kingroot.fr.malavida.com/android/download
23.13.37.130301 Moved Permanently 0 B URL HTTP/1.1 kingroot.fr.malavida.com/android/download
IP 23.13.37.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /android/download HTTP/1.1
Host: kingroot.fr.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Apache
x-frame-options: SAMEORIGIN
Location: https://kingroot.fr.malavida.com/android/download
Content-Security-Policy: frame-ancestors 'self';
Access-Control-Allow-Credentials: true
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sun, 27 Nov 2022 21:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 27 Nov 2022 21:22:35 GMT
Connection: keep-alive
X-Test: Rule-CacheHonorExpires
Vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14957
Expires: Mon, 28 Nov 2022 01:31:52 GMT
Date: Sun, 27 Nov 2022 21:22:35 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5680
Cache-Control: max-age=139398
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:35 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:05:53 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2532
Expires: Sun, 27 Nov 2022 22:04:47 GMT
Date: Sun, 27 Nov 2022 21:22:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 21:19:25 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 190
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Whdch/U9kS6ZpjsgMOOZ1j3DcxpMnXO9FFZYG5+jl8Hdfd0tDMwXF9JcK5kwr4r0EqOmKOlzttY=
x-amz-request-id: PDJ2530FH1N8ZGJA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 20:41:47 GMT
age: 2448
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 21:22:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
kingroot.fr.malavida.com/android/download
23.13.37.130200 OK 25 kB URL HTTP/2 kingroot.fr.malavida.com/android/download
IP 23.13.37.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41077), with CRLF, LF line terminators
Hash af25a5757a640a8be3a3b00008dade73
54e9cdfee5af7d344c34fd1f738d4061d0203a1b
116b6f0eef8791c3a44b4a47000064c8a4d8835a723ec3fe12a3c29762f406d7
Analyzer Verdict Alert fortinet Phishing
GET /android/download HTTP/1.1
Host: kingroot.fr.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 23 Nov 2022 08:13:31 GMT
content-encoding: br
accept-ranges: none
content-security-policy: frame-ancestors 'self';
access-control-allow-credentials: true
content-length: 25229
content-type: text/html; charset=UTF-8
expires: Sun, 27 Nov 2022 21:22:36 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 27 Nov 2022 21:22:36 GMT
x-test: Rule-CacheHonorExpires
strict-transport-security: max-age=86400 ; includeSubDomains
vary: Accept-Encoding
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 21:08:54 GMT
cache-control: public,max-age=3600
age: 822
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2855
Cache-Control: max-age=131511
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 09:54:27 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
static.malavida.com/global/imag/malavida_logo_mobile.svg
23.13.37.130200 OK 2.0 kB URL HTTP/2 static.malavida.com/global/imag/malavida_logo_mobile.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 9fc4b831c27f3147452622a8e4100488
8b1153afc95f02b8ec0e40d735bb5d5a4c6c128e
fc7469f7b19bad1e303c60fc99e64a5cf1a3c7b85a61eb1b7a80a54c516e4480
GET /global/imag/malavida_logo_mobile.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 10 Mar 2020 08:22:29 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 2040
content-type: image/svg+xml
cache-control: max-age=7380074
expires: Tue, 21 Feb 2023 07:23:50 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/css/img/malavida_top.svg
23.13.37.130200 OK 1.7 kB URL HTTP/2 static.malavida.com/global/css/img/malavida_top.svg
IP 23.13.37.130:0
File type SVG XML document\012- SVG XML document\012- exported SGML document, ASCII text, with very long lines (4783), with CRLF line terminators
Hash e22ac7179d029d52c8895689a46cd24e
96318545c39a128cbf774624051fca051c1145ee
314b83420af2f4ad04b14ac39c39c1f63a0a4885ab441454505beb34c9dc9f46
GET /global/css/img/malavida_top.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 06 Nov 2017 08:43:44 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 1694
content-type: image/svg+xml
cache-control: max-age=7380048
expires: Tue, 21 Feb 2023 07:23:24 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimgbig/download-s/kingroot-16665-0.jpg
23.13.37.130200 OK 1.6 kB URL HTTP/2 imag.malavida.com/mvimgbig/download-s/kingroot-16665-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Hash fd1d7c2b526a3a1cd81939c4682d240e
3bc9123c58fdb8f83a4173cb8b81a51e7a2ba4f2
13ee65fda2acb57c87f2888e7b5803ff43881700ae7dc967e62efa5d895f8f46
GET /mvimgbig/download-s/kingroot-16665-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:13:25 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 1630
cache-control: max-age=4989365
expires: Tue, 24 Jan 2023 15:18:41 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/flags/en.png
23.13.37.130200 OK 1.2 kB URL HTTP/2 static.malavida.com/global/imag/flags/en.png
IP 23.13.37.130:0
File type PNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 0cd28ad83b617da364cdef4b17e0df7d
907faec22e5411b76d910a4118781da5229fe980
c4e9be1d0ee744cd18a0ac440cbc385ecad4ff27a60f2a7ca3160de280264ca2
GET /global/imag/flags/en.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: bytes
content-length: 1235
content-type: image/png
cache-control: max-age=7380066
expires: Tue, 21 Feb 2023 07:23:42 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-calendar.svg
23.13.37.130200 OK 1.6 kB URL HTTP/2 static.malavida.com/global/imag/ico-calendar.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 610d43dfed1a123809b5001bc29cdf70
ab9676e3f5489c317b7b5ec6366da3d689d22f7a
b5a4be60e813a95235dc671845d8241545f265438e212ba6a671c434d406ad6e
GET /global/imag/ico-calendar.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-length: 1551
content-type: image/svg+xml
cache-control: max-age=7380102
expires: Tue, 21 Feb 2023 07:24:18 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/css/img/star2.svg
23.13.37.130200 OK 406 B URL HTTP/2 static.malavida.com/global/css/img/star2.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 91bb5259a6c0b59e635727685d239899
926a1ad3a5f079f289559a870b14865a1c9c9070
b0d350d7cf529cdc80027153a9bc4cd41dee2ad87e7fc231daec248086337204
GET /global/css/img/star2.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 10 Mar 2020 08:22:29 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 406
content-type: image/svg+xml
cache-control: max-age=7380025
expires: Tue, 21 Feb 2023 07:23:01 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/css/img/star.svg
23.13.37.130200 OK 349 B URL HTTP/2 static.malavida.com/global/css/img/star.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ccc7982a31f378f7240f7570957305e5
c4d684c33805a2f766bb8b556be108a4c500d1c2
7bcd39c6b7f0797282d7d98322f704bce7a6f053274b65eac9bc3f35cfb9d071
GET /global/css/img/star.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 10 Mar 2020 08:22:29 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 349
content-type: image/svg+xml
cache-control: max-age=7380088
expires: Tue, 21 Feb 2023 07:24:04 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/flags/fr.png
23.13.37.130200 OK 1.2 kB URL HTTP/2 static.malavida.com/global/imag/flags/fr.png
IP 23.13.37.130:0
File type PNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 83bc44da58f81e2a3e1f638d53d09e7f
36c4d1cce151b8865a3d59a28c8f1ee5fe4f2b75
44ed96f6dbe27d5722a25600fedee3ee0dd2203faf27f6ebb6152fd2212584d1
GET /global/imag/flags/fr.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: bytes
content-length: 1200
content-type: image/png
cache-control: max-age=7380041
expires: Tue, 21 Feb 2023 07:23:17 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-facebook.svg
23.13.37.130200 OK 329 B URL HTTP/2 static.malavida.com/global/imag/ico-facebook.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 5b5f28e952e64ac1289ce36d158f39e8
e7c1efe9eb615b0acde0b3ebffd475a748b79ef1
0bc718e0e7df5347e67f7a95ed5b3ccd0ef2784f8c9a44f22f98fe78b93458fb
GET /global/imag/ico-facebook.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 329
content-type: image/svg+xml
cache-control: max-age=7380023
expires: Tue, 21 Feb 2023 07:22:59 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-twitter.svg
23.13.37.130200 OK 539 B URL HTTP/2 static.malavida.com/global/imag/ico-twitter.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (885)
Hash 2b0569f3db5de4f708143df6480dd451
4e67a49bb721ba5e401c07fe7303ce31f25cba92
e306a5f32224e6416306ab54d27e52c8afb88be672f33fd74355d14f8789371c
GET /global/imag/ico-twitter.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 539
content-type: image/svg+xml
cache-control: max-age=7380032
expires: Tue, 21 Feb 2023 07:23:08 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-arrowdown.svg
23.13.37.130200 OK 372 B URL HTTP/2 static.malavida.com/global/imag/ico-arrowdown.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 03bdd8dc2a35007e95001ca9a6d1dfc9
ec64f9484be207859036f8d6ebcc206ca299a0e1
7a98d85f5776390d76495bd7031c1bf207936a574016316084f8786792cd08f6
GET /global/imag/ico-arrowdown.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: gzip
access-control-allow-origin: *
content-length: 372
content-type: image/svg+xml
cache-control: max-age=7379948
expires: Tue, 21 Feb 2023 07:21:44 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
vary: Accept-Encoding
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/flags/es.png
23.13.37.130200 OK 1.2 kB URL HTTP/2 static.malavida.com/global/imag/flags/es.png
IP 23.13.37.130:0
File type PNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash a4da4ee27c38e38123f99a43dfc1567a
