firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 21:08:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: I4dTjXfHbKYJvYhYMv5GnT-UVzrfaiy23Ov-kcGnGssPgdElmSC1iQ==
Age: 548
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yBf-CE4lH0GdTueAgIvQ3drTEdv7_Q5V5OWLCAvEHlmcAGgI98wXoQ==
age: 50417
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12652
Expires: Tue, 13 Sep 2022 00:48:21 GMT
Date: Mon, 12 Sep 2022 21:17:29 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:29 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0fbcff2681baff1d306af21f18a19594
84b5167814adc4b51d9f5c0957efa6f10cbd2f4a
5738043dd3c3ba5692cc848fc890aca62a78366e4e77bf9ac1636eaea1dabc95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5738043DD3C3BA5692CC848FC890ACA62A78366E4E77BF9AC1636EAEA1DABC95"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13638
Expires: Tue, 13 Sep 2022 01:04:48 GMT
Date: Mon, 12 Sep 2022 21:17:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0fbcff2681baff1d306af21f18a19594
84b5167814adc4b51d9f5c0957efa6f10cbd2f4a
5738043dd3c3ba5692cc848fc890aca62a78366e4e77bf9ac1636eaea1dabc95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5738043DD3C3BA5692CC848FC890ACA62A78366E4E77BF9AC1636EAEA1DABC95"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13638
Expires: Tue, 13 Sep 2022 01:04:48 GMT
Date: Mon, 12 Sep 2022 21:17:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 20:56:07 GMT
Expires: Mon, 12 Sep 2022 21:36:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rTG84oH4jR6nnLnV6sNZeXdJnrqgS3tejN3y0y4ZY7bWjRQp-Y8jqw==
Age: 1283
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3648
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:30 GMT
Last-Modified: Mon, 12 Sep 2022 20:16:43 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.58.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.58.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AiD3HhH44wyCB8cH4sxfRA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Lr2z+xtX9VWeb34rRg+5SQje0/8=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5666a2bc1ab1ef84b2cd18d0cb730a07
fb131afcdb3c8825485848a0e0dc3389fa20c504
3f6ddf6b97b056686f2624b96e8982d80daf90919b39921fe180f23b7f459a8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F6DDF6B97B056686F2624B96E8982D80DAF90919B39921FE180F23B7F459A8C"
Last-Modified: Mon, 12 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=958
Expires: Mon, 12 Sep 2022 21:33:28 GMT
Date: Mon, 12 Sep 2022 21:17:30 GMT
Connection: keep-alive
ad.sitemaji.com/ysm_reurl.js
35.186.215.140200 OK 5.9 kB URL HTTP/2 ad.sitemaji.com/ysm_reurl.js
IP 35.186.215.140:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (17511), with no line terminators
Hash 779efdbd5582d597c74bc312123d3583
45140afb1e0536578577db2f890ba0f061644742
e03139efccb95e61153de5280e3ce8a11147dc6be20657c906e76eca0278d9c1
GET /ysm_reurl.js HTTP/1.1
Host: ad.sitemaji.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.12.1 (Ubuntu)
vary: Accept-Encoding, Accept-Encoding
content-encoding: br
via: 1.1 google
content-length: 5880
date: Mon, 12 Sep 2022 05:19:07 GMT
expires: Tue, 13 Sep 2022 05:19:07 GMT
cache-control: max-age=86400,public
age: 57503
last-modified: Thu, 20 Jun 2019 08:55:05 GMT
etag: W/"5d0b49e9-4488"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
151.101.85.229200 OK 32 kB URL HTTP/2 cdn.jsdelivr.net/npm/vue@2.5.16/dist/vue.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65449)
Hash a262d6de4f7f5f79c31cef7787a35a8c
6a16edde3116cad866736e9fc20443edceaa1cba
92dcfacfb59287c2f9de9c69f78ae96bb3bd8a8c5a20b4e577db40bdc8fe06c1
GET /npm/vue@2.5.16/dist/vue.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.5.16
x-jsd-version-type: version
etag: W/"151b4-KLsckeN7U/TrtIzkgtzLJAAD4Hg"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:17:30 GMT
age: 4219247
x-served-by: cache-fra19164-FRA, cache-bma1656-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31634
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5666a2bc1ab1ef84b2cd18d0cb730a07
fb131afcdb3c8825485848a0e0dc3389fa20c504
3f6ddf6b97b056686f2624b96e8982d80daf90919b39921fe180f23b7f459a8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F6DDF6B97B056686F2624B96E8982D80DAF90919B39921FE180F23B7F459A8C"
Last-Modified: Mon, 12 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=958
Expires: Mon, 12 Sep 2022 21:33:28 GMT
Date: Mon, 12 Sep 2022 21:17:30 GMT
Connection: keep-alive
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
151.101.85.229200 OK 23 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65324)
Hash 5f830a7943bb09d9f6832866f38f12bc
35ed4aca72bd95f7730260858ca62bd76ca8e40a
cbf083212e165469984201c0e0bc3420de20a1857646858c947a53dfc2e2f383
GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: gzip
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:17:30 GMT
age: 6030852
x-served-by: cache-fra19170-FRA, cache-bma1656-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23235
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 0dffedee9ae2796a013d1734023ff207
af7fb96ca034538dbfdd5ff8e28399178e7feb2d
282aa6e08f3054f71b5569c4efdd0b3a0afe63be0fad050fdcab0b710f61606e
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 21:17:30 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "FE4C551A25B151C10C6DB1FD501EF0DCE5074926"
Expires: Tue, 13 Sep 2022 08:00:00 GMT
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3110
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749bab9b5ba20b69-OSL
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f110882a8dbf38ab4a4a051bfeab5650
380e89a87f8ae33f0f0c6c802f32cc247f817d75
355421129539f389b6e0a1db74cc507606e299167053e1cf65dea351763e6ce6
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 12 Sep 2022 21:17:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 12 Sep 2022 20:02:20 GMT
Expires: Tue, 13 Sep 2022 20:02:20 GMT
ETag: "380e89a87f8ae33f0f0c6c802f32cc247f817d75"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.holmesmind.com/js/init.js
54.230.111.19200 OK 6.6 kB URL HTTP/2 cdn.holmesmind.com/js/init.js
IP 54.230.111.19:0
File type ASCII text, with very long lines (4994), with CRLF line terminators
Hash 439e160b698f1ec2efb45c3b6cd6b265
7beee754ce93e58b7f321ff7b8b85c2ffda42a64
fb51fa018c951108a66acf0730199d329d887872947eb3940088ef734f026818
GET /js/init.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 6552
last-modified: Fri, 04 Mar 2022 10:10:49 GMT
x-amz-version-id: UdwMmUAM2dmZqopCO7YOeMhqjXQRxqvB
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:30 GMT
etag: "439e160b698f1ec2efb45c3b6cd6b265"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -LI-CPOFF99AEV6NMPWGl8vAcJi2_KfTfNCzEb3S29UpOJNAvRycBg==
age: 54
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2645
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:30 GMT
Last-Modified: Mon, 12 Sep 2022 20:33:25 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
cdn.holmesmind.com/js/capmapping.htm
54.230.111.19200 OK 4.7 kB URL HTTP/2 cdn.holmesmind.com/js/capmapping.htm
IP 54.230.111.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- C source text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (437), with CRLF line terminators
Hash c36f5eb091d6195fe8b68f3b263f999b
43c4760cb0bb957ffed4fb754c4eaaa247b734c5
cc37fba2e98f49c4d9551f72176d3aff72eacd798e5e85436837847e6b967c36
GET /js/capmapping.htm HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 4730
last-modified: Mon, 22 Aug 2022 03:00:17 GMT
x-amz-version-id: 9jVaRQ2pP3sbT47ouwg8zArcPp2ddVmt
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "c36f5eb091d6195fe8b68f3b263f999b"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _jahucLym6CJjSvgjCYkO5Ur0gxgGbvkGMPemG54HoPwhhdeGEdGGA==
age: 3
X-Firefox-Spdy: h2
reurl.cc/javascripts/renews.js
35.185.130.121200 OK 1.0 kB URL HTTP/2 reurl.cc/javascripts/renews.js
IP 35.185.130.121:0
Hash 843c439df4028bed3612a7c9cc158eb5
72cceff960baf169d05e08c7bfaee31301425c97
bf41106c201a06b530cd46cae5a915a966ab5c968a276b4f4031bc602c4de854
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/renews.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/mojR2W
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: application/javascript
last-modified: Thu, 05 May 2022 00:38:33 GMT
vary: Accept-Encoding
etag: W/"62731c89-2ba"
expires: Tue, 12 Sep 2023 21:17:30 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/presetfn.js
54.230.111.19200 OK 9.5 kB URL HTTP/2 cdn.holmesmind.com/js/presetfn.js
IP 54.230.111.19:0
File type C source, ASCII text, with CRLF line terminators
Hash ddf163a3d8381378b3e35e39339ad7ab
e6b5dd8946944429e87ac058cd6f025586b812ad
83a37c9bbe8dae0a71e95a0e6401bd5d9576a2b0e35295e640c2d807f9b4424e
GET /js/presetfn.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 9530
last-modified: Mon, 22 Aug 2022 03:00:16 GMT
x-amz-version-id: QFAcVwN57aO_RWKPah9bVgfaw1eby0J0
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "ddf163a3d8381378b3e35e39339ad7ab"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hhThl5SdyribGBC7ICRFrRYxzIAEapLazO0MfGV09ZsQpIAXcPqraA==
age: 54
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2646
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Last-Modified: Mon, 12 Sep 2022 20:33:25 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash d4ee2333b383e0689288f0d996221a38
56356eae6de852e4ad0aea8a09b7a51796c3c4f3
833319d50bd654c8bafbb273dee248d356f17befc4ba072048115709fafe24c0
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/jvLHw-JmSOd.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 4.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/jvLHw-JmSOd.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type assembler source, ASCII text, with very long lines (2642)
Hash d28393d2839f089b584f62a931d65552
1e8d3e17738673040c305ba4b0bc4d3260b3d7d9
0609599ec56496f96676b871dede4c00e48a41bae6ac2119cd9cf7123f61521b
GET /rsrc.php/v3/yt/l/0,cross/jvLHw-JmSOd.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 17:41:45 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0oOT0oOfCJtYT2KpMdZVUg==
x-fb-debug: tmXfkTc+o3WMg5IeplxJ8rDxRmKJD9s5ICtf2rlDLCfT6QNcyVpsAqxGkK5N/o3CqLwCWWgnDLrJtNwXlZWGeQ==
priority: u=3,i
content-length: 4768
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yY/l/en_US/aNjKFj6YixL.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 8.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yY/l/en_US/aNjKFj6YixL.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (2905)
Hash a7e668c44c1c44a7eb82bf24800ff5e9
6f2393e5cf5ef26d6a6d661b7856ffcd273a63a6
ad110540fa27e40a9cf3de4aa42ca9632f03a622b73fe41b19f633fe81d6eaea
GET /rsrc.php/v3iLl54/yY/l/en_US/aNjKFj6YixL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Sep 2023 04:01:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: p+ZoxEwcRKfrgr8kgA/16Q==
x-fb-debug: OXe2utu+T2tst3AhpXTyKaLDMHMngJlMYkXFjBOu0Eu8t+yvQTVlWrsPa4W6ugyVtyAm258OFEt+G6g/fYh6oQ==
content-length: 8358
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yx/r/9QJEUDJuAYR.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yx/r/9QJEUDJuAYR.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (7299)
Hash 1626e8e828598e06ccd0c47e55b42304
af5c62af35bf22b593fdbe758a2feea6bc1b057f
3798dbb7df2694a222f65f4cadc92e6d133fc8f5fc2b00f326df521cd0c24b25
GET /rsrc.php/v3/yx/r/9QJEUDJuAYR.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Sep 2023 23:17:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Fibo6ChZjgbM0MR+VbQjBA==
x-fb-debug: WZ717luA04eC0w9/UftRjzgVoR53s4cLWDM5YQJJl1SlHzDZq1EPRlrPMKpwUP59alRadSFaFlKs2dUrV42AgQ==
priority: u=3,i
content-length: 15844
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 338 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (327)
Hash 76f593e842677f73cd0a06232874b2c3
25a13f79478d5a0e286a2299dca2f3b296463079
74dcbe026002f10b703960a500b50dabe518862e568a9e689dec7afa243fa44d
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 03:40:09 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dvWT6EJnf3PNCgYjKHSyww==
x-fb-debug: yvcHQcHgQfrcN31QwueWw7eqsNpNbWtAvIIpRMNbc1EWD9EWLcTQ586PSUdvC7roJbEBWK8NJm/xMHyMmQTyNw==
content-length: 338
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reurl.cc/javascripts/ga2.js?v=2
35.185.130.121200 OK 2.0 kB URL HTTP/2 reurl.cc/javascripts/ga2.js?v=2
IP 35.185.130.121:0
Hash 47d38631cd325ad6d7eed88d091ea69e
1f8ac4cd308a5126739477e4aee6b99fee0d5a71
d35867973df909f8ebac94ed1c029a07a6c63d1878b0c35a50864a6e7419a7f7
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/ga2.js?v=2 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/mojR2W
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: application/javascript
last-modified: Thu, 24 Mar 2022 12:16:16 GMT
vary: Accept-Encoding
etag: W/"623c6110-26a"
expires: Tue, 12 Sep 2023 21:17:30 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
fcm.holmesmind.com/cm.php
34.95.67.231200 OK 39 B URL HTTP/2 fcm.holmesmind.com/cm.php
IP 34.95.67.231:0
File type ASCII text, with CRLF line terminators
Hash 2afda5648cd11a22963068421300e1cd
ae0abdd7ec4b438fb61a12c59c04b31045b9a674
d51ae4a1096fac36fe9055d5c3f4daa85de0120b567636c89327b544a2a6a795
GET /cm.php HTTP/1.1
Host: fcm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:31 GMT
server: Apache/2.4.29 (Ubuntu)
content-length: 39
content-type: text/html; charset=UTF-8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y9/r/JGf8H9KH1mW.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 9.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y9/r/JGf8H9KH1mW.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (9886)
Hash 12ee8cecac4344f91112c41bde25523c
ac8ea8f8b40bbaf2cf932ffdf67abb8b14d7ce0d
0558ee7b9742c0bdede937d19d585eec41b4011b9989f47264464eecb46caaa2
GET /rsrc.php/v3/y9/r/JGf8H9KH1mW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 01:41:21 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Eu6M7KxDRPkREsQb3iVSPA==
x-fb-debug: mW89nwJcufv+cLN1k3e/fHvPIMYAiy1kKhinQ/UNsGjhKy3/LlF4QLMGhKDpLF+3Nki6+I71MVUxkm/yZkqV2g==
content-length: 9040
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yp/l/en_US/oRoYJ5VcosS.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yp/l/en_US/oRoYJ5VcosS.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (41977)
Hash 3ce46348c6edab150e0c6f8ce7cd0a0d
6aea70ed9afc6f514f89c0bca5a99f04c331bc24
8ac7aadd7e52746a466b2721699b1430ab4360c52d4c73dab9f51a849b73857d
GET /rsrc.php/v3iEpO4/yp/l/en_US/oRoYJ5VcosS.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 01:41:57 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: PORjSMbtqxUODG+M580KDQ==
x-fb-debug: NJQ12ZDBP34ZnXN4ZFSYVG844c14KE5zOeWLLhrmdptBmTh0Wtnh6A7qedPmNfkMESEwQvbFqZOlH0WpxqwSvQ==
priority: u=3,i
content-length: 23301
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4061)
Hash d1ba68f146b01f4aef60d79aadb926ea
c6b4703c25d07fd2363e5d67d11e4846d9979b26
abbff04acf96f39a3121ed97505b5a23cbeee9057dd7040c58c4e423c899805d
GET /rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 03:18:20 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0bpo8UawH0rvYNearbkm6g==
x-fb-debug: AxuBRMeecTqjG7KRWPqbLid14yKdY3m8h2KqMlAi9Ts8Zer7pJ2yodNVaiI5ulOtBZKd+VnBPzEaOc8SX9rrgg==
content-length: 7236
