Report - qaffen.yoo7.com/t3792-topic

Report Overview

Submitted URL
qaffen.yoo7.com/t3792-topic
IP
94.23.76.111
ASN
#16276 OVH SAS
Submitted
2022-10-15 10:36:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	4.6 kB	9.3 kB	93.184.220.29
2img.net	212398	2016-06-23T08:31:49Z	2023-03-09T12:31:09Z	7.5 kB	101 kB	104.21.235.175
stootsou.net	145219	2021-04-05T10:22:21Z	2023-03-10T01:03:55Z	3.0 kB	3.8 kB	139.45.197.250
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-09T11:25:06Z	328 B	963 B	172.64.155.188
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-09T10:18:28Z	412 B	744 B	139.45.195.8
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	61 kB	34.120.237.76
illiweb.com	265462	2012-06-26T03:06:07Z	2023-03-08T14:24:00Z	1.1 kB	2.7 kB	104.21.63.213
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-09T13:40:16Z	732 B	80 kB	142.250.74.168
choices.consentframework.com	31439	2020-07-17T10:57:23Z	2023-03-09T15:00:57Z	3.2 kB	142 kB	212.129.3.112
vidstat.taboola.com	1927	2017-08-29T13:41:42Z	2023-03-09T08:04:14Z	401 B	24 kB	151.101.85.44
cdn.betgorebysson.club	149925	2020-07-24T17:19:13Z	2023-03-09T01:07:47Z	368 B	30 kB	139.45.195.8
15.taboola.com	1912	2017-03-15T12:40:55Z	2023-03-09T20:26:25Z	1.5 kB	633 B	151.101.85.44
connect.topicit.net	523065	2017-11-15T11:04:29Z	2023-03-08T14:24:01Z	361 B	937 B	104.21.90.171
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	325 B	1.6 kB	143.204.55.36
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-09T13:58:35Z	379 B	35 kB	142.250.74.170
twemoji.maxcdn.com	9109	2018-06-24T07:07:50Z	2023-03-09T12:18:24Z	356 B	5.5 kB	23.111.9.57
cdn.taboola.com	1040	2013-07-20T01:48:03Z	2023-03-09T05:14:35Z	755 B	172 kB	151.101.85.44
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-09T09:24:51Z	503 B	694 B	142.250.74.3
trc-events.taboola.com	1779	2020-06-09T15:52:57Z	2023-03-09T05:14:38Z	560 B	163 B	141.226.228.48
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.9 kB	8.0 kB	23.36.77.32
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-09T13:53:17Z	360 B	21 kB	216.239.36.178
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	338 B	1.0 kB	143.204.42.158
api.viglink.com	4397	2012-05-23T15:47:26Z	2023-03-09T09:21:48Z	2.1 kB	2.4 kB	34.248.7.88
ocsp.comodoca4.com	23611	2014-10-06T15:20:48Z	2023-03-07T01:16:50Z	330 B	775 B	172.64.155.188
trc.taboola.com	602	2012-12-27T12:54:42Z	2023-03-09T05:14:36Z	2.2 kB	13 kB	151.101.85.44
qaffen.yoo7.com	unknown			2.6 kB	98 kB	178.33.115.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
static.criteo.net	652	2012-05-22T19:01:05Z	2023-03-09T08:06:01Z	1.2 kB	42 kB	178.250.0.130
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	52.89.136.7
i.servimg.com	258270	2015-07-24T11:25:42Z	2023-03-09T12:23:02Z	776 B	6.7 kB	104.21.31.159
bidder.criteo.com	750	2017-01-30T06:01:16Z	2023-03-09T05:41:35Z	940 B	656 B	178.250.0.165
il-trc-events.taboola.com	22667	2021-06-17T09:23:06Z	2023-03-09T08:04:14Z	567 B	163 B	185.106.33.48
alchaam.com	unknown			378 B	775 B	46.17.175.20
cdn.viglink.com	4113	2012-10-26T17:59:48Z	2023-03-09T05:36:11Z	351 B	574 B	104.16.160.13
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	3.6 kB	7.7 kB	142.250.74.3
js.cookieless-data.com	5008	2020-12-28T10:59:17Z	2023-03-09T13:40:18Z	732 B	518 B	51.158.28.82
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-09T07:43:12Z	594 B	710 B	173.194.73.157
www.google.com	7	2015-05-10T13:11:19Z	2023-03-09T13:38:50Z	504 B	694 B	142.250.74.164
images.taboola.com	1621	2013-07-11T11:17:44Z	2023-03-09T08:04:14Z	3.3 kB	59 kB	151.101.85.44
cache.consentframework.com	35167	2020-08-11T14:36:43Z	2023-03-09T15:00:57Z	374 B	731 B	104.26.5.102

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-15	medium	cdn.betgorebysson.club/apu.php?zoneid=3765907	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (41)

	URL	Size	First Seen	Last Seen
	qaffen.yoo7.com/t3792-topic	213 B	2023-03-07	2024-01-03
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:51 Last Seen2024-01-03 03:33:38 Times Seen17 Hash 8dc99b1a979c478e061ff14e9670e8af 7550a0acc3765631761b58add79d56910907c5be bb17c405392717ddb4e72a8d66b94b269df6defb391f09fdfb60acc1403dd3c6 Loading...

	qaffen.yoo7.com/t3792-topic	70 B	2023-03-07	2024-04-19
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen60 Hash 7d95955272fc06a396db4bf66d9d6247 1a4b36a4b619d7f680909d4e7f574f15d3542ee7 b03b4f9d334c2b312ee05154d8eedbc5a64ca9764bd0a795920e73faf4d874db Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 17:23:04 Times Seen37067724 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	stootsou.net/pfe/current/tag.min.js?z=2308013	15 kB	2023-03-10	2023-03-10
Pretty URL stootsou.net/pfe/current/tag.min.js?z=2308013 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:59:13 Last Seen2023-03-10 11:07:03 Times Seen1 Hash b6fe716c62fa99280dca5d778a31b681 05ed0ddc87391f9eace2fc191794121038bae94e 6bef8336b84cd6db0337913fb3615bc03727d57ebc2e523d6d6c331af9148758 Loading...

	cache.consentframework.com/js/pa/24697/c/IxWav/stub	1.3 kB	2023-03-07	2023-06-07
Pretty URL cache.consentframework.com/js/pa/24697/c/IxWav/stub IP 104.26.5.102 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-06-07 17:18:07 Times Seen41 Hash ab35d2cdd19414da398078334df85194 6f823ba2429d56ede761a1e0a0a3545d36bd5a8b 9298971a5bdb7470b87aa2bf89d39c6b13fd2f486d38c87b057b94ce54eb98bc Loading...

	connect.topicit.net/scripts/connect.js	3.5 kB	2023-03-07	2024-04-19
Pretty URL connect.topicit.net/scripts/connect.js IP 104.21.90.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen93 Hash df06f0c81b83b4161d3a2c843e71de58 ac09970aca15ee03496cbe68c2a2f06914e19855 39ce845fc0203d4cb00559dff89d9448765e0ebd65ebbaf76623cc9850827542 Loading...

	qaffen.yoo7.com/t3792-topic	102 B	2023-03-10	2023-03-10
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:38:59 Last Seen2023-03-10 09:38:59 Times Seen1 Hash 2a0d20a411d4f31836146c83bfbb2399 52a24919dea3be5d9ac6aca09209056a6107e312 d9061926c6b5ba5c8fb53bec4ae946487d25e2f6d3ee2db11360296204123b8d Loading...

	vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js	81 kB	2023-03-07	2023-04-18
Pretty URL vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:17 Last Seen2023-04-18 00:38:47 Times Seen5 Hash b683c290896a82c974838a04b4ea4aff d13ad4fdab8d045822e96854f8f53438f3757ce8 e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e Loading...

	qaffen.yoo7.com/t3792-topic	112 B	2023-03-07	2023-04-05
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-04-05 02:10:30 Times Seen82 Hash e47ee79f740c9eae02464288746f765d 9f2a84ab535d0c773c2d822221917b26446c6d46 24ca2d2952aa702f4191a162f59fbad191c648e851dae7876434baf548af95a7 Loading...

	illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js	1.0 kB	2023-03-07	2024-04-19
Pretty URL illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen152 Hash 12a485a250e60806fbe4ab8bd03dfbf8 ea48bc03bfb90a966f28d302992ec02fe55da978 6cf7880d67c712bb6f85f1dfa1d26ea5e0a7195130a3e42c8b441cdd1de77a90 Loading...

	cdn.taboola.com/libtrc/userx.20221013-3-RELEASE.es6.js	18 kB	2023-03-10	2023-03-10
Pretty URL cdn.taboola.com/libtrc/userx.20221013-3-RELEASE.es6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:37:47 Last Seen2023-03-10 10:22:07 Times Seen1 Hash f290d75c96fbe5a591f3b6c1483eeb02 3f5d42371550f4bc0e794ae8a4c4c5cac80cb7ae 4c8d80497d1889690a98646650edc2172929d11c0945b238829b20adea845a8c Loading...

	qaffen.yoo7.com/t3792-topic	322 B	2023-03-07	2024-01-03
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen34 Hash 9c1735e3df55bb348b1933b393c67c48 403dcbd4b806d5a2e34b6f8497bd030234ca658b 2e47dc28efa9586f4ce6e8db3258f7b8bd70bf0683c210aa2b135acfd38eefa4 Loading...

	static.criteo.net/js/ld/publishertag.js	124 kB	2023-03-08	2023-03-10
Pretty URL static.criteo.net/js/ld/publishertag.js IP 178.250.0.130 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:44:15 Last Seen2023-03-10 14:47:41 Times Seen1 Hash 816c0146fcd36a70e523fb6ca84288ef 704bccd126c2e381e5191b146a87ab0688f4c37f 119e37f6f9552a67b6f761070add78e7f93db654027478a7c51e9e34f955b841 Loading...

	qaffen.yoo7.com/t3792-topic	263 B	2023-03-07	2024-01-03
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen36 Hash ef8b50accfd60bbe469f135147911168 ff6c86cd05950889a2e4b1f70655e153c561577e 9a0d1233f8889ad529c9fdd86b379ba5a08dd71ba3939a2206f3e03659965d58 Loading...

	qaffen.yoo7.com/t3792-topic	483 B	2023-03-10	2023-03-10
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:38:59 Last Seen2023-03-10 09:38:59 Times Seen1 Hash 02a15b8537ddc7ffde6bd17c931fb6f1 6ef2fa1633a801e32a5b2c045e2e65f16e09e52a 906d6aee53d69f99db134a546552d41a3cd1a93582bb1cfe803d55189db8c210 Loading...

	twemoji.maxcdn.com/twemoji.min.js	15 kB	2023-03-07	2023-03-17
Pretty URL twemoji.maxcdn.com/twemoji.min.js IP 23.111.9.57 ASN #12989 StackPath LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-03-17 12:40:56 Times Seen1 Hash 0e7562d46a4d2db5e27e0d8ece11622a 038fc48367c0055aff024fb128062181f1b4413b 637282f23b8352c04ecc9dd7b4e1ffb23f8102517d010afaa447b2fb889b689e Loading...

	cdn.betgorebysson.club/apu.php?zoneid=3765907	76 kB	2023-03-10	2023-03-10
Pretty URL cdn.betgorebysson.club/apu.php?zoneid=3765907 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash f3bd777cb5443392912d48f214e1da83 fe73afb7188e56b4310bbf513f8dcd724fa14298 43621f9c8c28db236e339e752542b3c9c395eea634f35f17bb87bd6ded81421a Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js	95 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-25 11:56:09 Times Seen13768 Hash b8d64d0bc142b3f670cc0611b0aebcae abcd2ba13348f178b17141b445bc99f1917d47af 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Loading...

	qaffen.yoo7.com/t3792-topic	12 kB	2023-03-10	2023-03-10
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash 2556aba0ddec4ab9e4063e388bf86cbe a2416ccb12bb7058adfc2ae65a2075fd60894635 f5be441dbfd1314ec1ba57a8a872fd422fa64b6315c23bb0eb4cb0140228af22 Loading...