9f840ccdb6abc940f27f6077abe36b8be43cb8ff
3949935c038b8bd0f86cb54461c44c1b13bc840cba1770fd663fd37fd3298b94
GET /global/imag/flags/es.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: bytes
content-length: 1239
content-type: image/png
cache-control: max-age=7379996
expires: Tue, 21 Feb 2023 07:22:32 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/flags/cn.png
23.13.37.130200 OK 1.2 kB URL HTTP/2 static.malavida.com/global/imag/flags/cn.png
IP 23.13.37.130:0
File type PNG image data, 16 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash b308c53ce44a88fd44372fb7da890de9
4c5a8f855df8cb027a6083b9aeb3fa77fd46db6a
209cb5ad6d2863f91156a1fb6bea65425516f410ef1fbd19d37f1cfdbc950f7c
GET /global/imag/flags/cn.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: bytes
content-length: 1232
content-type: image/png
cache-control: max-age=7380038
expires: Tue, 21 Feb 2023 07:23:14 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-mac.svg
23.13.37.130200 OK 604 B URL HTTP/2 static.malavida.com/global/imag/ico-mac.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (670)
Hash 7d9790acc0ac4c09155db77ad8011d0b
dbf104abb41f9bac535263e37a1574daa32071bf
faf6543d88da623c1549ec18c32065de5de07d676588500bd0c45e4a717feb04
GET /global/imag/ico-mac.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 15 Mar 2021 08:15:46 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 604
content-type: image/svg+xml
cache-control: max-age=7379980
expires: Tue, 21 Feb 2023 07:22:16 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/download_icon/download_guarantee_icon.svg
23.13.37.130200 OK 8.0 kB URL HTTP/2 static.malavida.com/global/imag/download_icon/download_guarantee_icon.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5e2e0e833ae4f0a80e35f9f3c9cd657e
fb48a6be5c293e92c36dc5f4fe7ce793b410c55b
e9a08b7460e9dce8a24c7a8415d9b010220f94b7e8883ecfd81255b6983c7fba
GET /global/imag/download_icon/download_guarantee_icon.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 10 Mar 2020 08:22:29 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 8029
content-type: image/svg+xml
cache-control: max-age=7380052
expires: Tue, 21 Feb 2023 07:23:28 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-updated.svg
23.13.37.130200 OK 2.9 kB URL HTTP/2 static.malavida.com/global/imag/ico-updated.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 045eecf8b69c21eb8522a535d3501d88
2844f2abb4c04474bf1a68d2f0d933c52807ebf4
866052d892940cefb5da0bf28fd1d8ae84120263b66322962c5f215f989bd8e3
GET /global/imag/ico-updated.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 2918
content-type: image/svg+xml
cache-control: max-age=7380083
expires: Tue, 21 Feb 2023 07:23:59 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/download_android-apk.png
23.13.37.130200 OK 20 kB URL HTTP/2 static.malavida.com/global/imag/download_android-apk.png
IP 23.13.37.130:0
File type PNG image data, 180 x 140, 8-bit/color RGBA, non-interlaced\012- data
Hash 25ba8fbf704e78bbf0fe23e0c2ce69a7
dcd182fd0534cfffa6bfd5278fd8973b2105e884
e81982d11528aa40adcd07c48edbe3d5c02788d5c3bbb914d31041ca9c940a9c
GET /global/imag/download_android-apk.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 14 Mar 2017 09:24:21 GMT
accept-ranges: bytes
content-length: 20490
content-type: image/png
cache-control: max-age=7380007
expires: Tue, 21 Feb 2023 07:22:43 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-user.svg
23.13.37.130200 OK 535 B URL HTTP/2 static.malavida.com/global/imag/ico-user.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (780)
Hash 5547ec9439732362bd8f9c95ccd6b972
6b203684a1b19ea63af8a7caae9a0d9cc35ac550
6797367eb8d875866155701d3c39a35511a0dd3b109ff408d4e390b5fd906037
GET /global/imag/ico-user.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 15 Mar 2021 08:15:46 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 535
content-type: image/svg+xml
cache-control: max-age=7380079
expires: Tue, 21 Feb 2023 07:23:55 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/freedom-20505-0.jpg
23.13.37.130200 OK 816 B URL HTTP/2 imag.malavida.com/mvimg/soft-s/freedom-20505-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash f84524849d7d08c93d3ed2e1f1123b83
a560897a56f67153a03d755b8b2ff90f21fa2dd1
24ea07742ad28bffbccd5eb2bdf82366c51d6fda847ffd8d6f7d47ee73a2e3a5
GET /mvimg/soft-s/freedom-20505-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:51 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 816
cache-control: max-age=4975740
expires: Tue, 24 Jan 2023 11:31:36 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-android.svg
23.13.37.130200 OK 778 B URL HTTP/2 static.malavida.com/global/imag/ico-android.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (577)
Hash 46317a4625b1ecb7fc51ca12685d62af
e536da1cc37e8f50a91dbbac30c55650b8647006
02dc5f2de9482591dedefc91d369aae8443bade3f5f8b40bf392d22c43933986
GET /global/imag/ico-android.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 15 Mar 2021 08:15:46 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 778
content-type: image/svg+xml
cache-control: max-age=7380068
expires: Tue, 21 Feb 2023 07:23:44 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/root-checker-17121-0.jpg
23.13.37.130200 OK 1.3 kB URL HTTP/2 imag.malavida.com/mvimg/soft-s/root-checker-17121-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash b5c5b371d709888ae0dffe693f9e27ca
6b05c0048e88fd21a419a1251597acca04cac0de
05355288aad97762c06d6d99be502fe98a2fef998e891721dd63d85d61f0208b
GET /mvimg/soft-s/root-checker-17121-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
last-modified: Fri, 11 Nov 2022 06:50:33 GMT
content-type: image/jpeg
content-length: 1306
cache-control: max-age=6341935
expires: Thu, 09 Feb 2023 07:01:31 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-windows.svg
23.13.37.130200 OK 396 B URL HTTP/2 static.malavida.com/global/imag/ico-windows.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (472)
Hash d475007fca7b832ed7dec6ba96f7d225
5fcc93c01f9d672c9671e99f9e8326be1ee082ec
17873174f6cf9b7ce57c6bc4ce8d6346379269f2d6f50eb6ea1cda4f3cab10e0
GET /global/imag/ico-windows.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 15 Mar 2021 08:15:46 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 396
content-type: image/svg+xml
cache-control: max-age=7379979
expires: Tue, 21 Feb 2023 07:22:15 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/xposed-installer-17011-0.jpg
23.13.37.130200 OK 743 B URL HTTP/2 imag.malavida.com/mvimg/soft-s/xposed-installer-17011-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash d1ce0633cfbd0d5ee45aa759dab8e702
8248c50212c35ec24669548830257567c0d1ecee
393a9533508986152c0eeb56ecf160d196f5d5d74b91143c49257c092f5f8139
GET /mvimg/soft-s/xposed-installer-17011-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:12:05 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 743
cache-control: max-age=5079108
expires: Wed, 25 Jan 2023 16:14:24 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/root-en-todos-los-moviles-18197-0.jpg
23.13.37.130200 OK 1.3 kB URL HTTP/2 imag.malavida.com/mvimg/soft-s/root-en-todos-los-moviles-18197-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash 2ddd9f7edaf9285d5168747005a18c72
f2d79ab9b0991c01fe7a4083a4cb3380d2f4ba2c
5d34b1b548049920ceb31d8831f5bbdfdd25e2073d2254ba0bba60059e21b8c5
GET /mvimg/soft-s/root-en-todos-los-moviles-18197-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:12:05 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 1342
cache-control: max-age=5841038
expires: Fri, 03 Feb 2023 11:53:14 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/superuser-12221-0.jpg
23.13.37.130200 OK 953 B URL HTTP/2 imag.malavida.com/mvimg/soft-s/superuser-12221-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash 527731612d0d0ef7e7450ad0be0817cc
2b77a6d3453d53c437723f6e31c81493b4d68e61
78c28ee42e2593173d47b72644dfe37c591354d6be7dfa617a0ec100571b1f46
GET /mvimg/soft-s/superuser-12221-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
last-modified: Tue, 08 Mar 2022 14:10:54 GMT
content-type: image/jpeg
content-length: 953
cache-control: max-age=5076636
expires: Wed, 25 Jan 2023 15:33:12 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-net.svg
23.13.37.130200 OK 1.3 kB URL HTTP/2 static.malavida.com/global/imag/ico-net.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7469dcc715d346f7108b4ff1a315b6c1
5af3d899283f73ab80432eefc27a03ea4f492616
16a1c0b0d0cff4c14d0096f2925a0a1a73d114755f5968ff58359da8e1e893d5
GET /global/imag/ico-net.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 1274
content-type: image/svg+xml
cache-control: max-age=7380064
expires: Tue, 21 Feb 2023 07:23:40 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-s/rom-manager-17006-0.jpg
23.13.37.130200 OK 1.1 kB URL HTTP/2 imag.malavida.com/mvimg/soft-s/rom-manager-17006-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 47x47, components 3\012- data
Hash 4aedc1a123a151d3b55ec30505025b1c
ac797be1f90685fbba1e7d31bb9c7509c0538ab3
9e3b085034da1c1f42c5a8c986ea06b3b57cf28a1b6189118c2d09088e5b3c3b
GET /mvimg/soft-s/rom-manager-17006-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
last-modified: Tue, 08 Mar 2022 14:14:51 GMT
content-type: image/jpeg
content-length: 1138
cache-control: max-age=5076559
expires: Wed, 25 Jan 2023 15:31:55 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-download.svg
23.13.37.130200 OK 1.3 kB URL HTTP/2 static.malavida.com/global/imag/ico-download.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 55039e887b890542a0c6d966bfb33710
8d9298776e31ce984fbddcbe43a0ed55f73726fe
0b91c975f7d880dc41025edc47bf6b53ca4b490c5cf9bbc7f38f9cfae5c61ad7
