links.waketheforkup.com/a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364
35.238.129.105308 Permanent Redirect 0 B URL HTTP/1.1 links.waketheforkup.com/a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364
IP 35.238.129.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364 HTTP/1.1
Host: links.waketheforkup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
content-length: 0
location: https://links.waketheforkup.com/a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11374
Expires: Thu, 09 Feb 2023 01:40:44 GMT
Date: Wed, 08 Feb 2023 22:31:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10269
Expires: Thu, 09 Feb 2023 01:22:19 GMT
Date: Wed, 08 Feb 2023 22:31:10 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 21:34:13 GMT
content-type: application/json
age: 3417
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5189
Expires: Wed, 08 Feb 2023 23:57:39 GMT
Date: Wed, 08 Feb 2023 22:31:10 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yHirCzDNevTsxCw9MuBSCqG0p9uqtF0TwywwakYqsOpkpXgTZqa8ktmkmgDFuEq4mNLfXZBV5rY=
x-amz-request-id: 2KDPBNEGR57EJ1TJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 21:46:07 GMT
age: 2703
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:10 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6241ee9e8455333576d750e2df0ff79b
a7517b9bc3d8945c1c785b1489cd4b3580b31487
6a6af9ca2c1b61a3104d92b997251c2fc8d88f46127f9041dc430263b741bfd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A6AF9CA2C1B61A3104D92B997251C2FC8D88F46127F9041DC430263B741BFD8"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21541
Expires: Thu, 09 Feb 2023 04:30:11 GMT
Date: Wed, 08 Feb 2023 22:31:10 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 21:51:20 GMT
age: 2390
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
links.waketheforkup.com/a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364
35.238.129.105302 Found 332 B URL HTTP/1.1 links.waketheforkup.com/a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364
IP 35.238.129.105:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (332), with no line terminators
Hash 522692a0609a84dda990c9d6c64cfcb0
019654e8024e5d58249fe4244bb2dd8472f35170
7e12b9821b551448e3cb5c7d7e73d77b74c9bf1c51c7e9e62627bbf86661b707
Analyzer Verdict Alert fortinet Phishing
GET /a/2118/click/6888/257007/78856efcad60b52b1d889720c57104f3822153d3/a23fafc082de60cf8a0d37f5ee2a2ca3f1060364 HTTP/1.1
Host: links.waketheforkup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
transfer-encoding: chunked
status: 302 Found
cache-control: no-cache
vary: Origin
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 2265cb64-1f33-437a-b691-22e45805123f
location: https://trk.anarchywarrior.com/d461d618-bcdd-4ee2-9920-2ae26f49f7ea?offer=MW15 02-08-23PM1 Exodus Effect - stiff knees&sub2=romelle@windermere.com&from=Garret-support@waketheforkup.com&subject=1-2 drops soothe stiff knees&sub1=mw15cust020823clickers
x-download-options: noopen
x-runtime: 0.033221
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:31:11 GMT
set-cookie: _session_id=7a7bc8dc51201b1fb8c3f63be57d864e; path=/; expires=Thu, 09 Feb 2023 10:31:11 GMT; HttpOnly
x-powered-by: Phusion Passenger 5.3.7
server: nginx/1.14.0 + Phusion Passenger 5.3.5
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6002d37d3b1be3d33004b04d5d9d26
e3c2487a581ff31bada4fab697e48b15e910ac41
75a7afe5f140eea998a805aa7871d825fa0951c970f4e6230b238264d421c29e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "75A7AFE5F140EEA998A805AA7871D825FA0951C970F4E6230B238264D421C29E"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18768
Expires: Thu, 09 Feb 2023 03:43:59 GMT
Date: Wed, 08 Feb 2023 22:31:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10672
Expires: Thu, 09 Feb 2023 01:29:03 GMT
Date: Wed, 08 Feb 2023 22:31:11 GMT
Connection: keep-alive
trk.anarchywarrior.com/d461d618-bcdd-4ee2-9920-2ae26f49f7ea?offer=MW15%2002-08-23PM1%20%20Exodus%20Effect%20-%20stiff%20knees&sub2=romelle@windermere.com&from=Garret-support@waketheforkup.com&subject=1-2%20drops%20soothe%20stiff%20knees&sub1=mw15cust020823clickers
104.21.43.3302 Found 0 B URL HTTP/2 trk.anarchywarrior.com/d461d618-bcdd-4ee2-9920-2ae26f49f7ea?offer=MW15%2002-08-23PM1%20%20Exodus%20Effect%20-%20stiff%20knees&sub2=romelle@windermere.com&from=Garret-support@waketheforkup.com&subject=1-2%20drops%20soothe%20stiff%20knees&sub1=mw15cust020823clickers
IP 104.21.43.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d461d618-bcdd-4ee2-9920-2ae26f49f7ea?offer=MW15%2002-08-23PM1%20%20Exodus%20Effect%20-%20stiff%20knees&sub2=romelle@windermere.com&from=Garret-support@waketheforkup.com&subject=1-2%20drops%20soothe%20stiff%20knees&sub1=mw15cust020823clickers HTTP/1.1
Host: trk.anarchywarrior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:11 GMT
content-length: 0
location: https://www.wm74trk.com/28KL6/DNPGN9/?sub1=mw15cust020823clickers&sub5=wuqmr9dgq34d26gm2nhfup0o&sub3=91.90.42.154
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: d461d618-bcdd-4ee2-9920-2ae26f49f7ea-v4=TadH-4rFfFhGxziJ6Nm39BvamuhCVy4dnEQVpjSLyfY; Max-Age=86400; Expires=Thu, 09-Feb-2023 22:31:11 GMT; Domain=trk.anarchywarrior.com; Path=/; HttpOnly
cc-v4=aP7p%2B%2FmveLm34EXXaHxxfXcS8kTypg5TX7MvUmZ0bGLzuAyzlcaKmEgoQsj6Teo5QXLn%2BsBhP5kBiw9YMw49QLiL0%2BGKGlL75AA2fX6D1lPVtZDohCr2tQH1NvM9TiSwgvGGgey0D%2BSHh%2FbIFFiIww%3D%3D; Max-Age=31536000; Expires=Thu, 08-Feb-2024 22:31:11 GMT; Domain=trk.anarchywarrior.com; Path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbUNMv4tLwixs6tTPoh%2BoviIcWMxb5iA6FT8fSLsEawjVJsEN3YG0IaqGfMtWMMyLyFmsnI48CewdznWGv1zNC8YonP7xc9cbs05Kt3tssWJpZ%2BTQPxC2gsnvSr9kyPUHSoVStt4xL8V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d066cb200b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4f6002d37d3b1be3d33004b04d5d9d26
e3c2487a581ff31bada4fab697e48b15e910ac41
75a7afe5f140eea998a805aa7871d825fa0951c970f4e6230b238264d421c29e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "75A7AFE5F140EEA998A805AA7871D825FA0951C970F4E6230B238264D421C29E"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18768
Expires: Thu, 09 Feb 2023 03:43:59 GMT
Date: Wed, 08 Feb 2023 22:31:11 GMT
Connection: keep-alive
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 3ced5e15fed7607b06eae4fcd4998015
69a73c9dc4052d690843d780740996988b5af807
7300173b1514594b05552896c735ed1902ca09a4bb0eb365d298f64d156f1ae6
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 08 Feb 2023 22:31:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 08 Feb 2023 20:55:18 GMT
Expires: Thu, 09 Feb 2023 20:55:18 GMT
ETag: "69a73c9dc4052d690843d780740996988b5af807"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
push.services.mozilla.com/
34.214.112.249101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.112.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V+ufgMGcxhbyRR7jvnmGmg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TYCuzzCyRZzCnD8Ppfx9ogpDZz4=
www.wm74trk.com/28KL6/DNPGN9/?sub1=mw15cust020823clickers&sub5=wuqmr9dgq34d26gm2nhfup0o&sub3=91.90.42.154
34.107.190.195302 Found 168 B URL HTTP/2 www.wm74trk.com/28KL6/DNPGN9/?sub1=mw15cust020823clickers&sub5=wuqmr9dgq34d26gm2nhfup0o&sub3=91.90.42.154
IP 34.107.190.195:0
File type HTML document, ASCII text
Hash fc1d2002a4328da29394fd347cc91d3e
f4186a33137390a76f565e2a8d3a46cdab36a255
600444e02497f90dca0293a815545dd24c64d3109c258c977be4689e2665a42f
GET /28KL6/DNPGN9/?sub1=mw15cust020823clickers&sub5=wuqmr9dgq34d26gm2nhfup0o&sub3=91.90.42.154 HTTP/1.1
Host: www.wm74trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Wed, 08 Feb 2023 22:31:11 GMT
content-type: text/html; charset=utf-8
content-length: 168
location: https://hillybillyrus.co/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
set-cookie: uniqueClick_DNPGN9=2517d3f6-0e6f-4cf0-8f47-7082d8e75b9c:1675895471; Path=/; Expires=Sat, 11 Feb 2023 22:31:11 GMT; Secure; SameSite=None
transaction_id=8b55156fdf09466d97eb03fff0c6bc66; Path=/; Expires=Tue, 09 May 2023 22:31:11 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 11f0f691-e069-46c3-9c90-3b8f0d346df2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7dedca806f42de159cb90b815840b7cc
ec2438142de3580281ddb550f9da07edcdda086f
c51278cb4e07701de2612436d7f7df8e70408acc0a52693900bdbcbb15af6e65
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=149023
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:11 GMT
Etag: "63e3c5ce-117"
Expires: Fri, 10 Feb 2023 15:54:54 GMT
Last-Modified: Wed, 08 Feb 2023 15:54:54 GMT
Server: nginx
Content-Length: 279
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 3ced5e15fed7607b06eae4fcd4998015
69a73c9dc4052d690843d780740996988b5af807
7300173b1514594b05552896c735ed1902ca09a4bb0eb365d298f64d156f1ae6
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 08 Feb 2023 22:31:11 GMT
Content-Type: application/ocsp-response
Content-Length: 1846
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 08 Feb 2023 20:55:18 GMT
Expires: Thu, 09 Feb 2023 20:55:18 GMT
ETag: "69a73c9dc4052d690843d780740996988b5af807"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
hillybillyrus.co/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
104.21.95.26302 Found 585 B URL HTTP/2 hillybillyrus.co/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
IP 104.21.95.26:0
Hash dea427de465bd0f331f8d6862517ba37
dbb6551b364e1c8567ddd9e05bdbf79e55374e3c
b55e4a48195087775b0018a6436b751e7ad041f370fa99c7021e089ba97f24d7
GET /?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66 HTTP/1.1
Host: hillybillyrus.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:12 GMT
content-type: text/html; charset=utf-8
location: https://dbhtrkg.com/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66&ckmguid=dab9af81-c856-45dc-a84a-654181d723b9
cache-control: private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWy3gVyGWmyOyNJUwew1gVqHLoviA0NYMwZtvhN0rUekzt1%2BAblFTe13bSVnqw5jywt8fbgenRS5tBQ7J6G24JOTV1v5jzikvlyv8F3g7rd63gNDe9FXpu0XcXvgH2EvJOmT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d06a1b39b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Thu, 09 Feb 2023 00:00:59 GMT
Date: Wed, 08 Feb 2023 22:31:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Thu, 09 Feb 2023 00:00:59 GMT
Date: Wed, 08 Feb 2023 22:31:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Thu, 09 Feb 2023 00:00:59 GMT
Date: Wed, 08 Feb 2023 22:31:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5387
Expires: Thu, 09 Feb 2023 00:00:59 GMT
Date: Wed, 08 Feb 2023 22:31:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HKB4N2wyEkDOCHrcPmb2SW-T48udtqtgj-SITdLi1HxcsmUFDxERfA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:52:43 GMT
age: 2309
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ladt7WYN7SIJ42nshsT0ewNBre8_C8DHi_-JbR37KM57MA9lkq5Anw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:52:28 GMT
age: 2324
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: 9f067f0c-2991-41ae-8dd0-5719a5438abc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PHwEn4IAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c564-730d01807c13643373d64897;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NsPkfWcoYkZE6ynP9nfRlkB-ZVNL2M5QLsL5nng7mUooHvoAUeMYKg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:06:51 GMT
age: 1461
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 06:24:59 GMT
age: 57973
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c7epaBUnG5cmbx_dT8BnEXw8JEOHyEnVEavRV6dSAExVbmdYLRMUzA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:56:04 GMT
age: 2108
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZHGp073QTcSjtcva36Y9sBKwRU6R8MdAxdTf8DQ_ugzAkDgWingxXg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:50:14 GMT
age: 2458
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash a1ca22e9e4ae8335dabb9ce58415e571
0f0b4f8ea1a562b8db2d708bdf52471e272670a9
c7b1b194677e9b545c2b2dd4787695a81e3fd64d0d1629950a619a353dc31b10
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 12 Feb 2023 21:08:42 GMT
ETag: "0f0b4f8ea1a562b8db2d708bdf52471e272670a9"
Last-Modified: Wed, 08 Feb 2023 21:08:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967d0711fb6b527-OSL
dbhtrkg.com/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66&ckmguid=dab9af81-c856-45dc-a84a-654181d723b9
52.202.125.204302 Found 356 B URL HTTP/1.1 dbhtrkg.com/?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66&ckmguid=dab9af81-c856-45dc-a84a-654181d723b9
IP 52.202.125.204:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e985341ad00e229009718e02e2823f8f
a690cc18eabc18e6108b39c08e607fa8a37fc922
2ff42005123648a9236e6a3555843d76c4b0be9901c0d4cfbff3768ad1fa7f4d
GET /?a=22&c=14&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66&ckmguid=dab9af81-c856-45dc-a84a-654181d723b9 HTTP/1.1
Host: dbhtrkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 356
Content-Type: text/html; charset=utf-8
Date: Wed, 08 Feb 2023 22:31:13 GMT
Location: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=EqCbFyAD8deknEhbHJrw3V6ToTYSy9arLIrpSdSEOsJ42bExV2T4Pw==; domain=.dbhtrkg.com; path=/; HttpOnly
trk=EPqIl/DVDYgycMUsH52L/3R6wC2kTQPe1r5u/3kzLQVnLG6Jc8L3lA==; domain=.dbhtrkg.com; expires=Sat, 08-Feb-2025 22:31:10 GMT; path=/; HttpOnly
c11=EqCbFyAD8ddXnOL8Y297OEP0+FCSubHmG2RKU7v3+SCaBTi2irFWZw==; domain=.dbhtrkg.com; expires=Fri, 10-Mar-2023 22:31:10 GMT; path=/; HttpOnly
Connection: close
ocsp.pki.goog/s/gts1p5/Wh4sbHDY6P4
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/Wh4sbHDY6P4
IP 142.250.74.163:0
Hash 0803990b9cc9df5abc17f07567037b22
116b42caa472675e8b04e2f10e5dc6fb9fcd19e4