	qaffen.yoo7.com/t3792-topic	172 B	2023-03-07	2024-01-03
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-03 03:33:38 Times Seen36 Hash eac2977105f7afa338df42213637c7e8 b8da68cf1722f55c0013b2c642ff3315f8d03755 ee35e392c911a32615a69c87ae4dcf90dabcedb74b9b8f1df12010e4622e25a8 Loading...

	qaffen.yoo7.com/t3792-topic	51 B	2023-03-07	2024-04-19
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:51 Last Seen2024-04-19 17:26:25 Times Seen31 Hash 31413c1a0520f96981534f262a266579 ea3b9b49e90bd399a7042952268f01a95a3a405a d75199ccb2b6682e717ae84c96162eb5e341b62a189c22d1ad74fdcf6db27987 Loading...

	qaffen.yoo7.com/t3792-topic	474 B	2023-03-07	2024-04-19
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:25 Times Seen76 Hash 5dc2d1991479eee96d79b825b4ed452f bc3983969f797596e3e7f3dd21c5fa6e6106991c 4f479e3c2a795d192a8b82d1ac992bb6a2e7e1f65b8bbd808d5e5a2ff0cebaff Loading...

	qaffen.yoo7.com/t3792-topic	411 B	2023-03-07	2023-03-17
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-03-17 12:40:57 Times Seen1 Hash d8793ee455d156d658f5f70e3ed7bcf8 dc25bbd1fd938f37c21f5b4bc71e0fa6034756f8 db00250066a0114b9d8ed5e81abea3156e2f3b49a94e8685fcafe28ea6f54201 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 216.239.36.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	qaffen.yoo7.com/t3792-topic	469 B	2023-03-07	2023-04-07
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-04-07 01:16:28 Times Seen3 Hash 9ac8ef2d1a3bfa3853583ff63bf55fdc 320b3c290f614ea4d58c6380975f66643a86b0c8 2366434a4c7d47689d8eb6353e5bc3c9c50f94f0b7cea6ceba7023faa9d37c02 Loading...

	www.googletagmanager.com/gtag/js?id=UA-144347007-1	109 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-144347007-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash e39adae0152b0602b3b6497e54cf2988 0304fff18a04a0fe5caa9379dd983eec110218eb ad11981533a896ce2ee5270310285f10c59c3b6071efa95e62a7306af4c59d87 Loading...

	illiweb.com/rs3/63/frm/embed/FA_Embed.js	277 B	2023-03-07	2024-01-20
Pretty URL illiweb.com/rs3/63/frm/embed/FA_Embed.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-01-20 22:09:05 Times Seen67 Hash 7c08b7f1da97c37b7680d6f879d7ed40 97f715f01a5bb9d07ec879e3b5e14a631b087740 432bb74f6f65f0b392e4b531804bf529db2f58fa1868537599097f408c02b481 Loading...

	qaffen.yoo7.com/t3792-topic	514 B	2023-03-07	2024-04-19
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:25 Times Seen76 Hash 761d2d805f480411fa88e7662492769d c28ca142719025edf8996ac2897d036fc0c2a76e 0ee1b0b1b1b4667a2fd2983949d1c4b6aaaca435394712789388747cbe3d6d53 Loading...

	qaffen.yoo7.com/t3792-topic	30 B	2023-03-07	2024-04-19
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2024-04-19 17:26:26 Times Seen63 Hash 4ece280a19c04007f1c61ee38cfc055b c425f44785e505687647cd153db2f5d6e947b85c da7ba30ac2306369b237659657949a1d5fad24e99a97245319bac3b5a8bfddac Loading...

	qaffen.yoo7.com/t3792-topic	139 B	2023-03-07	2023-10-01
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-10-01 10:50:16 Times Seen38 Hash 19e57056f1e5b06edac6b9654418f705 863dadea1e6158fea52bd8bfb1eab0cc13107c12 30f513144bf444457a7c1aadbe1e937ffe5d33eea89055ef9032f1aa9a2439eb Loading...

	qaffen.yoo7.com/t3792-topic	98 kB	2023-03-10	2023-03-10
Pretty URL qaffen.yoo7.com/t3792-topic IP 178.33.115.32 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:59:13 Last Seen2023-03-10 11:07:03 Times Seen1 Hash fafa35bce74fb764de9430b61a100396 3ece38d830a3c8edbc0ea5d0c8199b2d5827d620 6a71a18ec3c333f1dd90bdb3dcbd8b6d793aa128aeac63f93aec291488229128 Loading...

	cdn.taboola.com/libtrc/forumotion-ar/loader.js	180 kB	2023-03-10	2023-03-10
Pretty URL cdn.taboola.com/libtrc/forumotion-ar/loader.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:46:05 Times Seen1 Hash d67d78ac489dcba00e62d1df3763d010 88feb6b8aff502b04bbe6c78fccde68560ff65f0 bc5e75f0dd7d75279a7d919d3f886bbdbf16731e44869024830bc60260b40c4d Loading...

	illiweb.com/rs3/63/frm/lang/ar.js	75 kB	2023-03-07	2023-04-14
Pretty URL illiweb.com/rs3/63/frm/lang/ar.js IP 104.21.63.213 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:52:20 Last Seen2023-04-14 22:27:46 Times Seen4 Hash 4a140cee443e4115b24e0cdb3fdd8fab a5be9fcbdaa30c36101c4754c08aef0fb1f383a0 744f2a3e4c6a3be1e929e19cd2578699c79ab9cc6cab7cb5e184ff74b194f2d5 Loading...

	cdn.viglink.com/api/vglnk.js	83 kB	2023-03-07	2023-03-17
Pretty URL cdn.viglink.com/api/vglnk.js IP 104.16.160.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:33 Last Seen2023-03-17 12:55:08 Times Seen1 Hash 00f6ad35e2ff4f8886dae67b1dd697e6 347d57d6b53509fd87982d06e9f6c3d350cf3f34 73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e Loading...

		Size	First Seen	Last Seen
	#1 Eval - 73497a37c3561adbd8ce84e4f017b368	9 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-25 16:24:18 Times Seen2146 Hash 73497a37c3561adbd8ce84e4f017b368 9193ae73cb3dd2833be8c942714d5544bfb628c9 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351 Loading...

	#2 Eval - b70a18996b3f5eca0ae6ccfa0d036648	2.0 kB	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash b70a18996b3f5eca0ae6ccfa0d036648 8a5d2fd0fa9eac4bb20afe3e6d3df80564dbfb4c 8047ce42a6fc2d5ade940cf4138bc414ae10e59e017dc8d8881788a2cbbdf1ae Loading...

	#3 Eval - 2537b107f301bf9b877954920af7f5cb	2.0 kB	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash 2537b107f301bf9b877954920af7f5cb 2d48c39e61d67620fa3016871481eafe1cc3d12a b079ac5c2a0a71f5cab2bb53235dab6e17a721287056a5ff92df596cda9ee537 Loading...

	#4 Eval - 4f893e396485b034004a29f13cee046f	79 B	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 09:39:00 Last Seen2023-03-10 09:39:00 Times Seen1 Hash 4f893e396485b034004a29f13cee046f 1a3724675b9ff36443e0a2628d0d12bac098dc27 870ed5026827da9e4e5c60d9c454dc3aae7d850125e54e6437a9d473a4959060 Loading...

	#5 Eval - 37cd3bd2adbd29e7fafaf20f77f4bf43	18 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:02:19 Last Seen2024-04-15 12:57:44 Times Seen656 Hash 37cd3bd2adbd29e7fafaf20f77f4bf43 d4a665f4bf3dc9a6f3ea3a55c50c5a37c6bd05f5 0f3342bc14063d9ed7a669eb067b50ea17b2cb7dcb51968939b72fa9ac862d91 Loading...

		Size	First Seen	Last Seen
	#1 Write - 90be6fababd84ead318f6ebd34f25269	104 B	2023-03-07	2023-10-01
Pretty Observations First Seen2023-03-07 01:40:33 Last Seen2023-10-01 10:50:16 Times Seen38 Hash 90be6fababd84ead318f6ebd34f25269 e689a91041b2214c8d0eb98e1b0b701a8134c830 147f74332da8a3a6025c02528aa92901c92553e8066a4924adf0b4d08a8439fc Loading...

	#2 Write - 2d6673eded37338627f4fc432783fc4d	759 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 12:04:33 Last Seen2023-05-06 00:14:31 Times Seen121 Hash 2d6673eded37338627f4fc432783fc4d bb226d552cec5533fb1d7fd8b486efa856d7f333 a7e9c7904cd65627b33964bbb90839a2fa154c33d9c353413da6dcdc4fba2295 Loading...

HTTP Transactions (129)

URL IP Response Size

qaffen.yoo7.com/t3792-topic

178.33.115.32

301 Moved Permanently

0 B

URL HTTP/1.1
qaffen.yoo7.com/t3792-topic
IP
178.33.115.32:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t3792-topic HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 15 Oct 2022 10:36:28 GMT
Content-Length: 0
Location: https://qaffen.yoo7.com/t3792-topic

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 15 Oct 2022 09:50:04 GMT
Expires: Sat, 15 Oct 2022 10:42:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yMCQ5jpEH2WsdDWPR3pTYbFqFDNN01orfcjS5vBik_AVSFNvICgdFA==
Age: 2784

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2b424d8c01b211c56d5b44b92e4e4153
b1fdab18f23271eee58ae1482f8af25badc2ffda
1c82a5fd2bc3f16a66becb5e1924e8c9edd39386622dc2e5ed296442f4307b2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C82A5FD2BC3F16A66BECB5E1924E8C9EDD39386622DC2E5ED296442F4307B2B"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4189
Expires: Sat, 15 Oct 2022 11:46:17 GMT
Date: Sat, 15 Oct 2022 10:36:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14282
Expires: Sat, 15 Oct 2022 14:34:30 GMT
Date: Sat, 15 Oct 2022 10:36:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: SHU4Thk7QbcQ9irYXCV9PkfU0rDhV+HSbEf6w3nH2UHFB2jSVFn3sdE5GxBIwPbKCTOVkf3dEgM=
x-amz-request-id: 1XPRATC5K34SD83S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 15 Oct 2022 10:34:36 GMT
age: 112
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3d7bbc82637b00fdbe5170d5c187d0e
1991a22865610b12870be43d1eccead7c3360e43
c272dff4784cba3070ee798f2624595536123756473a5f86f779bc96248369fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C272DFF4784CBA3070EE798F2624595536123756473A5F86F779BC96248369FA"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5795
Expires: Sat, 15 Oct 2022 12:13:03 GMT
Date: Sat, 15 Oct 2022 10:36:28 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

142.250.74.170

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
34 kB (33845 bytes)
Hash
d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

HTTP Headers

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 14 Oct 2022 22:41:25 GMT
expires: Sat, 14 Oct 2023 22:41:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 42903
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-144347007-1

142.250.74.168

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1952)
Size
42 kB (42484 bytes)
Hash
33dac6c77520da00e8a7e0650a635bed
54a961f213bef4dcfd143756e52698ca6c5e51a0
488863ea4f8a8782531e58dc08b3f358bdd8e103eb069e217f61a6010629700c

HTTP Headers

GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 15 Oct 2022 10:36:28 GMT
expires: Sat, 15 Oct 2022 10:36:28 GMT
cache-control: private, max-age=900
last-modified: Sat, 15 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42484
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bc5a451525bf73c6fabd6dce70189db3
c8b2e2e9e5c55ac42589bcad3533afbddeb5d05c
d001a067b48d13a40e90e715668f612e4e7cb485866c35dee1bcdabd69ff70c4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1004
Cache-Control: max-age=155116
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Etag: "634a442d-1d7"
Expires: Mon, 17 Oct 2022 05:41:44 GMT
Last-Modified: Sat, 15 Oct 2022 05:25:01 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 471

www.googletagmanager.com/gtag/js?id=

142.250.74.168

200 OK

36 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2071)
Size
36 kB (36249 bytes)
Hash
56d80829a0b9c89a01189c8f1d0cc81b
cea55ce26b2207babdf41762065b6a909c4596a9
febea570fcdd8ae94f7858c5ef093ce4ae5b95bde4b7a0dcfbcdf8d8567f89b9