GET /global/imag/ico-download.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 1282
content-type: image/svg+xml
cache-control: max-age=7380033
expires: Tue, 21 Feb 2023 07:23:09 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-xs/whatsapp-10159-0.jpg
23.13.37.130200 OK 724 B URL HTTP/2 imag.malavida.com/mvimg/soft-xs/whatsapp-10159-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 931ba8464a495f05798c546e65c0c33f
220b1f5fa62914617b784ea084c43429be5412a7
f18802a46991a7f164fe9cd7575a9e15f96551ff6dea4fe8dc825df7a87c40c7
GET /mvimg/soft-xs/whatsapp-10159-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:42 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 724
cache-control: max-age=5207762
expires: Fri, 27 Jan 2023 03:58:38 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-xs/instagram-10669-0.jpg
23.13.37.130200 OK 816 B URL HTTP/2 imag.malavida.com/mvimg/soft-xs/instagram-10669-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 6c220546e5181f485a8a141cabc2e001
33ebd0ae0307abc36ce31a07e2a3824d777c25e0
64a69992bc1475856ab67a6079b12ddc76478b5fc928f3036e7c06dcf096fa6e
GET /mvimg/soft-xs/instagram-10669-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:42 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 816
cache-control: max-age=5207870
expires: Fri, 27 Jan 2023 04:00:26 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-xs/facebook-messenger-11662-0.jpg
23.13.37.130200 OK 829 B URL HTTP/2 imag.malavida.com/mvimg/soft-xs/facebook-messenger-11662-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 10181979a8a078ac65357a6e960532cb
da76f090549bd36d69acfa856bc302c11a7b0704
c2cdc6605bc95b786e7562b7f46960a6d316d56e5f09747e23298abf8476c01a
GET /mvimg/soft-xs/facebook-messenger-11662-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:42 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 829
cache-control: max-age=5207758
expires: Fri, 27 Jan 2023 03:58:34 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-xs/lucky-patcher-17218-0.jpg
23.13.37.130200 OK 865 B URL HTTP/2 imag.malavida.com/mvimg/soft-xs/lucky-patcher-17218-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 169dacf018c65b37fdb3db93742b0b31
e5dda391484edbc40dd42d19323bdbd2a78af906
b51ecbcf53f455865015248549bedc71ab038cf32ce97a49ac2c5cc838b2fd3c
GET /mvimg/soft-xs/lucky-patcher-17218-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:42 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 865
cache-control: max-age=5207732
expires: Fri, 27 Jan 2023 03:58:08 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
imag.malavida.com/mvimg/soft-xs/spotify-10520-0.jpg
23.13.37.130200 OK 792 B URL HTTP/2 imag.malavida.com/mvimg/soft-xs/spotify-10520-0.jpg
IP 23.13.37.130:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 9ba811653f72a2fb74bd386772ae3038
f378800558f23c17cb79c424f0e0eb687f7a5f54
030ef916d306cb1a727052d0c4ba6729a7bd04aa0e23f550c6a1cdd4c2d2f389
GET /mvimg/soft-xs/spotify-10520-0.jpg HTTP/1.1
Host: imag.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Mar 2022 14:10:42 GMT
server: Apache
accept-ranges: bytes
content-type: image/jpeg
content-length: 792
cache-control: max-age=5207762
expires: Fri, 27 Jan 2023 03:58:38 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?_=v2&id=GTM-MQ79NG
142.250.74.168200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?_=v2&id=GTM-MQ79NG
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (23380)
Hash 7b8aa789b1519dacb84f6d363ed326df
41af2b4a297e66a7d3efeb9e9a02c8be14314bb1
012f35cab7948ea3d7d7e0258474ea5232a282a34219719a16db1cfaa96f192d
GET /gtm.js?_=v2&id=GTM-MQ79NG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 21:22:36 GMT
expires: Sun, 27 Nov 2022 21:22:36 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sdk.privacy-center.org/63587a00-7436-4b96-9716-32fba5775251/loader.js?target=kingroot.fr.malavida.com
54.230.111.111200 OK 9.8 kB URL HTTP/2 sdk.privacy-center.org/63587a00-7436-4b96-9716-32fba5775251/loader.js?target=kingroot.fr.malavida.com
IP 54.230.111.111:0
File type Unicode text, UTF-8 text, with very long lines (36224), with no line terminators
Hash a9d490d18d8c4a9d4f210192ce607907
603be9975d83b96a2978a7d4c0564c66b2321428
66e64943377d35289c3610a66f5cc7d7e21333f324486b0a5941b9f49419ae79
GET /63587a00-7436-4b96-9716-32fba5775251/loader.js?target=kingroot.fr.malavida.com HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 9848
server: CloudFront
date: Sun, 27 Nov 2022 21:22:36 GMT
x-didomi-remote-config-source: Lambda
content-encoding: gzip
cache-control: max-age=7200, public
etag: "729915c0579f05c0395a821a2f4f34d4"
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7cYGBD3f56Z5Bah7L9Rhl8HHi7UX7a6kq-kK4cFQNh_TinYa5h4fpA==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.149.51.98101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.51.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: liKalIBbofrjA128KY8WLA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8IgK51BLw5B+aOAZZCk2/tJ4uSs=
www.malavida.com/favicon.ico
23.13.37.130200 OK 2.0 kB URL HTTP/2 www.malavida.com/favicon.ico
IP 23.13.37.130:0
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 7d67a8eeb68944c6b3a16de7d02277b1
e4786a337f4ac8d3a12739f0beade968cccf9cfe
22ea8a083c5af1fbfbbee50391e723d5a0633134f81a5f87090fbc0bdc887457
GET /favicon.ico HTTP/1.1
Host: www.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Thu, 17 Mar 2022 10:54:27 GMT
accept-ranges: none
content-encoding: gzip
content-security-policy: frame-ancestors 'self';
access-control-allow-credentials: true
content-length: 1971
content-type: image/x-icon
cache-control: max-age=15156069
expires: Mon, 22 May 2023 07:23:45 GMT
date: Sun, 27 Nov 2022 21:22:36 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sdk.privacy-center.org/sdk.187343a5c798729769461ea222a55e61abe12d19.js
54.230.111.111200 OK 174 kB URL HTTP/2 sdk.privacy-center.org/sdk.187343a5c798729769461ea222a55e61abe12d19.js
IP 54.230.111.111:0
Size 174 kB (174478 bytes)
Hash 35caf969242ef1be98a6219d60777750
a1aaaddc10dbbdb5b690c0415316176d668732a6
3dc62228c8ba1093706d628a69d8e8a2c0d354dd877bb405e8906db11cb618b4
GET /sdk.187343a5c798729769461ea222a55e61abe12d19.js HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 21 Nov 2022 08:42:47 GMT
last-modified: Mon, 21 Nov 2022 08:38:17 GMT
etag: W/"51b085f4d388aa63d9d111fee4bef3bd"
x-amz-server-side-encryption: AES256
x-amz-meta-s3cmd-attrs: atime:1669019569/ctime:1669019569/gid:0/gname:root/md5:51b085f4d388aa63d9d111fee4bef3bd/mode:33188/mtime:1669019569/uid:0/uname:root
cache-control: public, max-age=31536000
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MSkKGyxgfTeyb9N8zrBSrp33WnvxL3vuSGWEUMZeSDKAhmFM_Bzskw==
age: 563990
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2181195710737927
142.250.74.2200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2181195710737927
IP 142.250.74.2:0
File type ASCII text, with very long lines (4885)
Hash 22ac07a73d3c8dea338ee174d93a28d1
ab3c31d32eaa36e43daf914328eb63d658e8017a
7a434b8c010d4fa1f08657efa6f5e5d298321b4c5f46a488342d5e9a0b8855b2
GET /pagead/js/adsbygoogle.js?client=ca-pub-2181195710737927 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Nov 2022 21:22:36 GMT
expires: Sun, 27 Nov 2022 21:22:36 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 309747700238979631
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49068
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (40310)
Hash 3097863d148e6cdfee35da37197a4199
af9c3a80ff613a6a0410ab252f5e2cb06343c85d
59466fd91db19a9c60aa70b5a2b48e21638d0dc554bff4d96a34bf678e174692
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27210
date: Sun, 27 Nov 2022 21:22:36 GMT
expires: Sun, 27 Nov 2022 21:22:36 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1405 / 825 of 1000 / last-modified: 1669244741"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 20:41:08 GMT
expires: Sun, 27 Nov 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 2488
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sb.scorecardresearch.com/cs/36644223/beacon.js
143.204.55.25302 Found 0 B URL HTTP/2 sb.scorecardresearch.com/cs/36644223/beacon.js
IP 143.204.55.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cs/36644223/beacon.js HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-length: 0
date: Sun, 27 Nov 2022 21:22:37 GMT
location: /internal-cs/default/beacon.js
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tI5Mq6MTRkMr6yZfCnF0_sUS5oA8rUdLAJJpmHP0s1-yfhPgjN_Prg==
X-Firefox-Spdy: h2
sb.scorecardresearch.com/b?c1=2&c2=36644223&cs_ucfr=1&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=7&cs_cmp_sv=1&cs_cmp_rt=1&cs_it=b2&cv=3.8.0.210223&ns__t=1669584156727&ns_c=UTF-8&c7=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&c8=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&c9=
143.204.55.25204 No Content 0 B URL HTTP/2 sb.scorecardresearch.com/b?c1=2&c2=36644223&cs_ucfr=1&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=7&cs_cmp_sv=1&cs_cmp_rt=1&cs_it=b2&cv=3.8.0.210223&ns__t=1669584156727&ns_c=UTF-8&c7=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&c8=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&c9=
IP 143.204.55.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b?c1=2&c2=36644223&cs_ucfr=1&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=7&cs_cmp_sv=1&cs_cmp_rt=1&cs_it=b2&cv=3.8.0.210223&ns__t=1669584156727&ns_c=UTF-8&c7=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&c8=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&c9= HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 27 Nov 2022 21:22:37 GMT
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UcsER92Bybg_dgWVmfkeLSp8p7TLYeMqtrB1KhmnIOiT8b33VcVoKg==