b94811e7d7916f976c97cf2efbeb05fa820d75c3a4118035c62a62e7defae7ec
POST /s/gts1p5/Wh4sbHDY6P4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exoduseffect.com/assets/images/lander/VSL/price67.jpg
188.114.96.1200 OK 5.6 kB URL HTTP/2 exoduseffect.com/assets/images/lander/VSL/price67.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 213x103, components 3\012- data
Hash eaafdd798054a73a863f3793505271fc
50b32e2bf737e89ebb4a9d52f589667f3dbe1b14
e43c50c7eea2e122f79d1bb50ac966a18847bbdd7c980497034721d15eab5c22
GET /assets/images/lander/VSL/price67.jpg HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/jpeg
content-length: 5556
cf-bgj: imgq:100,h2pri
cf-polished: origSize=21206, status=webp_bigger
etag: "52d6-5cd18228c28d2"
last-modified: Wed, 29 Sep 2021 01:20:26 GMT
strict-transport-security: max-age=0
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IS5Cwi%2B8Yd3oRPLkIK58HfR85t5QDXfvemT8jiTCWHuz9quECvjn3QXXzQ%2FntVOs2P8ewEeR%2BaBEw9UvqLYeX8CF0cwhXeXi3uYoYYYOtgOTRIg62jtMmlvhwhrYYLB4BpuA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d076f947b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/VSL/ctaMobile.jpg?v=10002
188.114.96.1200 OK 12 kB URL HTTP/2 exoduseffect.com/assets/images/lander/VSL/ctaMobile.jpg?v=10002
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 295x138, components 3\012- data
Hash ff04d1a186d51310cf98d1ccc70c5958
4aad914400a6022321cc4d1ed002e514b5363c99
0ca896a5dcd80fd17e17650e84cc4362b5490879c86abc818beb473c236f09a3
GET /assets/images/lander/VSL/ctaMobile.jpg?v=10002 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/jpeg
content-length: 11620
cf-bgj: imgq:100,h2pri
cf-polished: origSize=28021, status=webp_bigger
etag: "6d75-5b3509a1153e7"
last-modified: Wed, 04 Nov 2020 23:47:27 GMT
strict-transport-security: max-age=0
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZJvhCxZlkhwEobGid257dMzhj58Mv7Cn0aVxcdc0Th5ZBkX98Q0ykVY%2BMrN4g5Tpb2e6AZJacy38kh6AH17mxvekiLl7%2B2q0oPCyo2t2Hs3qbI%2BhVgi11wvRWBuPvLjvC2L%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d076f946b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/hero/heroDesktopA1t.png
188.114.96.1200 OK 470 kB URL HTTP/2 exoduseffect.com/assets/images/hero/heroDesktopA1t.png
IP 188.114.96.1:0
File type PNG image data, 800 x 450, 8-bit/color RGBA, non-interlaced\012- data
Size 470 kB (469463 bytes)
Hash 83c3a444cf82d5b7271f5d8d2c77aaad
732f2ec7255ef38ce8c23e4737de815d2f153aee
73035e8c2ba7bc19f518e6b1bc729d538a7a9b7ed2f8ca0b31eb21ef61911631
GET /assets/images/hero/heroDesktopA1t.png HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/png
content-length: 469463
strict-transport-security: max-age=0
last-modified: Tue, 12 Oct 2021 20:26:14 GMT
etag: "729d7-5ce2da83c68e7"
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w3eTt4PVflYxXd4xXvlfFX51LWQlLU41AYFel%2FXaF2xR6cURJ1NKo4fOzOWCWfO%2F0x50OAwaJ%2BkIviy3bIXN%2BhEwbZm2xMC1lAR3r00MjsYSaIFjx4NmJ2IGCyo%2BeMlIC5WI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d076f941b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/VSL/ctaDesktop.jpg?v=10002
188.114.96.1200 OK 33 kB URL HTTP/2 exoduseffect.com/assets/images/lander/VSL/ctaDesktop.jpg?v=10002
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 687x258, components 3\012- data
Hash 045a274c0f94598046c7b8908d732fd8
6f959a8c96950ed95db159bcb83c02cf66d27264
3aaae3958ce4707ace52c19688998924db1179a7b0e257c16407cd3b30096afe
GET /assets/images/lander/VSL/ctaDesktop.jpg?v=10002 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/jpeg
content-length: 32851
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47819, status=webp_bigger
etag: "bacb-5b3509a1153e7"
last-modified: Wed, 04 Nov 2020 23:47:27 GMT
strict-transport-security: max-age=0
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYIllon0oa6XQgns5yklH5B9wi%2FtLoJrwlbhBJTMwM5Sm5XHb9%2Bo1aFBC5bsOphSo67kixE4qSIJNR5zV%2Fkz5cGyyXxkEAC9yR68wAP6RnchTZ5TecC7K4%2FKQmtkPyk4Vk8v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d076f945b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/VSL/trustDesktop.jpg
188.114.96.1200 OK 4.5 kB URL HTTP/2 exoduseffect.com/assets/images/lander/VSL/trustDesktop.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 340x36, components 3\012- data
Hash e456df452b782f3f587f4ac446d6a3ad
2ea0f852a60e27190f2af3ca248b20f816967485
6ec4d690911089737b31dfc29d599a865ba2f645d230d5877d4896b506608e0b
GET /assets/images/lander/VSL/trustDesktop.jpg HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/jpeg
content-length: 4478
cf-bgj: imgq:100,h2pri
cf-polished: origSize=15622, status=webp_bigger
etag: "3d06-5b3509a117327"
last-modified: Wed, 04 Nov 2020 23:47:27 GMT
strict-transport-security: max-age=0
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqvSpe7obzEj0EW1naiUTOetT%2B%2FFl%2BFNmAFOArzuqwuIyEdkDagtq5jkR6HXN5hRapdV2AK4AAGqYj%2FW%2FZm7G%2FNbNj%2Fzg%2F41IF6UYxwcD%2BvJ7t5mBILhZ0GR3HBHhmAoZF4q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d076f94bb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/bulletBible.png
188.114.96.1200 OK 63 kB URL HTTP/2 exoduseffect.com/assets/images/lander/bulletBible.png
IP 188.114.96.1:0
File type PNG image data, 133 x 133, 8-bit/color RGBA, non-interlaced\012- data
Hash 61e772a7126e02e61ea9a08a78a0211c
d54ded7528635ce1a1be5cfcbfe3a8ea4072de6d
e38372d8696f210809f6821f0b00c84e57beff6b12b40bdba9954c257bb3b0a9
GET /assets/images/lander/bulletBible.png HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/png
content-length: 63024
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: "f630-593f4978ab3b1"
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=laVmrWlRYdsh4wsT9Hs7wpbwoITIllQ6kiEdBgBlpB2yb09kEbVsqZ9gVFnrIt8oVcalusjfvfxDBigZePzCphMM9jby4jPswbjj1XWSIRzVdg4HQz6kBBhOq1Hd%2BMKNEss4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d0770950b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/bulletGovernment.png
188.114.96.1200 OK 45 kB URL HTTP/2 exoduseffect.com/assets/images/lander/bulletGovernment.png
IP 188.114.96.1:0
File type PNG image data, 133 x 133, 8-bit/color RGBA, non-interlaced\012- data
Hash 751ec84ad86deff72450cd98d38d5c58
da57f4bcbd042717fc1ba915478bf29b2e6cd117
89023b58f2a45258a944bc9f9cd9ffcbb5baa350203010d6c2056c2530958e9c
GET /assets/images/lander/bulletGovernment.png HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/png
content-length: 44633
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: "ae59-593f4978ab3b1"
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kH%2BjS%2BqBpPCVzqD4W%2FerdPpKk2HRq5CLhvHviUyvX1VR2X8XJ8mCO%2BspxWriycRBOKrjebGDxcFzB1gLbRq97HRykxY8svTFbu8%2BC2tVy5bD2Oxj7UzeVp%2BNrPKQcs8zJCMU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d0772978b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/bulletChristian.png
188.114.96.1200 OK 57 kB URL HTTP/2 exoduseffect.com/assets/images/lander/bulletChristian.png
IP 188.114.96.1:0
File type PNG image data, 133 x 133, 8-bit/color RGBA, non-interlaced\012- data
Hash 56c1ffc1faed7c177c0dfbc7c5ffec1f
6f1e41c8dc562f1d7a37d9147595b410ddd2eacd
4534203d73df094bf991ad0f42631889f0a020e90a00b311e76406822f5512ff
GET /assets/images/lander/bulletChristian.png HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/png
content-length: 56600
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: "dd18-593f4978ab3b1"
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyvrUY%2B4xi3iGmxw2QPQwa%2BpFAgb8coITxqny3zKe7Z6iGt7QIp6O%2BPpGH0dd5YbA6gaw4SXJqQ7FnbpNIEnRTLsxIhMhE0VeTR%2F5KfhlzCkqTCy%2FLRIEmiUULjZfJ7vU%2BWB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d0772977b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/images/lander/bulletHealing.png
188.114.96.1200 OK 51 kB URL HTTP/2 exoduseffect.com/assets/images/lander/bulletHealing.png
IP 188.114.96.1:0
File type PNG image data, 133 x 133, 8-bit/color RGBA, non-interlaced\012- data
Hash 951016bc87aa1e5b830565dc7352b91c
6f7b2378b7c12b42a7a6220ce05c8926598c827a
2ab0932269d9897fd43c2bcda82dc75121d96bea933bd64726bc772e054ca7ab
GET /assets/images/lander/bulletHealing.png HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/png
content-length: 50928
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: "c6f0-593f4978ab3b1"
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJoeX586XQPN6xkSiJFBccjejr84BzAG8f%2BuIuLL9XxMPwsGMhg3V6%2Fibh%2Bt%2BglTg4PL8SeyUR6be5V25H7LemVLTDh1W3L4px8l7FXyGOkFGkEhKTDMBzhvt2jpfXVIWO6K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d0772976b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/Wh4sbHDY6P4
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/Wh4sbHDY6P4
IP 142.250.74.163:0
Hash 0803990b9cc9df5abc17f07567037b22
116b42caa472675e8b04e2f10e5dc6fb9fcd19e4
b94811e7d7916f976c97cf2efbeb05fa820d75c3a4118035c62a62e7defae7ec
POST /s/gts1p5/Wh4sbHDY6P4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vjs.zencdn.net/7.20.2/video-js.css
151.101.194.217200 OK 11 kB URL HTTP/2 vjs.zencdn.net/7.20.2/video-js.css
IP 151.101.194.217:0
File type Unicode text, UTF-8 text, with very long lines (5844)
Hash fe56250286f5ded89eae50b54b7d1100
fa5e7d94f4604ab819f42f8b08257a70c86a6b54
76423f3d7320b1178fce25d069e2ff6c6cdc68f1ff8feb2181ea89bb348a80c4
GET /7.20.2/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 18:58:38 GMT
etag: "92c4f5bba6e24134f07a508819300d2e"
content-type: text/css
content-encoding: gzip
date: Wed, 08 Feb 2023 22:31:13 GMT
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 9
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10964
X-Firefox-Spdy: h2
exoduseffect.com/assets/scripts/squeeze.js?v=10009
188.114.96.1200 OK 1.2 kB URL HTTP/2 exoduseffect.com/assets/scripts/squeeze.js?v=10009
IP 188.114.96.1:0
File type ASCII text, with very long lines (517)
Hash bfe56f91ce0bb301f09b96041885ed50
f5c94ad1ac64a6373a06d465bd0d7fca7cdd6989
f596c0d0192e40399208b82f159b9b2a74ee6da889a29df00a5d68f116cb222d
GET /assets/scripts/squeeze.js?v=10009 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3423
etag: W/"d5f-5ed3423b214da-gzip"
last-modified: Fri, 11 Nov 2022 16:11:16 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wly9WNAe6IN4pqUGrrHYVNsbn%2BNEol%2FtLLMhAzNqO2ckgENE3B2pbUxU7nLHehN1a8T1gQOL3OeBOehJBp0ZAiS9BTIZcM7T%2FClI1EdRUgn8YXWW5rl6QjgKtaW27ahRPwDp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d0772985b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ab88b8165d39c17802adcfb408ea10fa
fc931d76c575e6d449a0ee0fc3f149436fab526a
c82028ee7859d2c74998ab9385a8146f61e51918687edee3e6feb0f25bed294c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1081
Cache-Control: max-age=97575
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:13 GMT
Etag: "63e2f89f-1d7"
Expires: Fri, 10 Feb 2023 01:37:28 GMT
Last-Modified: Wed, 08 Feb 2023 01:19:27 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
vjs.zencdn.net/7.20.2/video.min.js
151.101.194.217200 OK 163 kB URL HTTP/2 vjs.zencdn.net/7.20.2/video.min.js
IP 151.101.194.217:0
File type Unicode text, UTF-8 text, with very long lines (48447)
Size 163 kB (162713 bytes)
Hash 430ea567cd84f443a9549455bb2336d3
525d4782b0b7be4dd32ec2d3a62f2a48945fd390
98310323304c63336f96dd80c6d620f1decb3798453b98dd6f023360b190f9c0
GET /7.20.2/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 18:58:38 GMT
etag: "c038d4c38eb6160ddb328b8944a5422b"
content-type: application/javascript
content-encoding: gzip
date: Wed, 08 Feb 2023 22:31:13 GMT
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 162713
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PP5N9TT
142.250.74.168200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PP5N9TT
IP 142.250.74.168:0
File type ASCII text, with very long lines (16809)
Hash 0e9a3ddbf2e274fbb60355164fc5162b
b31fc1ada183855f1ff7e123d422499af9787507
2f0e1e7862a10c9b5006b5bed6e76ddafc8b537abd5fd47cb212d6b82571d4ed
GET /gtm.js?id=GTM-PP5N9TT HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 22:31:13 GMT
expires: Wed, 08 Feb 2023 22:31:13 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 22:05:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 65647
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a13bf36fca36cf584ff14835a411326a
3e8333971f482ab4fd30928436ff408b2cb1f861
7d06db2760aed14c803adac68a4995c355722ad4efbd66da1e309adb73926c86
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:13 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 10:06:47 GMT
Expires: Tue, 14 Feb 2023 10:06:46 GMT
Etag: "3e8333971f482ab4fd30928436ff408b2cb1f861"
Cache-Control: max-age=473132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967d0780f16b4fa-OSL
cdn.pushwoosh.com/webpush/v3/pushwoosh-web-notifications.js
195.201.193.122200 OK 45 kB URL HTTP/1.1 cdn.pushwoosh.com/webpush/v3/pushwoosh-web-notifications.js
IP 195.201.193.122:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Hash f092e06ff1e7e957d028ea9811b1f11b
689b795e3b8bad42a78e7e6c2e6a2d68653c9491
4c69e9317b545d023ea95040208d583463d1499099bb23ed10e828341e5e6816
GET /webpush/v3/pushwoosh-web-notifications.js HTTP/1.1
Host: cdn.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:31:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 13 Sep 2022 08:45:52 GMT
x-rgw-object-type: Normal
ETag: W/"d50a1b2bd010ebf2eca5a3e1f9c1df25"
X-Amz-Storage-Class: STANDARD
Expires: Thu, 09 Feb 2023 22:31:13 GMT
Cache-Control: max-age=86400, public
X-Cache-Status: HIT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
exoduseffect.com/assets/scripts/slideInOnScroll.js?v=10001
188.114.96.1200 OK 25 kB URL HTTP/2 exoduseffect.com/assets/scripts/slideInOnScroll.js?v=10001
IP 188.114.96.1:0
File type ASCII text, with very long lines (636)
Hash f9d577f07a9dc357730827d7dbdb2ca8