HTTP Headers

GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 15 Oct 2022 10:36:28 GMT
expires: Sat, 15 Oct 2022 10:36:28 GMT
cache-control: private, max-age=900
last-modified: Sat, 15 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 36249
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
906c29ed2a0bce76c2a36d4f1ff207e4
63690949f1182e54057de4b9bc5a306598663979
51176bcb5c019fcf0584ec92e73ed6cfb798692ef53252635a3e0b4edd4b5ad5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4466
Cache-Control: max-age=115721
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Etag: "63499cc3-1d7"
Expires: Sun, 16 Oct 2022 18:45:09 GMT
Last-Modified: Fri, 14 Oct 2022 17:30:43 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
fa2ed4e59ffdc20abff5a43c1389363d
3ab061af64b777146b1771261a9b22ac6b55b824
5cb5620c09908bf7218526b539dbbfb3c6811d7470cd8d52da73499c96083ede

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3
Cache-Control: max-age=109819
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Etag: "63499724-139"
Expires: Sun, 16 Oct 2022 17:06:47 GMT
Last-Modified: Fri, 14 Oct 2022 17:06:44 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 313

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3039b3640f516724d3ec7e845c2f20d1
efa6a85767ab44afd629d1d82413770412abce0e
d454aa6e955985b5b78d1a190b7abc035a1e6dea0c3c5f06220bad3031717249

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

choices.consentframework.com/js/pa/24697/c/IxWav/cmp

212.129.3.112

200 OK

139 kB

URL HTTP/1.1
choices.consentframework.com/js/pa/24697/c/IxWav/cmp
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type
Unicode text, UTF-8 text, with very long lines (65512), with no line terminators
Size
139 kB (139421 bytes)
Hash
c272e2fbd38f66fcaef3ca3229a47d0d
6747bb2670237b70881dc5180dda9fc5ca31a5b1
8a35872e78aee5b8cc36324aa2716d08b63deadc9feb4b566dff8941c25093d4

HTTP Headers

GET /js/pa/24697/c/IxWav/cmp HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:28 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=3600
Set-Cookie: euconsent-v2=NO_CONSENT; Path=/; Domain=consentframework.com; Expires=Sat, 15 Oct 2022 10:41:28 GMT; Secure; SameSite=None
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Content-Encoding: gzip

qaffen.yoo7.com/t3792-topic

94.23.159.185

200 OK

74 kB

URL HTTP/2
qaffen.yoo7.com/t3792-topic
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11020)
Size
74 kB (73529 bytes)
Hash
5ca1096fff4d2dddf253fff3a4933268
5c54803ed0141cd9be38c80ed6be5cb457453e87
ee0cb44f11d62316b675fe43e77224f781aaaebce6ac5a1e38ea6b604b7c7c78

HTTP Headers

GET /t3792-topic HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Sat, 15 Oct 2022 00:00:00 GMT
last-modified: Sat, 15 Oct 2022 10:36:25 GMT
vary: User-Agent
set-cookie: exadd=166584; expires=Sat, 15-Oct-2022 14:36:25 GMT; Max-Age=14400
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
8afdf145d838990d08d4e8bedbbdd640
b718c42fd492781d5d3bd72f766c915a9f35adc9
9708289cbcf84547f297089d1d96a02158a820cc685d53496bacfbb13fddb92c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3637
Cache-Control: max-age=127881
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349cf81-117"
Expires: Sun, 16 Oct 2022 22:07:50 GMT
Last-Modified: Fri, 14 Oct 2022 21:07:13 GMT
Server: ECS (amb/6BB8)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
8afdf145d838990d08d4e8bedbbdd640
b718c42fd492781d5d3bd72f766c915a9f35adc9
9708289cbcf84547f297089d1d96a02158a820cc685d53496bacfbb13fddb92c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4992
Cache-Control: max-age=129236
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349cf81-117"
Expires: Sun, 16 Oct 2022 22:30:25 GMT
Last-Modified: Fri, 14 Oct 2022 21:07:13 GMT
Server: ECS (amb/6BC3)
X-Cache: HIT
Content-Length: 279

twemoji.maxcdn.com/twemoji.min.js

23.111.9.57

200 OK

4.9 kB

URL HTTP/2
twemoji.maxcdn.com/twemoji.min.js
IP
23.111.9.57:0
ASN
#12989 StackPath LLC

File type
data
Size
4.9 kB (4916 bytes)
Hash
27306899e67f78e5880b3c1779b34273
b6372dfd5a1bfbbab4275847201636bc9a6f39ee
bb771b2c6ea6e97256eee4abbe93eb9930c55c28184eb32aa33411e701b59e4d

HTTP Headers

GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Mon, 14 Nov 2022 10:36:28 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 080A:7FEB:63B1FE:668312:6345BF88
vary: Accept-Encoding
x-fastly-request-id: 197f8c2083f49d748b222987ebe646b52fbc2b43
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
8afdf145d838990d08d4e8bedbbdd640
b718c42fd492781d5d3bd72f766c915a9f35adc9
9708289cbcf84547f297089d1d96a02158a820cc685d53496bacfbb13fddb92c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4992
Cache-Control: max-age=129236
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349cf81-117"
Expires: Sun, 16 Oct 2022 22:30:25 GMT
Last-Modified: Fri, 14 Oct 2022 21:07:13 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
8afdf145d838990d08d4e8bedbbdd640
b718c42fd492781d5d3bd72f766c915a9f35adc9
9708289cbcf84547f297089d1d96a02158a820cc685d53496bacfbb13fddb92c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2227
Cache-Control: max-age=126471
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349cf81-117"
Expires: Sun, 16 Oct 2022 21:44:20 GMT
Last-Modified: Fri, 14 Oct 2022 21:07:13 GMT
Server: ECS (amb/6BA3)
X-Cache: HIT
Content-Length: 279

static.criteo.net/js/ld/publishertag.js

178.250.0.130

200 OK

41 kB

URL HTTP/2
static.criteo.net/js/ld/publishertag.js
IP
178.250.0.130:0
ASN
#44788 Criteo SA

File type
data
Size
41 kB (40625 bytes)
Hash
f4443f7896315b5b0a2dc26792892b9e
b6f29485c3689d0bbbee3051fde4e894c714e581
6bdceb6cf08ab7dd03a7d3321ffcbae727be759c0175841556d7d8270ea686f8

HTTP Headers

GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: text/javascript
last-modified: Sat, 01 Oct 2022 02:55:29 GMT
etag: W/"6337ac21-1e358"
expires: Sun, 16 Oct 2022 10:36:28 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

2img.net/i/fa/prosilver_lightgreen/icon_logout.gif

104.21.235.175

200 OK

219 B

URL HTTP/2
2img.net/i/fa/prosilver_lightgreen/icon_logout.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 16 x 14\012- data
Size
219 B (219 bytes)
Hash
08d7b21e844c8bcda5067bbb2188f7d4
804faa09ba236963291272d4df900ab96fd5c00b
e5382e35a551bd5eb24167eb0096939d2b4f752ad529222a969217e05e914d2f

HTTP Headers

GET /i/fa/prosilver_lightgreen/icon_logout.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 219
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-db"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 701625
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h65yv2GCCV4ZYYdssvsFDZq2hYoV3XVv1PA%2BlW7e%2BQoJwlX2CDeKM3FKeI7vdVzTUQQUNEBUjs8nsn%2FK6e164kepNTvVJlz%2BYZPsL3Dq7mKzOQpEP9%2FeySkolQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9e92e88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/subsilver/icon_zodiac_capricorn_2.gif

104.21.235.175

200 OK

315 B

URL HTTP/2
2img.net/i/fa/subsilver/icon_zodiac_capricorn_2.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 20 x 18\012- data
Size
315 B (315 bytes)
Hash
effd43e4a547b224ade12963c5926dd6
9fe65b71c641335575d003ac1b35b264ea369c5b
d3807c173efab4574fb709fc10eea0d6de2a5c6d203b083989bdf455e7cfc012

HTTP Headers

GET /i/fa/subsilver/icon_zodiac_capricorn_2.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 315
last-modified: Mon, 16 May 2016 11:01:57 GMT
etag: "5739a8a5-13b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 695807
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=een0xVm0D3gA0%2BmGYRD6oJaOwn8OUX2W9NrJmA6EHVz3Squul6zD7toIGUkP2j2F3%2BFmp6qgcpM9XP8z8wlWUNRGs9r1nKjdsOaPbVu5%2Fn2tEi%2BGiyD6IPdSsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9e92b88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/prosilver_lightgreen/icon_portal.png

104.21.235.175

200 OK

211 B

URL HTTP/2
2img.net/i/fa/prosilver_lightgreen/icon_portal.png
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 14 x 14, 8-bit colormap, non-interlaced\012- data
Size
211 B (211 bytes)
Hash
baaf60af0b24a7960d5f2c9b6a4eb5b4
16c9cdc7456f1849f5e3f9b7e3b55ddc4b64ecd7
602dcb2564ba556ea7821a603c26b12d70c657291167ea30e2c0417f97869d97

HTTP Headers

GET /i/fa/prosilver_lightgreen/icon_portal.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/png
content-length: 211
last-modified: Mon, 16 May 2016 11:00:41 GMT
etag: "5739a859-d3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 206130
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVEjkB4VYCIJyuk1OAKNjvi8boD7ACi4g%2FWALFQPsZzKVoAWN4fdEhqd%2BVvjNyCrTAXG4LW8yc7vV3iBaprkynvcKrCfueyPA2h7cPV9EPsRm08ABdKqvvWcpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9e92388b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/empty.gif

104.21.235.175

200 OK

43 B

URL HTTP/2
2img.net/i/empty.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 703057
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DQgVZzud3GdyhVMWJ0z4WnYENFVkbkmAyCQKWy4KFu4%2FbRe2GCo%2BpxhNsIo2HypFh59WmAEaPx54HYc%2B5um7HjoogrykTnN1k1M94skjPCdxquT7gR1Q64Hzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9e92d88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/prosilver_lightgreen/icon_home.gif

104.21.235.175

200 OK

306 B

URL HTTP/2
2img.net/i/fa/prosilver_lightgreen/icon_home.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 13 x 12\012- data
Size
306 B (306 bytes)
Hash
1d9ea37a713f3effaf49b982f798b616
aab649583075bad7bcf5555953d34dd26f566986
6fc9e1f931fe8cda14caf06c2d2674774fbab6d67b424d3bbc438996922448ab

HTTP Headers

GET /i/fa/prosilver_lightgreen/icon_home.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 306
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-132"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 702734
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4fEdyoa6tR%2Bps%2B7tMXFDaFmGoymb9TLFhQXpMpOydTvveFaHaprflyzTTSrRsEe81QpgzwfDnSuxKmgqAmISmteKspZaBegkXPc%2B1frqJ7TGcYwhrJdLLK8zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9f95b88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/i/smiles/lol.gif

104.21.235.175

200 OK

3.6 kB

URL HTTP/2
2img.net/i/fa/i/smiles/lol.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 51 x 49\012- data
Size
3.6 kB (3569 bytes)
Hash
7755ddbe07db6d302fcb4121157f137e
c312b45c50c6b8f17770d91c1fcca779b982b721
a13d3affd32623af934b02995ecc02c1cfa1457eb12b5f7491bc6b88a2edfbbe

HTTP Headers

GET /i/fa/i/smiles/lol.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 3569
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-df1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 703026
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Agb1lmaK9XDtoBsdGO6%2FfuSLuXQWwqsIVOFdSz%2Fc8vqNpeX%2BQF6NwnCcGdWUn44ecUk564NwEoJQWhed%2F4LOFnMql7GSp7yRcuotlOoRQ5Bn%2Fm3u0%2BDZ7MA61w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9f97288b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/subsilver/icon_minigender_male.gif