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-9&cid=90260268.1669584157&jid=858495700&gjid=229375701&_gid=463963822.1669584157&_u=YGBAgEABAAAAAEAAI~&z=1151470297
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-9&cid=90260268.1669584157&jid=858495700&gjid=229375701&_gid=463963822.1669584157&_u=YGBAgEABAAAAAEAAI~&z=1151470297
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-9&cid=90260268.1669584157&jid=858495700&gjid=229375701&_gid=463963822.1669584157&_u=YGBAgEABAAAAAEAAI~&z=1151470297 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://kingroot.fr.malavida.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 27 Nov 2022 21:22:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-49&cid=90260268.1669584157&jid=763705728&gjid=440590322&_gid=463963822.1669584157&_u=YGDAgEABAAAAAEAAI~&z=764184280
142.251.1.155200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-49&cid=90260268.1669584157&jid=763705728&gjid=440590322&_gid=463963822.1669584157&_u=YGDAgEABAAAAAEAAI~&z=764184280
IP 142.251.1.155:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62129-49&cid=90260268.1669584157&jid=763705728&gjid=440590322&_gid=463963822.1669584157&_u=YGDAgEABAAAAAEAAI~&z=764184280 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://kingroot.fr.malavida.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 27 Nov 2022 21:22:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221110/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sun, 27 Nov 2022 11:45:52 GMT
expires: Sun, 11 Dec 2022 11:45:52 GMT
cache-control: public, max-age=1209600
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
age: 34605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=kingroot.fr.malavida.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=kingroot.fr.malavida.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=kingroot.fr.malavida.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 27 Nov 2022 21:22:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
survey.g.doubleclick.net/survey?site=_vvgutkt7vq45ou5wzfrfldf6qy&url=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&cid=everything&random=1669584156648&after=1
142.250.74.145200 OK 10 kB URL HTTP/2 survey.g.doubleclick.net/survey?site=_vvgutkt7vq45ou5wzfrfldf6qy&url=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&cid=everything&random=1669584156648&after=1
IP 142.250.74.145:0
File type ASCII text, with very long lines (2504)
Hash f07e84bf464995eabca05e8b880cee87
6e1a510ed8f71a746cba411c0a00a4366f9a28be
33655d6b19a20acb8b10102b933bdddb078e69c83a5259e1f47106d2d22b9348
GET /survey?site=_vvgutkt7vq45ou5wzfrfldf6qy&url=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&cid=everything&random=1669584156648&after=1 HTTP/1.1
Host: survey.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private, no-cache, must-revalidate, no-store
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
content-type: text/javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
vary: *
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
date: Sun, 27 Nov 2022 21:22:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
142.250.74.65200 OK 2.7 kB URL HTTP/2 65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5657)
Hash e8ee9c011ff8e1f464e74c37113119ee
64ad72134ea05877de0f2b6503f5c0d8c3f78197
09e42988871806c7f0a897bda7bc4247f47f4d8590749eaa245b8ff1fa907303
GET /safeframe/1-0-40/html/container.html HTTP/1.1
Host: 65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 2653
date: Sun, 27 Nov 2022 21:22:37 GMT
expires: Mon, 27 Nov 2023 21:22:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-DHF0S7H5E7>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-DHF0S7H5E7>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-DHF0S7H5E7>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://kingroot.fr.malavida.com
date: Sun, 27 Nov 2022 21:22:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-D0S6F2L1PH>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-D0S6F2L1PH>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-D0S6F2L1PH>m=2oeb90&_p=211627333&cid=90260268.1669584157&ul=en-us&sr=1280x1024&_s=1&sid=1669584156&sct=1&seg=0&dl=https%3A%2F%2Fkingroot.fr.malavida.com%2Fandroid%2Fdownload&dt=T%C3%A9l%C3%A9charger%20KingRoot%20Android%20derni%C3%A8re%20version%20-%20APK&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://kingroot.fr.malavida.com
date: Sun, 27 Nov 2022 21:22:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15619e238e943befcd5fa4737f76c851
7198f9cb4672d54e5d6812730b875b6172e64b53
7ecac89dd434501d9e15d8c728d1ec497ac7b4962285396c7fbfcc7987700ca0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=kingroot.fr.malavida.com&callback=_gfp_s_&client=ca-pub-2181195710737927&cookie=ID%3D9e7d5f89e1c66357%3AT%3D1669584157%3AS%3DALNI_MZTCpAPJsZfwiRCp_2tsMilzKN7HA&gpic=UID%3D00000b892f27232f%3AT%3D1669584157%3ART%3D1669584157%3AS%3DALNI_MZxvxI4rVbCiH3zbK1qe6hadwHJ5w&gpid_exp=1
172.217.21.162200 OK 202 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=kingroot.fr.malavida.com&callback=_gfp_s_&client=ca-pub-2181195710737927&cookie=ID%3D9e7d5f89e1c66357%3AT%3D1669584157%3AS%3DALNI_MZTCpAPJsZfwiRCp_2tsMilzKN7HA&gpic=UID%3D00000b892f27232f%3AT%3D1669584157%3ART%3D1669584157%3AS%3DALNI_MZxvxI4rVbCiH3zbK1qe6hadwHJ5w&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash f94f08a718da5abb0df1f8a66a824ada
80049512c7fe7bacd121ac05a26aad3358215e3b
c45e5267145f0b3872b357860517d6f0e9f463407ba57ecd88732199df124cd6
GET /gampad/cookie.js?domain=kingroot.fr.malavida.com&callback=_gfp_s_&client=ca-pub-2181195710737927&cookie=ID%3D9e7d5f89e1c66357%3AT%3D1669584157%3AS%3DALNI_MZTCpAPJsZfwiRCp_2tsMilzKN7HA&gpic=UID%3D00000b892f27232f%3AT%3D1669584157%3ART%3D1669584157%3AS%3DALNI_MZxvxI4rVbCiH3zbK1qe6hadwHJ5w&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 27 Nov 2022 21:22:38 GMT
server: cafe
cache-control: private
content-length: 202
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 15619e238e943befcd5fa4737f76c851
7198f9cb4672d54e5d6812730b875b6172e64b53
7ecac89dd434501d9e15d8c728d1ec497ac7b4962285396c7fbfcc7987700ca0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2359
Expires: Sun, 27 Nov 2022 22:01:57 GMT
Date: Sun, 27 Nov 2022 21:22:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2359
Expires: Sun, 27 Nov 2022 22:01:57 GMT
Date: Sun, 27 Nov 2022 21:22:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
age: 85224
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K2eKLQhrsCdd4ASsfEibRuZAYW4CpPTlO3fZs7xdoKrw1HBxfTGkEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
age: 85224
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: a22b4d7e-e208-4bda-81c2-d13e6463380e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: blE0hGNioAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371e81c-1b13846866f56a0e47675e56;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 07:02:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0sYKpJWi2Tv9Atz3PYXm5j7kmncAOxjcLcK4hgAkJ5b4pNMDmjdB6g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 05:54:16 GMT
age: 55702
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 33d3ca17-7878-4897-a634-5f626a64e820
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cJ40OEOqIAMFaOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6380a1b4-040288d571fc10b96d893fa4;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 11:06:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: f_U8KSYET6kaKAPbEV7sHW0tO6JGijsqUvghniwzFCRd2YGQjVlFoA==
via: 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 10:16:35 GMT
age: 39963
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
age: 85224
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: fc238ea9-0169-47fc-b92e-f12b3ee27c72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b433YGtOoAMFexg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d362-2f97c67a2e5f05b6746cf858;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:12:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: oMrdB0NUGe5CqTY7eFd3u8xaSy9TyDdOrf1awBikFJzm3jWreD2irQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 82c2ab57bc9900898383f6b70681b9e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 12:30:20 GMT
age: 31938
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c7f923b97046608033f90253a891bf0
bf5025e94ed9ea85ee3e7677561ee686480b526c
1062154cd5de28de1d012a4f4d10fb5e548fabf6d67918eaeb745975949a3294
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0c7f923b97046608033f90253a891bf0
bf5025e94ed9ea85ee3e7677561ee686480b526c
1062154cd5de28de1d012a4f4d10fb5e548fabf6d67918eaeb745975949a3294
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.4 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1596)
Hash 6b277303de172776fc303dfc195982ef
fe6c6af5791742485ae21c4dc02edbee2b426886
c536ada7aa8f4679e0e4f0b99703aab79f6fe32659d777f9c01a7785aa06a36d
GET /pagead/js/r20221110/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 9428
x-xss-protection: 0
date: Sun, 27 Nov 2022 15:59:24 GMT
expires: Sun, 11 Dec 2022 15:59:24 GMT
cache-control: public, max-age=1209600
age: 19395
etag: 246362764157784863
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.5 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1540)
Hash d22e40b1bc4f1b0f1727b96a0f32f7dd
57030c5040f0013120cca1e77fe38af35d4610e0
6f6d3797f9b19ffcd2f416a7566a58cf70fd4fb0ab17dec03fa5b690c6939494
GET /pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 7458
x-xss-protection: 0
date: Sun, 27 Nov 2022 11:47:06 GMT
expires: Sun, 11 Dec 2022 11:47:06 GMT
cache-control: public, max-age=1209600
etag: 16870613375306414947
content-type: text/javascript; charset=UTF-8
age: 34533
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/drt/ui