dcafddce6bde7c8b401b559529933516618c1243
0169069e2fc33d30f5f4cd3ba264426322fc1b6e54648d10251cee8254b486c0
GET /assets/scripts/slideInOnScroll.js?v=10001 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1480
etag: W/"5c8-593f4978bfbd3-gzip"
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iLUbTWYdeUbiB1qPeUFsFVNIMsss54tK8bkS8N0PhtrcFB%2BnKaTI1sjafosYEa2XfFjtzHQOs5zW%2FxjQ78zyrruytMJfy38x9oKFrLO80ZuFnsV8hiH4nRaijyZLIwjz6VXa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d0772984b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/squeeze.css?v=10009
188.114.96.1200 OK 20 kB URL HTTP/2 exoduseffect.com/assets/style/squeeze.css?v=10009
IP 188.114.96.1:0
File type ASCII text, with very long lines (3865), with no line terminators
Hash e1950b7bb00bf79f22acd9ba2030962b
95329d73bbfc1136974d8106d47b4060f9ea50ac
47adfd977d62547e902de65e839fe808c5aa49caa15d3274f445c467fd49e575
GET /assets/style/squeeze.css?v=10009 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5240
access-control-allow-origin: *
etag: W/"1478-5b9328c21975b-gzip"
last-modified: Mon, 18 Jan 2021 20:27:14 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AIqAKXj2BSEMCIhQRIXT2eF8L2A%2BDAPwqhLnoScb2WQTrSZZ0%2BT0wVHVlpLSnmUchDH2Z4qIJ%2B9XwSEzn%2F3IxAHS6mAZahH0YVepLE8MfXi%2F3cNaPKNjS1zEonpAlgg2ejai"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d0772979b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 08 Feb 2023 21:45:20 GMT
expires: Wed, 08 Feb 2023 23:45:20 GMT
cache-control: public, max-age=7200
age: 2754
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
216.58.211.10200 OK 5.4 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
IP 216.58.211.10:0
File type ASCII text, with very long lines (2134)
Hash 30ca3165d143baf2835023bfcf463450
62c662c0873b79a314c040fef28dcd29abb14480
4f405d00e8ced09d5826e3e070b7e4d3f3556f856ca790b0b4a2c2eaaf58d33b
GET /ajax/libs/webfont/1.6.26/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 17:09:35 GMT
expires: Wed, 07 Feb 2024 17:09:35 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 105699
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-172780246-2
142.250.74.168200 OK 314 B URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-172780246-2
IP 142.250.74.168:0
Hash 8e109baddb22b573a373457259aac9ac
f5f95ff6171d3cb8b274fa8c1eb361a98faaf423
f6d6b1beb6eb4837871a5b74c2f74ef9d1fc27b9f86b4eeba62c43cebf8914a3
GET /gtag/js?id=UA-172780246-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 22:31:13 GMT
expires: Wed, 08 Feb 2023 22:31:13 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 21:37:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44090
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.tiktok.com/i18n/pixel/events.js?sdkid=C6TP3JRSVD35Q9TRPAO0&lib=ttq
95.101.10.203200 OK 1.5 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=C6TP3JRSVD35Q9TRPAO0&lib=ttq
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (4075)
Hash 9a885be4bf696b757a5bc803f11cc323
7d7ac34b8016bcf5416148bb095f9a05355b9525
98651a46086a9ba637211b8125a2eadbbe67e296d37b4489ff28e313b21cb00a
GET /i18n/pixel/events.js?sdkid=C6TP3JRSVD35Q9TRPAO0&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20230208223114BA79FC0E391C03B8967E
x-tt-trace-host: 01250e51f4d5abc0e156abb7e367bacbb68e42f4f400627b987f8072cc1e36db27b5cf127e15d1a0bf706a4a006d39603cb67fcfa3e22705fe24e1087d6c56b70bfdd3f0d0a2a5971c66254c23483a2ff113936fd99bc0dc9d7d312e6e006bcf085bb156abab1f6fc89804b2c116f3f04e
content-encoding: gzip
content-length: 1487
x-origin-response-time: 11,23.48.249.160
x-akamai-request-id: 9773673.10a7a2b
expires: Wed, 08 Feb 2023 22:31:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:31:14 GMT
x-cache: TCP_MISS from a95-101-10-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
set-cookie: _ttp=2LTWIll8H7fietggd7w81oIcHzZ; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-48-249-160.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=92, origin; dur=11, inner; dur=5
x-parent-response-time: 102,95.101.10.199
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
exoduseffect.com/assets/style/slideInOnScroll.css?v=10001
188.114.96.1200 OK 20 kB URL HTTP/2 exoduseffect.com/assets/style/slideInOnScroll.css?v=10001
IP 188.114.96.1:0
File type ASCII text, with very long lines (2369), with no line terminators
Hash 7acaf0f45488a1d4822ce706750a8297
1fbc5de1cd415c5ce97f0986c8a5b117dc108c97
23587e36700e9b5cbfcc710154268b5209d3b65199ac482eaac306828cb8becc
GET /assets/style/slideInOnScroll.css?v=10001 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2925
access-control-allow-origin: *
etag: W/"b6d-593f4978bfbd3-gzip"
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PkyAlj6kwA1rhRBTnzH7unIizaG8OqfHP6cqO%2FYu7%2FfsOl%2FbuapCvUhoWmB7oNH5%2FssHQ7Q25dJCX%2BJpMbURMEiL8jezAhLGmHzUeNt7CYPAW3gGBdwJCz3%2FcBCsYdrHzxD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e93fb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 07:51:59 GMT
expires: Thu, 08 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 52755
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 13:09:06 GMT
expires: Wed, 07 Feb 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 120128
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 01:50:00 GMT
expires: Sat, 03 Feb 2024 01:50:00 GMT
cache-control: public, max-age=31536000
age: 506474
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/buttons.css?v=10003
188.114.96.1200 OK 21 kB URL HTTP/2 exoduseffect.com/assets/style/buttons.css?v=10003
IP 188.114.96.1:0
File type ASCII text, with very long lines (3834), with no line terminators
Hash 797241b78adc8075ebee01a8f368839e
434565df5ea96fc605b88a3665a2f8dfe68f797c
58d14a516ee1bb9e0381814d302e5606c9a929c5ef0085b3a06fd333c0873243
GET /assets/style/buttons.css?v=10003 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5452
access-control-allow-origin: *
etag: W/"154c-593f4978bfbd3-gzip"
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRmyiwPMDYZyk45BMA8Ejp%2Bonz1K9XSffJf%2FeUg6ArHqLs7bAIepkfpxJM8WrNqGkVOJbhUrdjnUhkDO5LSJeHzx7Ro%2B9XGdxYaWqTptlajsfVm5O5fIYF3nFJ%2Bsd5hP1PPI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e92eb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/static/main.MWNiNWY1N2YyMA.js
95.101.10.203200 OK 66 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/main.MWNiNWY1N2YyMA.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (21891)
Hash 6d7a969e359cdd64d60cd7203cd52920
0b21ff1eb4ba1b0d5224f965d37fab7befd4d9ec
d9877c03a25f2f85f577c12d2da58033295dd9c80964a15ab9e692dbb62d1167
GET /i18n/pixel/static/main.MWNiNWY1N2YyMA.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Cookie: _ttp=2LTWIll8H7fietggd7w81oIcHzZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-logid: 2023020721083048E1C9F8EEF0C7CE1FD0
x-tt-trace-host: 01e2cb5113e80710ff8e1892ebd7a2d475967fc99842c105e3cbc3203a00a402d7431f5e223140367c83accbaadb833f5afcf3f5023d698127621999a993156e2f8560abb5f1644c2bee954e42f435ee2fa35b0f1e415a1afc7887ae5b06d6c4e1
content-encoding: gzip
content-length: 65980
date: Wed, 08 Feb 2023 22:31:14 GMT
x-cache: TCP_HIT from a95-101-10-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=156
x-akamai-request-id: 10a7a63
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 260954
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
142.250.74.35200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 19816, version 1.0\012- data
Hash 290160ea1f23d0178902ab8a62635b0a
5614266d1f6bf5f0d7601fff4a2bc0924830d983
f6b9eebb05461840790fc804b4590323ef12a57fe5af7fcdeed2d798e572844b
GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 08:48:58 GMT
expires: Wed, 07 Feb 2024 08:48:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 16:08:33 GMT
content-type: font/woff2
age: 135736
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
142.250.74.35200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 19740, version 1.0\012- data
Hash 101cf2a65d64322878605fa8472bb025
6dffc15e38c321e4bb567b4bd8107a2e8d97c61d
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8
GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 16:03:02 GMT
expires: Mon, 05 Feb 2024 16:03:02 GMT
cache-control: public, max-age=31536000
age: 282492
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 10:26:49 GMT
expires: Sun, 04 Feb 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 389065
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.tiktok.com/i18n/pixel/static/identify_5f1fb.js
95.101.10.203200 OK 31 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/identify_5f1fb.js
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6c0c7514093e7b1dddb57107c47ead16
c167c044befc49e42d83c01940635aff4a7d78d4
15aaec1913aa1ce973d363428180001a96e2b2946044d6cdd868ccf3dffa7ac3
GET /i18n/pixel/static/identify_5f1fb.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Cookie: _ttp=2LTWIll8H7fietggd7w81oIcHzZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-logid: 2023020721083148E1C9F8EEF0C7CE2033
x-tt-trace-host: 01e2cb5113e80710ff8e1892ebd7a2d475967fc99842c105e3cbc3203a00a402d7431f5e223140367c83accbaadb833f5a0d207b3e8d025f4e3dd28297e4174826a8101724b261f2fc32b2ddb21563a7fb80c1d893b6fef16c63e64e063b97a44f
content-encoding: gzip
content-length: 30893
date: Wed, 08 Feb 2023 22:31:14 GMT
x-cache: TCP_MEM_HIT from a95-101-10-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
x-akamai-request-id: 10a7a97
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 4ccd4a5d4ae2d373665abeea29c8210b
02f71202a0bbaa541a37d705d82cedf39805d990
6d1a81ed7c9ea83bb0e49434885c608df9d9977121cbed5aaa84cb2d91cfc49e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:31:14 GMT
Last-Modified: Wed, 08 Feb 2023 22:29:41 GMT
Server: ECS (dcb/7F13)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XHw_5N0HDc90d7cdABAggrH8cRBDzbROxD71xq_CE6MDGnALm8gdoA==
Age: 93
gum.criteo.com/syncframe?topUrl=exoduseffect.com&origin=onetag
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?topUrl=exoduseffect.com&origin=onetag
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 2cf12a61c5f3f23abe6f26d2181f908c
7cc44e27a14d87f3a8180a7b3a99f6fbc52f99c8
f0b7a85374c53a3a5e3dc9074aa1587df2e43cbd4835cb777f23ae7492cf2041
GET /syncframe?topUrl=exoduseffect.com&origin=onetag HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:14 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=851bdd44-df34-48a0-bbc0-6314a956554e; expires=Mon, 04 Mar 2024 22:31:14 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 744542
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts
54.230.245.108200 OK 0 B URL HTTP/2 d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts
IP 54.230.245.108:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts HTTP/1.1
Host: d2tjsej3ucxx0n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Referer: https://exoduseffect.com/
Origin: https://exoduseffect.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 08 Feb 2023 15:58:12 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
access-control-allow-headers: range
server: AmazonS3
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bdkf9edXTSC5NjNLO91-btIiuWC-5DyvHcti6ejhXFoWQHSMS-H8ww==
age: 23583
X-Firefox-Spdy: h2
d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10.ts
54.230.245.108206 Partial Content 788 kB URL HTTP/2 d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10.ts
IP 54.230.245.108:0
Size 788 kB (788284 bytes)
Hash a12de398096d790786b670d57fb82298
a76842610b14533e573163d3a65b5cda2082d54e
ba175b13f78ed0fe1ed6f0ab3b4162223e3bd6701679687b680e2e16c9c81517
GET /video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10.ts HTTP/1.1
Host: d2tjsej3ucxx0n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-788283
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/MP2T
content-length: 788284
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
last-modified: Tue, 30 Mar 2021 23:06:13 GMT
x-amz-storage-class: REDUCED_REDUNDANCY
accept-ranges: bytes
server: AmazonS3
date: Wed, 08 Feb 2023 14:52:51 GMT
etag: "13f5d7056906dfd7e5192676330e2164-81"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zOXtF3Nm_69vqYAGefujW41EaniyBLl0CnenEp-zrpUBBqyKZhJWuQ==
age: 27504
content-range: bytes 0-788283/422169228
X-Firefox-Spdy: h2
d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts
54.230.245.108206 Partial Content 117 kB URL HTTP/2 d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts
IP 54.230.245.108:0
Size 117 kB (117312 bytes)
Hash c82fd7bf3ef5de8d2d743d01de985e72
51c4afd6bf3c0178224ffe363346c1a9f6b0440e
27f012f2a0481070fc7dcb1b0896a47b35ceb4ef339a0062e652278ae079eaad
GET /video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k.ts HTTP/1.1
Host: d2tjsej3ucxx0n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-117311
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: audio/MP2T
content-length: 117312
date: Wed, 08 Feb 2023 05:37:36 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
last-modified: Tue, 30 Mar 2021 22:58:39 GMT
etag: "8d2841b96dfeae7b9ba66ec8ffb03a41-15"
x-amz-storage-class: REDUCED_REDUNDANCY
accept-ranges: bytes
server: AmazonS3
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eifBzFLnFQ72sd5FhjcD0JE6A8hGtGkw-RqVBOYhrkRkoPG9W16Wxg==
age: 60819
content-range: bytes 0-117311/77989920
X-Firefox-Spdy: h2
analytics.tiktok.com/api/v2/pixel
95.101.10.203200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP 95.101.10.203:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 936
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Cookie: _ttp=2LTWIll8H7fietggd7w81oIcHzZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 0
