUhtMDd2bVhuRHZuRDlDQVZmdGZPVzlua1ZXSm1uM0xQcVA2c0p4K3NvTWNXIiwibWFjIjoiNzg0NjllOWRkMDczMzY3MzE2ODQ0OTk3ZTdjMzc2ODU1OTcwNDY2ZGRhYjljZWMyNWE2NTY0NDEzMDU4MDhiNCJ9; __cf_bm=FDEW4pNhThJfmFXMU2mFQq.ouiqTiYu_S9GgfwrvFvA-1668749899-0-AbarI/vEwkdkjT93hsO9l7KtO5yLzNoNDVubO1RTWQySGJEJ4dU9VXOFIyYoWN+VJCHXMlWBb4wRuTVbSd+jNZk=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:19 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 18:10:02 GMT
etag: W/"6373d5fa-4d7"
vary: Accept-Encoding
server: cloudflare
cf-ray: 76be5bf82b20b505-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sun, 20 Nov 2022 05:38:19 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Questrial
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Questrial
IP
GET /css?family=Questrial HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 05:38:19 GMT
date: Fri, 18 Nov 2022 05:38:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
200 OK 0 B URL HTTP/2 c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
IP
GET /bao-csm/aps-comm/aps_csm.js HTTP/1.1
Host: c.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ouo.press
Connection: keep-alive
Referer: https://ouo.press/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 18 Nov 2022 03:05:20 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Fri, 18 Nov 2022 03:05:15 GMT
etag: W/"a4d296427fc806b21335359e398c025c"
cache-control: public, max-age=86400
x-amz-version-id: vkCJAv2LVCiDvkjoOZrS5s9fefeFFUOq
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9OfnO5_hNtzu6rEnfPDxICNLcBD05njYqO-374TQ-qNAQzaEag2stg==
age: 9182
X-Firefox-Spdy: h2
s.marketperf.com/f/foo/f.js?301
200 OK 0 B URL HTTP/2 s.marketperf.com/f/foo/f.js?301
IP
GET /f/foo/f.js?301 HTTP/1.1
Host: s.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 12:33:30 GMT
x-amz-version-id: NlZ4E7GQelTKoKh.R6Xir.JBfkdku7CY
server: AmazonS3
content-encoding: gzip
date: Sat, 12 Nov 2022 04:42:56 GMT
etag: W/"7f3ec1ca5057e1271093922c1c005c0c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HVe9Zjz3dmQM8SlJU7k8y4gZPvuClSHYx-jjyu2DEJ5eNOHlEttLNA==
age: 521867
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=ouo.press
IP
GET /syncframe?origin=publishertag&topUrl=ouo.press HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 18 Nov 2022 05:38:23 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=19d4e17b-043e-4156-93b1-a7cf9d7d7228; expires=Wed, 13 Dec 2023 05:38:22 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 943055
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
e1.marketperf.com/c/jg3jngy2e5lqioh/suv/4109/fa69552caf3d579b46e7698d9fc39637
200 OK 0 B URL HTTP/2 e1.marketperf.com/c/jg3jngy2e5lqioh/suv/4109/fa69552caf3d579b46e7698d9fc39637
IP
GET /c/jg3jngy2e5lqioh/suv/4109/fa69552caf3d579b46e7698d9fc39637 HTTP/1.1
Host: e1.marketperf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ouo.press/
Cookie: ui=16372afd5ee8c7455051903; ue=163771a4dd0091971133563
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 05:38:27 GMT
content-type: image/gif
p3p: policyref="https://www.marketperf.com/p3p.xml", CP="NOI DEVa TAIa OUR BUS UNI"
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
104.22.22.162
54.230.111.73
178.250.0.165
3.122.15.98
2.23.134.137
213.19.162.90
213.19.162.21
23.38.200.189
67.220.228.202
104.18.24.173
172.104.121.22