104.21.235.175

200 OK

142 B

URL HTTP/2
2img.net/i/fa/subsilver/icon_minigender_male.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 11 x 11\012- data
Size
142 B (142 bytes)
Hash
5ef7a6af0298d7e13a08a8e5afeb1228
78e2ddc2595b7a2975e9b11ef4852f5ac0616616
4bd253445eec78e6f29ec51cfbd53f3b52941a208a4237389209cba55cc7047d

HTTP Headers

GET /i/fa/subsilver/icon_minigender_male.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 142
last-modified: Mon, 16 May 2016 11:01:55 GMT
etag: "5739a8a3-8e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 264858
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtshJmM19Adp2sVrI8mOnGEZv%2FUJV5BD0v5PPHrJLQWqVv%2F6RCihEBj5yS%2Fu4puB6yk3FWUBkm6%2BMm6Uuf6WdVko6suGgGERa0zZpjfpO3un533kt502b%2Fe3Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9f96e88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/subsilver/icon_zodiac_virgo_2.gif

104.21.235.175

200 OK

329 B

URL HTTP/2
2img.net/i/fa/subsilver/icon_zodiac_virgo_2.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 20 x 18\012- data
Size
329 B (329 bytes)
Hash
6d4fbaf7c8d70443d83c80a617dd2fe1
4e05c4ac97d34f02f10887f596621abc95ca3887
a16c14f23f8146df10e2795a20bd2d7fa8ece22395404034592d96b58f15798a

HTTP Headers

GET /i/fa/subsilver/icon_zodiac_virgo_2.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 329
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-149"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 188195
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnPMcHUIglT1xfS%2FccAPizJ5QX35wUArxf1fIhfWXpAo6m31Xx9eLlywH2os16yPn7jcNvFJJyQqwGfR0jv4v%2BmIZKHCuaGn5cZzeZll3zzrB2ZQYKcmpo9piA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9f97088b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/prosilver_lightgreen/icon_register.gif

104.21.235.175

200 OK

228 B

URL HTTP/2
2img.net/i/fa/prosilver_lightgreen/icon_register.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 16 x 14\012- data
Size
228 B (228 bytes)
Hash
7f2216e2b7117b95401f9e346b0d408e
331f9e0ff543c069064004556d7b8c0bab28baee
5977f5b026edab10b62bafbca17882ffa9cf160f7a46a7fd5f34e4be86fabfc3

HTTP Headers

GET /i/fa/prosilver_lightgreen/icon_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 228
last-modified: Mon, 16 May 2016 11:00:40 GMT
etag: "5739a858-e4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 701625
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AlprpX%2BpJ8FxFT1e0p0Bq%2BGdn3z6cuxSAFyMD7%2BwpaFkiLo8YmNlc8cQGewx%2FJFgSDy%2FqWHuybdR5bSH%2FZqDeAaZ7ru%2Fyw0LbkiR6eE84vqvgFRzcSDRh5KKMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f9f97188b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
8afdf145d838990d08d4e8bedbbdd640
b718c42fd492781d5d3bd72f766c915a9f35adc9
9708289cbcf84547f297089d1d96a02158a820cc685d53496bacfbb13fddb92c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3637
Cache-Control: max-age=127881
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349cf81-117"
Expires: Sun, 16 Oct 2022 22:07:50 GMT
Last-Modified: Fri, 14 Oct 2022 21:07:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279

2img.net/i/fa/prosilver/corners_left.gif

104.21.235.175

200 OK

55 B

URL HTTP/2
2img.net/i/fa/prosilver/corners_left.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 6 x 12\012- data
Size
55 B (55 bytes)
Hash
55e539125406d57ec52405dbf39253fa
6a33bb8f3227fb81fbdf5eaffeb40dd6f58b4f7a
e3c89e05bf4302b8521538f38f4117d88f59e34a3251b9daa330a1ac1bbfe23b

HTTP Headers

GET /i/fa/prosilver/corners_left.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 55
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-37"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 702933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Z8BRqv2ldVOkkGtVvgdgb8fs0B6oiYNdsmVTKkKYym%2FBfO5CoQ1uGqcQTngtSuSxjHc2ff3HU9Y61YvLJUfb3DrDnR2YxbtDYljCfo06ZA0eBKb8UqjZZblMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa59ea88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cbf2a1c4631b4db232c83e8cf536763a
bd00e55371b0cab37f16b559133e0f39bc2a1213
e515a6f6cca6496f7aea1463905eedc33f04b1d39ded01f2d68ca5ba91711ff3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E515A6F6CCA6496F7AEA1463905EEDC33F04B1D39DED01F2D68CA5BA91711FF3"
Last-Modified: Wed, 12 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14396
Expires: Sat, 15 Oct 2022 14:36:25 GMT
Date: Sat, 15 Oct 2022 10:36:29 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3763
Cache-Control: max-age=167589
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 09:09:38 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

2img.net/i/fa/prosilver/corners_right.gif

104.21.235.175

200 OK

54 B

URL HTTP/2
2img.net/i/fa/prosilver/corners_right.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 6 x 12\012- data
Size
54 B (54 bytes)
Hash
130c94b5382c071dcf09c5f50f8e7ab1
d391f8020a97bd8d5c350d68585765be61bfd27a
e004ee77cdd0e83653c2bd53ed833fe6a25d73e2371ece3d081f1c2b16de2478

HTTP Headers

GET /i/fa/prosilver/corners_right.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 54
last-modified: Mon, 16 May 2016 11:00:36 GMT
etag: "5739a854-36"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 702933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsigVo1bu8%2Fhb%2F0GXipDwoAABZgG4LPk4rYshv1D%2FZYWuBL3SD4lcH5na%2BIaX2GL8kVtrrjftFZI8OYRLniQkpeB5zrma4BtG3GdIgHfWJkmi71yDQaDeDY6hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa7a1488b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/invision/pp-blank-thumb.png

104.21.235.175

200 OK

9.6 kB

URL HTTP/2
2img.net/i/fa/invision/pp-blank-thumb.png
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
9.6 kB (9554 bytes)
Hash
db01076614dffc62222461ab141b990c
d9c4028723700b846dfbe902c19d9f78491fc65b
96ecd9f62a332fa2e57b75b308c1a6756d3e549c4d4dcdd0761af12431df59db

HTTP Headers

GET /i/fa/invision/pp-blank-thumb.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/png
content-length: 9554
last-modified: Mon, 16 May 2016 10:59:31 GMT
etag: "5739a813-2552"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 264868
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4F838EEGNt%2Bh2mlmH5tm9Jgmyu%2Fw%2FD9FqHfkc7yq%2FpbDY%2F7lhFKRnKgTUN3nokltu%2FXVo7VYCkZ7A81pxAFjSIpP1MnQF0Kd9gPfyjsEM5DmbtDW9yoJeoKWqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa8a1a88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/12/58/51/i_background.gif

104.21.235.175

200 OK

5.3 kB

URL HTTP/2
2img.net/s/t/12/58/51/i_background.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 200 x 200\012- data
Size
5.3 kB (5327 bytes)
Hash
ac56b423a6ef325f2b82964f089e335c
b93e09f9a39ef50c0208b5a4c00134a8170f2bbd
7f470ba400a8f06fff867f25224bf90e182be8578f555e729b92eec2fe192f84

HTTP Headers

GET /s/t/12/58/51/i_background.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 5327
last-modified: Wed, 27 Oct 2010 16:10:44 GMT
etag: "4cc84f04-14cf"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OhCbdu9SYwnuTa16RXlm%2Bw9zHuu2zCtf2sB02mHQgdAoOv6xuFJxNz9hrpEj5Iw%2F%2BSxCkyuFvB%2FFTzS56ZPLgFLIBqWmdx66fPcKvLJbRIiz9tQMLMqdjBoaag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa59e188b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/sprite_icons.png

104.21.235.175

200 OK

1.5 kB

URL HTTP/2
2img.net/i/fa/sprite_icons.png
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1395 x 12, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1459 bytes)
Hash
6c31830c94fd2987aab8ed4af1e6b756
9bb52d402fd3cd4a0515c54b5061b655fdabfd96
b621467f74054e2999a7e213edf26895f9639e255f7c11b2047509fd0879f6c8

HTTP Headers

GET /i/fa/sprite_icons.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/png
content-length: 1459
last-modified: Mon, 16 May 2016 11:01:49 GMT
etag: "5739a89d-5b3"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 703045
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvCwrzE6R%2Foz7qhif3txqiW25mZjfMReo6BZAs0eq%2B4JMoOTR7c3GNpHYKmUYDfxFKnuXNeTGo1C7Hih5H0GoyGmzWJloxMmgx3KOWfPb2BgMd%2FmMNJ2GPItDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa9a4088b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/i/fa/prosilver/bg_button.gif

104.21.235.175

200 OK

174 B

URL HTTP/2
2img.net/i/fa/prosilver/bg_button.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 87a, 4 x 24\012- data
Size
174 B (174 bytes)
Hash
1f4cb2a1974e0f3cc6b739707fc5713c
f313497e6aba95854a44462b5e35a024404b8989
4e8a79a702c74305fd3a2a0e10d8fadc1752d72ea159b0a4b25825acf3ef42ad

HTTP Headers

GET /i/fa/prosilver/bg_button.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 174
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-ae"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 703038
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVwi5Ga3g7s4onm0jDPdFfqu3bGfkPMo9SkFtVaaxjmA0M%2Fvn%2BxjQynFnCO%2FYsc7hx01NUipAAMw8OuDLx0OmOVjJ85qzmXrKED6ppYGouV3CG6CBhuN39O4lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa9a5088b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/u/2712/73/92/96/avatars/6-64.jpg

104.21.235.175

301 Moved Permanently

178 B

URL HTTP/2
2img.net/u/2712/73/92/96/avatars/6-64.jpg
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /u/2712/73/92/96/avatars/6-64.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 15 Oct 2022 10:36:29 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FNMmKtlJVNAuLQb2itjL%2BMvLX3l9PBsRlGGrXtocDpDZ4%2Fpvl8EnRPY6BkrWpbafR8Uo3FrtCZ2QOVIhg%2BlgdsDnLKPLHWcHdKUIeODz3uuxCcxuTNoZr6OqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa8a1888b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/u/2712/73/92/96/avatars/8-92.gif

104.21.235.175

301 Moved Permanently

178 B

URL HTTP/2
2img.net/u/2712/73/92/96/avatars/8-92.gif
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /u/2712/73/92/96/avatars/8-92.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 15 Oct 2022 10:36:29 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcvtM%2BdgvnzU7W5RgZtKZkTjUXZZ5QvuFnkEnAx2%2BRiPVW%2BinHNILlTdkF7acrsj3aKfN1QuUERvCFYuWu%2FNn1OIjGOf4E70IlW3rCMsm3jzd2wwcIkHd48Y1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa8a1688b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/s/t/12/58/51/i_header_bg.jpg

104.21.235.175

200 OK

53 kB

URL HTTP/2
2img.net/s/t/12/58/51/i_header_bg.jpg
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 980x300, components 3\012- data
Size
53 kB (53206 bytes)
Hash
98da1922d4c61c76db1e51d8fa4fbde9
296f1d090aa36b88394025e869c0ca452cb48a60
76d2da7a561e58a2e37393fcbff40788c7b75d5449098eaa8df876cd0777b77e

HTTP Headers

GET /s/t/12/58/51/i_header_bg.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/jpeg
content-length: 53206
last-modified: Wed, 27 Oct 2010 14:58:23 GMT
etag: "4cc83e0f-cfd6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmqs6THK7oSe1QYhcwM9LuEfC%2B3OEM%2FMeW4wh4U1SvPcPPFD6T%2F96ISPEkcUkBmTBI2gXNBnOtsBNrwVIaNjzS5TETTczPTzJILofxtMDKOcJY1tiJNIaCgP9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa59e588b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