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3ivrH4/yw/l/en_US/o1QAsAant_m.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 79 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ivrH4/yw/l/en_US/o1QAsAant_m.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (5723)
Hash d5e9beb315962f06ec42b8f2c2a63767
d79a44fa24b6f89e9c7b240c64cd18411c20271a
f67596ddda75feef0aef68a7542bf82a520903af971a4861f4d8140bf3104946
GET /rsrc.php/v3ivrH4/yw/l/en_US/o1QAsAant_m.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Sep 2023 23:13:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1em+sxWWLwbsQrjywqY3Zw==
x-fb-debug: fE16cNq4J4W6g+avG+uO7RXyvG6jDRhbQG5V2WN4l8sfhoClAgeaXT/uGvXXoUtk34FShEwi6GXBvSS3dH80Xg==
priority: u=3,i
content-length: 79348
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yW/r/Q803oB3qh7E.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yW/r/Q803oB3qh7E.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (10494)
Hash 5147a91026eb0a41141218ad62e2e72a
8cec73d57cd4fb37077c129be8fa3ad6fddeefc3
a22d9bc10f94a9077dcb281484bb35f938b60013387898c4ca917c1cb8f991ec
GET /rsrc.php/v3/yW/r/Q803oB3qh7E.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 07:09:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: UUepECbrCkEUEhitYuLnKg==
x-fb-debug: 5UUZUVEhXQiT4etL4yLwVMHik/LD4dp0pF5dgGDLUnBGtY4rMTjRuuIEmM8N+cXNGNhglZDseT1ewLy5patwYg==
content-length: 5331
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.xx.fbcdn.net/rsrc.php/v3/yb/r/CM4pPfgsoPb.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.8 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yb/r/CM4pPfgsoPb.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4488)
Hash 1093853a8647894408c62b37af809ea8
91fb699bbbff886ec3b5b47f235aa8f4957bb66f
42ad8fb19f728df806e85986bd629256a2ebe94f795d87fa0e27d4c72017b29a
GET /rsrc.php/v3/yb/r/CM4pPfgsoPb.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 07:14:38 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: EJOFOoZHiUQIxis3r4CeqA==
x-fb-debug: 7f6cJj8w8IjKLGO/3BeKTXtG7NRnTfPp6Hd6xQ3oQljWgS12BOWvirePUhu08kglDLGr1NJTPVFzTOJSOMdXiQ==
priority: u=3,i
content-length: 5810
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yV/r/vHZyEidsmJa.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/vHZyEidsmJa.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (4651)
Hash a5a41590da4dfacf01a0c8445ab7e8b1
b15fcae1815ede96b5e46c7313931055d256187c
1daa60c671f0f35b2a41daa185b60d608403caed1fe6da1d7facabc3d69b9ae0
GET /rsrc.php/v3/yV/r/vHZyEidsmJa.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Sep 2023 04:03:13 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: paQVkNpN+s8BoMhEWrfosQ==
x-fb-debug: 6offnT5fNruR9rMdTqQIJKJ2gR/ns/s+OrbWA/6tpc1eANDjigW2di/nBIcDte1NVZDeHtvl6x9fPD8+CjE4NA==
priority: u=3,i
content-length: 5394
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yP/r/kvH7QRNL-C1.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 19 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yP/r/kvH7QRNL-C1.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8608)
Hash 5ce71316c8336a7db4d77fb2ff723693
5d543fd79f859d45e15bc863e95a7d9355cc459b
b40e6e32e61b42aa69e55c8c56e2a29858061975722f46d0d34e31b148c14a6a
GET /rsrc.php/v3/yP/r/kvH7QRNL-C1.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 03:49:37 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: XOcTFsgzan2013+y/3I2kw==
x-fb-debug: vIvCEs337AFQRGfY4L+qX3a54Ahw3oQCnC6sguC3M1en2vXLEL3yjIyj3aT9pI0mT3ZhbWunKlqDVcqBuneH5g==
content-length: 19326
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 12 Sep 2022 20:41:12 GMT
expires: Mon, 12 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 2179
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yC/r/fOy6kfPoV9H.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yC/r/fOy6kfPoV9H.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (5068)
Hash b23ec6167478383619b7619db226b8ed
97dacb39bc8187bfc43619928a05f5b3176631ad
0ab855b38c290961241a9aa20debfe612f54c2daaf33539d320356b2f976ecc8
GET /rsrc.php/v3/yC/r/fOy6kfPoV9H.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 01:32:23 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: sj7GFnR4ODYZt2Gdsia47Q==
x-fb-debug: Hg/miwZqB0wfP29/zpkwxRH8B3+iYa25OIHYUiQ4FWwAADpziEkj8DAqIUrqd4onQ+ESG2wxwdj0PTZsNvW/9Q==
content-length: 47873
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3izWV4/yr/l/en_US/t58F3nlrrCG.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 57 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3izWV4/yr/l/en_US/t58F3nlrrCG.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (10798)
Hash 20bcfdc9270347d828e707fb77bad8f7
b7aa2bc503f8eb432dddefbeb69df1941b68bacf
f3b4bfc4735bfe737b670c1b049ec997af4f1d3aad64f49606ac46daee991ff4
GET /rsrc.php/v3izWV4/yr/l/en_US/t58F3nlrrCG.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 10 Sep 2023 02:09:21 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ILz9yScDR9go5wf7d7rY9w==
x-fb-debug: b/01ZLEKJHeP/vFYoG5d2K3h3G4TrjPD3pBbeyYtMRb7OeSLarS9hFTliUMNnbBjul3y3vku4NdK04wPeYZj4A==
priority: u=3,i
content-length: 57286
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f110882a8dbf38ab4a4a051bfeab5650
380e89a87f8ae33f0f0c6c802f32cc247f817d75
355421129539f389b6e0a1db74cc507606e299167053e1cf65dea351763e6ce6
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 12 Sep 2022 21:17:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 12 Sep 2022 20:02:20 GMT
Expires: Tue, 13 Sep 2022 20:02:20 GMT
ETag: "380e89a87f8ae33f0f0c6c802f32cc247f817d75"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
static.xx.fbcdn.net/rsrc.php/v3/yX/l/0,cross/WmJr1_luoTx.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yX/l/0,cross/WmJr1_luoTx.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4093)
Hash 53d721865684811f74e6287d461271da
b8ea226e9f320b4a3f57fb9618b905322962ff11
e5c8dd9b49d068bf6f08d3ca93a0bb2d31c6fd1067c3f878a630aa1f36abeaaf
GET /rsrc.php/v3/yX/l/0,cross/WmJr1_luoTx.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 17:30:34 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: U9chhlaEgR905ih9RhJx2g==
x-fb-debug: inN9XQjNgp8zj0IFRbOGpfcHjM5sOVIZOocFNRFjVooWp/Xg5N6OD5oyrgBVfNCcvtq+EyNfyZa+Eb7YJUyN5g==
content-length: 5342
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/B1uJspt3YmL.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/B1uJspt3YmL.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8976)
Hash a17936001a3fcc817ffa1c6df206eac8
ebb66038500ec362342b19973ce4f5447ebadc3f
697f400d519a86e1b35d7f8a9e15ae2507d2f97f993f86fffa81d01660224ed0
GET /rsrc.php/v3/yg/l/0,cross/B1uJspt3YmL.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 03:47:18 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: oXk2ABo/zIF/+hxt8gbqyA==
x-fb-debug: +T71azZPDg4R061rmc15p9rS2Aj8ZM0oSfp+7W1rTfMlDeI7GIYKNrdKjJtId6+jALzodd8VOVK8BkLVDePLDw==
priority: u=2
content-length: 6351
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
storage.re-news.tw/feeds
35.244.196.223200 OK 5.2 kB IP 35.244.196.223:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3924), with no line terminators
Hash e2f53e63b45adbc2ea16c926c498107c
95758ab1baa3a4b5c8f6f1e427ae119506f9418a
44b8c00472fb47bcd095e7a55d2ad058738e79a6b8438e3e61562ea25d89a07d
GET /feeds HTTP/1.1
Host: storage.re-news.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: https://reurl.cc
vary: Origin
content-type: text/html; charset=utf-8
content-length: 5205
etag: W/"1455-lXWKsbqjpLXI9vHkJ64RlQb5QYo"
date: Mon, 12 Sep 2022 21:17:31 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yN/r/mXu1RunczE9.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yN/r/mXu1RunczE9.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (5261)
Hash 6059f2908fc78af36d89f372311116ef
431905421a858f26f5624203b0ecae7b6d8c6c42
33ba2a807c3a7a85d489d24e1a843c4361a791492fdbe68e471d2064155467f0
GET /rsrc.php/v3/yN/r/mXu1RunczE9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 01:40:11 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: YFnykI/HivNtifNyMREW7w==
x-fb-debug: XY7hTNsHQVg4WmMiknDOY8p46PgjKqNyZr0zZFrXIZVUMCXxYI04B1QnT9wGtBq3l2Kcary5RdcB8gguz65EjQ==
content-length: 12179
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 01:37:14 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: J76KZ7MIaG1WhOgdxMnU+bXxxoWUIgiX37FVFVHDsWMFmgPYtTQyiboxzc18qJkuGokCNkxSoV3uy6uswzXmPQ==
content-length: 827
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash f110882a8dbf38ab4a4a051bfeab5650
380e89a87f8ae33f0f0c6c802f32cc247f817d75
355421129539f389b6e0a1db74cc507606e299167053e1cf65dea351763e6ce6
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 12 Sep 2022 21:17:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 12 Sep 2022 20:02:20 GMT
Expires: Tue, 13 Sep 2022 20:02:20 GMT
ETag: "380e89a87f8ae33f0f0c6c802f32cc247f817d75"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j96&a=447249591&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=pause&ea=3&el=OTEuOTAuNDIuMTU0&ev=1&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&z=548657607
142.250.74.174200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j96&a=447249591&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=pause&ea=3&el=OTEuOTAuNDIuMTU0&ev=1&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&z=548657607
IP 142.250.74.174:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j96&a=447249591&t=event&_s=2&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=pause&ea=3&el=OTEuOTAuNDIuMTU0&ev=1&_u=AACAAEABAAAAAC~&jid=&gjid=&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&z=548657607 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Mon, 12 Sep 2022 18:15:44 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 10907
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j96&a=447249591&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=AACAAEABAAAAAC~&jid=1722868145&gjid=901511073&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&_r=1&_slc=1&z=1566044704
142.250.74.174200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j96&a=447249591&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=AACAAEABAAAAAC~&jid=1722868145&gjid=901511073&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&_r=1&_slc=1&z=1566044704
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j96&a=447249591&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FmojR2W&ul=en-us&de=UTF-8&dt=Login%20%E2%80%A2%20Instagram&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=AACAAEABAAAAAC~&jid=1722868145&gjid=901511073&cid=86031120.1663000102&tid=UA-102456694-1&_gid=1586006921.1663000102&_r=1&_slc=1&z=1566044704 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
date: Mon, 12 Sep 2022 21:17:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/RZskz7bw87Y
IP 142.250.74.3:0
Hash d4ee2333b383e0689288f0d996221a38
56356eae6de852e4ad0aea8a09b7a51796c3c4f3
833319d50bd654c8bafbb273dee248d356f17befc4ba072048115709fafe24c0
POST /s/gts1d4/RZskz7bw87Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.scupio.com/js/config/17229.json?v=1.0.3839
143.204.55.4200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17229.json?v=1.0.3839
IP 143.204.55.4:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash 5547f980647b543b5a1ab98b2a4eae5f
d48f831eedb7a02660fd6ce4674db074ad6a0cd9
50eb1e5c2be80356acc21582b3235b20617eede7af537aa17266426521d356c3
GET /js/config/17229.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Mon, 12 Sep 2022 02:20:54 GMT
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:15:55 GMT
expires: Tue, 13 Sep 2022 00:15:55 GMT
cache-control: max-age=10800
etag: "631e9786-1cd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WQYDcat_jsfLP9Mj5j2kRnkhab8w-QHCZSFwkQQXvoMe5UDpJsrk_A==
age: 96
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/rtbhouseV2.js
54.230.111.19200 OK 2.8 kB URL HTTP/2 cdn.holmesmind.com/js/rtbhouseV2.js
IP 54.230.111.19:0
File type ASCII text, with CRLF line terminators
Hash 6a605eea47197fa280f27aaf1fa1521d
98323891b349b333d5aef521c4d33e1b8455e4fb
d5ae5049686cf9a5ef6e9ceeae1c67619f218fd1694d39648b13607db871a3bc
GET /js/rtbhouseV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2773
last-modified: Tue, 04 Aug 2020 09:25:10 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "6a605eea47197fa280f27aaf1fa1521d"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: x3UpAobi2resU3JYcYV1-DR3TubCDq8jKY8bzStzlZy9f3DKHqAQ4Q==
age: 7
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13848
143.204.55.73200 OK 2.8 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13848
IP 143.204.55.73:0
Hash 9df8776cafee0820ecccb4568cfd39d9
47c3b3c9536e634b7a62b5e39dafd64b2ca84cfa
ec95b73f4a4f46fa1e4a23216c5f5ccce96f2099394d466ee07a57b3e18dc0ed
GET /adserver/Preset.js?z=13848 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 21:17:31 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ATfFBkVKEVol3A1qnHta62HhBB19svKo7ZQrAZ2hQ2Mmuwx6QmLa2g==
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/bridgewellV3.js
54.230.111.19200 OK 4.5 kB URL HTTP/2 cdn.holmesmind.com/js/bridgewellV3.js
IP 54.230.111.19:0
File type ASCII text, with CRLF line terminators
Hash c3b948e5a48dd0ec20c265d6d8da7add
9fcd995d80439c19a6f8202a181143167e709685
c03c604cd89b4ab78da516a6271fbc1b4027e9d232ee55e09e0f43e49e2c169b
GET /js/bridgewellV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 4530
last-modified: Tue, 20 Apr 2021 06:25:23 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "c3b948e5a48dd0ec20c265d6d8da7add"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bsF1lJPaYKPTA7tH4VDniE97_znEJsOIVBFpoxD4v_aNE2sMaxbMuQ==
age: 7
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appierV2.js
54.230.111.19200 OK 3.2 kB URL HTTP/2 cdn.holmesmind.com/js/appierV2.js
IP 54.230.111.19:0
File type ASCII text, with very long lines (3177), with no line terminators
Hash 548ed610a8571343fb3022f543174735
2e9d891cd6e9345ab1b6489030b4a1ccff1c4e54
8d0f249f244376cc817d2c8ddd435cf01b4ecbeca604946c5ae81ef0c8bb5834
GET /js/appierV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 3177
last-modified: Thu, 11 Mar 2021 07:54:26 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "548ed610a8571343fb3022f543174735"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6zgLiSnqdWjQFpKbt5FaaUVIHox5EM8e9M2BgmiZHhIbE89cPUBnGA==
age: 16
X-Firefox-Spdy: h2
cdn.holmesmind.com/js/appier_mainV3.js
54.230.111.19200 OK 2.6 kB URL HTTP/2 cdn.holmesmind.com/js/appier_mainV3.js
IP 54.230.111.19:0
File type ASCII text, with very long lines (2568), with no line terminators
Hash adc35fd9401ac04bdb2a47c466e46174
37d2755c5d447fd290d0d2b391f0222138d536e3
d541f77dd45df41c827a1c2b2899696c336c7bb3a1a06422d66ca4f37454258e
GET /js/appier_mainV3.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 2568
last-modified: Fri, 15 Oct 2021 07:41:44 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:31 GMT
etag: "adc35fd9401ac04bdb2a47c466e46174"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PfAsfD1NOdobFjV9kk_2aVEriB8BJJNaq9O9H5gvv5q-GaqH24dEdw==
age: 7
X-Firefox-Spdy: h2
geo.yahoo.com/b?t=xhkd7&9sdk8454
188.125.72.139200 OK 43 B URL HTTP/2 geo.yahoo.com/b?t=xhkd7&9sdk8454
IP 188.125.72.139:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /b?t=xhkd7&9sdk8454 HTTP/1.1
Host: geo.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:31 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
pragma: no-cache