access-control-allow-origin: *
x-tt-logid: 202302082231145D9AE2072A9ACBF4A4F1
x-tt-trace-host: 01250e51f4d5abc0e156abb7e367bacbb68e42f4f400627b987f8072cc1e36db27bbfcf514b3a99b9f1b5a677d215e00d9fc111eed128d467f131701f1e414a136d3ecda4e3579c829d138c05d1d7d11ce2cd27d87f712160d8d8d946075cd15f5af392c28ff0ed4f83f51b1c4097c1c25
x-origin-response-time: 22,23.48.249.163
x-akamai-request-id: 338c4e29.10a7aa0
expires: Wed, 08 Feb 2023 22:31:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:31:14 GMT
x-cache: TCP_MISS from a95-101-10-199.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
x-cache-remote: TCP_MISS from a23-48-249-163.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=22, inner; dur=19
x-parent-response-time: 115,95.101.10.199
X-Firefox-Spdy: h2
175132.tracking.hyros.com/v1/lst/universal-script?ph=9bc599f9ab46cb2f7507e8577d80913a8c63a505faba2e67e311117d32296386&tag=!exoduseffect
52.4.228.223200 OK 36 kB URL HTTP/2 175132.tracking.hyros.com/v1/lst/universal-script?ph=9bc599f9ab46cb2f7507e8577d80913a8c63a505faba2e67e311117d32296386&tag=!exoduseffect
IP 52.4.228.223:0
File type ASCII text, with very long lines (35503), with no line terminators
Hash f6d487bf9c04f903ac9b4980e0c0e7ef
12ddea908af2184cfef4356ae5141120b385f21e
c30172352e542f9b914bfc56de12fa0b917a707ad3a38485e761c02fda960907
GET /v1/lst/universal-script?ph=9bc599f9ab46cb2f7507e8577d80913a8c63a505faba2e67e311117d32296386&tag=!exoduseffect HTTP/1.1
Host: 175132.tracking.hyros.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:14 GMT
content-type: text/javascript;charset=ISO-8859-1
content-length: 35503
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-max-age: 86400
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4895
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Last-Modified: Wed, 08 Feb 2023 21:09:39 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4895
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Last-Modified: Wed, 08 Feb 2023 21:09:39 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0fc3e2be9a02b14fdb24e92d26da8838
d55b2ea7ea9d97de65bd0833926173f205591b6e
55958bd04c967f293dd41c5f4cd5fc52eaaad9738af71c0910fad08b11996c24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4808
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:14 GMT
Last-Modified: Wed, 08 Feb 2023 21:11:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10_v4.m3u8
54.230.245.108200 OK 6.6 kB URL HTTP/2 d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10_v4.m3u8
IP 54.230.245.108:0
Hash 99ad4d92e80d976111fd6f785d825ab3
1ffc2b85bd1122d1bf5f727078b13b71a7b8e1a1
ee94701d954f2b4c83dceb266894fa2c15c089291516de426d5e626e55273cea
GET /video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls10_v4.m3u8 HTTP/1.1
Host: d2tjsej3ucxx0n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
last-modified: Tue, 30 Mar 2021 23:06:13 GMT
x-amz-storage-class: REDUCED_REDUNDANCY
server: AmazonS3
content-encoding: gzip
date: Wed, 08 Feb 2023 07:11:17 GMT
etag: W/"93a0c433c0197adaf641d2830bc21ebe"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h1wpw6yuckCtZk7pK-S8AVBn0gyA6cHgFv2WZBCAXaWOs1XnTdAdqw==
age: 55198
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39f72ee961e1afed82fed52212ec6b65
557eae661c60433cfbbe14dbca5df31259e0c59b
b527888545839ca25e30f2fe8d409f3de6ab08d98a974dd14626b728e5ead13c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2736
Cache-Control: max-age=127986
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Etag: "63e368f5-1d7"
Expires: Fri, 10 Feb 2023 10:04:21 GMT
Last-Modified: Wed, 08 Feb 2023 09:18:45 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash f31a18edbf87f9266a78b72da87228ed
5c5b30f1d22a19815a43108225e5a48c4fad11a7
d54391aa165ad6e54aeb6d6d0fc39f4bdefc1f792588f471bc15078f5ab16dff
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:31:15 GMT
Last-Modified: Wed, 08 Feb 2023 21:18:18 GMT
Server: ECS (bsa/EB11)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cWT_5fM81uvAYEUhd234dHxh--afpFwnlL1auMFBEeM6HbxVMZYWAg==
Age: 4377
exoduseffect.com/assets/images/ajaxYellow.svg
188.114.96.1200 OK 885 B URL HTTP/2 exoduseffect.com/assets/images/ajaxYellow.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 126809a8cfec1bd3b0fe0ba8b7e5d742
95363fc5bcf437211978d54bfcd0aca4b47d75f2
dbf7082b8a1f1482ddc5700512df43cb4b84fce1e2cb1fa405ec7454d8fe331f
GET /assets/images/ajaxYellow.svg HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: image/svg+xml
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: W/"d07-593f497893cae-gzip"
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Wa%2BftH0MPUVJQonx95KY8Dl0G5ONuv8NwhB%2F%2B0ldoPVKLbSK1krrRN%2FIHaV%2Fn9EhbWXI3iZrn2%2BqvfPIc5N6QGKso3TzZcUPrghmWMIyKk1akG0BavvsC2Us%2B8kh%2FI4LVnM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076f94cb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: OnNTbaWZfyig9NLPim6Sd+XoPPUeDi6X/jIKRFrr+pDHEP2/xyZgFVp6AHjL4nrc2cuIwZDT109hrjEDFphThA==
content-length: 27843
x-fb-trip-id: 1904183273
date: Wed, 08 Feb 2023 22:31:15 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 39f72ee961e1afed82fed52212ec6b65
557eae661c60433cfbbe14dbca5df31259e0c59b
b527888545839ca25e30f2fe8d409f3de6ab08d98a974dd14626b728e5ead13c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2736
Cache-Control: max-age=127986
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Etag: "63e368f5-1d7"
Expires: Fri, 10 Feb 2023 10:04:21 GMT
Last-Modified: Wed, 08 Feb 2023 09:18:45 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/628433881/?random=1675895530601&cv=11&fst=1675895530601&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&auid=1173316180.1675895531&rfmt=3&fmt=4
216.58.207.194200 OK 961 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/628433881/?random=1675895530601&cv=11&fst=1675895530601&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&auid=1173316180.1675895531&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2221), with no line terminators
Hash 947444fb3a33517783816289519f6a13
0ea1fec1ac3fa9c24436f62f7d363e51cad99880
98759b1632bf69e96faf9e7784be41fa687094f71d1706d671af242172748100
GET /pagead/viewthroughconversion/628433881/?random=1675895530601&cv=11&fst=1675895530601&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&auid=1173316180.1675895531&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 22:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 961
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 22:46:15 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=1328601885&gjid=1820230180&_gid=651206293.1675895531&_u=YEDAAUABAAAAACAAI~&z=711522460
74.125.205.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=1328601885&gjid=1820230180&_gid=651206293.1675895531&_u=YEDAAUABAAAAACAAI~&z=711522460
IP 74.125.205.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=1328601885&gjid=1820230180&_gid=651206293.1675895531&_u=YEDAAUABAAAAACAAI~&z=711522460 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://exoduseffect.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 08 Feb 2023 22:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sslwidget.criteo.com/event?a=95287&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=ffSot19OOUhrS2ZFNENUUDN5RWpKN00weW12YVdUc0dEa2VkRmRRZmxQWXdPa2Y3azgyRGNGQUlJZGZmZG5DcmlvS0JzNkw0NFJoV1BJS3NudFRrcXFGZEJzVE5hMzVJMktnckpLWEJLVFlpcW8yWTFXNVZuYWVGSVFoalF1bUtiVU9YTTE5a3Q3cmM0NmxQZHF0bVdueEtwRGclM0QlM0Q&tld=exoduseffect.com&dy=1&fu=https%253A%252F%252Fexoduseffect.com%252F%253FaffId%253D22%2526c1%253Dmw15cust020823clickers%2526c2%253D%2526c3%253D91.90.42.154%2526id%253D100576504%2526affid%253D22%2526cid%253D53%2526s1%253Dmw15cust020823clickers%2526s2%253D%2526s3%253D91.90.42.154%2526s4%253D%2526s5%253D8b55156fdf09466d97eb03fff0c6bc66&dtycbr=62954
178.250.0.163302 Found 0 B URL HTTP/2 sslwidget.criteo.com/event?a=95287&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=ffSot19OOUhrS2ZFNENUUDN5RWpKN00weW12YVdUc0dEa2VkRmRRZmxQWXdPa2Y3azgyRGNGQUlJZGZmZG5DcmlvS0JzNkw0NFJoV1BJS3NudFRrcXFGZEJzVE5hMzVJMktnckpLWEJLVFlpcW8yWTFXNVZuYWVGSVFoalF1bUtiVU9YTTE5a3Q3cmM0NmxQZHF0bVdueEtwRGclM0QlM0Q&tld=exoduseffect.com&dy=1&fu=https%253A%252F%252Fexoduseffect.com%252F%253FaffId%253D22%2526c1%253Dmw15cust020823clickers%2526c2%253D%2526c3%253D91.90.42.154%2526id%253D100576504%2526affid%253D22%2526cid%253D53%2526s1%253Dmw15cust020823clickers%2526s2%253D%2526s3%253D91.90.42.154%2526s4%253D%2526s5%253D8b55156fdf09466d97eb03fff0c6bc66&dtycbr=62954
IP 178.250.0.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /event?a=95287&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=ffSot19OOUhrS2ZFNENUUDN5RWpKN00weW12YVdUc0dEa2VkRmRRZmxQWXdPa2Y3azgyRGNGQUlJZGZmZG5DcmlvS0JzNkw0NFJoV1BJS3NudFRrcXFGZEJzVE5hMzVJMktnckpLWEJLVFlpcW8yWTFXNVZuYWVGSVFoalF1bUtiVU9YTTE5a3Q3cmM0NmxQZHF0bVdueEtwRGclM0QlM0Q&tld=exoduseffect.com&dy=1&fu=https%253A%252F%252Fexoduseffect.com%252F%253FaffId%253D22%2526c1%253Dmw15cust020823clickers%2526c2%253D%2526c3%253D91.90.42.154%2526id%253D100576504%2526affid%253D22%2526cid%253D53%2526s1%253Dmw15cust020823clickers%2526s2%253D%2526s3%253D91.90.42.154%2526s4%253D%2526s5%253D8b55156fdf09466d97eb03fff0c6bc66&dtycbr=62954 HTTP/1.1
Host: sslwidget.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:15 GMT
server: Kestrel
content-length: 0
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
expires: 0
location: https://widget.us.criteo.com/event?a=95287&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1%26tms%3Dcustom-guide&p2=e%3Ddis&adce=1&bundle=ffSot19OOUhrS2ZFNENUUDN5RWpKN00weW12YVdUc0dEa2VkRmRRZmxQWXdPa2Y3azgyRGNGQUlJZGZmZG5DcmlvS0JzNkw0NFJoV1BJS3NudFRrcXFGZEJzVE5hMzVJMktnckpLWEJLVFlpcW8yWTFXNVZuYWVGSVFoalF1bUtiVU9YTTE5a3Q3cmM0NmxQZHF0bVdueEtwRGclM0QlM0Q&tld=exoduseffect.com&dy=1&fu=https%253A%252F%252Fexoduseffect.com%252F%253FaffId%253D22%2526c1%253Dmw15cust020823clickers%2526c2%253D%2526c3%253D91.90.42.154%2526id%253D100576504%2526affid%253D22%2526cid%253D53%2526s1%253Dmw15cust020823clickers%2526s2%253D%2526s3%253D91.90.42.154%2526s4%253D%2526s5%253D8b55156fdf09466d97eb03fff0c6bc66&dtycbr=62954
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
server-processing-duration-in-ticks: 5673957
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=187098476&gjid=1662951459&_gid=651206293.1675895531&_u=YEBAAUAAAAAAACAAI~&z=541735372
74.125.205.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=187098476&gjid=1662951459&_gid=651206293.1675895531&_u=YEBAAUAAAAAAACAAI~&z=541735372
IP 74.125.205.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-172780246-2&cid=1419919207.1675895531&jid=187098476&gjid=1662951459&_gid=651206293.1675895531&_u=YEBAAUAAAAAAACAAI~&z=541735372 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://exoduseffect.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 08 Feb 2023 22:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
175132.t.hyros.com/v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66
52.203.209.81200 OK 0 B URL HTTP/2 175132.t.hyros.com/v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66
IP 52.203.209.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66 HTTP/1.1
Host: 175132.t.hyros.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: product-id
Referer: https://exoduseffect.com/
Origin: https://exoduseffect.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-length: 0
access-control-allow-origin: https://exoduseffect.com
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-allow-headers: product-id
access-control-max-age: 86400
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
175132.t.hyros.com/v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66
52.203.209.81200 OK 0 B URL HTTP/2 175132.t.hyros.com/v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66
IP 52.203.209.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/lst/gusid?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66 HTTP/1.1
Host: 175132.t.hyros.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Product-ID: 175132
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-length: 0
access-control-allow-origin: https://exoduseffect.com
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-max-age: 86400
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
etag: HB-ET_ef28ec388edb5590ac4b9a8a71fe2f07b706d81155b62cb1ec7cccdd8fbc6c67
set-cookie: true;SameSite=None;Secure
HB-ET_ef28ec388edb5590ac4b9a8a71fe2f07b706d81155b62cb1ec7cccdd8fbc6c67;SameSite=None;Secure
session-id: HB-ET_ef28ec388edb5590ac4b9a8a71fe2f07b706d81155b62cb1ec7cccdd8fbc6c67
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/reset.css?v=10001
188.114.96.1200 OK 2.3 kB URL HTTP/2 exoduseffect.com/assets/style/reset.css?v=10001
IP 188.114.96.1:0
File type ASCII text, with very long lines (923), with no line terminators
Hash 9cd50285bfb6e6997f485c048d57d2a2
b486933b41faa5520bf3f4458015f397d435b98b
86f8a67e4589d0f5c4605cab3631325bfe938c0f707d29e7c40d051545147b41
GET /assets/style/reset.css?v=10001 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1270
access-control-allow-origin: *
etag: W/"4f6-593f4978bfbd3-gzip"
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fg0a%2FTXGY7weIILIJY33pvxWxr51jHVa6nqAc7q4o3NIBnGqYr9E%2Fld5NJaBl0I7dI%2FmosMN%2FgMAQ3hT8hB9MjqrLtDjweiEh3FVHFUEQmhYuqvqrGH%2F8uqGVpiNEkxTkEyU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076d928b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 22:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/628433881/?random=1675895530601&cv=11&fst=1675893600000&bg=ffffff&guid=ON&async=1>m=45He3260&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&tiba=The%20Exodus%20Effect&fmt=3&is_vtc=1&random=1678742862&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 22:31:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.comodoca.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0f7fb8f9bb2553338a45c73c0f72666e