2img.net/u/2712/73/92/96/avatars/1-77.jpg

104.21.235.175

200 OK

8.3 kB

URL HTTP/2
2img.net/u/2712/73/92/96/avatars/1-77.jpg
IP
104.21.235.175:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 112x199, components 3\012- data
Size
8.3 kB (8316 bytes)
Hash
9e232f3aea32fb6c385bbbb9badcb8ac
2f562ebf930ee1ff1a90a30a92b8632b8dcadf1c
e694e6dec46fcd5da08bae4b1454ab741315440616f72b3463d33e261347f7ad

HTTP Headers

GET /u/2712/73/92/96/avatars/1-77.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/jpeg
content-length: 8316
last-modified: Mon, 01 Jan 2001 00:00:00 GMT
etag: "3a4fc880-207c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJcO1jLyGROlLp1%2F1WejghReOygCWd13EJd0nU5VITDdcli9n6KdJgKuvyJX%2F9Oa7FbRCAsl6VhJ85F9ZWNPlRzp%2FqWlqX1eTowUrPVseHdTMXj6awwT7gHkYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fa9a3c88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

choices.consentframework.com/api/v1/public/profile/check?origin=https://qaffen.yoo7.com

212.129.3.112

200 OK

17 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/profile/check?origin=https://qaffen.yoo7.com
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type
JSON data\012- , ASCII text, with no line terminators
Size
17 B (17 bytes)
Hash
0bd75264337702d501fe87ce0b52dc08
97cc20d9be99aab0ec65848e65d7e3b241788d73
ab140244cd2fd2892fec183c503c0f9522f9935f5e6c5ace01e92924a7e2e90e

HTTP Headers

GET /api/v1/public/profile/check?origin=https://qaffen.yoo7.com HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Cookie: euconsent-v2=NO_CONSENT
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 17
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Referer,Origin
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Origin: https://qaffen.yoo7.com
Cache-Control: private, max-age=86400
X-Xss-Protection: 0
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
e4f71575f3c3b7f82320ea8ffae48d6d
d0672bb96e46501c3761bf4f7baff16de7072dfa
b116d1c166bc43ac06007235d90de77524d3cdd4570dab8a83f53895f1afa913

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3873
Cache-Control: max-age=157277
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "634a4169-116"
Expires: Mon, 17 Oct 2022 06:17:46 GMT
Last-Modified: Sat, 15 Oct 2022 05:13:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
e4f71575f3c3b7f82320ea8ffae48d6d
d0672bb96e46501c3761bf4f7baff16de7072dfa
b116d1c166bc43ac06007235d90de77524d3cdd4570dab8a83f53895f1afa913

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4956
Cache-Control: max-age=158360
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "634a4169-116"
Expires: Mon, 17 Oct 2022 06:35:49 GMT
Last-Modified: Sat, 15 Oct 2022 05:13:13 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 278

stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=qaffen.yoo7.com&var=&ymid=&var_3=

139.45.197.250

200 OK

758 B

URL HTTP/2
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=qaffen.yoo7.com&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (757)
Size
758 B (758 bytes)
Hash
a38b8b4091d6fc9efeccf2f672758507
8f0f9aff8423f3c8e6f750611c559ceebb0422ad
ed6366fbd57bf54148d66f84ad3b513da6944928b51eac15ba52ed641d650010

HTTP Headers

GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=qaffen.yoo7.com&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 2eada6c07ce4a0566a72c02443f995de
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vfPAiM4Fpt8tJiVeJPhQKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9T+O8ivu/w99WZHsazNfcVs9aRo=

i.servimg.com/u/f47/11/97/84/92/clip_i10.gif

104.21.31.159

200 OK

2.4 kB

URL HTTP/2
i.servimg.com/u/f47/11/97/84/92/clip_i10.gif
IP
104.21.31.159:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 80 x 25\012- data
Size
2.4 kB (2397 bytes)
Hash
1177cc73f98c1439050965522aac1d6a
c095d40f742ae5139e864fd1d4dfca90859b148d
19b5cfa03303f0fe1bd218a9296189797e787bac73ea05bbf91c23269146170c

HTTP Headers

GET /u/f47/11/97/84/92/clip_i10.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 2397
last-modified: Thu, 26 Jun 2008 15:04:33 GMT
etag: "4863b001-95d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Sun, 15 Oct 2023 10:36:29 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XpYkvgc7eVOR1JvGf0LYoC9Vn%2FjvIVPwbmIA26CPqL7PwwuWFtNTjyphm4BhVR7OdD0E8YBxhUZtuHBhRtXHb7MJcArpUPTxL67teFQ%2FcUKfnHnilbNWKTmO2VWJM3ld"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75a7e9fc5b541c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

choices.consentframework.com/api/v1/public/v2/tcstring

212.129.3.112

200 OK

25 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/v2/tcstring
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type
JSON data\012- , ASCII text, with no line terminators
Size
25 B (25 bytes)
Hash
1c7be6c2029fd0db7b831a9e8359395f
48818c4617f2dac593cc84c8f39244f24be3760e
6d24890b5608b6d182f02198897f50f220a40b66a08751a443ac714bf6f86602

HTTP Headers

GET /api/v1/public/v2/tcstring HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Cookie: euconsent-v2=NO_CONSENT
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 25
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Referer,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://qaffen.yoo7.com
X-Xss-Protection: 0
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
e4f71575f3c3b7f82320ea8ffae48d6d
d0672bb96e46501c3761bf4f7baff16de7072dfa
b116d1c166bc43ac06007235d90de77524d3cdd4570dab8a83f53895f1afa913

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3873
Cache-Control: max-age=157277
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "634a4169-116"
Expires: Mon, 17 Oct 2022 06:17:46 GMT
Last-Modified: Sat, 15 Oct 2022 05:13:13 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 278

i.servimg.com/u/f27/11/09/26/10/7mbc_110.gif

104.21.31.159

200 OK

2.5 kB

URL HTTP/2
i.servimg.com/u/f27/11/09/26/10/7mbc_110.gif
IP
104.21.31.159:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 80 x 25\012- data
Size
2.5 kB (2489 bytes)
Hash
19b73e27eaf91306747b3efa47e8550e
7efc35839f134391f994963ac3833ce8087f5aff
6619a36a6a6389e9765dfee3c9d04179d941fa34b988a1ec4edf49efa87da484

HTTP Headers

GET /u/f27/11/09/26/10/7mbc_110.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: image/gif
content-length: 2489
last-modified: Thu, 03 Jan 2008 20:01:53 GMT
etag: "477d3f31-9b9"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Sun, 15 Oct 2023 10:36:29 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C99E1%2BVeZaCEMQ842L2SNBoaEcPzQzJgjeDYer%2Botd9P%2F0bjozkMGfLIV0cm0kY7%2Fvwr8MfzVjM%2FpA8%2Fqahpy8J4%2FpsT%2FBCvP6bFY0lwqQLyg04JkLk0EZMqBTNAu5k1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 75a7e9fc4b481c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qaffen.yoo7.com/?utm_source=pwa

94.23.159.185

200 OK

16 kB

URL HTTP/2
qaffen.yoo7.com/?utm_source=pwa
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type
data
Size
16 kB (16024 bytes)
Hash
975ce02c14f3e013a4d81c63df346707
f68c248dbeff23d17e66607cadcef51cfd35af33
8dc0fd8f5c9ecbbc0cd6f10ccd00296825635fe02c93226b8f6509b164394109

HTTP Headers

GET /?utm_source=pwa HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/serviceworker.js
Connection: keep-alive
Cookie: exadd=166584; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Sat, 15 Oct 2022 00:00:00 GMT
last-modified: Sat, 15 Oct 2022 10:36:29 GMT
vary: User-Agent
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.betgorebysson.club/apu.php?zoneid=3765907

139.45.195.8

200 OK

29 kB

URL HTTP/2
cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28866 bytes)
Hash
8a704fadd8ecca686bf70a3bb42883f1
889c8d1e0d647aea475d26f44fa89081524c53a9
5602798b03aa432f7b16e5eb6d39d89baae38b0624c25005f43e572cc88fe18d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
x-trace-id: 648d4bdcb03556599da7ec57df90aad0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=9c3b7226524c4b42855dcbc76c911305; expires=Sun, 15 Oct 2023 10:36:29 GMT; path=/; secure; SameSite=None
oaidts=1665830189; expires=Sun, 15 Oct 2023 10:36:29 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

choices.consentframework.com/api/v1/public/consent-string

212.129.3.112

200 OK

0 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/consent-string
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/v1/public/consent-string HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

stootsou.net/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Content-Type: application/json
Origin: https://qaffen.yoo7.com
Content-Length: 378
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c4cc49bceef9db0f912ef4548eb2cc1f
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choices.consentframework.com/api/v1/public/consent-string

212.129.3.112

200 OK

245 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/consent-string
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type
JSON data\012- , ASCII text, with no line terminators
Size
245 B (245 bytes)
Hash
5ab74c520c412d104098671e09d66f63
dc1d65ecefa9f59b9140255dc14aeb78a3eaa9df
cb47c6f440bc1b0c4a9ce33a472aaeffd560bdb52d274cedde38e5838322344a

HTTP Headers

POST /api/v1/public/consent-string HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Content-Type: application/json
Origin: https://qaffen.yoo7.com
Content-Length: 314
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 245
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

choices.consentframework.com/api/v1/public/user-action

212.129.3.112

200 OK

0 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/user-action
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/v1/public/user-action HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0f76d0ccb016645ec4f230fe3515e364
17bdf4fb369fb6412ae220a28589008fd9876bb6
627784816d5d70f6c028a09044b3465702c2931c6bef89b51134e1ef566ccf34

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5165
Cache-Control: max-age=127207
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:29 GMT
Etag: "6349c6e8-1d7"
Expires: Sun, 16 Oct 2022 21:56:36 GMT
Last-Modified: Fri, 14 Oct 2022 20:30:32 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Content-Type: application/json
Origin: https://qaffen.yoo7.com
Content-Length: 452
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1e556950af3b077e152093c8cc85ccee
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

choices.consentframework.com/api/v1/public/user-action

212.129.3.112

200 OK

0 B

URL HTTP/1.1
choices.consentframework.com/api/v1/public/user-action
IP
212.129.3.112:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /api/v1/public/user-action HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Content-Type: application/json
Origin: https://qaffen.yoo7.com
Content-Length: 159
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:29 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

js.cookieless-data.com/GS.d?pa=24697&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&r=&rand=1665830191005&gdpr=1&gdpr_consent=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&globalscope=false&cookieless_optout=0&tbp=true

51.158.28.82

200 OK

0 B

URL HTTP/1.1
js.cookieless-data.com/GS.d?pa=24697&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&r=&rand=1665830191005&gdpr=1&gdpr_consent=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&globalscope=false&cookieless_optout=0&tbp=true
IP
51.158.28.82:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /GS.d?pa=24697&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&r=&rand=1665830191005&gdpr=1&gdpr_consent=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&globalscope=false&cookieless_optout=0&tbp=true HTTP/1.1
Host: js.cookieless-data.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 15 Oct 2022 10:36:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-Xss-Protection: 0
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8ceb6907e82e85fb8def6059388c6a5b
35baf6e386c6760b175fe9e2f1ccf94aa23252b7
29409c4b3a8e023a8c96dd6b87348a1523b2bcee1cd01db6cfd11fd9050d5af5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 10:36:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 13 Oct 2022 18:25:21 GMT
Expires: Thu, 20 Oct 2022 18:25:20 GMT
Etag: "35baf6e386c6760b175fe9e2f1ccf94aa23252b7"
Cache-Control: max-age=459529,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75a7e9ffecc0b4f7-OSL

www.google-analytics.com/analytics.js

216.239.36.178

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.36.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 15 Oct 2022 08:46:56 GMT
expires: Sat, 15 Oct 2022 10:46:56 GMT
cache-control: public, max-age=7200
age: 6574
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/forumotion-ar/loader.js