content-length: 43
content-type: image/gif
x-envoy-upstream-service-time: 0
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
142.250.74.42200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32077)
Hash fd2b58574f9637ba7ef639267349d848
6eda5ea93f549ceb5693f6f1c038893fa56a510d
75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 02:16:32 GMT
expires: Mon, 11 Sep 2023 02:16:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 154859
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img.scupio.com/js/ad.js
143.204.55.4200 OK 24 kB IP 143.204.55.4:0
Hash 4e406bcda78eec4671dcc1b118f8eb2d
9add8cef3707f4bbd319a415a04bdf96a802f1a2
679d8738335af8a362b29fefddf340fc372d642d215ace9fb21d8358b31e0d31
GET /js/ad.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 30 Aug 2022 01:25:49 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 21:17:31 GMT
expires: Mon, 12 Sep 2022 21:32:07 GMT
cache-control: max-age=900
etag: W/"630d671d-12f90"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LVuhGYkgkKJBEE8IWSwnjmv8ugntBpV3cqO8g6pRS9S2zAACB-rxCg==
age: 24
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FmojR2W&caps=16&cb=jsonpCallback0
87.248.100.137200 OK 13 kB URL HTTP/2 ads.yap.yahoo.com/nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FmojR2W&caps=16&cb=jsonpCallback0
IP 87.248.100.137:0
ASN #34010 Yahoo! UK Services Limited
Hash 10cb72c5f1581b609cc29fdecef82653
ed58ddac54ea1b4fbb1dddb94424c47a0cbce5c9
0cef00ebf40846f018b3f4a4c771fdc93cbd15a13168e1bd06f9b19540ffefd5
GET /nosdk/wj/v1/getAds.do?locale=en_US&agentVersion=205&adTrackingEnabled=true&adUnitCode=64d289b9-de9a-443b-a2c0-d45680807e46&apiKey=M2G62KV2NBNXKBPVHWQN&usp=&gdpr=&euconsent=&publisherUrl=https%3A%2F%2Freurl.cc%2FmojR2W&caps=16&cb=jsonpCallback0 HTTP/1.1
Host: ads.yap.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding, User-Agent
content-encoding: gzip
x-envoy-upstream-service-time: 13
x-request-id: 9df13dc5-2d57-405d-b409-b4b7cb548e99
strict-transport-security: max-age=15552000
referrer-policy: no-referrer-when-downgrade
date: Mon, 12 Sep 2022 21:17:31 GMT
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13949
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 21:17:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13948
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13948
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13948
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jGj2al3pBpze7UQnHild4DxKndrprY4pTG_EZScw2RukQlgFEvNMkw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:18:04 GMT
age: 50368
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2jR7F56GE_qqbRBWjNDiDBgWbCYv-Ac6kvC1LI0HciQkKGTeNDYlyw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:57:43 GMT
age: 83989
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13948
Expires: Tue, 13 Sep 2022 01:10:00 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NKM6RRhJ5AuRF4NKSyBO6-KMkd1UGaw3DuZBkBao_8fzzpkMeDrn0w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:55:40 GMT
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
age: 84112
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 84941
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:38:55 GMT
age: 63517
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: u_jETr8miiFyuhq7R09yb0lAP-hUv_6eTRV81Xzd9gSqU31VXwC9CQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 03:15:48 GMT
age: 64904
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mma.prnasia.com/media2/1507512/KISS_Logo.jpg?p=medium600
104.16.252.4200 OK 67 kB URL HTTP/2 mma.prnasia.com/media2/1507512/KISS_Logo.jpg?p=medium600
IP 104.16.252.4:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 600x600, components 3\012- data
Hash f68a8a2e3320b6f4f556ed10e5e34823
621a3120454d6659d2d39600b8de82b6a1950d89
6c61a8be9bdaf641f95a4aca428e3b2f500b8be1364ec4cc9f1ff0e21880e6e0
GET /media2/1507512/KISS_Logo.jpg?p=medium600 HTTP/1.1
Host: mma.prnasia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/jpeg
content-length: 66805
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: public, max-age=1
cf-bgj: h2pri
expires: Sun, 11 Sep 2022 21:19:57 GMT
last-modified: Sun, 11 Sep 2022 21:19:56 GMT
server-timing: intid;desc=2bebca37705af724
vary: *, Accept-Encoding
x-powered-by: ASP.NET
cf-cache-status: HIT
age: 86256
accept-ranges: bytes
set-cookie: __cf_bm=kdldpdMF3zcOylBe16b1pXRE718GSL8YRdIr41wEgo8-1663017452-0-ATuq13T1dHXLJ/UzGdxkvp8vd9fFiEbh3+/RtRbjoMmwEQAC9yihcWWd1U3G1BbzD0Dp9D1n2BRLiWGGF1iPgn4=; path=/; expires=Mon, 12-Sep-22 21:47:32 GMT; domain=.prnasia.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 749baba448adb523-OSL
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.scupio.com/js/config/currency.json
143.204.55.4200 OK 108 B URL HTTP/2 img.scupio.com/js/config/currency.json
IP 143.204.55.4:0
File type Unicode text, UTF-8 (with BOM) text, with no line terminators
Hash afeceda8835971b3c94b327d92c12376
1fe9a295ea91316619c707b553ec16d4ccbea8d8
ee07bff1ff8487fa13b040878c15e9cdcb9c3bad46887ae1715386ed48489156
GET /js/config/currency.json HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 108
server: nginx/1.12.1
last-modified: Mon, 12 Sep 2022 19:15:04 GMT
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:13:08 GMT
expires: Tue, 13 Sep 2022 00:13:08 GMT
cache-control: max-age=10800
etag: "631f8538-6c"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Bsr52Xd00Vjzfk7kYCwkWBxoEZLSXgMnaoYUIQLeQRnjWUMVFXLppA==
age: 264
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1fb70a66ef67acaaef324abe22a8dac7
17469e4b2fedd6af1d58267a4670090b8d1f83de
685fa5c728f423f420ea1c32644afe31d4de13a9242483cd6b16d4cc507b2a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "685FA5C728F423F420EA1C32644AFE31D4DE13A9242483CD6B16D4CC507B2A55"
Last-Modified: Sun, 11 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5713
Expires: Mon, 12 Sep 2022 22:52:45 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ad2.apx.appier.net/v1/prebid/bid
34.96.119.68307 Temporary Redirect 0 B URL HTTP/2 ad2.apx.appier.net/v1/prebid/bid
IP 34.96.119.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/prebid/bid HTTP/1.1
Host: ad2.apx.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx/1.19.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
cache-control: no-store
location: https://gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
reurl.cc/javascripts/loading.js
35.185.130.121200 OK 164 B URL HTTP/2 reurl.cc/javascripts/loading.js
IP 35.185.130.121:0
Hash 588b874d774687459517846b0e3fdd6e
1ac4714f9874520be3265d4af8eb59b76bad7033
e825ef079f5500e501b41beb4a752fef47d562992d586f554c74dd3593fec936
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/loading.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/mojR2W
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: application/javascript
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
vary: Accept-Encoding
etag: W/"61100f5a-f0"
expires: Tue, 12 Sep 2023 21:17:30 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/config/17253.json?v=1.0.3839
143.204.55.4200 OK 461 B URL HTTP/2 img.scupio.com/js/config/17253.json?v=1.0.3839
IP 143.204.55.4:0
File type JSON data\012- , ASCII text, with very long lines (461), with no line terminators
Hash f345c26e65fc4e7fc7c429f01edde808
931de25a4a4f2c7ceabffb0ba4abae854fd2f4e3
c18e13b5cd2b45c496db5fc725483b6279ba05c3f0c5a591eaeaf323a682a14e
GET /js/config/17253.json?v=1.0.3839 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 461
server: nginx/1.12.1
last-modified: Mon, 12 Sep 2022 02:20:54 GMT
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:17:32 GMT
expires: Tue, 13 Sep 2022 00:17:32 GMT
cache-control: max-age=10800
etag: "631e9786-1cd"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c1q-W1Zh-ptseskLPB07pBnQYrIbdFukzjPAqZzDIiXmRC51EOFuOA==
access-control-allow-origin: *
X-Firefox-Spdy: h2
s.yimg.com/dy/ads/native.js
188.125.94.204200 OK 30 kB URL HTTP/2 s.yimg.com/dy/ads/native.js
IP 188.125.94.204:0
File type Unicode text, UTF-8 text, with very long lines (62317), with no line terminators
Hash aae660d86e59d2b86369d2037dc02c2c
996e90375bc9f774379f4d509f603f9dce9624ce
976e1d77055c5f8ad390638d5ff3716216841a9cf55b98ff14080e3ea8e7827e
GET /dy/ads/native.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZaHH2zTgoyQDFNgV9jdmhDbj3xhv05aNkvRXoSZ6gK9jkM+rm7fdtlktD6/RSzTFfECekyzqclk=
x-amz-request-id: 4KZNQ1VG652PTH6J
date: Mon, 12 Sep 2022 21:16:29 GMT
last-modified: Tue, 08 Feb 2022 12:02:57 GMT
x-amz-server-side-encryption: AES256
cache-control: max-age=600
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
etag: "7e002e241fddeeb8dd76383206c47a3d-df"
age: 64
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_2351.jpg?fit=%2C&ssl=1
192.0.77.2200 OK 1.8 MB URL HTTP/2 i0.wp.com/golike.tw/wp-content/uploads/2022/09/img_2351.jpg?fit=%2C&ssl=1
IP 192.0.77.2:0
Size 1.8 MB (1838351 bytes)
Hash 02f432f5d4d088191431112d57a7eb38
4d7486aa42060cd8ac6d984b1435cfa39804f62f
e410c9ca79992bc32d679a0765240ce03645d53381b1e6286f1273731a8edd9f
GET /golike.tw/wp-content/uploads/2022/09/img_2351.jpg?fit=%2C&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/webp
content-length: 1837640
last-modified: Mon, 12 Sep 2022 09:54:07 GMT
expires: Wed, 11 Sep 2024 21:54:07 GMT
cache-control: public, max-age=63115200
link: <https://golike.tw/wp-content/uploads/2022/09/img_2351.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "9401300a5700a9fd"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 278edddff85195133d5d72cee4a05a0d
b8da0b2e562c1dc8d14d191695e6e2b671d82f3a
fb6fa51253857d124554fbe63afa5fa10af256d6a45def440a8e88e0a6e8e0f4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FB6FA51253857D124554FBE63AFA5FA10AF256D6A45DEF440A8E88E0A6E8E0F4"
Last-Modified: Sun, 11 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14852
Expires: Tue, 13 Sep 2022 01:25:04 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dd069d3ed07605af4b51899b2bd55569
f8aef5c36135f3e263e6a9cf1253fad9f531b168
51dfe6b79b86a7d658e31db53d794899ddfe78bec1ca4623ccc3f57a55a15eb0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3499
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:32 GMT
Last-Modified: Mon, 12 Sep 2022 20:19:13 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
img.gbyhn.com.tw/2022/09/1662982679-968497fbab6a7846a82ecdb5c835482a-840x525.jpg
104.21.96.9200 OK 86 kB URL HTTP/2 img.gbyhn.com.tw/2022/09/1662982679-968497fbab6a7846a82ecdb5c835482a-840x525.jpg
IP 104.21.96.9:0
Hash c087d4d1cd0fee3e1403c736754bd9d4
4c45ebcdff87cd7750f1dc60015bc3a62b89c269
708b241cba4df359b2ca19710b2eb55c884c8c1ef490a94875113402f2885207
GET /2022/09/1662982679-968497fbab6a7846a82ecdb5c835482a-840x525.jpg HTTP/1.1
Host: img.gbyhn.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/jpeg
content-length: 85971
cache-control: public, max-age=604800
expires: Mon, 19 Sep 2022 12:11:55 GMT
last-modified: Mon, 12 Sep 2022 11:38:00 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 24820
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5l6libA5MS5Vw1cCAWgw4DG7RDqaXxU273%2Bz%2Bv4YN%2F4PwDB9xVI%2FCKAiTgjTu7vs0ubh9yeNbSgDga8vBoERzlBvWT8EKM%2FD7ZjdjOHJUWWEEuzCZOCyIZZPzSBbLjjKW5pP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749baba579c80b59-OSL
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 278edddff85195133d5d72cee4a05a0d
b8da0b2e562c1dc8d14d191695e6e2b671d82f3a
fb6fa51253857d124554fbe63afa5fa10af256d6a45def440a8e88e0a6e8e0f4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "FB6FA51253857D124554FBE63AFA5FA10AF256D6A45DEF440A8E88E0A6E8E0F4"
Last-Modified: Sun, 11 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14852
Expires: Tue, 13 Sep 2022 01:25:04 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ee5e64cce395a094979d3195e29a1bad
0eddd70ca13199edd92d4c1c3d7b2dab0f746cc7
a29c29cd5fe1b5e142af5040576d0525329ec8b79d4b73b6cda3c7a20bf7bfb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3497
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:32 GMT
Last-Modified: Mon, 12 Sep 2022 20:19:15 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
creditcards.com.tw/wp-content/uploads/2022/05/%E8%A1%97%E5%8F%A3%E6%94%AF%E4%BB%98-2022-%E4%BB%8B%E7%B4%B9-1080x630.jpg?crop=1
192.0.78.135200 OK 53 kB URL HTTP/2 creditcards.com.tw/wp-content/uploads/2022/05/%E8%A1%97%E5%8F%A3%E6%94%AF%E4%BB%98-2022-%E4%BB%8B%E7%B4%B9-1080x630.jpg?crop=1
IP 192.0.78.135:0
Hash d698ad6ae97fb089bbf7bd7e4cd857ce
3e56d6d8945603511afdef2458227234d9e33440
898c454a726ae86e7914be8f3feac795d2149f815c120d25a43d478ae8c669b7
GET /wp-content/uploads/2022/05/%E8%A1%97%E5%8F%A3%E6%94%AF%E4%BB%98-2022-%E4%BB%8B%E7%B4%B9-1080x630.jpg?crop=1 HTTP/1.1
Host: creditcards.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/webp
content-length: 53034
strict-transport-security: max-age=31536000
last-modified: Tue, 17 May 2022 17:33:26 GMT
expires: Fri, 17 May 2024 05:33:26 GMT
cache-control: public, max-age=63115200
x-content-type-options: nosniff
etag: "45bd4aef99cc1ea7"
vary: Accept
x-nc: HIT bur 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
x-ac: 3.arn _atomic_ams
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=12727403132
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=12727403132
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=12727403132 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:31 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 29c5d382375847913295ae00df854ae4
82d3a4e4e95265ac56e5a18043c1095024790d3b
1e3bc3421a06c897d121a565de0dad33dd954fafe9d8e2d7b2821dfa9461f4a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 21:17:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 22:33:45 GMT
Expires: Sat, 17 Sep 2022 22:33:44 GMT
Etag: "82d3a4e4e95265ac56e5a18043c1095024790d3b"
Cache-Control: max-age=435971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749baba45ad2b51b-OSL
bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=60893301532
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/cdb?profileId=207&av=34&wv=6.21.0-pre&cb=60893301532
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdb?profileId=207&av=34&wv=6.21.0-pre&cb=60893301532 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 331
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://img.scupio.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
192.0.78.236200 OK 154 kB URL HTTP/2 blog.alphaloan.co/wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg
IP 192.0.78.236:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 1640x924, components 3\012- data
Size 154 kB (154179 bytes)
Hash db9807c0d70e3de480bf66c921919769
abcdffa17e3454dfc018d989c53409869e6edd40
7ae2f5b5d641c02de5d3222990df1b555a4a41f06b0eedac42b7f5e984454769
GET /wp-content/uploads/2022/09/%E8%A9%B2%E5%A6%82%E4%BD%95%E6%8A%95%E8%B3%87%E8%87%AA%E5%B7%B1%EF%BC%9F-.jpg HTTP/1.1
Host: blog.alphaloan.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/jpeg
content-length: 154179
strict-transport-security: max-age=31536000
last-modified: Thu, 01 Sep 2022 07:11:29 GMT
etag: "63105b21-25a43"
expires: Mon, 19 Sep 2022 21:17:32 GMT
cache-control: max-age=604800
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
accept-ranges: bytes
x-ac: 3.arn _atomic_ams
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 701ddb941641244fdbfde9d120473957