1bc03f34926de5e96182b8197580460e16777d86
2e23790275cff50f5e9e387612501770427220c8babddfc3fd466c4b15b4e86e
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 03:38:21 GMT
Expires: Wed, 15 Feb 2023 03:38:20 GMT
Etag: "1bc03f34926de5e96182b8197580460e16777d86"
Cache-Control: max-age=602941,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1237
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967d0826b2d1bfa-OSL
175132.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
52.203.209.81200 OK 0 B URL HTTP/2 175132.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
IP 52.203.209.81:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0 HTTP/1.1
Host: 175132.t.hyros.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
Referer: https://exoduseffect.com/
Origin: https://exoduseffect.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-length: 0
access-control-allow-origin: https://exoduseffect.com
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-allow-headers: access-control-allow-headers,access-control-allow-origin,content-type,product-id,session-id
access-control-max-age: 86400
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
X-Firefox-Spdy: h2
rp.liadm.com/j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg
3.227.111.146302 Found 0 B URL HTTP/2 rp.liadm.com/j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg
IP 3.227.111.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg HTTP/1.1
Host: rp.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:15 GMT
content-length: 0
trace-id: 5e1a4d7062323b15
vary: Origin
location: /j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg&n3pc=true
set-cookie: lidid=747925c3-6f30-4ba6-bdca-8df121572dca; Max-Age=63072000; Expires=Fri, 07 Feb 2025 22:31:15 GMT; SameSite=None; Path=/; Domain=.liadm.com; Secure; HTTPOnly
request-time: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://exoduseffect.com
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 3d6fee1bc9059dcc3de70c57b58cced8
744e833240d1b74ae8c7e94900be52c897be7fea
329d69e85174ed10f6f3c5cd46ee0a3f39fdbbac2fe413913b5db109bc0262e3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4668
Cache-Control: max-age=101158
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:15 GMT
Etag: "63e2f89d-139"
Expires: Fri, 10 Feb 2023 02:37:13 GMT
Last-Modified: Wed, 08 Feb 2023 01:19:25 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
175132.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
52.203.209.81200 OK 110 kB URL HTTP/2 175132.t.hyros.com/v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0
IP 52.203.209.81:0
File type gzip compressed data, from Unix\012- data
Size 110 kB (110418 bytes)
Hash 5c20504563eec7239281d84e498c63f3
7e84f5e9d0bbd7417358ab45cae458a2b2d88c67
26034978140e28c00027066beea01591ae2a06fcbb227d47f4008f066caee522
GET /v1/lst/pc?ref_url=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&u_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0 HTTP/1.1
Host: 175132.t.hyros.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Content-type: application/json; charset=utf-8
Session-ID: HB-ET_ef28ec388edb5590ac4b9a8a71fe2f07b706d81155b62cb1ec7cccdd8fbc6c67
Product-ID: 175132
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Cookie: HB-ET_ef28ec388edb5590ac4b9a8a71fe2f07b706d81155b62cb1ec7cccdd8fbc6c67
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: application/json;charset=UTF-8
content-length: 117
access-control-allow-origin: https://exoduseffect.com
access-control-allow-methods: GET, PUT, POST, OPTIONS, DELETE
access-control-max-age: 86400
access-control-expose-headers: Session-ID
access-control-allow-credentials: true
X-Firefox-Spdy: h2
rp.liadm.com/j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg&n3pc=true
3.227.111.146200 OK 13 B URL HTTP/2 rp.liadm.com/j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg&n3pc=true
IP 3.227.111.146:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 97efe0b7ee61e154d57e80758bb797d8
810b4e115fe9f5ae697666febf2a9abf0b21c9ec
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
GET /j?dtstmp=1675895530727&aid=a-06ld&se=e30&duid=875ea714f6f7--01grsjgs2nfhjfyb0htpzkbksv&tna=v2.6.0&pu=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPlRoZSBFeG9kdXMgRWZmZWN0PC90aXRsZT48aDE-V2hhdCBpcyB5b3VyIHByaW1hcnkgYWlsbWVudD88L2gxPjxoMT5XaGF0IGlzIHlvdXIgYWdlPzwvaDE-PGgxPkhvdyBtdWNoIHBhaW4gYXJlIHlvdSBpbj88L2gxPjxoMT5Ib3cgc3Ryb25nIGlzIHlvdXIgZmFpdGg_PC9oMT48aDE-SWYgeW91ciBwYWluIHdhcyB3aXBlZCBjbGVhbiwgd2hhdCB3b3VsZCB0aGF0IGRvIGZvciB5b3U_PC9oMT48aDE-VGhhbmtzIFNvIE11Y2ggRm9yIFRha2luZzxicj5PdXIgQW5vbnltb3VzIFN1cnZleTwvaDE-PGgxPlRoZSBIaWRkZW4gUGF0aCBUbyBIZWFsaW5nIFRoZXkgRG9uJ3QgV2FudCBZb3UgVG8gU2VlPC9oMT48aDEgaWQ9ImJ1bGxldENUQSI-CjxkaXYgY2xhc3M9ImJsYWNrVHJpYW5nbGUiPjwvZGl2PgpQbGVhc2Ugd2F0Y2ggdGhlIHZpZGVvIGFib3ZlIG5vdyBiZWZvcmUgaXQgZ2V0cyB0YWtlbiBkb3duIGZvciBnb29kIQo8L2gxPg&n3pc=true HTTP/1.1
Host: rp.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exoduseffect.com
Referer: https://exoduseffect.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: application/json
content-length: 13
trace-id: 19a553cb71bb8962
vary: Origin
request-time: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-pixel-event-id: 75669578-280b-4c2a-9ea1-c3c7812a08c1
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: https://exoduseffect.com
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
X-Firefox-Spdy: h2
api.amplitude.com/
34.223.188.58200 OK 7 B IP 34.223.188.58:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1736
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63e422b3-26ec3d3b386e991b7ff6cb51
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=196687248304241&ev=PageView&dl=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&rl=&if=false&ts=1675895532287&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1675895532286.1559005728&it=1675895531626&coo=false&rqm=GET
31.13.72.36200 OK 110 kB URL HTTP/2 www.facebook.com/tr/?id=196687248304241&ev=PageView&dl=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&rl=&if=false&ts=1675895532287&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1675895532286.1559005728&it=1675895531626&coo=false&rqm=GET
IP 31.13.72.36:0
File type gzip compressed data, from Unix\012- data
Size 110 kB (110340 bytes)
Hash 2f0f66cbe3a71318095a693b427c4c03
ef2ed283a584fbd3f6b70b83fc98b3042093302c
637d2c0f1ec92855e804325da3b1f7dc60dd49480df9d8ca11911ae6aa7a5626
GET /tr/?id=196687248304241&ev=PageView&dl=https%3A%2F%2Fexoduseffect.com%2F%3FaffId%3D22%26c1%3Dmw15cust020823clickers%26c2%3D%26c3%3D91.90.42.154%26id%3D100576504%26affid%3D22%26cid%3D53%26s1%3Dmw15cust020823clickers%26s2%3D%26s3%3D91.90.42.154%26s4%3D%26s5%3D8b55156fdf09466d97eb03fff0c6bc66&rl=&if=false&ts=1675895532287&sw=1280&sh=1024&v=2.9.95&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1675895532286.1559005728&it=1675895531626&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 08 Feb 2023 22:31:16 GMT
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.69200 OK 4.1 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.69:0
File type JSON data\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5413)
Hash 7fb46933a14eaab36fec424064f20499
c06ef26277f22208a8d1bc416f3efd120e84cd6d
093c58592744bbaa96a986cc1f86c7c3b7d547836f90a0a1a4de05e3a761e141
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:14 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 107627
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
54.230.111.108200 OK 200 B URL HTTP/2 js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
IP 54.230.111.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 93afeeb17bc37e711759584dbfc50d47
bbbc9e5d68854172c90b993064df560996a2a433
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
GET /v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 200
last-modified: Mon, 06 Feb 2023 18:41:51 GMT
accept-ranges: bytes
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin: *
date: Wed, 08 Feb 2023 22:00:21 GMT
cache-control: max-age=31536000
etag: "93afeeb17bc37e711759584dbfc50d47"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a3057Ok5ykViicDMhmVnLk46_3SiEzYmuCRFZTlJYjU3fz5bxPi2bw==
age: 2285
X-Firefox-Spdy: h2
api.amplitude.com/
34.223.188.58200 OK 7 B IP 34.223.188.58:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1214
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-63e422b4-0f8fceb606e076624a87e691
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
54.230.111.108200 OK 631 B URL HTTP/2 js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
IP 54.230.111.108:0
File type ASCII text, with very long lines (526)
Hash f8f6a4584135f737b26927596ce6e0a7
609ea9e9c46563fb1dc78a7967c926394e73ffab
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
GET /v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 631
last-modified: Mon, 06 Feb 2023 18:41:51 GMT
accept-ranges: bytes
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
date: Wed, 08 Feb 2023 22:02:43 GMT
cache-control: max-age=31536000
etag: "f8f6a4584135f737b26927596ce6e0a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BDgx9Wai8kn2ZPlMgEuUuZh40tir8PaSYWIOB6BzaJgtP7xXsAGsSg==
age: 1729
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 91cb9439a39c23ce6676df79a4357755
89d546f0ddc59a5f89e709c7fee010d54cbe330d
77b386737e40b84787b9c085da21a1f2dc621473f4bc69cba4262bc67957fb59
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77B386737E40B84787B9C085DA21A1F2DC621473F4BC69CBA4262BC67957FB59"
Last-Modified: Wed, 08 Feb 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2695
Expires: Wed, 08 Feb 2023 23:16:11 GMT
Date: Wed, 08 Feb 2023 22:31:16 GMT
Connection: keep-alive
matching.ivitrack.com/sync?realm=criteo&uid=k-jMZSEi2YilVahKW3-cloI9mztjxy3qWii1csUA
34.117.157.22200 OK 42 B URL HTTP/2 matching.ivitrack.com/sync?realm=criteo&uid=k-jMZSEi2YilVahKW3-cloI9mztjxy3qWii1csUA
IP 34.117.157.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /sync?realm=criteo&uid=k-jMZSEi2YilVahKW3-cloI9mztjxy3qWii1csUA HTTP/1.1
Host: matching.ivitrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: istio-envoy
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: image/gif
content-length: 42
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 4
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 91cb9439a39c23ce6676df79a4357755
89d546f0ddc59a5f89e709c7fee010d54cbe330d
77b386737e40b84787b9c085da21a1f2dc621473f4bc69cba4262bc67957fb59
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77B386737E40B84787B9C085DA21A1F2DC621473F4BC69CBA4262BC67957FB59"
Last-Modified: Wed, 08 Feb 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2695
Expires: Wed, 08 Feb 2023 23:16:11 GMT
Date: Wed, 08 Feb 2023 22:31:16 GMT
Connection: keep-alive
m.stripe.network/inner.html
151.101.0.176200 OK 527 B URL HTTP/2 m.stripe.network/inner.html
IP 151.101.0.176:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (930), with no line terminators
Hash e02352ef72e8a9563463c07174b0e50f
7a41613f7eae0819d1a4785eae3617fdbb33b9b3
2275fff71f8cbf1f25a1af7f7bbe5ecbc868ed0b16d345a8ce31770f66fc8ea5
GET /inner.html HTTP/1.1
Host: m.stripe.network
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=300, public
content-type: text/html; charset=utf-8
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 22:31:16 GMT
via: 1.1 varnish
age: 9
x-request-id: 720ef779-ae97-45a2-baf7-5cb59507fad8
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1675895476.309501,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 527
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 0e1e70d615a8ee3a499d68b3b0dd64ac
4178a54ebf8738a96f9e0bac902ceacb0ff914ae
317fcf73c8d02c92f4c01155e0bbcbe5bdb117fb98a7e0a97ca47cadb0a54263
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=114749
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e330a5-1d7"
Expires: Fri, 10 Feb 2023 06:23:45 GMT
Last-Modified: Wed, 08 Feb 2023 05:18:29 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LaS8gu_dxZlX9PnuVxP_FJP6ZIVzLlKKibRdiDr2nqtajC0TtJr4Ng==
Age: 3916
m.stripe.network/out-4.5.42.js
151.101.0.176200 OK 16 kB URL HTTP/2 m.stripe.network/out-4.5.42.js
IP 151.101.0.176:0
File type Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Hash 0b880c6e7a381ef1f81263cf34c54e79
af46e0111cb22576b07084f4b49be7b41b5fc3ca
115ea79f002c0c2e3405178f66ce92ecb5173e7678f692ab65d6bbf526880b7b
GET /out-4.5.42.js HTTP/1.1
Host: m.stripe.network
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.stripe.network/inner.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=300, public
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 22:31:16 GMT
via: 1.1 varnish
age: 287
x-request-id: a4c85a19-6d2c-40a8-952c-4dfd718984ef
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 76
x-timer: S1675895476.351794,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 16031
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=
server-processing-duration-in-ticks: 778716
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-nNifay2YilVahKW3-cloI9mztjxtUbKx2Nn-wVjMZoth2tG3
52.58.161.78200 OK 299 B URL HTTP/2 exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-nNifay2YilVahKW3-cloI9mztjxtUbKx2Nn-wVjMZoth2tG3
IP 52.58.161.78:0
Hash 246bed1ac8ad629f4ceb0f249dfc20fd
7404f5e5af9220e715544e2f1814f681949f87bc
d9ef08357abc57eeecca44c98423ad9e09d5d927bf14712d1d89ad66f6d2cee5