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 21:22:39 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/92d0eacbdd534f81de4b06016912d49f.js?tag=client_fast_engine_2019
142.250.74.163200 OK 4.1 kB URL HTTP/2 www.gstatic.com/mysidia/92d0eacbdd534f81de4b06016912d49f.js?tag=client_fast_engine_2019
IP 142.250.74.163:0
File type ASCII text, with very long lines (1586)
Hash 80fbf96872e868af5f861ca4de459f1f
153a1de7a30f0954548c0472d0d2520d0c21a0f2
bde0c7573bd842638f62e296d16fc1af1a15880376de1604396da448c6f8e829
GET /mysidia/92d0eacbdd534f81de4b06016912d49f.js?tag=client_fast_engine_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 4142
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 10:51:34 GMT
expires: Mon, 20 Feb 2023 10:51:34 GMT
cache-control: public, max-age=7776000
last-modified: Mon, 14 Nov 2022 13:59:16 GMT
content-type: text/javascript
age: 469865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2699829f82705e3bc5fc9c80c7e1e13c
a64e05e667843baf7d16263861afe54f889bdc17
0d05cec3866ba93bd75ec6c139d9dbe128b6a16531c5e0726091d5a5d430a76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i1.ytimg.com/vi/MILpuPPZI_0/hq1.jpg
142.250.74.110200 OK 11 kB URL HTTP/2 i1.ytimg.com/vi/MILpuPPZI_0/hq1.jpg
IP 142.250.74.110:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash cc7e83a482c7605b579eb1eeff0c2689
418bcc44eacd28a44d6b51c743a04b0798c391b0
a391108915c703605b720b61dff3e3d88b65bee4f31efb23d52207db5060cd6b
GET /vi/MILpuPPZI_0/hq1.jpg HTTP/1.1
Host: i1.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 10585
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 21:22:39 GMT
expires: Sun, 27 Nov 2022 23:22:39 GMT
cache-control: public, max-age=7200
etag: "0"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRrI1m9m-enpw5P_naCvBWYODy7PzKfCo6pTMvN8k9UbdPhxWDkPQr9xi-RCg&usqp=CAI
216.58.207.238200 OK 14 kB URL HTTP/2 encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRrI1m9m-enpw5P_naCvBWYODy7PzKfCo6pTMvN8k9UbdPhxWDkPQr9xi-RCg&usqp=CAI
IP 216.58.207.238:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 510x510, components 3\012- data
Hash 0ce7b9a2e98e56e213c8008be253b1a9
91016ccd401305a00ddc1932460300e6a3d31e17
daaf720b7f98d9a3929d9b18d46db47917e7069d9cf415e59e475b802b9946e2
GET /shopping?q=tbn:ANd9GcRrI1m9m-enpw5P_naCvBWYODy7PzKfCo6pTMvN8k9UbdPhxWDkPQr9xi-RCg&usqp=CAI HTTP/1.1
Host: encrypted-tbn2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 13482
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 12:03:28 GMT
expires: Wed, 22 Nov 2023 12:03:28 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 22 May 2020 17:26:50 GMT
content-type: image/jpeg
age: 465552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTBwhLgGeD86b6v-W2M4TyejLIt7LLgmsRT_GUFtXCiNHRJ4bAlje3SPzJ6dg&usqp=CAI
142.250.74.46200 OK 16 kB URL HTTP/2 encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTBwhLgGeD86b6v-W2M4TyejLIt7LLgmsRT_GUFtXCiNHRJ4bAlje3SPzJ6dg&usqp=CAI
IP 142.250.74.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 510x510, components 3\012- data
Hash 79b93da5ab52a8902031e71b98906681
19f4809aa8f9973bc9409b9ae0f4a1aed0e113ed
7a47edeeb9cc3500990045a3b8c289b607caae4e0cb4198091281334f1483981
GET /shopping?q=tbn:ANd9GcTBwhLgGeD86b6v-W2M4TyejLIt7LLgmsRT_GUFtXCiNHRJ4bAlje3SPzJ6dg&usqp=CAI HTTP/1.1
Host: encrypted-tbn3.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 15530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 07:06:52 GMT
expires: Tue, 21 Nov 2023 07:06:52 GMT
cache-control: public, max-age=31536000
age: 569748
last-modified: Mon, 20 Jul 2020 22:16:28 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTX2S_EQ967lghXBHsKzH44inBGgtAVsicdDvlQAabtPDuX1-nkCyLoc4U4Lw&usqp=CAI
142.250.74.46200 OK 16 kB URL HTTP/2 encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTX2S_EQ967lghXBHsKzH44inBGgtAVsicdDvlQAabtPDuX1-nkCyLoc4U4Lw&usqp=CAI
IP 142.250.74.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 527x591, components 3\012- data
Hash 0f101abcfbb8a4156594fd68ad617cae
18bc45013a3f9d4dd8370785b7d9f90cfdbaae97
523ddc17bff6c2aa79af0379176c0b85daa5b6a451efe36a4a2af04f7f81364e
GET /shopping?q=tbn:ANd9GcTX2S_EQ967lghXBHsKzH44inBGgtAVsicdDvlQAabtPDuX1-nkCyLoc4U4Lw&usqp=CAI HTTP/1.1
Host: encrypted-tbn3.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 15990
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 07:06:52 GMT
expires: Tue, 21 Nov 2023 07:06:52 GMT
cache-control: public, max-age=31536000
age: 569748
last-modified: Tue, 21 Jul 2020 00:41:21 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2699829f82705e3bc5fc9c80c7e1e13c
a64e05e667843baf7d16263861afe54f889bdc17
0d05cec3866ba93bd75ec6c139d9dbe128b6a16531c5e0726091d5a5d430a76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRlKLiXxg_uHs2IZ1TLUwUeF09XwhntVrnxvAyEyf5Y1nXetuz9iAwdvUmuQw&usqp=CAI
216.58.207.238200 OK 23 kB URL HTTP/2 encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRlKLiXxg_uHs2IZ1TLUwUeF09XwhntVrnxvAyEyf5Y1nXetuz9iAwdvUmuQw&usqp=CAI
IP 216.58.207.238:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 585x585, components 3\012- data
Hash 8734a25689aaa3fba15301eb9a1b30c4
179a002348d7017b7f46ceddbfdf5f52a0c5aad7
3eaf37b1a0ef2960887f60e628d0668a2c984108ce9d8a39afbd3c3423465d28
GET /shopping?q=tbn:ANd9GcRlKLiXxg_uHs2IZ1TLUwUeF09XwhntVrnxvAyEyf5Y1nXetuz9iAwdvUmuQw&usqp=CAI HTTP/1.1
Host: encrypted-tbn2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 23330
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 12:52:31 GMT
expires: Mon, 27 Nov 2023 12:52:31 GMT
cache-control: public, max-age=31536000
age: 30609
last-modified: Mon, 13 Jul 2020 11:42:33 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTZk9LJ3CASpD7xVTOxMup2CgaSOL4tFxr_sZk4yyeyKZnet8Y3dCqZj6_pOA&usqp=CAI
142.250.74.78200 OK 18 kB URL HTTP/2 encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTZk9LJ3CASpD7xVTOxMup2CgaSOL4tFxr_sZk4yyeyKZnet8Y3dCqZj6_pOA&usqp=CAI
IP 142.250.74.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 566x566, components 3\012- data
Hash 7671ee2e19fce13abb4438b43034b22a
70400f067413edabd91eab3150706edd1c301681
0b51782b5a4b30ec8c1d3996588d35f424edf1c5717f168f4a913decf74a84e2
GET /shopping?q=tbn:ANd9GcTZk9LJ3CASpD7xVTOxMup2CgaSOL4tFxr_sZk4yyeyKZnet8Y3dCqZj6_pOA&usqp=CAI HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 18403
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 15:09:36 GMT
expires: Wed, 22 Nov 2023 15:09:36 GMT
cache-control: public, max-age=31536000
age: 454384
last-modified: Fri, 08 Oct 2021 17:46:33 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQrhy7Amwd4Lw0niDI1wQDdoNaqcREacq96MhBsms6JRibuiUie-YaxEBOAmLQ&usqp=CAI
216.58.207.238200 OK 15 kB URL HTTP/2 encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQrhy7Amwd4Lw0niDI1wQDdoNaqcREacq96MhBsms6JRibuiUie-YaxEBOAmLQ&usqp=CAI
IP 216.58.207.238:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 504x504, components 3\012- data
Hash 4d8aeb43b15f2c3c462dcfbafc4388be
f8020ba171509926443319e84df24d3d2036aac1
adb0394f315b6e4a74250421ae261ca67ea6052b4a6e443b020710149de78035
GET /shopping?q=tbn:ANd9GcQrhy7Amwd4Lw0niDI1wQDdoNaqcREacq96MhBsms6JRibuiUie-YaxEBOAmLQ&usqp=CAI HTTP/1.1
Host: encrypted-tbn2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 14563
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 06:52:12 GMT
expires: Fri, 24 Nov 2023 06:52:12 GMT
cache-control: public, max-age=31536000
age: 311428
last-modified: Mon, 13 Jul 2020 00:13:56 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/googlesans/v45/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/googlesans/v45/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17204, version 1.0\012- data
Hash adc7d381054d4dec73e7d1cd56783af1
c2b226ed8fde486aa1facd9c8b7754e29a145cb2
d524bfae27e5abd09253fc0750d127771c61bf3b8aad0ea5c23db7b0148a23f1
GET /s/googlesans/v45/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17204
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 20:35:30 GMT
expires: Thu, 23 Nov 2023 20:35:30 GMT
cache-control: public, max-age=31536000
age: 348430
last-modified: Wed, 01 Jun 2022 19:04:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9cff2c2ad4207e09e07c017987177850
833082ded91a1983a1367c48c8076949e079ce95
82b03e92d004f116875ba023a7e8782d3c124a1c499a6328f29cff70f397a6cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
142.250.74.70200 OK 60 kB URL HTTP/2 s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (2322)
Hash 36b0ba015b3250f6bda9e89b898f4707
635c67d8b08f40705e87e9c81cb138aef9c2ecdb
c70af3ba570296102947920e68bfe252d08de33b0464a910dd8e5d3ac58410f3
GET /879366/html_inpage_rendering_lib_200_276.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 60311
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 13:00:22 GMT
expires: Mon, 28 Nov 2022 13:00:22 GMT
cache-control: public, max-age=86400
age: 30138
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9cff2c2ad4207e09e07c017987177850
833082ded91a1983a1367c48c8076949e079ce95
82b03e92d004f116875ba023a7e8782d3c124a1c499a6328f29cff70f397a6cc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 21:22:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 3ad7f3e30d9250381417b47473c5b0f2
0d6ab103842d4689533b1f808f4df62233043fd8
fedd554bef37d360cb62119ea18e5ff83d66ecd2728f39e8fd2f29a0860362f2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 21:22:40 GMT
Last-Modified: Sun, 27 Nov 2022 20:31:27 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ccKGQymxGRpVwKJp-DevbbYBR3X0QutWZje5OwKM1Pf1LuLyz3AGmA==
Age: 3073
csi.gstatic.com/csi?v=2&s=ima&puid=1~lazvauay&c=7227885809997&slotId=3613942904998.5&qqid=CJuNh9Wlz_sCFQVDHgIdUaEB2Q&sei=44729911%2C44730425%2C44730426%2C44731965%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1