dce5c65080e431b767a5971c7fe45f5158047b62
674b86661b61bbcf464bfd4e5080e520e5f78b30a1e3bbbd4c8f9677aeba6c6a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 21:17:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 20:33:55 GMT
Expires: Mon, 19 Sep 2022 20:33:54 GMT
Etag: "dce5c65080e431b767a5971c7fe45f5158047b62"
Cache-Control: max-age=601581,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749baba66d76b51b-OSL
bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.3588505638417029
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17229&cb=0.3588505638417029
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17229&cb=0.3588505638417029 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=k3h3jeipiv2xekhmoujwutdz; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=k3h3jeipiv2xekhmoujwutdz; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CWA20220913051732521972; domain=scupio.com; expires=Sun, 12-Sep-2027 21:17:32 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:31 GMT
Content-Length: 0
bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.6793338811103553
210.59.219.180200 OK 0 B URL HTTP/1.1 bw.scupio.com/adpinline/adreqlog.aspx?cid=17253&cb=0.6793338811103553
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /adpinline/adreqlog.aspx?cid=17253&cb=0.6793338811103553 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 169
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=pymcgnblme0yj1yyzceovpcs; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=pymcgnblme0yj1yyzceovpcs; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CEA20220913051732796442; domain=scupio.com; expires=Sun, 12-Sep-2027 21:17:32 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:31 GMT
Content-Length: 0
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 29c5d382375847913295ae00df854ae4
82d3a4e4e95265ac56e5a18043c1095024790d3b
1e3bc3421a06c897d121a565de0dad33dd954fafe9d8e2d7b2821dfa9461f4a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 21:17:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 22:33:45 GMT
Expires: Sat, 17 Sep 2022 22:33:44 GMT
Etag: "82d3a4e4e95265ac56e5a18043c1095024790d3b"
Cache-Control: max-age=435971,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749baba6ee16b51b-OSL
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 436
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 438
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.3065821829224845
210.59.219.181200 OK 1.4 kB URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.3065821829224845
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2107), with no line terminators
Hash db0b77ee6e8360d08cbc769bc1d6ec9c
283b8eae98123051c782dc0ccc746e9273016642
0f9133dfe870c104d66b3c56e1be67b57ca074e340b16a9d6a8a31792d176202
POST /recweb/prebid.aspx?cb=0.3065821829224845 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 457
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 1422
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.24581125073438426
210.59.219.181200 OK 1.4 kB URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.24581125073438426
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2086), with no line terminators
Hash 601309e77762e388c006f06159a3ce64
bfdc076604c9d41f6616a300f7c87815542e1666
67f9dfa2e93436df42f6069fbd0f0c2b4a25adc858933252896ddabe7787ccd5
POST /recweb/prebid.aspx?cb=0.24581125073438426 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 1361
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.49047328349843644
210.59.219.181200 OK 1.4 kB URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.49047328349843644
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2103), with no line terminators
Hash 2f39f71ba9a559c04aa8b9ae4ef21fff
378706d2e25cc829c291aaf4b6f4db10c632916e
76f68e579eafdb3ecd6c1bac221dedfd60afdfccd0bbc22a74bf46cd1b3efcf1
POST /recweb/prebid.aspx?cb=0.49047328349843644 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 458
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 12 Sep 2022 21:17:32 GMT
content-length: 1392
X-Firefox-Spdy: h2
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=300&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=300&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-6272B749823AD3B6FE98336EBDD2A34A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=300&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
img.racingcharger.tw/wp-content/uploads/2022091209465358.jpg
172.67.178.125200 OK 560 kB URL HTTP/2 img.racingcharger.tw/wp-content/uploads/2022091209465358.jpg
IP 172.67.178.125:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1831x766, components 3\012- data
Size 560 kB (560199 bytes)
Hash 6b7b9aea4109d9e3d87f6b2807852eae
4ceb1a531d7c8c8ac54ee4ec6504b84ed663bc81
049f55ce54c7f9fc0eaaa05e33d3a715a3e8aea63a6e41fe7cf434112a3afb80
GET /wp-content/uploads/2022091209465358.jpg HTTP/1.1
Host: img.racingcharger.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: image/jpeg
content-length: 560199
last-modified: Mon, 12 Sep 2022 09:47:02 GMT
cache-control: max-age=28800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTDKe3B5IWNchbCu3jcX8z6Tt3VIbAToSMNnKTCufawADsyINfq4lgO8kwu8bctRoxEtrIgD9qMpDv49niay6qm3LsJboK6tBjUVBx7o4JKGkws1J2caAqFtr1Sbr%2FI1kejDvL2bHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749baba47cb90b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 272
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.8633339605850434
210.59.219.181200 OK 1.4 kB URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.8633339605850434
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2079), with no line terminators
Hash 0edb983d5dd9d9a126dddd7aa7a5d6ed
e996454c9b976cb94e72d0dfc4d6104148ad0e53
7f813d7176c7d659594dd8fd1b1b4e9a2c06260c7ac2bd280a1bfb41a26f15a6
POST /recweb/prebid.aspx?cb=0.8633339605850434 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:32 GMT
Content-Length: 1365
prebid.scupio.com/recweb/prebid.aspx?cb=0.9001277618831072
210.59.219.181200 OK 1.3 kB URL HTTP/1.1 prebid.scupio.com/recweb/prebid.aspx?cb=0.9001277618831072
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2068), with no line terminators
Hash 87e7d7e66aa4820afa1b87a6e25bb9e7
e917aafa0b9cb800b0a2f03cd0e57f738ae2662a
27311b7dcf8dc18398fd22749981d037e9ac82647292ea511d930eff3ef4454c
POST /recweb/prebid.aspx?cb=0.9001277618831072 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 403
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:32 GMT
Content-Length: 1326
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c64649219b9474d259aeac965fb75cbb
152689c96345ff54a0c02deb8849eb41bea274a5
7faf8572a599b13766f1b24f3e70e865499ea8a3283fc64f4ccf19a02e469557
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FAF8572A599B13766F1B24F3E70E865499EA8A3283FC64F4CCF19A02E469557"
Last-Modified: Sat, 10 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14518
Expires: Tue, 13 Sep 2022 01:19:30 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c64649219b9474d259aeac965fb75cbb
152689c96345ff54a0c02deb8849eb41bea274a5
7faf8572a599b13766f1b24f3e70e865499ea8a3283fc64f4ccf19a02e469557
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7FAF8572A599B13766F1B24F3E70E865499EA8A3283FC64F4CCF19A02E469557"
Last-Modified: Sat, 10 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14518
Expires: Tue, 13 Sep 2022 01:19:30 GMT
Date: Mon, 12 Sep 2022 21:17:32 GMT
Connection: keep-alive
hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=970&h=250
162.210.196.208204 No Content 0 B URL HTTP/1.1 hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=970&h=250
IP 162.210.196.208:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2A7263E9EB6DA9F4EB86E487B8648A&tdid=&schain=1.0%2C1!scupio.com%2C4808%2C1%2C%2C%2C&eids=&u=https%3A%2F%2Freurl.cc%2FmojR2W&host=reurl.cc&xr=0&w=970&h=250 HTTP/1.1
Host: hb.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://img.scupio.com
access-control-allow-credentials: true
connection: close
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=86031120.1663000102&jid=1722868145&gjid=901511073&_gid=1586006921.1663000102&_u=AACAAEAAAAAAAC~&z=914753432
142.251.1.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=86031120.1663000102&jid=1722868145&gjid=901511073&_gid=1586006921.1663000102&_u=AACAAEAAAAAAAC~&z=914753432
IP 142.251.1.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102456694-1&cid=86031120.1663000102&jid=1722868145&gjid=901511073&_gid=1586006921.1663000102&_u=AACAAEAAAAAAAC~&z=914753432 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 12 Sep 2022 21:17:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.holmesmind.com/js/drawV2.js
54.230.111.19200 OK 10 kB URL HTTP/2 cdn.holmesmind.com/js/drawV2.js
IP 54.230.111.19:0
File type ASCII text, with very long lines (5112), with CRLF line terminators
Hash 84d8b1a745228113e60f5e62f0eff6d3
10cd995dbb7293ca49d9bdd93145bf12cb89bdac
f3fc929a36ee5db31a8a9b4743845474bdeb425edb019eb4e75a441cdb8ab032
GET /js/drawV2.js HTTP/1.1
Host: cdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 10359
last-modified: Fri, 16 Oct 2020 09:58:46 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 21:17:33 GMT
etag: "84d8b1a745228113e60f5e62f0eff6d3"
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pHPAttdFkvYiZ7IZD_TgPGyg9BOPuvO2PSiw6-6sIeI0sM7RvRMkaQ==
age: 8
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7faa6a78f896de4528c8cc9ed35bfa11
199ad87495595163d7d16b1eddb9506c8ddb4918
7effc4afbb7417799d0ecbb32fce2a94cba732e488fd4ce81ba5a77f4d7c13ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.ssp.hinet.net/
203.75.214.136200 OK 99 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash a9cbed9c70bc2f10d3e2d986dd8ba690
cbd288a8abf9b0ad64c8847c31a3792df2b9cca4
004b4c4708f9d977afb53ac0a83d0dc56892b9880ad86654908b968a39e278dc
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=50f198c0-1ff5-493f-a49b-9b6ff3819f3f; expires=Wed, 11-Sep-2024 21:17:32 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 97 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 16e6cc686deabd260d7205965c75830f
b06df3eaf16b6de91b8aef081ddd32010138bada
c754a2f1933e5ebc707a20664a35194afedee28d867662cb5b2b93d8cd598e51
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=f3a852e7-ebd8-4d42-85d8-efdc056fd1db; expires=Wed, 11-Sep-2024 21:17:32 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=katUbX3ACJ2FhxWk7aEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=katUbX3ACJ2FhxWk7aEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:33 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
34.117.219.39200 OK 492 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
IP 34.117.219.39:0
Hash fcbfb28b8fe776af8497b1772e5198e8
d7c36fd8b83c431202fbf2f206c9e93e3594b274
8d2c08864779870550a42a776066d588a12479a575b014a0fdaf3aa56fd95776
GET /landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=6PFsXxLzCFGwKvtx7aEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=6PFsXxLzCFGwKvtx7aEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:33 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
34.117.219.39200 OK 20 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
IP 34.117.219.39:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=Mg9yLJYyDeiWAw3f7aEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=Mg9yLJYyDeiWAw3f7aEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:33 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=jXTp3PPoDDqJubAO7aEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=jXTp3PPoDDqJubAO7aEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:33 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 502
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=CJZDRZ3UDAOd4Uyn7aEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=CJZDRZ3UDAOd4Uyn7aEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:33 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash c5defffd62ba746271c14e7c1b35e076
a3c690747b454e9a382911f3d5a306850b586da6
f9c9637c61565f25349156d73f8dc34f9cc35c01a3c9236b4710374bacf90b9c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 660
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:33 GMT
Last-Modified: Mon, 12 Sep 2022 21:06:33 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
bidder.criteo.com/cdb?ptv=129&profileId=184&cb=79646356431
178.250.2.131200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=129&profileId=184&cb=79646356431
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2e47ef4334eec02cf7ad400249ea47b8
c11f4f363bd4d2f7f92bde9f4304d2150cfb88c3
a7d1c2c355117446965465c96dedd14320e75fcff4b949e9bbcd742ac7857f99
POST /cdb?ptv=129&profileId=184&cb=79646356431 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=129&profileId=184&cb=46758975115
178.250.2.131200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=129&profileId=184&cb=46758975115
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1b7389ffa0d1c14c32ce23dac6085756
8dda965aeab0aa40546c7bce9b4ce3ba25eeac3a
3f9eb8d777e155cf84034ce86990be345b3970814abeb5001333fc3e4303c990
POST /cdb?ptv=129&profileId=184&cb=46758975115 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=129&profileId=184&cb=76963226521
178.250.2.131200 OK 164 B URL HTTP/2 bidder.criteo.com/cdb?ptv=129&profileId=184&cb=76963226521
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 901064eafa665e5edb1c96702840eca0
dde2fd9d383e4b81cb30ecf515ea3d50c7312b73
0e8057e05d7feb5a41cb4d326ebc64834e859358cb7bbc3e93f2c5b50de8cb49
POST /cdb?ptv=129&profileId=184&cb=76963226521 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 164
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.2.130200 OK 40 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.2.130:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash dbf2dfe422d9917959602e1cf79386ff
20315d97fbf9c06b409296ce297713ff1679f076
e51ca7cb4cb337ed5eb08103429adcf50fee03fc3c3664b60f5b076a5bb359af
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: text/javascript
last-modified: Wed, 31 Aug 2022 21:49:04 GMT
etag: W/"630fd750-1e137"
expires: Tue, 13 Sep 2022 21:17:33 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 86 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type gzip compressed data, from Unix\012- data
Hash e02eca272e85b72ba06c1c824a7613de
1953e84b63858e024ee1a9f6edcefc3b0438349a
c5edc489b4fa1c36555976fac5d862b7c29b3883aecf029bd19e472158bd1fb5
GET /cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
rec.scupio.com/recweb/js/rec.js
210.59.219.175301 Moved Permanently 155 B URL HTTP/1.1 rec.scupio.com/recweb/js/rec.js
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash ad5897345fd19ff0dce43d61fe220584
a64cf8393756f5aed86f76c29a450c94531e1762
382a84bf7538656183d2365efa434be2aec8ef80e049939b26dc639b3278ccaa
GET /recweb/js/rec.js HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://img.scupio.com/js/rec.js
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:33 GMT
Content-Length: 155
bw.scupio.com/adpinline/bidinfo.aspx?cb=0.1232402812649791
210.59.219.180200 OK 1.5 kB URL HTTP/1.1 bw.scupio.com/adpinline/bidinfo.aspx?cb=0.1232402812649791
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash a69f999794ab85636c0d3cec6a6c0c31
76382bc296976dc01ee553487146d6aa165d38b5