GET /usersync/push?partner=criteo&partnerId=k-nNifay2YilVahKW3-cloI9mztjxtUbKx2Nn-wVjMZoth2tG3 HTTP/1.1
Host: exchange.mediavine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: text/html; charset=utf-8
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: private, no-cache
set-cookie: mv_tokens=%7B%22mv_uuid%22%3A%224d019890-a800-11ed-a16c-b12ff602bded%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Wed, 22 Feb 2023 22:31:16 GMT; Secure; SameSite=None
mv_tokens_eu-v1=%7B%22mv_uuid%22%3A%224d019890-a800-11ed-a16c-b12ff602bded%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Wed, 22 Feb 2023 22:31:16 GMT; Secure; SameSite=None
am_tokens=%7B%22mv_uuid%22%3A%224d019890-a800-11ed-a16c-b12ff602bded%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Wed, 22 Feb 2023 22:31:16 GMT; Secure; SameSite=None
am_tokens_eu-v1=%7B%22mv_uuid%22%3A%224d019890-a800-11ed-a16c-b12ff602bded%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Wed, 22 Feb 2023 22:31:16 GMT; Secure; SameSite=None
criteo=%7B%22id%22%3A%22k-nNifay2YilVahKW3-cloI9mztjxtUbKx2Nn-wVjMZoth2tG3%22%2C%22version%22%3A%22criteo%22%7D; Path=/; Expires=Wed, 22 Feb 2023 22:31:16 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-ynHw2y2YilVahKW3-cloI9mztjw_CBDTPf-4Ww
23.38.200.22200 OK 237 B URL HTTP/2 contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-ynHw2y2YilVahKW3-cloI9mztjw_CBDTPf-4Ww
IP 23.38.200.22:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 74378edf31ef26cd97c236ad08d05fa3
fdd52cdbf193d1dfd1031978667689f3414b49ed
11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990
GET /cksync.php?cs=3&type=crt&ovsid=k-ynHw2y2YilVahKW3-cloI9mztjw_CBDTPf-4Ww HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 237
content-type: image/gif
set-cookie: visitor-id=3188970763580223000V10; Expires=Thu, 08 Feb 2024 22:31:16 GMT; domain=.media.net; Path=/;
data-c-ts=1675895476;Expires=Fri, 10 Mar 2023 22:31:16 GMT;path=/;domain=.media.net;
data-c=k-ynHw2y2YilVahKW3-cloI9mztjw_CBDTPf-4Ww~~3;Expires=Fri, 10 Mar 2023 22:31:16 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
x-mnet-hl2: E
expires: Wed, 08 Feb 2023 22:31:16 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:31:16 GMT
X-Firefox-Spdy: h2
criteo-sync.teads.tv/um?eid=80&uid=k-eHk-MS2YilVahKW3-cloI9mztjzg-Ky-GFldLw
23.195.255.234200 OK 23 B URL HTTP/2 criteo-sync.teads.tv/um?eid=80&uid=k-eHk-MS2YilVahKW3-cloI9mztjzg-Ky-GFldLw
IP 23.195.255.234:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash da5b449fff36752a93779fa4067cd2eb
71a96eea77f21ab5f1819b96c4cedd5cd34476ca
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
GET /um?eid=80&uid=k-eHk-MS2YilVahKW3-cloI9mztjzg-Ky-GFldLw HTTP/1.1
Host: criteo-sync.teads.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
server: akka-http/10.2.9
content-length: 23
expires: Wed, 08 Feb 2023 22:31:16 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:31:16 GMT
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ
172.217.21.162302 Found 440 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b3b23f4d4ccd3ff82991043b9db7e084
36f3be7c756e6b6798813f07ae96deb8c1044bc0
24df0b77904aa6d40f6d1fc48129865bac3168508d4514add6abdc4744346c9e
GET /pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm=&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ&google_tc=
date: Wed, 08 Feb 2023 22:31:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 440
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 22:46:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg
172.64.154.237302 Found 0 B URL HTTP/2 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg
IP 172.64.154.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
content-length: 0
location: /rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg&C=1
cf-ray: 7967d087dfb4b4f3-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=Y.QitDvJHS8eSESmwV4nKgAA; Path=/; Domain=casalemedia.com; Expires=Thu, 08 Feb 2024 22:31:16 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=1841; Path=/; Domain=casalemedia.com; Expires=Tue, 09 May 2023 22:31:16 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=1841; Path=/; Domain=casalemedia.com; Expires=Tue, 09 May 2023 22:31:16 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6zUkj3rrJUV9guPOpWoZUfga3uP5fc1MGyG2niJ9rDOEf9AVFa3W7UxSOz8RfHZORAYCNJ3NBO2SbPl1fY7MOI5Q5p%2FEgUrCvjJXmXtPyIiulpyNlP%2FCBhUE2Qgh8YBP0Og"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
37.252.171.149307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 08 Feb 2023 22:31:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
AN-X-Request-Uuid: 9f4650d9-a793-401c-a932-98cc36ed7dfc
Set-Cookie: uuid2=8574671463253472844; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 09-May-2023 22:31:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9ce0c9bc2a6db0953de294199054df32
349a4f1fa3240e2b9d0a2254453ecaa4d78113e5
992aaf5ee320fb9291ced258e2b6fa49170bf1b5d54ee6b74955cf32719ebd93
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4856
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Last-Modified: Wed, 08 Feb 2023 21:10:21 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 7be1d8bc7bd8dd840fe6fb8dddcf9a1b
a68887a90771301f0c0830107e173d79ef1be3e6
49f3004a94e27e95adb7d901fc34063e93542a4c5334fc0aa9d6df89f38cbf44
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139669
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e39d1e-1d7"
Expires: Fri, 10 Feb 2023 13:19:05 GMT
Last-Modified: Wed, 08 Feb 2023 13:01:18 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vstDaNkT9oue6hp8TwVaxOk_-sERCsvbcBmlNehJXO8eTMUvSmdsDQ==
Age: 1067
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 47d5d2c13e0d930328ae3ff166919175
06ac77ab3f2c9f6c82b4a4f45cf380a15066e022
2fc5f5eecbcad1e173a5bb29ea26ae20b59c55ac0c865bea206d7ac36bf078bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5614
Cache-Control: max-age=152080
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e3bbd6-1d7"
Expires: Fri, 10 Feb 2023 16:45:56 GMT
Last-Modified: Wed, 08 Feb 2023 15:12:22 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm=&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ&google_tc=
172.217.21.162302 Found 332 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm=&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ&google_tc=
IP 172.217.21.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash dea1b2ce1b4e2eebc43b4e0d469e1c3c
7a5d224ee8f82707a75e3f9639869e122f3c6b0a
4482eb0d53fa104780fa39b06c94dd0837d2faa551e637f12f29dc2c5a9911f2
GET /pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_cm=&google_hm=ay11bTRGZ1MyWWlsVmFoS1czLWNsb0k5bXp0andBMElJdUkwMU1oUQ&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_error=3
date: Wed, 08 Feb 2023 22:31:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-nJ-boi2YilVahKW3-cloI9mztjwx7-r8JuuK_g&expires=30
213.19.162.90204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-nJ-boi2YilVahKW3-cloI9mztjwx7-r8JuuK_g&expires=30
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=6434&nid=2149&put=k-nJ-boi2YilVahKW3-cloI9mztjwx7-r8JuuK_g&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 1da0c96602e9a1076eae4f5554c05cf3
Content-Type: image/gif
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg&C=1
172.64.154.237200 OK 43 B URL HTTP/2 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg&C=1
IP 172.64.154.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /rum?cm_dsp_id=20&external_user_id=k-tLyPsS2YilVahKW3-cloI9mztjwkvtqIUqdstg&C=1 HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
content-length: 43
cf-ray: 7967d0885847b4f3-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUaXX0u0e7RLvGFb3xvS6UJvO2nobYMF1qpF63ZLOSiKFLIxY89a2WtWZZppItsU9p%2Fzz3pRgeKN7cqYrdfLVEDuG8FONnbk8QsACyxecbCEutL%2BJ7MoIhZL7ApwW8HCKGa%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 72390cb7ac945efb0f941ea683debf03
d1a37f015b7e7cdf2d259aa62a15e2f784833571
974d7cfa45510239991f637da24cb599d0ba4f4d538d52bff44aca7cde437558
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3640
Cache-Control: max-age=114858
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e33226-139"
Expires: Fri, 10 Feb 2023 06:25:34 GMT
Last-Modified: Wed, 08 Feb 2023 05:24:54 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 313
eb2.3lift.com/xuid?mid=2711&xuid=k-9rkqei2YilVahKW3-cloI9mztjzmWm2Mk1K_nA&dongle=013b
13.248.245.213200 OK 37 B URL HTTP/2 eb2.3lift.com/xuid?mid=2711&xuid=k-9rkqei2YilVahKW3-cloI9mztjzmWm2Mk1K_nA&dongle=013b
IP 13.248.245.213:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3eacd0132310ea44cad756b378a3bc07
e2216a7e9b73f5cb0279351c78ce61c33475cea7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
GET /xuid?mid=2711&xuid=k-9rkqei2YilVahKW3-cloI9mztjzmWm2Mk1K_nA&dongle=013b HTTP/1.1
Host: eb2.3lift.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw
18.156.0.31302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw&verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBLQi5GMCEA_dA_jEaitgely4w9MXPdsFEgEBAQF05WPuYwAAAAAA_eMAAA&S=AQAAAqMbU-fJOIVhIsnS7-Tcb1M; Expires=Fri, 9 Feb 2024 04:31:16 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
37.252.171.149302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Wed, 08 Feb 2023 22:31:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
AN-X-Request-Uuid: bfc6c0ba-9fe2-4095-95e2-806479d8bc5f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a6273e111e5068d3dbd20908cca45570
580278bc551ab16d5d028819473cd7c2f5e7ba2a
571367e0a3e8a106d0ffb68ba9a9d11209785071259765cebf001fac2355a5bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5918
Cache-Control: max-age=86191
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e2b945-117"
Expires: Thu, 09 Feb 2023 22:27:47 GMT
Last-Modified: Tue, 07 Feb 2023 20:49:09 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-tf7W4C2YilVahKW3-cloI9mztjy7o-lTe6upDw
185.86.138.155200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-tf7W4C2YilVahKW3-cloI9mztjy7o-lTe6upDw
IP 185.86.138.155:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?partnerid=79&partneruserid=k-tf7W4C2YilVahKW3-cloI9mztjy7o-lTe6upDw HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Wed, 08 Feb 2023 22:31:15 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=7048324749456312216; expires=Fri, 08 Mar 2024 22:31:16 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Fri, 08 Mar 2024 22:31:16 GMT; domain=smartadserver.com; path=/
csync=79:k-tf7W4C2YilVahKW3-cloI9mztjy7o-lTe6upDw; expires=Thu, 08 Feb 2024 22:31:16 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96712aeae562ade92e53a7f44af41877
bb012ee0f08d602747f47da8ba9028dfd6358129
ea2efb35d357a6f317f71355a394a3fcf962686faba6a42410878df7ceb01fcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA2EFB35D357A6F317F71355A394A3FCF962686FABA6A42410878DF7CEB01FCB"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4931
Expires: Wed, 08 Feb 2023 23:53:27 GMT
Date: Wed, 08 Feb 2023 22:31:16 GMT
Connection: keep-alive
ad.yieldlab.net/m?dt_id=8664&ext_id=k-6o2imi2YilVahKW3-cloI9mztjwvHSBe7yEWpQ
23.13.245.180204 No Content 0 B URL HTTP/1.1 ad.yieldlab.net/m?dt_id=8664&ext_id=k-6o2imi2YilVahKW3-cloI9mztjwvHSBe7yEWpQ
IP 23.13.245.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /m?dt_id=8664&ext_id=k-6o2imi2YilVahKW3-cloI9mztjwvHSBe7yEWpQ HTTP/1.1
Host: ad.yieldlab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
x-application-context: application
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Tue, 07 Feb 2023 22:31:16 GMT
Date: Wed, 08 Feb 2023 22:31:16 GMT
Connection: keep-alive
Set-Cookie: id=ccaadc5c-810b-4c34-99ce-48cb56cd0aa0; Path=/; Domain=prod.svc.y6b.de; Expires=Thu, 08-Feb-2024 22:31:16 GMT; Max-Age=31536000; Secure; SameSite=None
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw&verify=true
18.156.0.31204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw&verify=true
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-INCJ5y2YilVahKW3-cloI9mztjzLGoIHMO3Zkw&verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 08 Feb 2023 22:31:16 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBLQi5GMCEI_H2Ep9-4Dl6uI_m5I7pfYFEgEBAQF05WPuYwAAAAAA_eMAAA&S=AQAAAptQP1wHy3K8J1WUQO8eFVU; Expires=Fri, 9 Feb 2024 04:31:16 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d09192b0325fc351f837998af0ec0859
9a2e9bd3eafa7a522727e29908c1576e7d256a87
def6f8c8083625ad72cb4a4e93336979b5ab7d0181031f639c3abc3f5b63ef99
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3869
Cache-Control: max-age=130179
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e36d1a-1d7"
Expires: Fri, 10 Feb 2023 10:40:55 GMT
Last-Modified: Wed, 08 Feb 2023 09:36:26 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
id5-sync.com/s/966/9.gif?puid=k-dX7f3i2YilVahKW3-cloI9mztjzfuWHdv_DnMg
162.19.138.120200 43 B URL HTTP/1.1 id5-sync.com/s/966/9.gif?puid=k-dX7f3i2YilVahKW3-cloI9mztjzfuWHdv_DnMg
IP 162.19.138.120:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /s/966/9.gif?puid=k-dX7f3i2YilVahKW3-cloI9mztjzfuWHdv_DnMg HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:36:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Wed, 08 Feb 2023 22:31:16 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5cee7b98e5150c1f893636a54fc4a6a3
a4a5c0b5271d7489985e25bc9c5d912d4e2552d6
695a2faaf6485e37d403123c99b79a6c3cdf768592b487862cc23a10a6ab407e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5832
Cache-Control: max-age=119575
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e33c03-1d7"
Expires: Fri, 10 Feb 2023 07:44:11 GMT
Last-Modified: Wed, 08 Feb 2023 06:06:59 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q