142.250.74.99204 No Content 0 B URL HTTP/2 csi.gstatic.com/csi?v=2&s=ima&puid=1~lazvauay&c=7227885809997&slotId=3613942904998.5&qqid=CJuNh9Wlz_sCFQVDHgIdUaEB2Q&sei=44729911%2C44730425%2C44730426%2C44731965%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1
IP 142.250.74.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csi?v=2&s=ima&puid=1~lazvauay&c=7227885809997&slotId=3613942904998.5&qqid=CJuNh9Wlz_sCFQVDHgIdUaEB2Q&sei=44729911%2C44730425%2C44730426%2C44731965%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1 HTTP/1.1
Host: csi.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: *
date: Sun, 27 Nov 2022 21:22:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c5b1e0fe6395a4ac9131b071442a99bf
4455d646bd92dbb2fad200e5c2430519c2d55dc1
4a91cb058331ec5969fa2497fecf44222bd87a607f4bb737ac47a28ad9a8089f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 21:22:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 19:58:45 GMT
Expires: Sat, 03 Dec 2022 19:58:44 GMT
Etag: "4455d646bd92dbb2fad200e5c2430519c2d55dc1"
Cache-Control: max-age=512763,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770debab7fcdfac0-OSL
m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_no&extLi=26928661&extCr=158367340&extPm=322757279&gdpr_consent=&gdpr=0
85.14.248.91200 OK 43 B URL HTTP/1.1 m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_no&extLi=26928661&extCr=158367340&extPm=322757279&gdpr_consent=&gdpr=0
IP 85.14.248.91:0
ASN #24961 myLoc managed IT AG
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_no&extLi=26928661&extCr=158367340&extPm=322757279&gdpr_consent=&gdpr=0 HTTP/1.1
Host: m.exactag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Content-Type: image/gif
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: So, 27 Nov 2022 09:22:40 GMT
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: *
X-ET-Code: 0
X-ET-Camp: 1720
X-ET-Monitoring: 1
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Strict-Transport-Security: max-age=31536000
Set-Cookie: exactag_new_gk=cc32833a536d4593ac71d1b6daef3b2b%7c26.01.2023+21%3a22%3a40; expires=Sat, 25-Feb-2023 21:22:40 GMT; path=/; secure; HttpOnly; SameSite=None
exactag_new_uk=5265516fa76f4e24ac66e62f637de052%7c; expires=Fri, 26-May-2023 21:22:40 GMT; path=/; secure; HttpOnly; SameSite=None
session_session=b4ec4a2afe084bef869c9f6c; path=/; secure; HttpOnly; SameSite=None
Date: Sun, 27 Nov 2022 21:22:40 GMT
Connection: close
Content-Length: 43
cross-origin-resource-policy: cross-origin
X-Xss-Protection: 0
X-Content-Type-Options: nosniff
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=246&cbvp=1&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl=
142.250.74.130200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=246&cbvp=1&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=246&cbvp=1&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 21:22:40 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 27-Nov-2022 21:37:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 27 Nov 2022 21:22:40 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=646&vt=11&dtpt=400&dett=3&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl=
142.250.74.130200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=646&vt=11&dtpt=400&dett=3&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjssTZ8YXbmNQdepIZt5DLqxFy9aT6V36j3I5FNyCZMh0O3XVU8Ber6YJdisqw50LjD4wkmo2TVDfqIqglGCXAVjZQIonldDtmgE_1vogaMSmZ91l-6Kkbg6FSkDq1DCBoNSgaUNPZgUcGSCeaIthUbv7_59r4yT2PUfBCMT53kongwU1rVrwD8W0Nw-XIK7OB1x7NBU-tR3_SBq2U2CYo1di6WY6INQY_Q5MN6fEXeq3_Sld8eiiR2v1VFs8qxXhUcgRFUEfNa7HGXom40cxlDdNdb3arPJoyCEK2tWe5shxUgHzS-2puiekdFp6WqMhaRq3y92-l-H2RmjZ43UtK7mtI_Do_5DjBuPKnaB-lyBWD0n4gAO3Iyyet8O4niq4u-8Ht5cNYzFElaNbK1RppFQNVFWA864cnxHK3wHmi-wCRfHYyNJ9TLgah1nfRkFsqPYLRbNdKo4t5EcRYxE3Z4HKZMBXBDP0HuTGkHVgU1pbI2gJQziw9bdqAeQjELURzhkUW0MAejSok3CkOJAVp8H9sgdfxERbN-yjlqh3JlmXn8uctfN_ymtheKjYWrAG2BORtjsLVc7uxhAugtcBYjz8dxmDQVOL9uPj3lk48MYTDAichBO6zK4xVG_f6s5zZn9aiht7-x0Izom2q1hAFqPa4-e-wM0WCbpuD1qDoRRwdqo9agF4e0s1MSM58fJGljwjiiyBWYmF9qdo9pPNO81aGaCNG1QBUMtePJQflOEhkzW9Oq8Jg5QkCOjZJ_nhIp_F5c1rMZTqkqVZfNCOFpnNRHDohewCO7JqBICQOefU0Sw_kn9F34URHPZF0oFv7gbou-8JAObaJA1zm7OvHQmk6hMou-3saWcNTnhFbefjeVw_brWo-GgxZLmaHHTruMaqQsVBPhyGVD2jBPyNf_yg2DawIWVCEg5nwhZEiDbEdXZbd9TOMJjW61fLTC5z01Fp-y418_MuZqpl5R9R9y0U28qxY2L-GsKpljjpLG03jhbhoxGREo7Nqq0tLY3zcyGb0e_5uPAmneoWXuVcVeUZRZoQjDBSjDIPUrF3LOD8xmwVumfAWozrA3blAPx4c7zXcARPBKt8RfDgX873maad37_9lDa6tMM0bqDf2Pig7HSUEwfhadItgTFSgDyNhZgMT3KlOBC9wBiwl9fL2Th6nJVBxfyp3pcQZ_AUMxIj9uBmeFhRrFi5GOv9nlTBWzbIqG6HkaHm_oWY0WhItehYZxdAMPjUCE9fbTJk3SXyYKsfAHyGR5FsXrfjlB8L&sai=AMfl-YRO1pAy2VrjquYvwzl-nw44Tkn0_vGlViSYPaVdJ21ssnQRv49KK7EeMTnx0RR3fjATLtUP234EbMkDTUmg64919vjbvWZLetE9z9C-mJ5bsyAXjpEeKaWPrVXmbixeIgEYuBDZ-XoikicikplL9t16O79ey4PBy7-6inre0rv7e-skkITtjQulXB2sfmygdB9-XpkpVCMqTey6-BeJ49lvTaJ8XkbbbJzp8MFaAQK7ftKPIoNmaJax_3_mLA7aNCsJ2N0f_lQjcN7b5GCpo9iz8LtogOrnk5xL-ORrEzuRefS8D24&sig=Cg0ArKJSzPRSNoYWdWBwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=646&vt=11&dtpt=400&dett=3&cstd=236&cisv=r20221110.98031&arae=0&ftch=1&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sun, 27 Nov 2022 21:22:40 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 27-Nov-2022 21:37:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 27 Nov 2022 21:22:40 GMT
X-Firefox-Spdy: h2
pixel.adsafeprotected.com/mon?anId=925113&advId=783245742&campId=14802594851&pubId=1&placementId=396802833&adsafe_par&bundleId=&dealId=&bidurl=https://kingroot.fr.malavida.com/android/download&adsafe_url=https%3A%2F%2Fkingroot.fr.malavida.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2181195710737927%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3DPAn8ETYAEK%26p%3Dhttps%253A%2F%2Fkingroot.fr.malavida.com&adsafe_type=b&adsafe_jsinfo=,id:33743dce-4c4e-dccb-6c86-bb97c7c2c0bf,c:vcMmEt,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-569955bbb-kfnq8,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:g,bru:g,an:n,oam:0,scm:publ1.grpm1,mtim:470,mot:0,app:0,maw:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,ex:e2,pl:,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:515,oid:9f8ea25e-6e99-11ed-93f2-bec365bfd737,v:19.8.366,sp:1,st:0,fwm:0,wr:1280.1024,sr:1280.1024,ov:0
54.171.74.147200 OK 43 B URL HTTP/2 pixel.adsafeprotected.com/mon?anId=925113&advId=783245742&campId=14802594851&pubId=1&placementId=396802833&adsafe_par&bundleId=&dealId=&bidurl=https://kingroot.fr.malavida.com/android/download&adsafe_url=https%3A%2F%2Fkingroot.fr.malavida.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2181195710737927%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3DPAn8ETYAEK%26p%3Dhttps%253A%2F%2Fkingroot.fr.malavida.com&adsafe_type=b&adsafe_jsinfo=,id:33743dce-4c4e-dccb-6c86-bb97c7c2c0bf,c:vcMmEt,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-569955bbb-kfnq8,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:g,bru:g,an:n,oam:0,scm:publ1.grpm1,mtim:470,mot:0,app:0,maw:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,ex:e2,pl:,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:515,oid:9f8ea25e-6e99-11ed-93f2-bec365bfd737,v:19.8.366,sp:1,st:0,fwm:0,wr:1280.1024,sr:1280.1024,ov:0
IP 54.171.74.147:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /mon?anId=925113&advId=783245742&campId=14802594851&pubId=1&placementId=396802833&adsafe_par&bundleId=&dealId=&bidurl=https://kingroot.fr.malavida.com/android/download&adsafe_url=https%3A%2F%2Fkingroot.fr.malavida.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20221110%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-2181195710737927%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3DPAn8ETYAEK%26p%3Dhttps%253A%2F%2Fkingroot.fr.malavida.com&adsafe_type=b&adsafe_jsinfo=,id:33743dce-4c4e-dccb-6c86-bb97c7c2c0bf,c:vcMmEt,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-569955bbb-kfnq8,rg:ie,pt:1-5-15,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:g,bru:g,an:n,oam:0,scm:publ1.grpm1,mtim:470,mot:0,app:0,maw:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,ex:e2,pl:,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:515,oid:9f8ea25e-6e99-11ed-93f2-bec365bfd737,v:19.8.366,sp:1,st:0,fwm:0,wr:1280.1024,sr:1280.1024,ov:0 HTTP/1.1
Host: pixel.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:41 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: app03.ie.303net.net
X-Firefox-Spdy: h2
static.adsafeprotected.com/sca.17.6.2.js
54.230.111.114200 OK 23 kB URL HTTP/2 static.adsafeprotected.com/sca.17.6.2.js
IP 54.230.111.114:0
File type ASCII text, with very long lines (26279)
Hash 0c4c28f0653817a7982d1339cf6a3205
dc95d2be50d4f7d953412d89ee930051a89aa761
64ce3bca0d337ed9e700d12baa988f95f2e1de02883c6367f523194246ecbc89
GET /sca.17.6.2.js HTTP/1.1
Host: static.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qPYxxah-8nfqKkozGvbvg9PhxIshGNjREzrKD-7o1z5BhAxJug0fbw==
age: 5809585
X-Firefox-Spdy: h2
www.malavida.com/jsu_V34/js-mv_util-mv_usr-nsmvsite-mv_box-mv_css_async-mv_usr_txt_fr.js
23.13.37.130200 OK 9.3 kB URL HTTP/2 www.malavida.com/jsu_V34/js-mv_util-mv_usr-nsmvsite-mv_box-mv_css_async-mv_usr_txt_fr.js
IP 23.13.37.130:0
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (571), with CRLF, LF line terminators
Hash b01f53fb43e7e9bfa5733918d7514c7e
c4297c2fb6a903e9d67fcc000b0a7aaeae4868a7
1eca142251f8f7c6ac1c75ae5a1ec92bfaed97516d4c861682ec3ef38f37fd75
GET /jsu_V34/js-mv_util-mv_usr-nsmvsite-mv_box-mv_css_async-mv_usr_txt_fr.js HTTP/1.1