282c8bc7f207f7e75fc0057488eff76bf720524421bedfc3bf24e338499ea6c3
POST /adpinline/bidinfo.aspx?cb=0.1232402812649791 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1314
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=0idfi5mjgufgfapy5fzlmgnr; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=0idfi5mjgufgfapy5fzlmgnr; path=/; HttpOnly; SameSite=Lax
OrgKeyValue=CYA20220913051733235921; domain=scupio.com; expires=Sun, 12-Sep-2027 21:17:33 GMT; path=/; secure; SameSite=None
gx=H4sIAG0SIGMA%2fxNmYGDg4ua403fs%2fvHDXdYCrEIsHPYCTAAbaGndFwAAAA%3d%3d; domain=scupio.com; expires=Tue, 12-Sep-2023 21:17:33 GMT; path=/; secure; SameSite=None
fxc=1; domain=scupio.com; expires=Mon, 19-Sep-2022 21:17:33 GMT; path=/; secure; SameSite=None
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:33 GMT
Content-Length: 1478
static.criteo.net/js/ld/publishertag.prebid.117.js
178.250.2.130200 OK 34 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.117.js
IP 178.250.2.130:0
Hash 22db4136950f20a8a449eb8d7d4f7b84
8b907fc1e6a6bcb71466ce12b69fbd37333fe726
e4bab4b2895eb6007d86df7dfd6428cb0961e60cc7b17f82c35c21ca8166a925
GET /js/ld/publishertag.prebid.117.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: text/javascript
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
etag: W/"61cc54f6-15c19"
expires: Tue, 13 Sep 2022 21:17:33 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
img.scupio.com/js/rec.js
143.204.55.4200 OK 7.9 kB IP 143.204.55.4:0
Hash 25a804ae73456aa9fe999cd4eaf93d0c
ae7e163c6de87bb920e8f6a149033709773afa4a
55b7b992586b847e326e2a803e3f53f9a03576a4ae6fd51d5ead2dc8c9a60c9a
GET /js/rec.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 16 Aug 2022 07:22:11 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 21:17:34 GMT
expires: Tue, 13 Sep 2022 00:13:09 GMT
cache-control: max-age=10800
etag: W/"62fb45a3-54c8"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TKwJQVrIl6yGaMpqKqU0MBHEjnqjjd19KNIZ5J8MR0CTq5-Df4HYzA==
age: 265
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 34 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 515e5725fb2deac340a51d48be999907
d270171e174c6a16ec66436f53968cf20dd7863a
06d24b17df57d3f49fd51da937cc4f747499914547858abb9d2d6cbc2a118547
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51; expires=Wed, 11-Sep-2024 21:17:34 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=DCWnYF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3kxZTNGZ2FxdFglMkY0M0JZR2QlMkY5WjJsJTJGbmpiMDB5JTJCSkw4dU8lMkI1Zzl4M3Jt; expires=Sat, 07 Oct 2023 21:17:34 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 273758
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 56 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash c0cd3a58394a24795d8e7235a8e1604e
295c02fa403c9a2ef609fb706b29bc52b02712f6
90146ccca3eb812bebb94f6d339a237bc3dd6e8fdebbfdb28f9281429e3c67ad
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51; expires=Wed, 11-Sep-2024 21:17:34 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 520d90c206fadd3e1f1af26d8db9ca55
5c33b48f47c50a3ba853040068c7136366cac625
7fc229c20d75999af5b6f2ea6afed76ff29d733b743ef5a3dc5cc28a352d4c57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1538
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:34 GMT
Last-Modified: Mon, 12 Sep 2022 20:51:56 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 520d90c206fadd3e1f1af26d8db9ca55
5c33b48f47c50a3ba853040068c7136366cac625
7fc229c20d75999af5b6f2ea6afed76ff29d733b743ef5a3dc5cc28a352d4c57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1538
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:34 GMT
Last-Modified: Mon, 12 Sep 2022 20:51:56 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
2.21.206.244301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac
IP 2.21.206.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 1.5 kB IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type HTML document, ASCII text, with very long lines (962), with CRLF line terminators
Hash 0c56231fe512fc47f0640b803981acb9
9874daff43a76e083487926890daae37825d019e
c90b36d551a9975963d065ee18bac684b651ece48a2f83adf2a7d8f501a35940
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51; expires=Wed, 11-Sep-2024 21:17:32 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?p=xapi-bridgewell&endpoint=apac HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 12 Sep 2022 21:17:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
34.117.219.39200 OK 180 B URL HTTP/2 fp.holmesmind.com/landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc
IP 34.117.219.39:0
File type ASCII text, with no line terminators
Hash 941720d7ee3ca504399c14e8fe558048
21fcf856c0f7a4e3652ac1838d289575e3f1562d
705cda102c196895e3f655a990520ada03f9883b1f97b95cf7ca023dae1ae3ec
GET /landing.php?CFFPCKUUIDMAIN=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&CFFPCKUUID=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&url=https%3A%2F%2Freurl.cc%2FmojR2W&maindomain=reurl.cc HTTP/1.1
Host: fp.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.0
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: x-requested-with,content-type
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13847
143.204.55.73200 OK 377 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13847
IP 143.204.55.73:0
Hash 338e7a0b6de5ff44223de51a51336f3a
f4b8b35a5a4631eb43395ca6f47cdecf8f7e24b3
54fc0493d697819b0c2b7389c72d945a4e0f47c1e318ba3cfe121928461d7c9c
GET /adserver/Preset.js?z=13847 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 21:17:31 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GusDB6BuUuj-jCcBJNChgDITy6V_U9dQRSLNt3dOO3PvIpxLs_YzoQ==
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 418 B URL HTTP/2 t.ssp.hinet.net/emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash 9a1f6facbfa61c0ae965e62b062fd0c2
ff7cb4e18d4fe1e032ee85d8cb060295b562d212
9fb35535557654cd9b0d57e69f18a093e3b877ef02c7ad600f1c5f20d9a44dca
GET /emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 9.4 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (17571)
Hash f71f0a95c50969b0244ae7354324e151
86be1d7921007790327edd201b1daff776772788
c25c06a04e5e03eebd372df0c5222ac9384591257345a2c8ced79248961f6cd2
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?p=xapi-bridgewell&endpoint=apac
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 24 Aug 2022 20:46:19 GMT
Content-Encoding: gzip
Content-Length: 9379
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=25305
Expires: Tue, 13 Sep 2022 04:19:19 GMT
Date: Mon, 12 Sep 2022 21:17:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
rec.scupio.com/recweb/rec.aspx?cb=0.49237785277567836
210.59.219.175200 OK 1.7 kB URL HTTP/1.1 rec.scupio.com/recweb/rec.aspx?cb=0.49237785277567836
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
File type ASCII text, with very long lines (712), with CRLF line terminators
Hash 6742a517c97769595d49a805f62b0903
41cc2141218d4c8081126335f86ec471f5d4c00d
c6ccd1a59e21d646587fe7e86c51296f057bd26804e36f4dd9e43de30516f5d5
POST /recweb/rec.aspx?cb=0.49237785277567836 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 443
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: https://img.scupio.com
Access-Control-Allow-Credentials: true
P3P: CP=" NOI DSP COR CUR ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:34 GMT
Content-Length: 1734
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 268
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:34 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 309
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:34 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51
203.75.214.136200 OK 50 B URL HTTP/2 t.ssp.hinet.net/emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash 00ec5aa765f8198c74468c1d69514d4a
9593885844e1ec7975cc9bcd22efa83765019a52
828cf2aa955be251d985dfb7281ab268ad9455ef85dfca04e2bc3ee49b82346c
GET /emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net/pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer=
203.75.214.136200 OK 0 B URL HTTP/2 50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net/pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer= HTTP/1.1
Host: 50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.5262911326097129&mid=52
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.5262911326097129&mid=52
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash 9ecba2b64e1c21c5e5a491b659ac78bd
80eaaf1c052ad9e93b6eaeb2767c2963b3aad28d
bbd101049f10ccdb420240a1d4d42aebc8042b59b41a8a6b70e72481337de6ee
GET /ssp/initid.aspx?mode=L&cb=0.5262911326097129&mid=52 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=14ahnliftdlnlaj4mkbnwcqv; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:33 GMT
Content-Length: 160
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20220913051733235921
192.96.200.41302 Found 111 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20220913051733235921
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash febc6b9a3cb9696ca0b2b57e73dc10ce
21ce8fe59a6c6ea57df6d616aaf10f06fc63dc2c
cc380f03ace5d06dc78f11ad4be2acdc1700991ef995b65b1913322bacfa71ff
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CYA20220913051733235921 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:34 GMT; Secure; SameSite=None
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 111
Date: Mon, 12 Sep 2022 21:17:34 GMT
Connection: close
adcdn.holmesmind.com/adserver/Preset.js?z=13849
143.204.55.73200 OK 396 B URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13849
IP 143.204.55.73:0
File type ASCII text, with very long lines (1120), with no line terminators
Hash c6f7cbb06b457b3e458ee120ca2ddc7b
90cb2e0710707b1062e2cc2dac73650b8a581391
789ed9f6784468a56735b330ebaacfcfc77130b440964b800af813741df63577
GET /adserver/Preset.js?z=13849 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 21:17:34 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iAE1WGoLtC0JHfeNzwo06cMw_uHu02ziOMInfyv3UWV0cWI8clUfJA==
X-Firefox-Spdy: h2
img.scupio.com/dsp/ad-image/1020/4/40510ac3-356f-488c-abff-7e56eb0cf68e.gif
143.204.55.4200 OK 239 kB URL HTTP/2 img.scupio.com/dsp/ad-image/1020/4/40510ac3-356f-488c-abff-7e56eb0cf68e.gif
IP 143.204.55.4:0
File type GIF image data, version 89a, 600 x 500\012- data
Size 239 kB (238729 bytes)
Hash 6acc56349eb0f6e16995abf53bd18395
b6f5f35285f38fdd95a38a1e52d33389ede62485
2bc044a3039225ace73298723154d09f23c73493b041d0d7a1fb649495640bdc
GET /dsp/ad-image/1020/4/40510ac3-356f-488c-abff-7e56eb0cf68e.gif HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 238729
server: nginx/1.12.1
last-modified: Thu, 25 Nov 2021 09:21:44 GMT
accept-ranges: bytes
date: Mon, 12 Sep 2022 21:17:34 GMT
expires: Tue, 13 Sep 2022 02:59:00 GMT
cache-control: max-age=21600
etag: "619f55a8-3a489"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kA2zhb7lykubtqnbyeCj0aSFYwzSKQcNP279FBtVgKj5fZ95T7iMhw==
age: 1114
vary: Origin
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.09962460827275843
210.59.219.181200 OK 1.4 kB URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.09962460827275843
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2084), with no line terminators
Hash 19dc8480653a11d301eb7adbc2991e89
e7ff6756feb95cace9ecbb449bb2f8f533e1ccc2
28c755dfc510d8905f83be4284cb6af48c996103970942e8c9d3c6451a156e12
POST /recweb/prebid.aspx?cb=0.09962460827275843 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 12 Sep 2022 21:17:34 GMT
content-length: 1366
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=969&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
52.68.234.1200 OK 1.0 kB URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=969&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
IP 52.68.234.1:0
File type HTML document, ASCII text, with very long lines (893), with CRLF line terminators
Hash 9cedf98d3b2d9963c732435c31147c4a
fafaf6c056d061958252388ed54b7adb9f8af06f
1d19ccf4bd5a42e1908ddd5b849967fededb934c6b431b7d16c54fff64213070
GET /adserver/ads.js?z=13848&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=969&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
prebid.scupio.com/recweb/prebid.aspx?cb=0.3757197568468179
210.59.219.181200 OK 1.4 kB URL HTTP/2 prebid.scupio.com/recweb/prebid.aspx?cb=0.3757197568468179
IP 210.59.219.181:0
ASN #3462 Data Communication Business Group
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2084), with no line terminators
Hash 8e1349d2ef9a1235966b03e324b89d37
69625417eceb4d5669cc53633fee07926dfd52b1
f0c7892e6ccaa5bccc27e676e0af7235d4c1c2b046e379c5af3e838468d40547
POST /recweb/prebid.aspx?cb=0.3757197568468179 HTTP/1.1
Host: prebid.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 12 Sep 2022 21:17:34 GMT
content-length: 1365
X-Firefox-Spdy: h2
prebid-asia.creativecdn.com/bidder/prebid/bids
103.132.192.30204 No Content 0 B URL HTTP/2 prebid-asia.creativecdn.com/bidder/prebid/bids
IP 103.132.192.30:0
ASN #138552 RTB HOUSE PTE. LTD.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bidder/prebid/bids HTTP/1.1
Host: prebid-asia.creativecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 274
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://reurl.cc
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
vary: Origin
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=352&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
52.68.234.1200 OK 156 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=352&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
IP 52.68.234.1:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 01cd98058ef0c94e6357b49d3b8a6091
78d0d3cc73cbe66921045126f711210964d62b32
fede16b80a723666f4de55291b0943818b081b5ef331f5b29367a4ca8201bb40
GET /adserver/ads.js?z=13847&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=352&o=4&d=1&b=3&ts=1&ii=3&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
203.75.214.136200 OK 8.7 kB URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type gzip compressed data, from Unix\012- data
Hash 34a6b191f304f378a086068eb499260f
b229f93725ae7f9ef8207b01b9e5f202477233b9
72527c8218ace2a27bf1f4ec03d22c8a4acd498d1513c529fb2ce11f8368c69d
GET /cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
210.59.219.175200 OK 0 B URL HTTP/1.1 rec.scupio.com/recweb/ggid.aspx?layout=js&google_error=3
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /recweb/ggid.aspx?layout=js&google_error=3 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:34 GMT
Content-Length: 0
match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
15.197.193.217200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
IP 15.197.193.217:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CEA20220913051734989496
192.96.200.41302 Found 101 B URL HTTP/1.1 sync.aralego.com/idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CEA20220913051734989496
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type ASCII text, with no line terminators
Hash 659582c30ba726b055d81fd1ee886b17
611b35812e29115e2cae31f6fb89daa37ce09ca3
5d34c2dd86cad986980fcbf2c4f108b9d666b99420d6196b88f84970e38b9f0f