151.101.85.44

200 OK

25 kB

URL HTTP/2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (65498)
Size
25 kB (25119 bytes)
Hash
5b6d53a8381b85c2f2fca1fed4a3de9e
fb496110ad952fb184780db4356ea117491de21c
4feddaed62fb0a15dc44617ad89f7927db6f43fce138ccd04c33e5740a2c2d9d

HTTP Headers

GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: MdWAgL1YfNjsxVeRjZ9k3duVhIJU1cm6nnxWJLXgSEayD7eQ1m7yJPfdBZ75wELsz0u/0m8cOOI=
x-amz-request-id: TSXS0ZCFETFHQQCF
last-modified: Thu, 13 Oct 2022 08:49:53 GMT
etag: "d67d78ac489dcba00e62d1df3763d010"
x-amz-version-id: jOp5Pqd0H_vcHmVPqTU_OiULPdLLP8KC
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:30 GMT
via: 1.1 varnish
age: 119
x-served-by: cache-bma1640-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1665830190.303113,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 49
content-length: 25119
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=9c3b7226524c4b42855dcbc76c911305

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=9c3b7226524c4b42855dcbc76c911305
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
288d3fcbd5291febf9745d7741631ac9
5b594f0a8120fe3ff5c05317247bc5c4750a42f9
bb2372dab5620edaad43ecdbcff4d0581e7e38cf4c879bd9abd93dda9de43b27

HTTP Headers

GET /gid.js?userId=9c3b7226524c4b42855dcbc76c911305 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9c3b7226524c4b42855dcbc76c911305; expires=Sun, 15 Oct 2023 10:36:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

qaffen.yoo7.com/images/icons-180.png

94.23.159.185

200 OK

6.1 kB

URL HTTP/2
qaffen.yoo7.com/images/icons-180.png
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6055 bytes)
Hash
6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82

HTTP Headers

GET /images/icons-180.png HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/t3792-topic
Cookie: exadd=166584; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:30 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sat, 15 Oct 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2

ocsp.comodoca4.com/

172.64.155.188

200 OK

283 B

URL HTTP/1.1
ocsp.comodoca4.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
283 B (283 bytes)
Hash
c42fe0eb659b33ba89b42caabec9a2ab
9f90f2cac214b9df84b7c558297ea59ee6a0d22c
42b86e8898ddc695da1af6e7f580a326cb3d52c5ddd63dcc969077f39f29532b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.comodoca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 10:36:30 GMT
Content-Type: application/ocsp-response
Content-Length: 283
Connection: keep-alive
Last-Modified: Sat, 15 Oct 2022 00:47:15 GMT
Expires: Sat, 22 Oct 2022 00:47:14 GMT
Etag: "9f90f2cac214b9df84b7c558297ea59ee6a0d22c"
Cache-Control: max-age=568843,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75a7ea0148240b59-OSL

cdn.taboola.com/libtrc/impl.20221013-3-RELEASE.js

151.101.85.44

200 OK

146 kB

URL HTTP/2
cdn.taboola.com/libtrc/impl.20221013-3-RELEASE.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65509)
Size
146 kB (145762 bytes)
Hash
fa9684da72012442743304d2075fdc69
d6708bac1330215d96a64d27e471c3344032a2bd
5100af90545ab1b8543db9470775a10612aa03acf0a1db2929021ab9520fa78e

HTTP Headers

GET /libtrc/impl.20221013-3-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 9KEPXC/Q7DTJ0XnJo+4mOhjcVLbmYOCToOoRkk/D3vlFESHpZ0JUudoCmLZaXXMikvLD1KT5f0I=
x-amz-request-id: JTZYQDK5KF6DWQNX
last-modified: Thu, 13 Oct 2022 08:47:59 GMT
etag: "fa9684da72012442743304d2075fdc69"
content-encoding: br
x-amz-version-id: 4PDJ7Q473Aostfxo_SVZoeqEWealjkdj
content-type: application/javascript
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:30 GMT
via: 1.1 varnish
age: 6449
x-served-by: cache-bma1640-BMA
x-cache: HIT
x-cache-hits: 3209
x-timer: S1665830190.475210,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 90
server: AmazonS3-br
content-length: 145762
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
eb43bbce02fa99c9913ef3ce94384776
888300ad39802192093a2f1c9610fc1dfae8c2ca
5cc7ea7ff39b7d83a8227cc95a7c23b41288046a2514d42170a0cb653d870c6d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: max-age=145999
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Etag: "634a170b-138"
Expires: Mon, 17 Oct 2022 03:09:49 GMT
Last-Modified: Sat, 15 Oct 2022 02:12:27 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 312

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5c64ced45088660f4e780756e5ca0968
7d1d4b389b65a679b01acd0e3a070da7f6760bf1
d266d13f4491fc184a1f031ed87a5af76d46c58bd8751cb92cbedba574139462

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&gjid=1042372442&_gid=1843843341.1665830192&_u=YEBAAUAAAAAAACAAI~&z=555378447

173.194.73.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&gjid=1042372442&_gid=1843843341.1665830192&_u=YEBAAUAAAAAAACAAI~&z=555378447
IP
173.194.73.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&gjid=1042372442&_gid=1843843341.1665830192&_u=YEBAAUAAAAAAACAAI~&z=555378447 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://qaffen.yoo7.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 15 Oct 2022 10:36:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

bidder.criteo.com/cdb?ptv=131&profileId=206&cb=33099174766

178.250.0.165

204 No Content

0 B

URL HTTP/2
bidder.criteo.com/cdb?ptv=131&profileId=206&cb=33099174766
IP
178.250.0.165:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdb?ptv=131&profileId=206&cb=33099174766 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 774
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 15 Oct 2022 10:36:30 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://qaffen.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5c64ced45088660f4e780756e5ca0968
7d1d4b389b65a679b01acd0e3a070da7f6760bf1
d266d13f4491fc184a1f031ed87a5af76d46c58bd8751cb92cbedba574139462

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
cf11bd99eb6c533bdb2fe6de0fe85b32
0910c7485ca17b67a400c91f029649009c0927ca
2d37684137f2c68628dce87efee951783f37d26718d11e371f1f6a7912fa7477

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=161270
Date: Sat, 15 Oct 2022 10:36:30 GMT
Etag: "634a5935-1d7"
Expires: Mon, 17 Oct 2022 07:24:20 GMT
Last-Modified: Sat, 15 Oct 2022 06:54:45 GMT
Server: ECS (dcb/7F14)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5yB4Q53E622SxjgMZO817yevsAH5XeBRpURzUjEmrvKKT6Ur3PuZiA==
Age: 1775

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73b0059a5671ff189dccdeb345c3dfb6
89a89effe4d8e12b478b3abb9ae5e94a861d957d
673eaa034fe322874455a7ea38197c02819882d0176d9ae3773eea63dd53e3b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "673EAA034FE322874455A7EA38197C02819882D0176D9AE3773EEA63DD53E3B0"
Last-Modified: Wed, 12 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Sat, 15 Oct 2022 11:46:22 GMT
Date: Sat, 15 Oct 2022 10:36:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73b0059a5671ff189dccdeb345c3dfb6
89a89effe4d8e12b478b3abb9ae5e94a861d957d
673eaa034fe322874455a7ea38197c02819882d0176d9ae3773eea63dd53e3b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "673EAA034FE322874455A7EA38197C02819882D0176D9AE3773EEA63DD53E3B0"
Last-Modified: Wed, 12 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Sat, 15 Oct 2022 11:46:22 GMT
Date: Sat, 15 Oct 2022 10:36:30 GMT
Connection: keep-alive

api.viglink.com/api/ping

34.248.7.88

200 OK

259 B

URL HTTP/1.1
api.viglink.com/api/ping
IP
34.248.7.88:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
259 B (259 bytes)
Hash
6c7c25e0700dc4f975c7205b4737798e
3804e26671417e6d6f9f94d8df28c6d137a110d5
018ff5ef86b7830acbe7cbd640b6bdb324912902c242fd8f517e9894f3ecacbd

HTTP Headers

POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 135
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://qaffen.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 15 Oct 2022 10:36:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73b0059a5671ff189dccdeb345c3dfb6
89a89effe4d8e12b478b3abb9ae5e94a861d957d
673eaa034fe322874455a7ea38197c02819882d0176d9ae3773eea63dd53e3b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "673EAA034FE322874455A7EA38197C02819882D0176D9AE3773EEA63DD53E3B0"
Last-Modified: Wed, 12 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Sat, 15 Oct 2022 11:46:22 GMT
Date: Sat, 15 Oct 2022 10:36:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73b0059a5671ff189dccdeb345c3dfb6
89a89effe4d8e12b478b3abb9ae5e94a861d957d
673eaa034fe322874455a7ea38197c02819882d0176d9ae3773eea63dd53e3b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "673EAA034FE322874455A7EA38197C02819882D0176D9AE3773EEA63DD53E3B0"
Last-Modified: Wed, 12 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Sat, 15 Oct 2022 11:46:22 GMT
Date: Sat, 15 Oct 2022 10:36:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
73b0059a5671ff189dccdeb345c3dfb6
89a89effe4d8e12b478b3abb9ae5e94a861d957d
673eaa034fe322874455a7ea38197c02819882d0176d9ae3773eea63dd53e3b0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "673EAA034FE322874455A7EA38197C02819882D0176D9AE3773EEA63DD53E3B0"
Last-Modified: Wed, 12 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4192
Expires: Sat, 15 Oct 2022 11:46:22 GMT
Date: Sat, 15 Oct 2022 10:36:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dd268c3-27b8-467e-bdc3-ab2dab1a3b6d.jpeg

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dd268c3-27b8-467e-bdc3-ab2dab1a3b6d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3894 bytes)
Hash
644dadbc61528fb78d6a4d37809a4da1
46c2110541fe6eec046efea92940d17b69e410dc
6cdb2203d1ddb0e17728a5cede16bb7cf058172b0c61ca6e5082a514a447bf88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8dd268c3-27b8-467e-bdc3-ab2dab1a3b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3894
x-amzn-requestid: f46ef5cf-34c4-4024-a1cb-7a46985a0225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aA5pWEHeoAMFkKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6349d63b-26b43ef606fd070f153225a3;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 21:35:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KZCAQXda5v816O20Q8-UKTh7nxPm0SSU1EGkNXEEharLsGzA1ifMDw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 14 Oct 2022 21:49:43 GMT
age: 46007
etag: "46c2110541fe6eec046efea92940d17b69e410dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15855 bytes)
Hash
319cbf11bba3f159e5c9f606deded924
13f29acb7a694030fc2de0b42c0d95c4be49deb7
09aa7d94e4829f4daf33d5e2aed077afcc59628839c5d6e877172e8455879062

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15855
x-amzn-requestid: 6cd31f4a-e8b2-4258-9b64-2fad83a606c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3ekFH1-IAMFTDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6346114d-5fd284f41be669a972e84ed4;Sampled=0
x-amzn-remapped-date: Wed, 12 Oct 2022 00:58:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4PfJD4ZyH4fg4H6C1kQK_MHuWp4DdzA768vaMNt98y3_hKwkFbIpYg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 05:09:16 GMT
age: 19634
etag: "13f29acb7a694030fc2de0b42c0d95c4be49deb7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0ccfd7-6dc6-469b-bee1-7de141fecb1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6454 bytes)
Hash
902f6b585d65d720ff096817ca1f2233
9b73cbeff3361c30600bea9f12a862ae2c4f1e01
8669095b4abaab1bbe1a9f65eb61e7caf713c36f8a24ed0979f482bb3356b79c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0ccfd7-6dc6-469b-bee1-7de141fecb1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6454
x-amzn-requestid: 4774f611-4ee1-40e7-804b-229bfff6c5a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjS3MGmdoAMFqKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfe94-451518b50ab53f2538d0c13f;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:00:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2Ra0AP60Ts4OidLByrMWpcUixuPQZGP8QliETUca6vdyqZfO9oxGDQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 14 Oct 2022 21:43:14 GMT
age: 46396
etag: "9b73cbeff3361c30600bea9f12a862ae2c4f1e01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92a47aec-e82e-473b-bada-4a1772e28b03.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9520 bytes)
Hash
bed69b9cbe069db72d2b0936b20b56cf
ba37c9ea8a65445bace6ac9e7b78e5cdc7052651
cd929e1f2001e0767f4b7546600cdd5fd7447a911a7e48dfe8e7fe929116f863