Host: www.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Cookie: didomi_token=eyJ1c2VyX2lkIjoiMTg0YmFmODctNzkyNi02ZGY5LTljYWItNDk2OGIyOTY4NjBmIiwiY3JlYXRlZCI6IjIwMjItMTEtMjdUMjE6MjI6MzYuNjM1WiIsInVwZGF0ZWQiOiIyMDIyLTExLTI3VDIxOjIyOjM2LjYzNVoiLCJ2ZXJzaW9uIjpudWxsfQ==; cookie-consent-v1=no-eu; _ga=GA1.1.90260268.1669584157; _gid=GA1.2.463963822.1669584157; _dc_gtm_UA-62129-9=1; _dc_gtm_UA-62129-49=1; _ga_DHF0S7H5E7=GS1.1.1669584156.1.0.1669584156.0.0.0; _ga_D0S6F2L1PH=GS1.1.1669584156.1.0.1669584156.0.0.0; __gads=ID=8fa5a12f6a7c45ab:T=1669584157:S=ALNI_MZfz_eZ7He1nYukvwkVq77c9P3Cvg; __gpi=UID=00000b892d36765e:T=1669584157:RT=1669584157:S=ALNI_Mahz3kS9cQdjDHvOElG6vVLGglLdg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
x-frame-options: SAMEORIGIN
last-modified: Wed, 23 Nov 2022 07:23:09 GMT
content-encoding: br
content-security-policy: frame-ancestors 'self';
access-control-allow-credentials: true
content-length: 9271
content-type: application/javascript; charset=UTF-8
cache-control: max-age=15244449
expires: Tue, 23 May 2023 07:56:50 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.adsafeprotected.com/main.19.8.366.js
54.230.111.114200 OK 77 kB URL HTTP/2 static.adsafeprotected.com/main.19.8.366.js
IP 54.230.111.114:0
Hash bc6af4fc6bd119853fa917e53278b079
14f97e3f978ede65f96f6b93ccc9fdebe3757dc9
c81a0de1cd699cc61bb1160d72f59cf2526b00e9c8722306a70ade20321a44a7
GET /main.19.8.366.js HTTP/1.1
Host: static.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Mon, 21 Nov 2022 21:37:52 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 21 Nov 2022 19:50:49 GMT
etag: W/"ca4194ffbaa3712186a83d16b497895d"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: DTz7DAGx5H1oATkuvwxjIs9w8gvuFjKB
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oFr1gE_hsNrUnUn41Q98GqTTurenUjzryyAmwmY-772nFMjy0Pu8EQ==
age: 517488
X-Firefox-Spdy: h2
static.malavida.com/global/css_V121/profile-app-download.css
23.13.37.130200 OK 20 kB URL HTTP/2 static.malavida.com/global/css_V121/profile-app-download.css
IP 23.13.37.130:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ffb43af68a776d5f774cf537c682147c
a7340254c586b7e20ab092e0ac0c99eaccf0e0f6
89d974bec93d651fdc4c9eac99969a759178daa204970c8ca24b9df2728599f0
GET /global/css_V121/profile-app-download.css HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Cookie: didomi_token=eyJ1c2VyX2lkIjoiMTg0YmFmODctNzkyNi02ZGY5LTljYWItNDk2OGIyOTY4NjBmIiwiY3JlYXRlZCI6IjIwMjItMTEtMjdUMjE6MjI6MzYuNjM1WiIsInVwZGF0ZWQiOiIyMDIyLTExLTI3VDIxOjIyOjM2LjYzNVoiLCJ2ZXJzaW9uIjpudWxsfQ==; cookie-consent-v1=no-eu; _ga=GA1.1.90260268.1669584157; _gid=GA1.2.463963822.1669584157; _dc_gtm_UA-62129-9=1; _dc_gtm_UA-62129-49=1; _ga_DHF0S7H5E7=GS1.1.1669584156.1.0.1669584156.0.0.0; _ga_D0S6F2L1PH=GS1.1.1669584156.1.0.1669584156.0.0.0; __gads=ID=8fa5a12f6a7c45ab:T=1669584157:S=ALNI_MZfz_eZ7He1nYukvwkVq77c9P3Cvg; __gpi=UID=00000b892d36765e:T=1669584157:RT=1669584157:S=ALNI_Mahz3kS9cQdjDHvOElG6vVLGglLdg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 08 Nov 2022 08:12:47 GMT
accept-ranges: none
content-encoding: br
content-length: 19569
content-type: text/css
cache-control: max-age=15156069
expires: Mon, 22 May 2023 07:23:50 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-attachment.svg
23.13.37.130200 OK 1.8 kB URL HTTP/2 static.malavida.com/global/imag/ico-attachment.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash fb1bf8b4af7fd77daa2b398bf70f1815
31ca6d72acf74f168df9053e46fe2185b9fcbbf5
469f85339f5d18006566a86cd1e6913682dd661eeb4ec4bc25b624a05871642b
GET /global/imag/ico-attachment.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 1803
content-type: image/svg+xml
cache-control: max-age=7380053
expires: Tue, 21 Feb 2023 07:23:34 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-info.svg
23.13.37.130200 OK 1.8 kB URL HTTP/2 static.malavida.com/global/imag/ico-info.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 6a2f012e23ff358b50c834c44c7640d8
6a12592928f4fc70c44b7252f5faedb4b64e5db5
8547acaea4e98f7f1aa31a5cc7ac591cea5871e5312e8f15dacf117a2c168a0b
GET /global/imag/ico-info.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 1798
content-type: image/svg+xml
cache-control: max-age=7380073
expires: Tue, 21 Feb 2023 07:23:54 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-facebook2.svg
23.13.37.130200 OK 430 B URL HTTP/2 static.malavida.com/global/imag/ico-facebook2.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (417)
Hash b218d673d70422d827f690990f6cf084
58b74b38f08b11b644bbcc160b8191bb978eceb8
142b264118bf70b6eed5c22897a8a406f26d48ca2af1a513c9c9ae4ab8f19855
GET /global/imag/ico-facebook2.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 430
content-type: image/svg+xml
cache-control: max-age=7380030
expires: Tue, 21 Feb 2023 07:23:11 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-twitter2.svg
23.13.37.130200 OK 723 B URL HTTP/2 static.malavida.com/global/imag/ico-twitter2.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1020)
Hash 507262faee65fc55a7202f08b548ccf8
300f64483e4c9b0d487216946ddb6fe77b19ebfe
53645bb522d12dde4c460e76df0f61d3c0ffe02f3b191236aafe3000fa8897c2
GET /global/imag/ico-twitter2.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 723
content-type: image/svg+xml
cache-control: max-age=7380054
expires: Tue, 21 Feb 2023 07:23:35 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/css/img/firmlogo.png
23.13.37.130200 OK 933 B URL HTTP/2 static.malavida.com/global/css/img/firmlogo.png
IP 23.13.37.130:0
File type PNG image data, 110 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash 388224e03f901d300a281573b2c0e02c
bd97e283b257c22367453c4ad396b952646fb967
f7eb2e945f83424dfa06ebf3e81f5f7280be4747035b9d6cb2904db7924bca62
GET /global/css/img/firmlogo.png HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Cookie: didomi_token=eyJ1c2VyX2lkIjoiMTg0YmFmODctNzkyNi02ZGY5LTljYWItNDk2OGIyOTY4NjBmIiwiY3JlYXRlZCI6IjIwMjItMTEtMjdUMjE6MjI6MzYuNjM1WiIsInVwZGF0ZWQiOiIyMDIyLTExLTI3VDIxOjIyOjM2LjYzNVoiLCJ2ZXJzaW9uIjpudWxsfQ==; cookie-consent-v1=no-eu; _ga=GA1.1.90260268.1669584157; _gid=GA1.2.463963822.1669584157; _dc_gtm_UA-62129-9=1; _dc_gtm_UA-62129-49=1; _ga_DHF0S7H5E7=GS1.1.1669584156.1.0.1669584156.0.0.0; _ga_D0S6F2L1PH=GS1.1.1669584156.1.0.1669584156.0.0.0; __gads=ID=8fa5a12f6a7c45ab:T=1669584157:S=ALNI_MZfz_eZ7He1nYukvwkVq77c9P3Cvg; __gpi=UID=00000b892d36765e:T=1669584157:RT=1669584157:S=ALNI_Mahz3kS9cQdjDHvOElG6vVLGglLdg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Tue, 10 Mar 2020 08:22:29 GMT
accept-ranges: bytes
content-length: 933
content-type: image/png
cache-control: max-age=7380039
expires: Tue, 21 Feb 2023 07:23:20 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-youtube.svg
23.13.37.130200 OK 280 B URL HTTP/2 static.malavida.com/global/imag/ico-youtube.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash e47fc6db0854139bc4d35ef54bce6340
84a762dc86924061f8bb42449277e35bcfb0ea72
dd8f9e1f8b01520464af3bf56d861ff8baabc8b235a3ef8daeeaa1749f408112
GET /global/imag/ico-youtube.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 280
content-type: image/svg+xml
cache-control: max-age=7380056
expires: Tue, 21 Feb 2023 07:23:37 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
static.malavida.com/global/imag/ico-feed.svg
23.13.37.130200 OK 408 B URL HTTP/2 static.malavida.com/global/imag/ico-feed.svg
IP 23.13.37.130:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Hash 89425e6176447940ab46c35ee06a77ff
3edcacbeba69e2b50b633ef88d8f14748bb1320f
5d840cd85e715400c607c35838257100d4e01a24d8adbe21c54beca754957160
GET /global/imag/ico-feed.svg HTTP/1.1
Host: static.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://static.malavida.com/global/css_V121/profile-app-download.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: Apache
last-modified: Mon, 19 Apr 2021 07:15:39 GMT
accept-ranges: none
content-encoding: br
access-control-allow-origin: *
content-length: 408
content-type: image/svg+xml
cache-control: max-age=7380064
expires: Tue, 21 Feb 2023 07:23:45 GMT
date: Sun, 27 Nov 2022 21:22:41 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
X-Firefox-Spdy: h2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIkt2l1qXP-wIV6cs7Ah1ytgvREAAYACDs_MFLQhMIkra81aXP-wIVAc-yCh1ZKwJn;stragg=1;×tamp=1669584161010;str=LH/NULL/1081/amadeusBestPrice/NH_D_EU_Germany-Castle-Diverse;strtype=2
142.250.74.34200 OK 42 B URL HTTP/2 ade.googlesyndication.com/ddm/activity/dc_oe=ChMIkt2l1qXP-wIV6cs7Ah1ytgvREAAYACDs_MFLQhMIkra81aXP-wIVAc-yCh1ZKwJn;stragg=1;×tamp=1669584161010;str=LH/NULL/1081/amadeusBestPrice/NH_D_EU_Germany-Castle-Diverse;strtype=2
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/activity/dc_oe=ChMIkt2l1qXP-wIV6cs7Ah1ytgvREAAYACDs_MFLQhMIkra81aXP-wIVAc-yCh1ZKwJn;stragg=1;×tamp=1669584161010;str=LH/NULL/1081/amadeusBestPrice/NH_D_EU_Germany-Castle-Diverse;strtype=2 HTTP/1.1
Host: ade.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 21:22:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cf55bcdd030cbe50d6684717478e28f9
1f7db2346538a9b44003ec85176b4d7bdde7eee9
a43d22add74fb3246472c61f56cb609e8aa6d352c86f5f55564a5fd24e52509e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 21:22:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 06:57:49 GMT
Expires: Sat, 03 Dec 2022 06:57:48 GMT
Etag: "1f7db2346538a9b44003ec85176b4d7bdde7eee9"
Cache-Control: max-age=465906,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 770debb06d51fac0-OSL
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash ab6a7f1e600441b614e9c1568c0b2842
dcf2a54a82702f7f49ac8f097f42cc92763d6091
8a344dc5fb86c9c10593f8d7fb4a2ad60e566df950daa0beae126990686c49cb
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 21:22:41 GMT
Last-Modified: Sun, 27 Nov 2022 20:20:51 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XU0hUn8z6RSwoX5LSLmI822iqzO_7lp5lQI5-j_mHST4rRzUAhWhqw==
Age: 3710
actions.malavida.com/adpub
91.192.108.161200 OK 5 B URL HTTP/2 actions.malavida.com/adpub
IP 91.192.108.161:0
ASN #39020 Comvive Servidores S.L.