GET /idSync/?redirect=https%3A%2F%2Frec.scupio.com%2Frecweb%2Fuxid.aspx%3Fid%3DUCFUID&ucf_nid=dsp-2EE37BD676623A2F8278A7626AAE9E2&ucf_user_id=CEA20220913051734989496 HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Set-Cookie: sspid=236b9080-993b-3a2d-b07f-ab1c4b4a01e7; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:34 GMT; Secure; SameSite=None
Location: https://rec.scupio.com/recweb/uxid.aspx?id=236b9080-993b-3a2d-b07f-ab1c4b4a01e7
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Content-Length: 101
Date: Mon, 12 Sep 2022 21:17:34 GMT
Connection: close
t.ssp.hinet.net/cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=cf&cid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:34 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=4yznveM2Bk6dkw5m7qEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=4yznveM2Bk6dkw5m7qEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:34 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:34 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=_EhRBtYrBOyx6Rn87qEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=_EhRBtYrBOyx6Rn87qEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:34 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
139.162.117.143307 Temporary Redirect 0 B URL HTTP/2 gocm.c.appier.net/apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid
IP 139.162.117.143:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /apnet?url=ad2.apx.appier.net%2Fv1%2Fprebid%2Fbid HTTP/1.1
Host: gocm.c.appier.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 504
Origin: null
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Mon, 12 Sep 2022 21:17:34 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: null
cache-control: no-store
location: https://ad2.apx.appier.net/v1/prebid/bid?acid=BkTA_zr-Af-l9i_U7qEfYw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
set-cookie: _auid=BkTA_zr-Af-l9i_U7qEfYw; Path=/; Domain=c.appier.net; Expires=Tue, 12 Sep 2023 21:17:34 GMT; Max-Age=31536000; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=129&profileId=184&cb=61343991920
178.250.2.131200 OK 163 B URL HTTP/2 bidder.criteo.com/cdb?ptv=129&profileId=184&cb=61343991920
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3eb7dd02bfbfc4572eadb5f79410ee79
828ea7408b1c7e446be444de5f56f8b376a86c97
4a4a7fb7e3173511b52271ae43ff9f378bb0e1d75b8995f713de0ec534e4e723
POST /cdb?ptv=129&profileId=184&cb=61343991920 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 522
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 163
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
adcdn.holmesmind.com/adserver/Preset.js?z=13857
143.204.55.73200 OK 1.5 kB URL HTTP/2 adcdn.holmesmind.com/adserver/Preset.js?z=13857
IP 143.204.55.73:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1138), with CRLF line terminators
Hash d4c893cbb4c937b3a0949aea0159ce0e
bdf293301b68b3bad1067c1f27ec5d8900d66259
d83bc9a8dbdf8859dca61921dfabf5ad227c05aa05749ffd71f41f3244782dfd
GET /adserver/Preset.js?z=13857 HTTP/1.1
Host: adcdn.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 21:17:34 GMT
server: nginx/1.14.0 (Ubuntu)
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V7k8cso_mrERPHDgnsJGmWvKb1eKbBXx_-Zpicm-OCmIfF92ThTKKA==
X-Firefox-Spdy: h2
63e99de1-8acb-4e62-a718-9aaaf3c49a51.t.ssp.hinet.net/pixel?bd=63e99de1-8acb-4e62-a718-9aaaf3c49a51&t=cf&referrer=https%3A%2F%2Freurl.cc
203.75.214.136200 OK 0 B URL HTTP/2 63e99de1-8acb-4e62-a718-9aaaf3c49a51.t.ssp.hinet.net/pixel?bd=63e99de1-8acb-4e62-a718-9aaaf3c49a51&t=cf&referrer=https%3A%2F%2Freurl.cc
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=63e99de1-8acb-4e62-a718-9aaaf3c49a51&t=cf&referrer=https%3A%2F%2Freurl.cc HTTP/1.1
Host: 63e99de1-8acb-4e62-a718-9aaaf3c49a51.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 41f997fd3e5f6dad5b9074699d6137c7
031e688762b66e3eff8c54427a2a78bad3bd15ee
aef026efb9215eb419c65640dac8312b6ac0120026b979cf6d5745b5a260c99c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4465
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:35 GMT
Last-Modified: Mon, 12 Sep 2022 20:03:10 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
rec.scupio.com/recweb/uxid.aspx?id=236b9080-993b-3a2d-b07f-ab1c4b4a01e7
210.59.219.175200 OK 35 B URL HTTP/1.1 rec.scupio.com/recweb/uxid.aspx?id=236b9080-993b-3a2d-b07f-ab1c4b4a01e7
IP 210.59.219.175:0
ASN #3462 Data Communication Business Group
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /recweb/uxid.aspx?id=236b9080-993b-3a2d-b07f-ab1c4b4a01e7 HTTP/1.1
Host: rec.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://img.scupio.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:34 GMT
Content-Length: 35
www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
157.240.200.35200 OK 32 kB URL HTTP/2 www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
IP 157.240.200.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31379)
Hash 5ac06ec27728214fb1b0e14fa258fd1e
4fb6bb31f0a9c2a7a025824d24f4e160fc3b9678
27880e85a1f3a9164af3fe8a4925268fa8d20d43af81a195913b8e2f2597d96f
GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FCreditCards.com.tw%2F&tabs=timeline&width=340&height=500&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: /Ixj9C8m+Y7Tt05VRJBl+enVcVZhPAtwxbbmHzEjTsWE/oOsTeeH5cIeUfdAoOv8s8oiHzwLZ58n3iF7G+2cUw==
date: Mon, 12 Sep 2022 21:17:31 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.3667791393840448
210.59.219.180200 OK 160 B URL HTTP/1.1 bw.scupio.com/ssp/initid.aspx?mode=L&cb=0.3667791393840448
IP 210.59.219.180:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash e1ca252b685a23bd8ff0a83716468866
217ea7b8eeebb42ca21cc8247a8c7c419b6d0d9e
740b9ae153a07c41bba2bcf86f8bb28e1a9a7fed0cdd82bcec1821fa618ffdee
GET /ssp/initid.aspx?mode=L&cb=0.3667791393840448 HTTP/1.1
Host: bw.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
Set-Cookie: ASP.NET_SessionId=cow4l3br5dhylkxho1jv3sgg; path=/; HttpOnly; SameSite=Lax
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HI Sa OTPa OUR STP IND UNI COM NAV INT STA "
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 12 Sep 2022 21:17:34 GMT
Content-Length: 160
img.scupio.com/dsp/ad-image/1020/8/83b85f24-3135-4a20-92cb-8282229ad090.gif
143.204.55.4200 OK 300 kB URL HTTP/2 img.scupio.com/dsp/ad-image/1020/8/83b85f24-3135-4a20-92cb-8282229ad090.gif
IP 143.204.55.4:0
File type GIF image data, version 89a, 1455 x 375\012- data
Size 300 kB (300130 bytes)
Hash 3c0f6a19db281169f81b76c017a2bb42
b6ccbe570baae090716e04670fd547ecf2e65d8e
aa553ff087c65702a78c99a47ab21de87f65a830845865dae00fb3b14695b9a3
GET /dsp/ad-image/1020/8/83b85f24-3135-4a20-92cb-8282229ad090.gif HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 300130
server: nginx/1.12.1
last-modified: Fri, 19 Aug 2022 03:43:57 GMT
accept-ranges: bytes
date: Mon, 12 Sep 2022 20:32:01 GMT
expires: Tue, 13 Sep 2022 02:32:01 GMT
cache-control: max-age=21600
etag: "62ff06fd-49462"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sA0OlKWRLQ92Z66fhP-O9Gw3Jon5cOcyfgI6R1KuoRtTSvzcEp85xA==
age: 2734
vary: Origin
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=pZLd4180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobjA1VEJGOFdUZ1p4S00zJTJGa0hPOXZG&idsd=942675486,600749881
178.250.0.157200 OK 222 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=pZLd4180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobjA1VEJGOFdUZ1p4S00zJTJGa0hPOXZG&idsd=942675486,600749881
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8c164ca07fa6cbc742877d292e3aeae6
ea8705d17bfe734c9b9f1f36d1e41064c7dbd9da
40a3d6681ed12e2ebff3953986eff0405fc6673e11ad0c989937ca40ce24053c
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=pZLd4180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobjA1VEJGOFdUZ1p4S00zJTJGa0hPOXZG&idsd=942675486,600749881 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1148500
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net/pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer=
203.75.214.136200 OK 0 B URL HTTP/2 50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net/pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer=
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?bd=50f198c0-1ff5-493f-a49b-9b6ff3819f3f&t=50ef57&referrer= HTTP/1.1
Host: 50f198c0-1ff5-493f-a49b-9b6ff3819f3f.t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: image/png
content-length: 0
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=129&profileId=184&cb=43136833272
178.250.2.131200 OK 162 B URL HTTP/2 bidder.criteo.com/cdb?ptv=129&profileId=184&cb=43136833272
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 76144f9654550574b9bbb3677a66bb63
4539b92ee94c839fc5958e39e406147fc489e3de
1247d03f0b0627d8de8f75c1c2124399a282c05bb1cad369bce8e637cde3f2c3
POST /cdb?ptv=129&profileId=184&cb=43136833272 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 530
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://reurl.cc
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 162
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51
203.75.214.136200 OK 50 B URL HTTP/2 t.ssp.hinet.net/emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type JSON data\012- , ASCII text, with no line terminators
Hash 00ec5aa765f8198c74468c1d69514d4a
9593885844e1ec7975cc9bcd22efa83765019a52
828cf2aa955be251d985dfb7281ab268ad9455ef85dfca04e2bc3ee49b82346c
GET /emome2?u=63e99de1-8acb-4e62-a718-9aaaf3c49a51 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 76 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type ASCII text, with no line terminators
Hash fbeb2875c5feab9dac2358deec05a7ea
109a78c6cd87b9f517123fb2210400bf35d1232b
70182157c276d3c6f6aaa35ec8533b8105a2b9a710d0322a0d8cffd96f33ab00
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:34 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51; expires=Wed, 11-Sep-2024 21:17:34 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ads.aralego.com/sdk
192.96.200.41301 Moved Permanently 0 B IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sdk HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://cdn.aralego.net/ucfad/sdk/us-east/sdk
Connection: close
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 70e8527ef5f40fe7713de99770f5702e
59e8b529507c69674142dd04fae3b59d7adb8f1b
5e9e45068b4ee3a5914742ec942b0ab4aa1cbc358ba79ce246e84e599375177a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5495
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:35 GMT
Last-Modified: Mon, 12 Sep 2022 19:46:00 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 70e8527ef5f40fe7713de99770f5702e
59e8b529507c69674142dd04fae3b59d7adb8f1b
5e9e45068b4ee3a5914742ec942b0ab4aa1cbc358ba79ce246e84e599375177a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5495
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:35 GMT
Last-Modified: Mon, 12 Sep 2022 19:46:00 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
cdn.aralego.net/ucfad/sdk/us-east/sdk
172.67.71.254200 OK 43 kB URL HTTP/2 cdn.aralego.net/ucfad/sdk/us-east/sdk
IP 172.67.71.254:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (43300), with no line terminators
Hash b9380f31fa8fde03115fb6493470d58a
61ac54bfa5132b89750dc7fe6786b323e61ddd36
8ae78cfe6ee6192120b022cb3c00d586542309c4b88076fe6f12c0f7ef65f015
GET /ucfad/sdk/us-east/sdk HTTP/1.1
Host: cdn.aralego.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/octet-stream
content-length: 43300
last-modified: Mon, 25 Jul 2022 08:33:49 GMT
etag: "62de556d-a924"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 2205
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cX4JhxthH5l8BNDyTNaq2k3ASnXHujn%2FutDLb0tabOXBeEFnBbqvpYSw9HyVL5IlF0KOsips669gAopIi98SoU%2F%2FM2Yy6XMLkmV1qnbe%2B2Zw5aBtjf%2Ffnxou06OT3B7ySw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749babbabe630b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 70e8527ef5f40fe7713de99770f5702e
59e8b529507c69674142dd04fae3b59d7adb8f1b
5e9e45068b4ee3a5914742ec942b0ab4aa1cbc358ba79ce246e84e599375177a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5495
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:35 GMT
Last-Modified: Mon, 12 Sep 2022 19:46:00 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
m.holmesmind.com/ml/google?cf_uid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&uu_m=undefined&google_error=3
35.227.249.156200 OK 0 B URL HTTP/2 m.holmesmind.com/ml/google?cf_uid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&uu_m=undefined&google_error=3
IP 35.227.249.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ml/google?cf_uid=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS&uu_m=undefined&google_error=3 HTTP/1.1
Host: m.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null; fcm=1; R=null; G=we3u7ZGJymKY5J47cKd8kQ==; d=/jHzqDFxfoBZ4WTyQK3MPaD5j7NQOgUkv1Txfycvr2ReudB2dm6t0KDrpHJuqax6WjAFQ16PJy71RxDiXPBzgA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycds8jY9cCnqPO-A_zFP9pNFJFtuBzvoLloufX5LKk5_zGUpwzmu2mfHJxoxA0kz_NQiBPxaqtoEI-m36oJlw0i1-Kg
expires: Mon, 12 Sep 2022 22:17:35 GMT
date: Mon, 12 Sep 2022 21:17:35 GMT
cache-control: public, max-age=3600
last-modified: Wed, 21 Feb 2018 07:36:41 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
x-goog-generation: 1519198601160228
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 0
content-type: image/png
x-goog-hash: crc32c=AAAAAA==, md5=1B2M2Y8AsgTpgAmY7PhCfg==
x-goog-storage-class: REGIONAL
accept-ranges: bytes
content-length: 0
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.8768117726961081&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
192.96.200.41200 OK 552 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.8768117726961081&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 6c953e9565094a7ed7ec437722149c59
e62714301252f34839df79c25079b070211cd6ec
99ec1b27528b2883154fd166e11c3fa740d28609937a1a0287d95674ea99c2bc
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE7A8D43E47B3D23C77A9993A9B8A778&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.8768117726961081&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:35 GMT; Secure; SameSite=None
X-Adtype: html
X-Width: 300
X-Height: 250
X-AdStyle: banner
X-AdSource: PSA
Content-Type: text/html; charset=utf-8
Content-Length: 552
Vary: Accept-Encoding
Date: Mon, 12 Sep 2022 21:17:35 GMT
Connection: close
t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:35 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/show_ads.js
216.58.211.2200 OK 40 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/show_ads.js
IP 216.58.211.2:0
File type ASCII text, with very long lines (2535)
Hash 458c2d059b113a9b85181f71dacc17df
0d29d4bc9501d8d2b6a23e2966b5f53b4214b58b
42cab5cc4a04e140fd0ed4b569b628c31ffbd5ab6d2591bcad25b717c080f515
GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Sep 2022 21:17:36 GMT
expires: Mon, 12 Sep 2022 21:17:36 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 12837159088037602993
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 40133
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
192.96.200.41200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:36 GMT; Secure; SameSite=None
Content-Type: text/html; charset=utf-8
Content-Length: 46
Vary: Accept-Encoding
Date: Mon, 12 Sep 2022 21:17:36 GMT
Connection: close
sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
192.96.200.41200 OK 46 B URL HTTP/1.1 sync.aralego.com/idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1&