185.64.189.110200 OK 42 B URL HTTP/2 simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q
IP 185.64.189.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q HTTP/1.1
Host: simage2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_97=3385-uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q&KRTB&23144-uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q&KRTB&23286-uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q&KRTB&23287-uid:k-S223Py2YilVahKW3-cloI9mztjxDR4c3n7hC9Q; domain=pubmatic.com; secure; expires=Fri, 10-Mar-2023 22:31:15 GMT; path=/
PugT=1675895475; domain=pubmatic.com; secure; expires=Fri, 10-Mar-2023 22:31:15 GMT; path=/
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 0d370f8d9239374cd2f765340e2e67c8
5fb8bca1d2934da69871d3c006d78d54daea052d
d269ec25d619da1dd10a65e160936701d8bf86796018bfc0432f02017f12eebc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110844
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e32c7f-1d7"
Expires: Fri, 10 Feb 2023 05:18:40 GMT
Last-Modified: Wed, 08 Feb 2023 05:00:47 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c2qjNbB1W1WdtonAReUVZQkObhriCesj2CmLr_8fr97KkCM7BO7l0Q==
Age: 1073
dpm.demdex.net/ibs:dpid=28645&dpuuid=
34.250.33.236302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=28645&dpuuid=
IP 34.250.33.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-0ebef7d37.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=42525650651325566680756551475289746639; Max-Age=15552000; Expires=Mon, 07 Aug 2023 22:31:16 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: sQvRX+YGS1Q=
Content-Length: 0
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 597458833c02e3e4cb5ebb4e1d4edcb1
554118a98db5bf5c5ef8fde598feb1c36d6ca4ce
961fd3f14d06020498f3c1dc48f303b152fa8b37822803605c40a74bc071bf4f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 03:11:54 GMT
Expires: Wed, 15 Feb 2023 03:11:53 GMT
Etag: "554118a98db5bf5c5ef8fde598feb1c36d6ca4ce"
Cache-Control: max-age=534636,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967d0886d570b06-OSL
match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-OQ3HJy2YilVahKW3-cloI9mztjxGUzU149hZHQ
52.29.44.9204 No Content 0 B URL HTTP/2 match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-OQ3HJy2YilVahKW3-cloI9mztjxGUzU149hZHQ
IP 52.29.44.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-OQ3HJy2YilVahKW3-cloI9mztjxGUzU149hZHQ HTTP/1.1
Host: match.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 08 Feb 2023 22:31:16 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5eecee8746b80be9e0c125cd1a6fbe62
6bb07051e8d9ef26d47f7df9846f589178d77cbb
adc26481b4eb6697f772d1d79de38769c179963e7e9df9b093d368f031472345
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 13:56:50 GMT
Expires: Tue, 14 Feb 2023 13:56:49 GMT
Etag: "6bb07051e8d9ef26d47f7df9846f589178d77cbb"
Cache-Control: max-age=486932,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967d0884973b4fa-OSL
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
34.250.33.236200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
IP 34.250.33.236:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-025f2aae7.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: ksrJ2Mg1Tao=
Content-Length: 59
Connection: keep-alive
sync.outbrain.com/cookie-sync?p=criteo&uid=k-B9fdBC2YilVahKW3-cloI9mztjzcD_-FGWS0hg&initiator=partner
64.202.112.191200 OK 0 B URL HTTP/1.1 sync.outbrain.com/cookie-sync?p=criteo&uid=k-B9fdBC2YilVahKW3-cloI9mztjzcD_-FGWS0hg&initiator=partner
IP 64.202.112.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync?p=criteo&uid=k-B9fdBC2YilVahKW3-cloI9mztjzcD_-FGWS0hg&initiator=partner HTTP/1.1
Host: sync.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:16 GMT
Content-Length: 0
Cache-Control: no-cache
X-TraceId: b09f66b21a8a1289fb705a48ae82cfa8
visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-7v1tny2YilVahKW3-cloI9mztjzqEoBji2Q1DA
185.255.84.153200 OK 49 B URL HTTP/2 visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-7v1tny2YilVahKW3-cloI9mztjzqEoBji2Q1DA
IP 185.255.84.153:0
ASN #200271 Iguane Solutions SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 4408efc0174f07ad685c456f1de521ca
e3bc3250f8f32bd98dc7b05fd8940b74617eb8d1
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
GET /visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-7v1tny2YilVahKW3-cloI9mztjzqEoBji2Q1DA HTTP/1.1
Host: visitor.omnitagjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=14cb920d4d88af9819188b37f5ab8f93; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Wed, 08 Feb 2023 22:31:16 GMT
content-length: 49
x-envoy-upstream-service-time: 2
server: ayl-lb-fra02
X-Firefox-Spdy: h2
x.bidswitch.net/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30
35.156.135.89302 Found 0 B URL HTTP/2 x.bidswitch.net/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30
IP 35.156.135.89:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30
cache-control: no-cache, no-store, must-revalidate
set-cookie: tuuid=b6444819-fd4e-487a-bd60-5b6be2d2e804; path=/; expires=Thu, 08-Feb-2024 22:31:16 GMT; domain=.bidswitch.net; samesite=none; secure
c=1675895476; path=/; expires=Thu, 08-Feb-2024 22:31:16 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1675895476; path=/; expires=Thu, 08-Feb-2024 22:31:16 GMT; domain=.bidswitch.net; samesite=none; secure
c=1675895476; path=/; expires=Thu, 08-Feb-2024 22:31:16 GMT; domain=.bidswitch.net; samesite=none; secure
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
server-processing-duration-in-ticks: 806622
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 2631e1f2e1e103d529b30009bc0ac580
56aa15f39c5266bfdbfa7bd79681f866f5c39988
0505b8dd9efe74afc6699331b39415e8ccda5da67cd153aa2ef57d28ff9023fe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:31:16 GMT
Last-Modified: Wed, 08 Feb 2023 22:12:33 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EZUw55kYv8WHAgIACTYSRJebQFBw-qEmwUW7_Wz6SNPcQBHkjexsAA==
Age: 1123
x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30
35.156.135.89200 OK 43 B URL HTTP/2 x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30
IP 35.156.135.89:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=46&user_id=k-p30wei2YilVahKW3-cloI9mztjx6HrFP7AzUsg&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 34c9cbb204d23876fa71a5239b660d66
e113911a89e2e6f4e5bf5ca9e289a6414a1fc1b1
487b777449507b6469ed2f5ea6cc23a6d99d4ada78e5673a5a5e619a79e2f008
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138027
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e38f04-1d7"
Expires: Fri, 10 Feb 2023 12:51:43 GMT
Last-Modified: Wed, 08 Feb 2023 12:01:08 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0r8mMvc_GWFtwyGQknoxf-2weIat9O-Ll_8uFcxNUpI9mG1ZXy7iAg==
Age: 3035
sync-criteo.ads.yieldmo.com/sync?id=k-C2Uw4i2YilVahKW3-cloI9mztjxhwAfwratDdQ&pn_id=criteo&ext=1
54.229.45.63200 OK 43 B URL HTTP/2 sync-criteo.ads.yieldmo.com/sync?id=k-C2Uw4i2YilVahKW3-cloI9mztjxhwAfwratDdQ&pn_id=criteo&ext=1
IP 54.229.45.63:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?id=k-C2Uw4i2YilVahKW3-cloI9mztjxhwAfwratDdQ&pn_id=criteo&ext=1 HTTP/1.1
Host: sync-criteo.ads.yieldmo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
content-length: 43
set-cookie: yieldmo_id=g484f54de9a4d410e740%7C1675895476880%7C0%7C; Domain=.yieldmo.com; Expires=Thu, 08-Feb-2024 22:31:16 GMT; Path=/; Secure; SameSite=None; Secure
ptrcriteo=k-C2Uw4i2YilVahKW3-cloI9mztjxhwAfwratDdQ; Domain=ads.yieldmo.com; Expires=Thu, 08-Feb-2024 22:31:16 GMT; Path=/; Secure; SameSite=None; Secure
access-control-allow-origin: *
access-control-request-headers: Cache-Control, Pragma
access-control-allow-methods: GET, OPTIONS
pragma: no-cache
X-Firefox-Spdy: h2
criteo-partners.tremorhub.com/sync?UICR=k-99RlxS2YilVahKW3-cloI9mztjxr5FllYOrDOg
54.211.235.181200 OK 514 B URL HTTP/2 criteo-partners.tremorhub.com/sync?UICR=k-99RlxS2YilVahKW3-cloI9mztjxr5FllYOrDOg
IP 54.211.235.181:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b16c11e4b8b470b4aef56bfcd6bbe4fc
38186582e179fa51e84c1922dc296cd65b088e39
8fb56a7fac5f4fdc551b8f41c7f291e40685cd849bca5d1a4d8c4faa5c440596
GET /sync?UICR=k-99RlxS2YilVahKW3-cloI9mztjxr5FllYOrDOg HTTP/1.1
Host: criteo-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 74f269ea6e0e5b8a5e9addb3b3e5ca39
4127eaa8db4d48a3be478e7b5a36b23d76965e3a
3b57a7b6466157656355da406be93258755ab94fa34af42da551189b5b399997
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 493
Cache-Control: max-age=135481
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:31:16 GMT
Etag: "63e38f00-1d7"
Expires: Fri, 10 Feb 2023 12:09:17 GMT
Last-Modified: Wed, 08 Feb 2023 12:01:04 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
54.73.101.116204 No Content 0 B URL HTTP/2 beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
IP 54.73.101.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch.gif?partner=criteo&partner_uid= HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 08 Feb 2023 22:31:17 GMT
set-cookie: _kuid_=PXjq-znx; Expires=Mon, 07-Aug-23 22:31:17 GMT; Max-Age=15552000; Domain=.krxd.net; Path=/
cache-control: private, no-cache, no-store
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n010-dub-prod.krxd.net
x-request-time: D=54 t=1675895477
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 08 Feb 2023 22:31:16 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=
server-processing-duration-in-ticks: 459703
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
m.stripe.com/6
44.237.90.198200 OK 156 B IP 44.237.90.198:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f4803f960c1df13a5643ccde57a4b9a4
a8948b0ff9508820f1398a26765459d783f7bb02
97287452e0d13929274e65aaaa4bdb10091146e3a78c51ed321b6be907681dc1
POST /6 HTTP/1.1
Host: m.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3004
Origin: https://m.stripe.network
Connection: keep-alive
Referer: https://m.stripe.network/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:17 GMT
content-length: 156
set-cookie: m=39190149-b1c4-4325-85a0-8269139fc2b2253791;Expires=Fri, 07-Feb-2025 22:31:17 GMT;Secure;HttpOnly; SameSite=None
x-content-type-options: nosniff
x-stripe-bg-intended-route-color: blue
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/json;charset=utf-8
X-Firefox-Spdy: h2
cdn.pushwoosh.com/webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872
195.201.193.122200 OK 27 kB URL HTTP/1.1 cdn.pushwoosh.com/webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872
IP 195.201.193.122:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Hash 96a9e556b9405a94db6237d14399fbf1
ecf8972c28f57ba5d71c1179a5335cb92db5f341
008a20bc1c9a1f75178b26d93c18391aae4afc7690804b990937d6b3ac2545a9
GET /webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872 HTTP/1.1
Host: cdn.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:31:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 13 Sep 2022 08:45:52 GMT
x-rgw-object-type: Normal
ETag: W/"d3aa7a7ef179cfa8f5c244ae6379bc42"
X-Amz-Storage-Class: STANDARD
Expires: Wed, 08 Feb 2023 23:31:17 GMT
Cache-Control: max-age=3600, public
X-Cache-Status: MISS
X-Proxy-Cache: MISS
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash d6320635fbf1660b8e6b87e37a24efd7
addf30d29080b155e99cb5a5cd68f03a3c24a7d7
e76f96651ecbdaa9de4270da3dbdcad41679620c9b30c4d6c704497960c375d6
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "E76F96651ECBDAA9DE4270DA3DBDCAD41679620C9B30C4D6C704497960C375D6"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2064
Expires: Wed, 08 Feb 2023 23:05:41 GMT
Date: Wed, 08 Feb 2023 22:31:17 GMT
Connection: keep-alive
s.thebrighttag.com/cs?btt=0&tp=cr&uid=
18.116.57.128200 OK 35 B URL HTTP/2 s.thebrighttag.com/cs?btt=0&tp=cr&uid=
IP 18.116.57.128:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /cs?btt=0&tp=cr&uid= HTTP/1.1
Host: s.thebrighttag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:17 GMT
content-type: image/gif
content-length: 35
x-bt-requestid: 4db07630-a800-11ed-8615-0000ac1703a4
cache-control: private, must-revalidate
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin:
server: nginx
p3p: CP=NOI DSP COR NID
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a13bf36fca36cf584ff14835a411326a
3e8333971f482ab4fd30928436ff408b2cb1f861
7d06db2760aed14c803adac68a4995c355722ad4efbd66da1e309adb73926c86
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:31:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 10:06:47 GMT
Expires: Tue, 14 Feb 2023 10:06:46 GMT
Etag: "3e8333971f482ab4fd30928436ff408b2cb1f861"
Cache-Control: max-age=473127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967d0948860b4fa-OSL
cdn.pushwoosh.com/webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872
94.130.239.232200 OK 27 kB URL HTTP/1.1 cdn.pushwoosh.com/webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872
IP 94.130.239.232:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Hash 96a9e556b9405a94db6237d14399fbf1
ecf8972c28f57ba5d71c1179a5335cb92db5f341
008a20bc1c9a1f75178b26d93c18391aae4afc7690804b990937d6b3ac2545a9
GET /webpush/v3/pushwoosh-service-worker.js?cache_clean=65dd604f-4656-41ec-b231-164d79253872 HTTP/1.1
Host: cdn.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:31:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 13 Sep 2022 08:45:52 GMT
x-rgw-object-type: Normal
ETag: W/"d3aa7a7ef179cfa8f5c244ae6379bc42"
X-Amz-Storage-Class: STANDARD
Expires: Wed, 08 Feb 2023 23:31:18 GMT
Cache-Control: max-age=3600, public
X-Cache-Status: MISS
X-Proxy-Cache: MISS
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