File type very short file (no magic)
Hash dd6849f8e60a13f578ea94f268c9ce0e
0a3e264270cdfde332604aac11b8d1ac9d93b5e7
e5b15ab268d5daf5f6d92d81fb20df58f1ce87fc5354080dbe039c7ba4323f17
POST /adpub HTTP/1.1
Host: actions.malavida.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 40
Origin: https://kingroot.fr.malavida.com
Connection: keep-alive
Referer: https://kingroot.fr.malavida.com/
Cookie: didomi_token=eyJ1c2VyX2lkIjoiMTg0YmFmODctNzkyNi02ZGY5LTljYWItNDk2OGIyOTY4NjBmIiwiY3JlYXRlZCI6IjIwMjItMTEtMjdUMjE6MjI6MzYuNjM1WiIsInVwZGF0ZWQiOiIyMDIyLTExLTI3VDIxOjIyOjM2LjYzNVoiLCJ2ZXJzaW9uIjpudWxsfQ==; cookie-consent-v1=no-eu; _ga=GA1.1.90260268.1669584157; _gid=GA1.2.463963822.1669584157; _dc_gtm_UA-62129-9=1; _dc_gtm_UA-62129-49=1; _ga_DHF0S7H5E7=GS1.1.1669584156.1.0.1669584156.0.0.0; _ga_D0S6F2L1PH=GS1.1.1669584156.1.0.1669584156.0.0.0; __gads=ID=8fa5a12f6a7c45ab:T=1669584157:S=ALNI_MZfz_eZ7He1nYukvwkVq77c9P3Cvg; __gpi=UID=00000b892d36765e:T=1669584157:RT=1669584157:S=ALNI_Mahz3kS9cQdjDHvOElG6vVLGglLdg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:41 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
x-robots-tag: noindex,nofollow
set-cookie: PHPSESSID=5bb7c8d68fd32a9f68b9d8c267959998; path=/; domain=.malavida.com
strict-transport-security: max-age=86400 ; includeSubDomains ; preload
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-encoding: br
accept-ranges: none
content-security-policy: frame-ancestors 'self';
access-control-allow-origin: https://kingroot.fr.malavida.com
access-control-allow-credentials: true
content-length: 5
content-type: text/plain;charset=UTF-8
X-Firefox-Spdy: h2
dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmMh,pingTime:-10,time:998,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDUvNHx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1669584161129%7C%7Cf32da10f4b6f4592ed8d6c32de218793%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Cd6f68976044a73a8276eb081a14f66d0%7C%7C9981fd2246a248c51480df76fe907ae5%7C%7C22356c99afa2060285e4da56276f736d%7C%7Ce9a583614d1efb7569fe2c705aaa5485%7C%7C58554af8a7ded5e2b43be0f905435a88%7C%7C1663701684%7D
54.86.137.150200 OK 43 B URL HTTP/2 dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmMh,pingTime:-10,time:998,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDUvNHx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1669584161129%7C%7Cf32da10f4b6f4592ed8d6c32de218793%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Cd6f68976044a73a8276eb081a14f66d0%7C%7C9981fd2246a248c51480df76fe907ae5%7C%7C22356c99afa2060285e4da56276f736d%7C%7Ce9a583614d1efb7569fe2c705aaa5485%7C%7C58554af8a7ded5e2b43be0f905435a88%7C%7C1663701684%7D
IP 54.86.137.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmMh,pingTime:-10,time:998,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEwMDJ8fDEyODB8fDF8fDF8fDI0fHwxMDI0fHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDUvNHx8NS80fHwwfHwxMjgw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDEwMDEwMXx8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjB8fDF8fDF8fG58fG4-,ch:n,fsc:17.6.2v222220222000022202200000220002000220002002220222222202000222000220200000000000222202200002202222200000000000020020000022200022222220022200000222202022200002020222002222202202222202022222022220000220200000022222222220222222222222202222222222222222222222222222222222222200000022022020020202222222202002022022222222000000000020222202022222220002220022020000220200000002000022202220000022200202202220022000200222022220220022020222200222222020002200200022222222202222002002022002222200000000020200000000000000202220,asp:1669584161129%7C%7Cf32da10f4b6f4592ed8d6c32de218793%7C%7Cdf16c081c25306654a0efb89b8761a08%7C%7Cd6f68976044a73a8276eb081a14f66d0%7C%7C9981fd2246a248c51480df76fe907ae5%7C%7C22356c99afa2060285e4da56276f736d%7C%7Ce9a583614d1efb7569fe2c705aaa5485%7C%7C58554af8a7ded5e2b43be0f905435a88%7C%7C1663701684%7D HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:41 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: dt02.va.303net.net
X-Firefox-Spdy: h2
dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmFU,pingTime:-2,time:603,type:a,im:%7Bpci:%7Btdr:68%7D,sf:0,pom:0,prf:%7BbeA:442,beZ:443,mfA:911,cmA:937,inA:937,inZ:939,prA:939,prZ:949,si:957,poA:959,poZ:967,cmZ:967,mfZ:967,ecZ:1015,loA:1029,loZ:1032,ltA:1044,ltZ:1044,mdA:443,mdZ:742,idA:958,idZ:1010%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:16,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B16~75%5D,as:%5B16~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573,sinceFw:86,readyFired:true%7D&br=g
54.86.137.150200 OK 43 B URL HTTP/2 dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmFU,pingTime:-2,time:603,type:a,im:%7Bpci:%7Btdr:68%7D,sf:0,pom:0,prf:%7BbeA:442,beZ:443,mfA:911,cmA:937,inA:937,inZ:939,prA:939,prZ:949,si:957,poA:959,poZ:967,cmZ:967,mfZ:967,ecZ:1015,loA:1029,loZ:1032,ltA:1044,ltZ:1044,mdA:443,mdZ:742,idA:958,idZ:1010%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:16,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B16~75%5D,as:%5B16~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573,sinceFw:86,readyFired:true%7D&br=g
IP 54.86.137.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmFU,pingTime:-2,time:603,type:a,im:%7Bpci:%7Btdr:68%7D,sf:0,pom:0,prf:%7BbeA:442,beZ:443,mfA:911,cmA:937,inA:937,inZ:939,prA:939,prZ:949,si:957,poA:959,poZ:967,cmZ:967,mfZ:967,ecZ:1015,loA:1029,loZ:1032,ltA:1044,ltZ:1044,mdA:443,mdZ:742,idA:958,idZ:1010%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:16,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B16~75%5D,as:%5B16~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573,sinceFw:86,readyFired:true%7D&br=g HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:41 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: dt08.va.303net.net
X-Firefox-Spdy: h2
dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmKk,time:877,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:290,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B290~75%5D,as:%5B290~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g
54.86.137.150200 OK 43 B URL HTTP/2 dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmKk,time:877,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:290,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B290~75%5D,as:%5B290~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g
IP 54.86.137.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmKk,time:877,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:290,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B290~75%5D,as:%5B290~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:41 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: dt15.va.303net.net
X-Firefox-Spdy: h2
dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmWW,pingTime:1,time:1659,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1072,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1072~75%5D,as:%5B1072~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:419,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g
54.86.137.150200 OK 43 B URL HTTP/2 dt.adsafeprotected.com/dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmWW,pingTime:1,time:1659,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1072,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1072~75%5D,as:%5B1072~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:419,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g
IP 54.86.137.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /dt?anId=925113&asId=33743dce-4c4e-dccb-6c86-bb97c7c2c0bf&tv=%7Bc:vcMmWW,pingTime:1,time:1659,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:514%7D,%7Bpiv:76,vs:i,r:,t:587%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1072,o:587,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:514,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B91~0%5D,as:%5B91~728.90%5D%7D%7D,%7Bsl:i,t:587,wc:0.0.1280.1024,ac:270.934.728.90,am:i,cc:270.934.728.90,piv:76,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1072~75%5D,as:%5B1072~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:419,fm:toqoZij+11%7C12%7C13%7C1411%7C1412%7C142%7C143%7C15%7C161%7C1711%7C1712%7C181*.925113%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:515,sis:573%7D&br=g HTTP/1.1
Host: dt.adsafeprotected.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 21:22:42 GMT
content-type: image/gif
content-length: 43
server: nginx
p3p: CP="COM NAV INT STA NID OUR IND NOI"
pragma: no-cache
cache-control: no-cache
x-server-name: dt06.va.303net.net
X-Firefox-Spdy: h2
sb.scorecardresearch.com/internal-cs/default/beacon.js
143.204.55.25200 OK 0 B URL HTTP/2 sb.scorecardresearch.com/internal-cs/default/beacon.js
IP 143.204.55.25:0
GET /internal-cs/default/beacon.js HTTP/1.1
Host: sb.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kingroot.fr.malavida.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 04 Mar 2021 13:31:34 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sun, 27 Nov 2022 21:00:37 GMT
etag: W/"5b0f9f0704a703b8da651007721fac57"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: bweiL00S4sLslgfqZdXzYapKjYSfpj2pJXmlvRcFRfgMxsgjLi5AdQ==
age: 1321
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Google%20Sans%3A400
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Google%20Sans%3A400
IP 142.250.74.10:0
GET /css?family=Google%20Sans%3A400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 21:22:39 GMT
date: Sun, 27 Nov 2022 21:22:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669612959&ei=H9WDY7W3FIjw7ATu-4fQAg&ip=91.90.42.154&id=3082e9b8f3d923fd&itag=18&source=youtube&requiressl=yes&mh=pk&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.104&lmt=1666313130178611&mt=1669583860&txp=6210224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRAIgSSVu0Gmmrk0WnFEBLj-Tu15XWuFR_hGBTVFv06qNPrsCIA8ckS11F2u3nGayO8HSygvxFFsp0f1DHxSeMBrcPtHF&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgNibJTal7jJwGQzhGn_nkezOWaS9ON5fCcMSQws9gN20CICHOyGaRJQ4IuoevtfZU3U1MgD3CPlLEHtHMFETmuQXp&cpn=3xsdOOgeo0woMbuR
91.90.45.172206 Partial Content 0 B URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669612959&ei=H9WDY7W3FIjw7ATu-4fQAg&ip=91.90.42.154&id=3082e9b8f3d923fd&itag=18&source=youtube&requiressl=yes&mh=pk&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.104&lmt=1666313130178611&mt=1669583860&txp=6210224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRAIgSSVu0Gmmrk0WnFEBLj-Tu15XWuFR_hGBTVFv06qNPrsCIA8ckS11F2u3nGayO8HSygvxFFsp0f1DHxSeMBrcPtHF&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgNibJTal7jJwGQzhGn_nkezOWaS9ON5fCcMSQws9gN20CICHOyGaRJQ4IuoevtfZU3U1MgD3CPlLEHtHMFETmuQXp&cpn=3xsdOOgeo0woMbuR
IP 91.90.45.172:0
ASN #50304 Blix Solutions AS
GET /videoplayback?expire=1669612959&ei=H9WDY7W3FIjw7ATu-4fQAg&ip=91.90.42.154&id=3082e9b8f3d923fd&itag=18&source=youtube&requiressl=yes&mh=pk&mm=31&mn=sn-capm-vnae&ms=au&mv=m&mvi=1&pl=21&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=15.104&lmt=1666313130178611&mt=1669583860&txp=6210224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRAIgSSVu0Gmmrk0WnFEBLj-Tu15XWuFR_hGBTVFv06qNPrsCIA8ckS11F2u3nGayO8HSygvxFFsp0f1DHxSeMBrcPtHF&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgNibJTal7jJwGQzhGn_nkezOWaS9ON5fCcMSQws9gN20CICHOyGaRJQ4IuoevtfZU3U1MgD3CPlLEHtHMFETmuQXp&cpn=3xsdOOgeo0woMbuR HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://65e05a877ca407b1e1e84483af50960c.safeframe.googlesyndication.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Last-Modified: Fri, 21 Oct 2022 00:45:30 GMT
Content-Type: video/mp4
Date: Sun, 27 Nov 2022 21:22:40 GMT
Expires: Sun, 27 Nov 2022 21:22:40 GMT
Cache-Control: private, max-age=28499
Content-Range: bytes 0-1166158/1166159
Accept-Ranges: bytes
Content-Length: 1166159
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0