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type JSON data\012- , ASCII text, with no line terminators
Hash a8d7967005aa73e5ea084778a4876fd3
4717c391a511217d96fffdd2dbf2e20e0576f0bd
936d07c551097935b250011818489a07d41065f6d29a8c9fd8e95dd8fa622801
GET /idRequest?lang=en-US,en&deviceInfo=01612801024&pixRatio=1& HTTP/1.1
Host: sync.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:36 GMT; Secure; SameSite=None
Content-Type: text/html; charset=utf-8
Content-Length: 46
Vary: Accept-Encoding
Date: Mon, 12 Sep 2022 21:17:36 GMT
Connection: close
ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6482481767068599&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
192.96.200.41200 OK 555 B URL HTTP/1.1 ads.aralego.com/ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6482481767068599&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1
IP 192.96.200.41:0
ASN #30633 LEASEWEB-USA-WDC
File type HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash db2b88caa2c34dc0d6153583839218f2
1752062cf41f0778d347bc5e115d1caef1233630
fdfa393e5fb39c4ab607d817e8d0b5fe3573a4a2e3e8554131fbade8d615bcbf
GET /ad_request?sw=1280&sh=1024&ifr=1&bl=en-US&je=1&dnt=0&host=reurl.cc&u=https%3A%2F%2Freurl.cc%2FmojR2W&adid=ad-BE78DB396979B34E17BE3B66A3E7D76B&w=300&h=250&ver=UCX_WEB-20200113&pos=1&seq=0&cb=0.6482481767068599&gdpr=1&euconsent-v2=%24%7BGDPR_CONSENT_607%7D&format=300%2C250%3B&lang=en-US%2Cen&deviceInfo=01612801024&pixRatio=1 HTTP/1.1
Host: ads.aralego.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://reurl.cc
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Expose-Headers: X-Width,X-Height,X-AdStyle,X-AdCap,X-AdWatchUrl,X-AdSource,X-SspId,X-Deal
Set-Cookie: sspid=58450bcf-f807-3211-be8f-b36296678c0a; Domain=.aralego.com; Path=/; Expires=Tue, 12 Sep 2023 21:17:36 GMT; Secure; SameSite=None
X-Adtype: html
X-Width: 300
X-Height: 250
X-AdStyle: banner
X-AdSource: PSA
Content-Type: text/html; charset=utf-8
Content-Length: 555
Vary: Accept-Encoding
Date: Mon, 12 Sep 2022 21:17:36 GMT
Connection: close
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.0.157200 OK 29 kB URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.0.157:0
Hash 4d6c30e7ab08ead1a85f2730731b2449
6165c6a405747d5f61a0269d534dc7dffd39324e
f4063a501de50055363c6ab7dbf081d88a37c2331465a50e1d54809eaab7ec98
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://img.scupio.com/
Origin: https://img.scupio.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 381279
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 741400b574ef7f9f3236164e28e58c51
811018b86fd196da2faf32b044905e1130002a90
efb8e915e207a776018a5319e449e47a105b1d8692e08317c2b3014135b01418
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dnacdn.net/dna
178.250.2.146200 OK 519 B IP 178.250.2.146:0
Hash e47ece4a0d3098e444181a5434d42e92
3e8135270e2a48cc73ec8112461025dc21bb2d05
ae808ed7293dd3a0aad35c83309b6562edcbbdab5bfd81a931cf7f614c78f4b6
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=k1mJ1F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobXRKZUdWS3l1all6MHlqaWRGUlVLNQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=LDF2dF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobmR0ZjFDUmpwYnY4RnJueEw4dkZRZA; expires=Sat, 07 Oct 2023 21:17:36 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 307228
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 618 B IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with very long lines (559), with no line terminators
Hash 4222f3d3fa37ca42d2223f2a6af24c7d
ad536946b2fb7ed5ed381335eabea59b1cc12bdd
d393fb03edf7ff2c391269f4deb1ea49753b23d5bb8a024e9a9df1e3996d3aeb
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=pZLd4180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobjA1VEJGOFdUZ1p4S00zJTJGa0hPOXZG
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=k1mJ1F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobXRKZUdWS3l1all6MHlqaWRGUlVLNQ; expires=Sat, 07 Oct 2023 21:17:36 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 160481
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 12 Sep 2022 21:17:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 741400b574ef7f9f3236164e28e58c51
811018b86fd196da2faf32b044905e1130002a90
efb8e915e207a776018a5319e449e47a105b1d8692e08317c2b3014135b01418
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ
142.250.74.98200 OK 32 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash e003723bb43e8e216426c5cd897b3a9f
85f6260d04937794cddbf58b46caa5dd7a7dd489
ebb110f380b85f1eadd52e180b12c2ad3c10bba0edddda63a3a79d4ca3673b78
GET /gampad/cookie.js?domain=reurl.cc&callback=_gfp_s_&client=ca-pub-4485239425924787&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 12 Sep 2022 21:17:36 GMT
server: cafe
cache-control: private
content-length: 32
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=reurl.cc
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=reurl.cc
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=reurl.cc HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Mon, 12 Sep 2022 21:17:36 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=UUGRd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa2llNEpiMmMyY1cwR2NTUzNONFhHQg&idsd=942675486,600749881&cw=1&lsw=1
178.250.0.157200 OK 400 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=UUGRd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa2llNEpiMmMyY1cwR2NTUzNONFhHQg&idsd=942675486,600749881&cw=1&lsw=1
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (463), with no line terminators
Hash b559e59e2aaf05c0fc5de3d95f74718c
b69e4c14e99b95de65873db25cb2f1b3c2ea388d
9ec05addaa558192e9c5a0ca2aac3a400704bf3fcac657dec573b05798b7827f
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=UUGRd180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa2llNEpiMmMyY1cwR2NTUzNONFhHQg&idsd=942675486,600749881&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1118696
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FmojR2W&ea=0&wgl=1&dt=1663017443894&bpp=23&bdt=295&idt=233&shv=r20220907&mjsv=m202209070101&ptt=5&saldr=sa&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ&correlator=5785346112744&frm=23&ife=1&pv=2&ga_vid=86031120.1663000102&ga_sid=1663017444&ga_hid=404733111&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=729872932&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31069438%2C31060566%2C31068921&oid=2&pvsid=3285426819452505&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t3667b999cmh&fsb=1&dtd=407
172.217.21.162200 OK 37 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FmojR2W&ea=0&wgl=1&dt=1663017443894&bpp=23&bdt=295&idt=233&shv=r20220907&mjsv=m202209070101&ptt=5&saldr=sa&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ&correlator=5785346112744&frm=23&ife=1&pv=2&ga_vid=86031120.1663000102&ga_sid=1663017444&ga_hid=404733111&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=729872932&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31069438%2C31060566%2C31068921&oid=2&pvsid=3285426819452505&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t3667b999cmh&fsb=1&dtd=407
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Hash ed92ef30b0b8eb1b10da77186720fc44
8974dd2bbbb4760f214a7bc10e46a37a2da62d77
aa256846b2ce63b1b239407207502dd69fe186b27dcb6ee5253f644ec3d429f0
GET /pagead/ads?client=ca-pub-4485239425924787&output=html&h=250&slotname=2784%2F13801&adk=727071374&adf=2645242782&pi=t.ma~as.2784%2F13801&w=300&url=https%3A%2F%2Freurl.cc%2FmojR2W&ea=0&wgl=1&dt=1663017443894&bpp=23&bdt=295&idt=233&shv=r20220907&mjsv=m202209070101&ptt=5&saldr=sa&cookie=ID%3D5eaee8834f34a90f-223fd0211bce004b%3AT%3D1663017456%3ART%3D1663017456%3AS%3DALNI_MaKSw1LmJ1yEwlcAGaqxX6JGa5uiQ&correlator=5785346112744&frm=23&ife=1&pv=2&ga_vid=86031120.1663000102&ga_sid=1663017444&ga_hid=404733111&ga_fc=1&nhd=5&u_tz=0&u_his=1&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_sd=1&adx=79&ady=226&biw=1268&bih=939&isw=300&ish=250&ifk=729872932&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31069438%2C31060566%2C31068921&oid=2&pvsid=3285426819452505&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C1024%2C300%2C250&vis=1&rsz=%7C%7CoE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.t3667b999cmh&fsb=1&dtd=407 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COuniOaWkPoCFa0JewodnAoLdA&gqi=8KEfY9akJuiUxdwPh7CpuAU&layout=/sadbundle/%24csp%253Der3%24/5073420546008839199/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Sep 2022 21:17:36 GMT
server: cafe
content-length: 36810
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Sep-2022 21:32:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Sep 2022 21:17:36 GMT
cache-control: private
X-Firefox-Spdy: h2
24815cc6ff81fe4547443e1972b9c2e0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 24815cc6ff81fe4547443e1972b9c2e0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: 24815cc6ff81fe4547443e1972b9c2e0.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 12 Sep 2022 21:17:36 GMT
expires: Tue, 12 Sep 2023 21:17:36 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=ljmAgl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobDFaMWZnOENPZTF6NFFWJTJCRUk5dVpa&idsd=942675486,600749881&cw=1&lsw=1
178.250.0.157200 OK 37 kB URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=ljmAgl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobDFaMWZnOENPZTF6NFFWJTJCRUk5dVpa&idsd=942675486,600749881&cw=1&lsw=1
IP 178.250.0.157:0
Hash a4d33aea3d2e9d94018eebc48052f118
5e284fac20c5f7b592cd94589900f0e954f0a91c
62d120e98e9f50cd7eeb782b3b7d7976dd2749cce6274a020990ef000709cca6
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=ljmAgl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobDFaMWZnOENPZTF6NFFWJTJCRUk5dVpa&idsd=942675486,600749881&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 942822
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
41261b9822c67b124385cc4889805315.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
142.250.74.65200 OK 3.1 kB URL HTTP/2 41261b9822c67b124385cc4889805315.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=5
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html?n=5 HTTP/1.1
Host: 41261b9822c67b124385cc4889805315.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.aralego.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 12 Sep 2022 21:17:36 GMT
expires: Tue, 12 Sep 2023 21:17:36 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 535d274bda0c065485a534026ab497a4
0ee92c6de28c6999632b924ba226c3c449ad2e40
14dd3a50213e32e5768046e3e99cd8fc302a94f6b8f9763bbd51d8605ebd16fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 535d274bda0c065485a534026ab497a4
0ee92c6de28c6999632b924ba226c3c449ad2e40
14dd3a50213e32e5768046e3e99cd8fc302a94f6b8f9763bbd51d8605ebd16fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 21:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 1.6 kB URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
Hash ee9736748e312fcd2d1e4abc4e7dfdcb
7b7d2a9df078f9d9ac8dba275731271172ed1704
420f9abeb6633e7c7d669b016e65a9eda968eafb90c7d80cbd5d07400936ad6e
Analyzer Verdict Alert quad9 Sinkholed
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/mojR2W
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: application/javascript
last-modified: Sun, 08 Aug 2021 17:07:38 GMT
vary: Accept-Encoding
etag: W/"61100f5a-1d6"
expires: Tue, 12 Sep 2023 21:17:30 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=LDF2dF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobmR0ZjFDUmpwYnY4RnJueEw4dkZRZA&idsd=942675486,600749881&cw=1&lsw=1
178.250.0.157200 OK 7.9 kB URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=LDF2dF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobmR0ZjFDUmpwYnY4RnJueEw4dkZRZA&idsd=942675486,600749881&cw=1&lsw=1
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (2184)
Hash d97083fdb27d41b5bb4fb37acd092991
2660cee1fc76e4afab5ab869bfb8b1b235b14ccd
425d2628e0faf794113e2cbae127936b722a7121d06c6bafd032834b241db397
GET /sid/json?origin=publishertag&domain=reurl.cc&sn=FirefoxSyncframe&so=3&topUrl=reurl.cc&bundle=5rTTAl9aR3ozaFNLR2U0dEMlMkJ5UjYxV095Sm1jWVp2N01MeXpKQVhINUdmYXhUTnpGMGYycnJ3Z3VtTHlOc0dTZzV1T3ZvTUE3aUlWJTJCZDdwcG5vUnBhTkolMkY3dTRRbiUyQnpCUFA2MnZoN252aiUyQm5jNFJBMEJDJTJCM2hzM1JkZzN0U3lCVHIlMkJq&info=LDF2dF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobmR0ZjFDUmpwYnY4RnJueEw4dkZRZA&idsd=942675486,600749881&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1212672
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20220907/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1621)
Hash 3c5efa479f799e66f1aec6babceef38f
156215ad7299ac993c75f6f096ee0a871a2791c4
edd903d099e731de60a28ebf0e311da7b02ee4d4435d2a905a2e5e2d336296dc
GET /pagead/js/r20220907/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 9632
x-xss-protection: 0
date: Mon, 12 Sep 2022 20:45:07 GMT
expires: Mon, 26 Sep 2022 20:45:07 GMT
cache-control: public, max-age=1209600
etag: 15013890920676311251
content-type: text/javascript; charset=UTF-8
age: 1950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
216.58.207.194200 OK 45 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 216.58.207.194:0
File type ASCII text, with very long lines (3498)
Hash 25cb4a17e1860904b708b740d89ecaf9
74a6c0ebc1efa46424abd24f939a76c0bdecda85
b581f933da7c14f46a3119b6fd3417d0bedcf65b61a38bf92a2232e6b86d8ed0
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 44876
date: Mon, 12 Sep 2022 21:17:37 GMT
expires: Mon, 12 Sep 2022 21:17:37 GMT
cache-control: private, max-age=3000
etag: "1662981969255015"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html
142.250.74.33200 OK 3.7 kB URL HTTP/2 tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32565)
Hash bdde31f17c83b3cb60a939bae5f92984
e269f84a0ecad3696e9b9328ba69eaca3175a60d
89de6e203e46f56ee4c71b0f472cbee4f4a712c5686da9109a8b1d722b998f77
GET /sadbundle/$csp%3Der3$/5073420546008839199/index.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:52:43 GMT
expires: Wed, 06 Sep 2023 17:52:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Aug 2022 08:33:03 GMT
content-type: text/html
content-length: 3675
age: 530694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html
142.250.74.33200 OK 3.7 kB URL HTTP/2 tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5073420546008839199/index.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32565)
Hash bdde31f17c83b3cb60a939bae5f92984
e269f84a0ecad3696e9b9328ba69eaca3175a60d
89de6e203e46f56ee4c71b0f472cbee4f4a712c5686da9109a8b1d722b998f77
GET /sadbundle/$csp%3Der3$/5073420546008839199/index.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:52:43 GMT
expires: Wed, 06 Sep 2023 17:52:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 Aug 2022 08:33:03 GMT
content-type: text/html
content-length: 3675
age: 530694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img.scupio.com/staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/adimg.js
143.204.55.4200 OK 1.5 kB URL HTTP/2 img.scupio.com/staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/adimg.js
IP 143.204.55.4:0
File type ASCII text, with very long lines (1086)
Hash 4460019863f01bcc61d261c7c6fe3879
7d0e3f0e2cee14f74650eb3b2f68d6869dc99113