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92a47aec-e82e-473b-bada-4a1772e28b03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9520
x-amzn-requestid: 4c2b73b9-592b-4f8c-b5f4-1b86fd354341
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z3yJEGxJIAMF1GA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634630a0-268f77214b3061674a7818a4;Sampled=0
x-amzn-remapped-date: Wed, 12 Oct 2022 03:12:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yivRWDO4gdpplD7bgfI6pSwR8cmdCJJRrtLORqWp9rEENppkmQfcGw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 04:47:02 GMT
age: 20968
etag: "ba37c9ea8a65445bace6ac9e7b78e5cdc7052651"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc221dfb1-42cf-46c6-a6d8-c20dba31ed48.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10893 bytes)
Hash
f35b86981affbf6e27cfa4702e0bca7e
0aedda481283b3e88a73f883ecaaf01c5a015022
02bb3e05bf45885b1d52465cb6a58d9afa6dd87cf5b7a4ea55359b6ce37aad4c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc221dfb1-42cf-46c6-a6d8-c20dba31ed48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10893
x-amzn-requestid: 71fcae73-deb9-4edf-b600-960742a00e6c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZtdILHNpIAMFVaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63420f00-0c18d7c8117ad3d54c374a1a;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 00:00:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TN6hKLqGXjdnXSEC_ZNxOgF2jbR2SzD-WsJXFsWN1rLc4Hk1SI-E2A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 14 Oct 2022 21:49:43 GMT
age: 46007
etag: "0aedda481283b3e88a73f883ecaaf01c5a015022"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8120 bytes)
Hash
3ac5c50f8ffe0da11f1adb9f67d811cf
2b586d1c26208d6fe7df3a4cec286e28f21807ca
12414dcf4afa766503c9328fe626c2d1317a0d6838887e0dd30e9b56e85ea3d2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2af2b9dc-3279-48a4-b300-2aca0a094dd4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8120
x-amzn-requestid: 42dc2299-203a-4269-a252-e239978fe80d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7EhLHX0IAMF89g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347813a-1357899758d9403e4b920418;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 03:08:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WTKaFQ0rZbiSiVD_qjSwbcvMoCoWsf8hfsXsC7cVkT-hm04EXHWASA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 03:39:37 GMT
age: 25013
etag: "2b586d1c26208d6fe7df3a4cec286e28f21807ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

static.criteo.net/images/pixel.gif?ch=1

178.250.0.130

200 OK

43 B

URL HTTP/2
static.criteo.net/images/pixel.gif?ch=1
IP
178.250.0.130:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /images/pixel.gif?ch=1 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:30 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Tue, 10 Oct 2023 10:36:30 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

static.criteo.net/images/pixel.gif?ch=2

178.250.0.130

200 OK

43 B

URL HTTP/2
static.criteo.net/images/pixel.gif?ch=2
IP
178.250.0.130:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /images/pixel.gif?ch=2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:30 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Tue, 10 Oct 2023 10:36:30 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dc745cc6cabb7bcda110c74aa6bbdc4b
ee85567f8a368e63dc4ffad272f514df5b600b76
fd3befeac747605b265309554c748c5de2a5e4ca07f69889090e87639937846d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
48c8ca7abddebd077f8d5655ab885b11
1daa9bb3c1434275bbd57b9237000b72e59e1fcc
95e3c6bd5eb86b7805c5899ebd2157f214a5aec3c180830c1db3e0256097ee6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Oct 2022 10:36:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1084708316.1665830192&jid=472059135&_u=YEBAAUAAAAAAACAAI~&z=819267450 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Oct 2022 10:36:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A36%3A31.796&type=usage&msg=rtus&llvl=2&id=8252&cv=20221013-3-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=gdprV2notTriggerRtus&extraData=%7B%7D

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A36%3A31.796&type=usage&msg=rtus&llvl=2&id=8252&cv=20221013-3-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=gdprV2notTriggerRtus&extraData=%7B%7D
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /forumotion-ar/log/2/debug?tim=10%3A36%3A31.796&type=usage&msg=rtus&llvl=2&id=8252&cv=20221013-3-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=gdprV2notTriggerRtus&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 15 Oct 2022 10:36:30 GMT
x-fastly-to-nlb-rtt: 22376
access-control-allow-credentials: true
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dc745cc6cabb7bcda110c74aa6bbdc4b
ee85567f8a368e63dc4ffad272f514df5b600b76
fd3befeac747605b265309554c748c5de2a5e4ca07f69889090e87639937846d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bac53a9e47b402471127f290b676b367
d5aa4a8d0571a6c8519d8ab9d369c040ede52ca1
8985fb669fe4022d05158aa7a8fd8033d9b4ae4f9011f3f947e2365d4ebe19f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 10:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2

34.248.7.88

200 OK

43 B

URL HTTP/1.1
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP
34.248.7.88:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Sat, 15 Oct 2022 10:36:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive

api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2

34.248.7.88

200 OK

43 B

URL HTTP/1.1
api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
IP
34.248.7.88:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

HTTP Headers

GET /api/sync.js?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Sat, 15 Oct 2022 10:36:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
stootsou.net/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Content-Type: application/json
Origin: https://qaffen.yoo7.com
Content-Length: 742
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a6a779c6b8e836df0f87320827001144
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.viglink.com/api/domains

34.248.7.88

200 OK

41 B

URL HTTP/1.1
api.viglink.com/api/domains
IP
34.248.7.88:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
c19ad48ef402297858935062da8b736e
1ba93c4e2fe700291aa910f86b57ccc2ca4431ac
8a50c7087115e43e90dbf9b4c1dfeb07690195e576ed405c852d9f5884963565

HTTP Headers

POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 347
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://qaffen.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 15 Oct 2022 10:36:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive

bidder.criteo.com/csm/events

178.250.0.165

204 No Content

0 B

URL HTTP/2
bidder.criteo.com/csm/events
IP
178.250.0.165:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 372
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 15 Oct 2022 10:36:30 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://qaffen.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

trc.taboola.com/forumotion-ar/trc/3/json?tim=10%3A36%3A36.822&lti=deflated&data=%7B%22id%22%3A797%2C%22ii%22%3A%22%2Ft3792-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665650980218%2C%22vi%22%3A1665830196820%2C%22cv%22%3A%2220221013-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22tcs%22%3A%22CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA%22%2C%22gwto%22%3Atrue%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22vpi%22%3A%22%2Ft3792-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A2408%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A124.11666870117188%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2333.433349609375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft3792-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2

151.101.85.44

200 OK

12 kB

URL HTTP/2
trc.taboola.com/forumotion-ar/trc/3/json?tim=10%3A36%3A36.822&lti=deflated&data=%7B%22id%22%3A797%2C%22ii%22%3A%22%2Ft3792-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665650980218%2C%22vi%22%3A1665830196820%2C%22cv%22%3A%2220221013-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22tcs%22%3A%22CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA%22%2C%22gwto%22%3Atrue%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22vpi%22%3A%22%2Ft3792-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A2408%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A124.11666870117188%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2333.433349609375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft3792-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (19551)
Size
12 kB (12518 bytes)
Hash
55284c9c6c385f5e43096611e8ac6a2f
270eb6573d872d4907d5838e55e4fa7928250552
040bf893e05db3a01b8a3f3514811e76e64edceb74c8472a3af821d4a8b9c55b

HTTP Headers

GET /forumotion-ar/trc/3/json?tim=10%3A36%3A36.822&lti=deflated&data=%7B%22id%22%3A797%2C%22ii%22%3A%22%2Ft3792-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1665650980218%2C%22vi%22%3A1665830196820%2C%22cv%22%3A%2220221013-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22cmps%22%3A0%2C%22ga%22%3Atrue%2C%22tcs%22%3A%22CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA%22%2C%22gwto%22%3Atrue%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic%22%2C%22vpi%22%3A%22%2Ft3792-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A2408%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A124.11666870117188%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2333.433349609375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft3792-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1640-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665830196.684550,VS0,VE164
vary: Accept-Encoding
x-vcl-time-ms: 164
X-Firefox-Spdy: h2

vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js

151.101.85.44

200 OK

24 kB

URL HTTP/2
vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23743 bytes)
Hash
b06a94b265b5ec3739dab4b38308709c
de2336288983f78217a4cc83755366e583c5920a
066de7eb0d351eda7686b2479b069a600405fed39d38c7b9163a1d3cda84e992

HTTP Headers

GET /lite-unit/1.4.0/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 31 Mar 2020 13:14:35 GMT
etag: "b683c290896a82c974838a04b4ea4aff"
server: AmazonS3
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: EpZuzr7lQIzV08xTZRv1e5wA0qOWVGpJ94XhkewIQ9BC5tfAYBuP9w==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 2193368
x-served-by: cache-bma1640-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 185
x-timer: S1665830196.901328,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 23743
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5fda50a37fc3687d2f55b92b6bce88f9.jpg

151.101.85.44

200 OK

4.5 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5fda50a37fc3687d2f55b92b6bce88f9.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.5 kB (4544 bytes)
Hash
8962f521ae193d2b2061f58dc8f89ce9
1832568abab40a10d95e795bf75ee4f4d8b44a20
28eadc3a84f45934e6bedc49fbd76b64f7597dd745aacd1e3941fc76698aaf85

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5fda50a37fc3687d2f55b92b6bce88f9.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 361442623871098473179176297192785719265,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 361442623871098473179176297192785719265,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "14867859cc7173497c24514b15dae13d"
last-modified: Sat, 10 Sep 2022 16:32:24 GMT
req-referer: https://www.unian.ua/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 91afd6b6999824384f88689919f30779
x-envoy-upstream-service-time: 71
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 1562793
x-served-by: cache-iad-kiad7000135-IAD, cache-iad-kcgs7200119-IAD, cache-lga21938-LGA, cache-iad-kiad7000111-IAD, cache-bma1640-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 1, 1
x-timer: S1665830196.958924,VS0,VE13
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5fda50a37fc3687d2f55b92b6bce88f9.jpg
x-vcl-time-ms: 13
content-length: 4544
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cfa2a57e2136df85b11ed8afdbfb11ef.png

151.101.85.44

200 OK

8.1 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cfa2a57e2136df85b11ed8afdbfb11ef.png
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
8.1 kB (8094 bytes)
Hash
a31453f516fb700e68cac19158799344
66a1e95d7d9ca9c3a551454ab06e49c094223d24
3c9ae9d7e9e026dc4154de6deaf844d14c6faa84b91cae4544fb4fd953da4982

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cfa2a57e2136df85b11ed8afdbfb11ef.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 438206606676214532544374850377595755351,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 438206606676214532544374850377595755351,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "7d32bb8c2f58776ffad49a28332e2df6"
last-modified: Sat, 10 Sep 2022 16:03:22 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 8b8ded9e7f52aea83a56c79cef6bef8d
x-envoy-upstream-service-time: 200
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 2806032
x-served-by: cache-iad-kcgs7200126-IAD, cache-iad-kiad7000079-IAD, cache-lax10670-LGB, cache-iad-kcgs7200028-IAD, cache-bma1640-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 1, 1
x-timer: S1665830196.975957,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cfa2a57e2136df85b11ed8afdbfb11ef.png
x-vcl-time-ms: 1
content-length: 8094
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/7Y6rWjJ/Adult-worker-remove-demolish-old-tiles-in-a-bathroom-with-hammer-and-chisel.jpg