redhotm.pushwoosh.com/json/1.3/getInboxMessages
88.198.209.119200 OK 13 kB URL HTTP/2 redhotm.pushwoosh.com/json/1.3/getInboxMessages
IP 88.198.209.119:0
ASN #24940 Hetzner Online GmbH
Hash d13b269c3fa60e3c17e0990ab86ba4a5
9a54043e4d2f323c047823b6d89f32eba68349dc
9cd1af0578c470afa26b83c1ab5f05774f2c835c68b0a3186f881880ab38e481
POST /json/1.3/getInboxMessages HTTP/1.1
Host: redhotm.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exoduseffect.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://exoduseffect.com
Content-Length: 297
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:19 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: phpDaemon/1.0-beta3
x-pw-cluster-node: inbox-api-6f5949f7d8-6lctq
x-pw-front-node: inbox-api-6f5949f7d8-6lctq
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.pushwoosh.com/webpush/img/FF.jpg
195.201.193.122200 OK 37 kB URL HTTP/1.1 cdn.pushwoosh.com/webpush/img/FF.jpg
IP 195.201.193.122:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 500x130, components 3\012- data
Hash 7d3915a7d11ae927099d2eb0ad523cd3
c0c85e69f51d4edd98e5585a5f4f0719190cf8fb
54e02a92678bae8e1505bdab994bce17b4b4979bed827d33159f44adcf63f834
GET /webpush/img/FF.jpg HTTP/1.1
Host: cdn.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:31:19 GMT
Content-Type: image/jpeg
Content-Length: 37009
Connection: keep-alive
Last-Modified: Wed, 09 Jun 2021 13:23:32 GMT
x-rgw-object-type: Normal
ETag: "7d3915a7d11ae927099d2eb0ad523cd3"
Expires: Wed, 08 Feb 2023 23:31:19 GMT
Cache-Control: max-age=3600, public
X-Cache-Status: HIT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
cdn.pushwoosh.com/webpush/img/FF_unlock.jpg
195.201.193.122200 OK 42 kB URL HTTP/1.1 cdn.pushwoosh.com/webpush/img/FF_unlock.jpg
IP 195.201.193.122:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 500x230, components 3\012- data
Hash e865726ac3e87b953406c246bbc659ad
1636d16959a0de998862b0af6dd9a371af4cd304
3c445a00ee0a5a45af217b799a6793052c81e70a570d8def7ecdb8bdc75a7101
GET /webpush/img/FF_unlock.jpg HTTP/1.1
Host: cdn.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:31:19 GMT
Content-Type: image/jpeg
Content-Length: 42302
Connection: keep-alive
Last-Modified: Wed, 09 Jun 2021 13:23:32 GMT
x-rgw-object-type: Normal
ETag: "e865726ac3e87b953406c246bbc659ad"
Expires: Wed, 08 Feb 2023 23:31:19 GMT
Cache-Control: max-age=3600, public
X-Cache-Status: HIT
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-CiwQpi2YilVahKW3-cloI9mztjy4t8c4MMp8gQ
141.226.228.48200 OK 0 B URL HTTP/2 sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-CiwQpi2YilVahKW3-cloI9mztjy4t8c4MMp8gQ
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sg/criteortb-network/1/rtb-h/?taboola_hm=k-CiwQpi2YilVahKW3-cloI9mztjy4t8c4MMp8gQ HTTP/1.1
Host: sync-t1.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:16 GMT
x-fastly-to-nlb-rtt: 24026
access-control-allow-credentials: true
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.211200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.211:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:14 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 119609
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cp.pushwoosh.com/json/1.3/getConfig
88.198.209.124200 OK 0 B URL HTTP/2 cp.pushwoosh.com/json/1.3/getConfig
IP 88.198.209.124:0
ASN #24940 Hetzner Online GmbH
POST /json/1.3/getConfig HTTP/1.1
Host: cp.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exoduseffect.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://exoduseffect.com
Content-Length: 333
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: pushwoosh/device-api
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
js.stripe.com/v3/
54.230.111.108200 OK 0 B IP 54.230.111.108:0
GET /v3/ HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
last-modified: Wed, 08 Feb 2023 19:27:58 GMT
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-encoding: br
date: Wed, 08 Feb 2023 22:31:13 GMT
cache-control: max-age=60
etag: W/"ef2dfb45a4703b191e939bfee2c103ec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hHyDxdqTlow4GlhVU1qpo1v39bmoNOubtKAdE7D2-PU0Clu6ZaWkZQ==
age: 34
X-Firefox-Spdy: h2
exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
IP 188.114.96.1:0
GET /?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cf-cache-status: DYNAMIC
set-cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; expires=Sat, 18-Feb-2023 22:31:13 GMT; Max-Age=864000; path=/; domain=.exoduseffect.com; secure; HttpOnly
100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D; expires=Sat, 18-Feb-2023 22:31:13 GMT; Max-Age=864000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Ui0%2BTrVxG7qJg1k1Tuh34%2FVbCutCF3CczhrU9hFbZOArkhzNR8qPewhLEIpCtDkbN5f2MCQDrqdXMi6YHf1znUWjO7tec1XMYFhNiFY%2BbHQMQSqdQzS%2Bgf7%2FWvQps%2BzAHrI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d0752f5cb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/VSL.css?v=10024
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/style/VSL.css?v=10024
IP 188.114.96.1:0
GET /assets/style/VSL.css?v=10024 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=12226
access-control-allow-origin: *
etag: W/"2fc2-5f30b5cb6efdc-gzip"
last-modified: Wed, 25 Jan 2023 00:03:29 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppCWhuh6lOfdk9JyvvLNika3knIqrbGcx5u5cbOZuFNAsZUluCxJP6m9t%2BgKmUr0ZV8kz%2F5fb2JcbbJ2%2BU%2BSVtUQ7R9KHxfvNNrxCQRcVx7vP66vuaBdaPT%2BzjvYJ2FfcCKC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e93db500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
b-code.liadm.com/a-06ld.min.js
54.230.111.95200 OK 0 B URL HTTP/2 b-code.liadm.com/a-06ld.min.js
IP 54.230.111.95:0
GET /a-06ld.min.js HTTP/1.1
Host: b-code.liadm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 08 Feb 2023 09:36:29 GMT
cache-control: "public, max-age=86400"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: y02HKfthZrPKc_UqShgSwLEOtw1nWrTRLKf4lxC-m6ZvmvrXVtlpwg==
age: 46485
X-Firefox-Spdy: h2
dynamic.criteo.com/js/ld/ld.js?a=95287
178.250.0.147200 OK 0 B URL HTTP/2 dynamic.criteo.com/js/ld/ld.js?a=95287
IP 178.250.0.147:0
GET /js/ld/ld.js?a=95287 HTTP/1.1
Host: dynamic.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:14 GMT
content-type: application/javascript; charset=utf-8
server: Kestrel
cache-control: public,max-age=10800
content-encoding: br
vary: Origin, Accept-Encoding
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/forms.css?v=10008
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/style/forms.css?v=10008
IP 188.114.96.1:0
GET /assets/style/forms.css?v=10008 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=6825
access-control-allow-origin: *
etag: W/"1aa9-5c2192bf9993b-gzip"
last-modified: Wed, 12 May 2021 02:57:31 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tro7PzGQ7y%2BGBgYjoLj5YCPEK3WuFYfT59PbIVDsfVHLA%2FL5vzaSKYrN5bPd68xOqOCfCWz9wSwc9SCmxdrwf5o5y6C7oVYSgYoFoSE0gtw2jQvRTNmn5jQgURQACDQzKHgw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e92bb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
exoduseffect.com/assets/scripts/jquery-2.2.0.min.js?v=10001
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/scripts/jquery-2.2.0.min.js?v=10001
IP 188.114.96.1:0
GET /assets/scripts/jquery-2.2.0.min.js?v=10001 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: application/javascript
strict-transport-security: max-age=0
last-modified: Wed, 02 Oct 2019 22:00:07 GMT
etag: W/"14e55-593f4978bec33-gzip"
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fc5RzyygpasrAQFfAbQAPAnOPfTUakeWpeCbTwjZLtURTAfhW%2BileJwG1%2FBdsoy4M1csDAM0JjWMZHOZmQO4tv6kD0dFuBaewH5JZw3oqmtwFaChlV21g46BzriSdIwcz%2FAN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e930b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_error=3
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_error=3
IP 178.250.0.163:0
GET /dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-um4FgS2YilVahKW3-cloI9mztjwA0IIuI01MhQ&google_error=3 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:15 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 187074
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/VSL/fsLandscape.css?v=10001
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/style/VSL/fsLandscape.css?v=10001
IP 188.114.96.1:0
GET /assets/style/VSL/fsLandscape.css?v=10001 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1767
access-control-allow-origin: *
etag: W/"6e7-5bff46034ebf0-gzip"
last-modified: Wed, 14 Apr 2021 20:13:10 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtwf%2F50J9YT3j3ox3IAB%2FXWRWb8HK6mxW%2F%2Bv6UWo3O0mVxa%2BVUXBVwGUL2gDEe1TZzSQUzxHfZrWnuLiWyuJ4RyEw3qwTw%2BqQDWo53cHNut8rUNdSGynqurluuypr3v82zcs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d077297ab500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k_v4.m3u8
54.230.245.108200 OK 0 B URL HTTP/2 d2tjsej3ucxx0n.cloudfront.net/video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k_v4.m3u8
IP 54.230.245.108:0
GET /video/VSL_20210331_A2.6_HighProd/VSL_20210331_A2.6_HighProdhls_audio_160k_v4.m3u8 HTTP/1.1
Host: d2tjsej3ucxx0n.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-allow-methods: GET, POST, HEAD
last-modified: Tue, 30 Mar 2021 22:58:39 GMT
x-amz-storage-class: REDUCED_REDUNDANCY
server: AmazonS3
content-encoding: gzip
date: Wed, 08 Feb 2023 07:11:18 GMT
etag: W/"e81947ba63ae52994206821bb8704dbe"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9HuLSsHYonHAG4OY7waVQkFOtrer-B_-_k9V0ior0BQfB1LtVLsOOw==
age: 55197
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
IP 178.250.0.163:0
GET /dis/rtb/appnexus/cookiematch.aspx?appnxsid=0 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 416515
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cp.pushwoosh.com/json/1.3/applicationOpen
88.198.209.124200 OK 0 B URL HTTP/2 cp.pushwoosh.com/json/1.3/applicationOpen
IP 88.198.209.124:0
ASN #24940 Hetzner Online GmbH
POST /json/1.3/applicationOpen HTTP/1.1
Host: cp.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exoduseffect.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://exoduseffect.com
Content-Length: 250
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:16 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
redhotm.pushwoosh.com/json/1.3/checkDevice
88.198.209.119200 OK 0 B URL HTTP/2 redhotm.pushwoosh.com/json/1.3/checkDevice
IP 88.198.209.119:0
ASN #24940 Hetzner Online GmbH
POST /json/1.3/checkDevice HTTP/1.1
Host: redhotm.pushwoosh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exoduseffect.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://exoduseffect.com
Content-Length: 250
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:31:19 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, OPTIONS, DELETE, HEAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Headers, is_auto_request, Content-Length, Accept-Encoding, X-Registry-Auth
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
exoduseffect.com/assets/style/global.css?v=10017
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/style/global.css?v=10017
IP 188.114.96.1:0
GET /assets/style/global.css?v=10017 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8236
access-control-allow-origin: *
etag: W/"202c-5c11dfadc1393-gzip"
last-modified: Thu, 29 Apr 2021 15:16:30 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ER%2FVrZYI06ck5x7m%2BtNoUNl9eSx4tmIr46rPnFfpxPrFhv%2F7DUouIVJZ4FxD4voznw706RrJjFOl7q%2BvXhh70jD8DZWERbkAvG4uS5cjINP%2BKyC5ndShDijPuQQXw9do6JOH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076d92ab500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.57.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.57.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exoduseffect.com
Connection: keep-alive
Referer: https://exoduseffect.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967d077a8d71c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
exoduseffect.com/assets/scripts/global.js?v=10002
188.114.96.1200 OK 0 B URL HTTP/2 exoduseffect.com/assets/scripts/global.js?v=10002
IP 188.114.96.1:0
GET /assets/scripts/global.js?v=10002 HTTP/1.1
Host: exoduseffect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exoduseffect.com/?affId=22&c1=mw15cust020823clickers&c2=&c3=91.90.42.154&id=100576504&affid=22&cid=53&s1=mw15cust020823clickers&s2=&s3=91.90.42.154&s4=&s5=8b55156fdf09466d97eb03fff0c6bc66
Cookie: PHPSESSID=dsc4vgnddbgegi8e7c0uijpc2b; 100001_Affiliate=a%3A5%3A%7Bs%3A4%3A%22type%22%3Bs%3A4%3A%22CAKE%22%3Bs%3A5%3A%22resid%22%3Bs%3A9%3A%22100576504%22%3Bs%3A4%3A%22afid%22%3Bs%3A2%3A%2222%22%3Bs%3A6%3A%22campid%22%3Bs%3A2%3A%2253%22%3Bs%3A6%3A%22subids%22%3Ba%3A5%3A%7Bs%3A2%3A%22s1%22%3Bs%3A22%3A%22mw15cust020823clickers%22%3Bs%3A2%3A%22s2%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s3%22%3Bs%3A12%3A%2291.90.42.154%22%3Bs%3A2%3A%22s4%22%3Bs%3A0%3A%22%22%3Bs%3A2%3A%22s5%22%3Bs%3A32%3A%228b55156fdf09466d97eb03fff0c6bc66%22%3B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:31:13 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=12543
etag: W/"30ff-5b450a6c6a087-gzip"
last-modified: Tue, 17 Nov 2020 17:16:11 GMT
strict-transport-security: max-age=0
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nosnippet
cache-control: max-age=14400
cf-cache-status: HIT
age: 3652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1u3dGlk8J1lRxR%2FtEgTMOWPteTCSgGsLuAbFA8R4zFk1s7YomeCGScx2bOkbreyxZ%2FohAYQ4uMYadoUkDxHDCdaDS%2BsWuA1l%2BJ4abZAZ9LAUx8jZNF9K5BB3L1BFVW6ssd8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7967d076e931b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2