6f036fec1214b0159661dcba2cb43ed9d83f277928d5537b6f729f907249f3b7
GET /staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/adimg.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
date: Mon, 12 Sep 2022 03:44:50 GMT
last-modified: Mon, 12 Sep 2022 03:40:39 GMT
etag: W/"631eaa37-bf5"
expires: Tue, 12 Sep 2023 03:44:50 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AUX5NkoSjho4kfhf5xelB8lIhRb-VZ4VZqucWqecQy8Lpelj32LxLw==
age: 63164
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
203.75.214.136200 OK 202 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
File type gzip compressed data, max speed, from Unix\012- data
Hash 562deee9afd17f38111e544ba525211a
39dd43f4e536527ecb1789e9f0ba382998d7a766
ec85cd75b80f1caf14f82ee305126e609ca12b29ecc2f9aada2730c19d6c91f5
GET /cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=63e99de1-8acb-4e62-a718-9aaaf3c49a51 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:35 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.152200 OK 313 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.152:0
File type JSON data\012- , ASCII text, with very long lines (303)
Hash 5329c0d559ed09b790c1254179abf372
90d30a53f3f7185fbff4e6c98565686019f6cab7
bcfd79c8a1bfc81ef6514dde856af3c6e3ee19df3df684ef07cddc0260d35505
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 109864
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=J_QYc180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa1ZST3IxQmJRbHFXMmtFeXJPQzhXZA&idsd=942675486,600749881
178.250.0.157200 OK 743 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=J_QYc180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa1ZST3IxQmJRbHFXMmtFeXJPQzhXZA&idsd=942675486,600749881
IP 178.250.0.157:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1042), with no line terminators
Hash cc80c7b0dabd29894397ea0d6b7788d4
e296de25013c3a8e28bd5300413407b5266d9cfd
28d172a14b494d22beaa30b35a49e2d7bc7c91a277fd28d182db86b0ad7ad401
GET /sid/json?origin=publishertag&domain=img.scupio.com&sn=FirefoxSyncframe&so=0&topUrl=reurl.cc&info=J_QYc180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa1ZST3IxQmJRbHFXMmtFeXJPQzhXZA&idsd=942675486,600749881 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=reurl.cc
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1094349
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.152200 OK 25 kB URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.152:0
Hash 1e043b2ff2e35cfeb6754b61cd49ae52
4bfc49be1c812bb818d0e78bb8c03d6337dd57b0
cffa6c9bf130cc5b156bdb91a2f1c5181a8c53274c2da3a2335495ed2d5cd7dd
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 76677
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.139200 OK 1.4 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.139:0
Hash 96dcbe8ee9bd01a0ba3e0493e06372b8
aabaedbedd143ed2814c0a50b6467360677ad1d4
679efedad6ca61d21e7859036965c6c7122483f39696cc8e78cf8f2529b574f7
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:36 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 88721
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1663017439676&hb=1&ver=1.21
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1663017439676&hb=1&ver=1.21
IP 52.68.234.1:0
POST /adserver/prebid.json?cb=1663017439676&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 40
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:32 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.prebid.js
178.250.2.130200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.prebid.js
IP 178.250.2.130:0
GET /js/ld/publishertag.prebid.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: text/javascript
last-modified: Wed, 31 Aug 2022 21:48:59 GMT
etag: W/"630fd74b-16068"
expires: Tue, 13 Sep 2022 21:17:33 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
t.ssp.hinet.net/
203.75.214.136200 OK 0 B IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET / HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:32 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
set-cookie: uuid=0d168144-30c8-418c-ba92-c576db049423; expires=Wed, 11-Sep-2024 21:17:32 GMT; Max-Age=63072000; path=/; domain=hinet.net; secure; samesite=none
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/html/ls.html
143.204.55.4200 OK 0 B URL HTTP/2 img.scupio.com/html/ls.html
IP 143.204.55.4:0
GET /html/ls.html HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 20:55:09 GMT
expires: Mon, 19 Sep 2022 20:52:15 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: grvK4WfluhqGKsZwya-oF_76UBKBz8niaCTjp-Zim4EPdsPQFfdo4w==
age: 1519
vary: Origin
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=mWMXl180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVElobWZXY2MzaHZSJTJGMG9ZWXJVc3ByRzJ2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=J_QYc180M0RITmhlJTJCZkMwOUJGQlhaMUN2czhwWGV3eGlYQjlmbWglMkJMZU1GVEloa1ZST3IxQmJRbHFXMmtFeXJPQzhXZA; expires=Sat, 07 Oct 2023 21:17:34 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 294591
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
reurl.cc/mojR2W
35.185.130.121200 OK 0 B IP 35.185.130.121:0
Analyzer Verdict Alert openphish Instagram
quad9 Sinkholed
GET /mojR2W HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://www.instagram.com/p/CXHtny0lacg/?utm_source=ig_web_copy_link
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/js/prebid.js?v=5.20.0
143.204.55.4200 OK 0 B URL HTTP/2 img.scupio.com/js/prebid.js?v=5.20.0
IP 143.204.55.4:0
GET /js/prebid.js?v=5.20.0 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
last-modified: Tue, 28 Jun 2022 05:54:43 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 21:15:35 GMT
expires: Wed, 12 Oct 2022 21:14:58 GMT
cache-control: max-age=2592000
etag: W/"62ba97a3-3b047"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dbY8DbBgV2Nv3dptxzcCwqGdtGDXVYEXPTS9ZnsLTfZmZdOFcIAl3g==
age: 153
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
c.holmesmind.com/cm?tc=getIn&
35.201.76.93200 OK 0 B URL HTTP/2 c.holmesmind.com/cm?tc=getIn&
IP 35.201.76.93:0
GET /cm?tc=getIn& HTTP/1.1
Host: c.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.holmesmind.com/
Connection: keep-alive
Cookie: test_cookie=CheckForPermission
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.18-0ubuntu0.17.04.1
set-cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS;Expires=Friday, 10-Sep-2032 13:17:31 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
test_cookie=;Expires=Thursday, 01-Jan-1970 08:00:00 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59;Expires=Tuesday, 27-Sep-2022 13:17:31 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
C=null;Expires=Tuesday, 27-Sep-2022 13:17:31 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
RK=null;Expires=Thursday, 22-Dec-2022 13:17:31 CST;Domain=.holmesmind.com;Path=/;SameSite=none;secure;
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img.scupio.com/html/ls.html?mid=52
143.204.55.4200 OK 0 B URL HTTP/2 img.scupio.com/html/ls.html?mid=52
IP 143.204.55.4:0
GET /html/ls.html?mid=52 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 20:55:09 GMT
expires: Mon, 19 Sep 2022 20:25:41 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c4BjHMLHmJwJYx8HI5vbrDzL0Ab-Qq_T_36nqU9o5nlAysaqIaamQg==
age: 3113
vary: Origin
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.139200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.139:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 89310
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yH/r/Y88lOwaPq4F.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/r/Y88lOwaPq4F.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
GET /rsrc.php/v3/yH/r/Y88lOwaPq4F.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 11 Sep 2023 03:30:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 5xKwBgojtsXt47Z+C7hjng==
x-fb-debug: 3c0szJoPJlw3vjUpY97f7O7xkRYg1sm5oRSI3yfowVeJWTVbFZE/6e7l9rVCMDvSXmxGXtVhnpsTmkqZudUKqQ==
priority: u=3,i
content-length: 90711
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 21:17:31 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53864%26Tags%3D2003%2C2002
13.115.52.250200 OK 0 B URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53864%26Tags%3D2003%2C2002
IP 13.115.52.250:0
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53864%26Tags%3D2003%2C2002 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null; fcm=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/prebid.json?cb=1663017439692&hb=1&ver=1.21
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/prebid.json?cb=1663017439692&hb=1&ver=1.21
IP 52.68.234.1:0
POST /adserver/prebid.json?cb=1663017439692&hb=1&ver=1.21 HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 41
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://img.scupio.com
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.152200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.152:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 90876
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
reurl.cc/stylesheets/rwd/style.css?v=1
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/stylesheets/rwd/style.css?v=1
IP 35.185.130.121:0
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/rwd/style.css?v=1 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/mojR2W
Cookie: _ga=GA1.2.86031120.1663000102; _gid=GA1.2.1586006921.1663000102; _fbp=fb.1.1663000102908.288459372
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 Sep 2022 21:17:30 GMT
content-type: text/css
last-modified: Wed, 27 Jul 2022 09:47:30 GMT
vary: Accept-Encoding
etag: W/"62e109b2-dae"
expires: Tue, 12 Sep 2023 21:17:30 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://reurl.cc
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53865%26Tags%3D2003%2C2002
13.115.52.250200 OK 0 B URL HTTP/2 ccm.holmesmind.com/chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53865%26Tags%3D2003%2C2002
IP 13.115.52.250:0
GET /chtmp.php?u=https%3A%2F%2Fapi.cf.dsp.hinet.net%2Fcktagv2.php%3FUID%3D670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS%26SID%3D53865%26Tags%3D2003%2C2002 HTTP/1.1
Host: ccm.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null; fcm=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.152200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.152:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 78780
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/file.png
34.102.176.152200 OK 0 B URL HTTP/2 static.wixstatic.com/media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/file.png
IP 34.102.176.152:0
GET /media/8d2acb_fdb46ac5354548829f23a46cc4d4a954~mv2.jpeg/v1/fit/w_1000,h_720,al_c,q_80/file.png HTTP/1.1
Host: static.wixstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.21.4.1
content-length: 1235774
access-control-allow-origin: *
wix-tracer: 2DlP9HMfjpiTAGGDUBiwHpCPyta
x-seen-by: image-manipulator-556498cf55-fhmdb
timing-allow-origin: *
via: 1.1 google
date: Tue, 23 Aug 2022 16:02:24 GMT
cache-control: public, max-age=2592000, immutable
age: 1746908
etag: ""
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1
IP 178.250.0.157:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Freurl.cc%2F&domain=img.scupio.com&pbt=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://img.scupio.com
Connection: keep-alive
Referer: https://img.scupio.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:35 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://img.scupio.com
server-processing-duration-in-ticks: 1086023
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.139200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.139:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:33 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 142770
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
t.ssp.hinet.net/emome2?u=0d168144-30c8-418c-ba92-c576db049423
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/emome2?u=0d168144-30c8-418c-ba92-c576db049423
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /emome2?u=0d168144-30c8-418c-ba92-c576db049423 HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.holmesmind.com
Connection: keep-alive
Referer: https://cdn.holmesmind.com/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://cdn.holmesmind.com
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
content-encoding: gzip
X-Firefox-Spdy: h2
img.scupio.com/staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/CoverImage.js
143.204.55.4200 OK 0 B URL HTTP/2 img.scupio.com/staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/CoverImage.js
IP 143.204.55.4:0
GET /staticfiles/c94257c75544f163f1ae2f65d4dfc2a7da3b324f/scripts/adbanner/build/CoverImage.js HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
server: nginx/1.12.1
date: Mon, 12 Sep 2022 03:44:35 GMT
last-modified: Mon, 12 Sep 2022 03:40:39 GMT
etag: W/"631eaa37-54d"
expires: Tue, 12 Sep 2023 03:44:35 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: h0SU4YIzZ9TaWlpJ_aiHxw7Ep6J64TMnjuO9HqSZnWr75o2G61yS9Q==
age: 63179
X-Firefox-Spdy: h2
t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
203.75.214.136200 OK 0 B URL HTTP/2 t.ssp.hinet.net/cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f
IP 203.75.214.136:0
ASN #3462 Data Communication Business Group
GET /cm?c=50ef57&cid=4287-UlmceQ7gGljONQAZeRpvCdzksDBGnKSi&mp=50f198c0-1ff5-493f-a49b-9b6ff3819f3f HTTP/1.1
Host: t.ssp.hinet.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: uuid=63e99de1-8acb-4e62-a718-9aaaf3c49a51
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
cache-control: no-cache, private
date: Mon, 12 Sep 2022 21:17:33 GMT
access-control-allow-origin: https://reurl.cc
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=0
X-Firefox-Spdy: h2
img.scupio.com/html/ls.html?mid=52
143.204.55.4200 OK 0 B URL HTTP/2 img.scupio.com/html/ls.html?mid=52
IP 143.204.55.4:0
GET /html/ls.html?mid=52 HTTP/1.1
Host: img.scupio.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://img.scupio.com/html/ad.html?v=1.0.65
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
server: nginx/1.12.1
last-modified: Mon, 21 Nov 2016 06:35:53 GMT
content-encoding: gzip
date: Mon, 12 Sep 2022 20:55:09 GMT
expires: Mon, 19 Sep 2022 20:25:41 GMT
cache-control: max-age=604800
etag: W/"583295c9-4dc"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WjgixyUVa4UcNdwY5iNms_sObRoDNhFh8zOarEhfuY6WV481vwdAkQ==
age: 3113
vary: Origin
X-Firefox-Spdy: h2
ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=949&o=4&d=1&b=3&ts=1&ii=2&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
52.68.234.1200 OK 0 B URL HTTP/2 ad.holmesmind.com/adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=949&o=4&d=1&b=3&ts=1&ii=2&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P
IP 52.68.234.1:0
GET /adserver/ads.js?z=13857&rf=https%3A%2F%2Freurl.cc%2FmojR2W&n=949&o=4&d=1&b=3&ts=1&ii=2&FPCK=7192-VEKOgUkTEXrJX9Euj7AXB6LsFv9Sony7&initver=210830P HTTP/1.1
Host: ad.holmesmind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Cookie: P=670326-MKsIhAbuhdjI0u3U4DxJrjuRpEq66ICS; Vision=20220913-23:59,20220913-08,20220913-08,20220913-23:59; C=null; RK=null; fcm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 21:17:34 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://reurl.cc
content-encoding: gzip
X-Firefox-Spdy: h2