151.101.85.44

200 OK

13 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/7Y6rWjJ/Adult-worker-remove-demolish-old-tiles-in-a-bathroom-with-hammer-and-chisel.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
13 kB (12578 bytes)
Hash
e618d8ff966731adeda71031ceef4ccf
250f62b52b2428ea8db8f63ab5e8341879171431
7b2f32c31cef85c3ad7a191fb62d60d793d25fe5dd50912ef590be9b1e05f75e

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/7Y6rWjJ/Adult-worker-remove-demolish-old-tiles-in-a-bathroom-with-hammer-and-chisel.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 455525361679732715512151280937354333199,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 455525361679732715512151280937354333199,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "11c733f93a126058cf2df77edabd7269"
expiration: expiry-date="Fri, 09 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 09 Aug 2022 10:06:50 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 760
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 5181625
x-served-by: cache-iad-kcgs7200127-IAD, cache-iad-kiad7000149-IAD, cache-chi-klot8100067-CHI, cache-iad-kjyo7100093-IAD, cache-bma1640-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 708, 1
x-timer: S1665830196.977040,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.ibb.co/7Y6rWjJ/Adult-worker-remove-demolish-old-tiles-in-a-bathroom-with-hammer-and-chisel.jpg
x-vcl-time-ms: 1
content-length: 12578
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg

151.101.85.44

200 OK

7.8 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
7.8 kB (7778 bytes)
Hash
9d538bbacd837fb4339b4e9a671540c6
20a5d6b20bc527e3a4b33123c75262030ea7602a
1f693c9e0c03ea6e5dff8fc6beb54ce3edaf4e357eebfb80925b6af2fcbd4410

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 629215953155833803339392792237923470083,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 629215953155833803339392792237923470083,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "2af7f3a6b2be4bb4aabfbaafcb9354f0"
expiration: expiry-date="Sat, 10 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 10 Aug 2022 04:21:54 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 31
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 5343731
x-served-by: cache-iad-kcgs7200057-IAD, cache-iad-kcgs7200130-IAD, cache-sna10745-LGB, cache-iad-kjyo7100026-IAD, cache-bma1640-BMA
x-cache: HIT, MISS, HIT, HIT, HIT
x-cache-hits: 1, 0, 1, 1, 9
x-timer: S1665830196.978393,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg
x-vcl-time-ms: 0
content-length: 7778
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/360fd688aa592cb149ed24e1841d2d15.jpg

151.101.85.44

200 OK

12 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/360fd688aa592cb149ed24e1841d2d15.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
12 kB (12350 bytes)
Hash
4c418bceabd34d60b0ca77c32ea77363
b02f47470e625c559e0a231b6becfd72212f5b3d
ae079ccbd5a97c27337691fe821c3b0211b40dedc9922a129a1d4f04e53aa66d

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/360fd688aa592cb149ed24e1841d2d15.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 467034397575831769978129637040287281398,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 467034397575831769978129637040287281398,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "64db85a58e852c26d7a64b471996bb70"
last-modified: Sat, 10 Sep 2022 18:03:04 GMT
req-referer: https://www.radio-en-ligne.fr/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 064197bf09cc3a77d3fb86db202ac5ae
x-envoy-upstream-service-time: 189
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 1906220
x-served-by: cache-iad-kiad7000051-IAD, cache-iad-kcgs7200111-IAD, cache-bur-kbur8200063-BUR, cache-iad-kiad7000114-IAD, cache-bma1640-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 51, 1
x-timer: S1665830196.978458,VS0,VE5
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/360fd688aa592cb149ed24e1841d2d15.jpg
x-vcl-time-ms: 5
content-length: 12350
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81c47cd398bfb36df004c8773a22b024.jpg

151.101.85.44

200 OK

4.9 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81c47cd398bfb36df004c8773a22b024.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
4.9 kB (4850 bytes)
Hash
d54b082d31f36f4c9758cc39cc4f4820
5d21373b99cf87566f6e59c9fc8157882f053746
55a3eb83b7d8bcf9881d7cab802cdc8b4ed6f710a9065a03fe3edacb4fe597f4

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81c47cd398bfb36df004c8773a22b024.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 425835379569954214865319743616880450737,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 425835379569954214865319743616880450737,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "cc9999781c3b8c5245b4d02f4b8c2b2a"
last-modified: Wed, 10 Aug 2022 03:03:10 GMT
req-referer: https://www.pcastuces.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 7e8424db7eaa7dd0b3890da28a0738b0
x-envoy-upstream-service-time: 267
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
age: 4543851
x-served-by: cache-iad-kcgs7200043-IAD, cache-iad-kiad7000085-IAD, cache-sna10738-LGB, cache-iad-kcgs7200139-IAD, cache-bma1640-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 328, 1
x-timer: S1665830196.977074,VS0,VE6
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/81c47cd398bfb36df004c8773a22b024.jpg
x-vcl-time-ms: 6
content-length: 4850
X-Firefox-Spdy: h2

api.viglink.com/api/domains

34.248.7.88

200 OK

42 B

URL HTTP/1.1
api.viglink.com/api/domains
IP
34.248.7.88:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
4ac7f2ac0017a9dcdffecff0f3f24668
92208c02d4a36ff372f126b359d6030893ab9c70
77eb3a95fe2e04c78af90260533997cda8695c7ebb218bc706a81edf073ce38d

HTTP Headers

POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 253
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://qaffen.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sat, 15 Oct 2022 10:36:36 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive

il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A36%3A37.120&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1286&cv=20221013-3-RELEASE&lt=deflated&pct=1

185.106.33.48

204 No Content

0 B

URL HTTP/2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A36%3A37.120&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1286&cv=20221013-3-RELEASE&lt=deflated&pct=1
IP
185.106.33.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /forumotion-ar/log/2/debug?tim=10%3A36%3A37.120&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=1286&cv=20221013-3-RELEASE&lt=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 15 Oct 2022 10:36:36 GMT
x-fastly-to-nlb-rtt: 82795
access-control-allow-credentials: true
X-Firefox-Spdy: h2

illiweb.com/rs3/63/frm/embed/FA_Embed.js

104.21.63.213

200 OK

0 B

URL HTTP/2
illiweb.com/rs3/63/frm/embed/FA_Embed.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /rs3/63/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 08:06:07 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3205820
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fulFKJPTaihyu9%2BvR6zQsIH7yXg4YkjlHnorvtNzj3hLuAT7gMIstpSJsxQ4NaxFVCaeQeRx7avH4oWRiWK9BfJ52CFPMHSuHtPf7KsS8g0x2sOAMY1RXXEotR70WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f77d490afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

qaffen.yoo7.com/sw.js

94.23.159.185

200 OK

0 B

URL HTTP/2
qaffen.yoo7.com/sw.js
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/t3792-topic
Connection: keep-alive
Cookie: exadd=166584; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&encoded=1&uid=17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665830197086&tagid=&cntry=NO&platform=1&sesid=31b19773b0cd77c2be4adccc06ecaba1&itemid=/t3792-topic&viewid=1665830196820&geolat=&geoing=&deviceifa=&appid=&sd=v2_31b19773b0cd77c2be4adccc06ecaba1_17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3_1665830195_1665830195_CNawjgYQ3pxDGNSs3tm9MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gBYABo_9iV8p6d99_dAXAA&ri=a4048c67626c4277204009abaf5f45e1&appname=&cdb=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&gdprApplies=true&rid=&sii=-6361659864385687939&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=false&tcfVersion=2&cmpStatus=0&tnetid=1037540&prcnt=&layer=&normp=7&gvv=8716

151.101.85.44

200 OK

0 B

URL HTTP/2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&encoded=1&uid=17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665830197086&tagid=&cntry=NO&platform=1&sesid=31b19773b0cd77c2be4adccc06ecaba1&itemid=/t3792-topic&viewid=1665830196820&geolat=&geoing=&deviceifa=&appid=&sd=v2_31b19773b0cd77c2be4adccc06ecaba1_17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3_1665830195_1665830195_CNawjgYQ3pxDGNSs3tm9MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gBYABo_9iV8p6d99_dAXAA&ri=a4048c67626c4277204009abaf5f45e1&appname=&cdb=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&gdprApplies=true&rid=&sii=-6361659864385687939&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=false&tcfVersion=2&cmpStatus=0&tnetid=1037540&prcnt=&layer=&normp=7&gvv=8716
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fqaffen.yoo7.com%2Ft3792-topic&encoded=1&uid=17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1665830197086&tagid=&cntry=NO&platform=1&sesid=31b19773b0cd77c2be4adccc06ecaba1&itemid=/t3792-topic&viewid=1665830196820&geolat=&geoing=&deviceifa=&appid=&sd=v2_31b19773b0cd77c2be4adccc06ecaba1_17dc1d95-0ab5-447b-b723-c5601cdb2db4-tucta4412b3_1665830195_1665830195_CNawjgYQ3pxDGNSs3tm9MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gBYABo_9iV8p6d99_dAXAA&ri=a4048c67626c4277204009abaf5f45e1&appname=&cdb=CPg47AAPg47AABcAIBENClCgAAAAAH_AABpwIyQAARkgaAALAAeABUAC4AGQAOQAfACAAEkAMQAygBoAGoAPAAfQBEAEUAJgATwAxABmADmAH4AQgAjgBMAClAFvAMoAywB3AD9AIGAQgAi0BHAEdAKWAVcAuoBgQDRAGvANoAdUA_4CPQExAKaAWoAvMBggDDQGPgMkAcWA5QB2AAA&gdprApplies=true&rid=&sii=-6361659864385687939&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=03&hasGDPRConsent=false&tcfVersion=2&cmpStatus=0&tnetid=1037540&prcnt=&layer=&normp=7&gvv=8716 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1482
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sat, 15 Oct 2022 10:36:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1640-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665830196.946401,VS0,VE25
vary: Accept-Encoding
X-Firefox-Spdy: h2

stootsou.net/pfe/current/tag.min.js?z=2308013

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/pfe/current/tag.min.js?z=2308013
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 15:34:37 GMT
etag: W/"6348300d-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

stootsou.net/pfe/current/universal.min.js?v=3.1.398

139.45.197.250

200 OK

0 B

URL HTTP/2
stootsou.net/pfe/current/universal.min.js?v=3.1.398
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.398 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Origin: https://qaffen.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 15:34:37 GMT
etag: W/"6348300d-17dc6"
access-control-allow-origin: https://qaffen.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

alchaam.com/vb/images/Title/16.gif

46.17.175.20

404 Not Found

0 B

URL HTTP/2
alchaam.com/vb/images/Title/16.gif
IP
46.17.175.20:0
ASN
#47583 Hostinger International Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /vb/images/Title/16.gif HTTP/1.1
Host: alchaam.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qaffen.yoo7.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
x-powered-by: PHP/7.2.34
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://alchaam.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: c77_HTTP.404,c77_404,c77_URL.f9857c9a2a2a7e3e0e49f1a0ba2d0e20,c77_
x-litespeed-cache: miss
content-encoding: br
vary: Accept-Encoding
date: Sat, 15 Oct 2022 10:36:34 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

connect.topicit.net/scripts/connect.js

104.21.90.171

200 OK

0 B

URL HTTP/2
connect.topicit.net/scripts/connect.js
IP
104.21.90.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 3155
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsnLQzs%2BDK0Gygc3%2FgyzWO7nIJxsmeqLL3PJHDWUkSCTYQI%2BEF79luOi%2FPgRNGBhrDVyLoIr5pe27g1lWFavlEuHzDMo290rXTb6XTgxV6UrGIYuFO6bNuZMerCqVErpnFkHlQIh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9fbcb9ab4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.viglink.com/api/vglnk.js

104.16.160.13

200 OK

0 B

URL HTTP/2
cdn.viglink.com/api/vglnk.js
IP
104.16.160.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:30 GMT
content-type: text/javascript
content-length: 28567
x-amz-id-2: kFPAC60DOwNQb4CdhqHG+tKjRF2TQjxpEdeKJyhLPdvjoiSwXPmNvXMEMMBRIwIu/QGXu5HJg1c=
x-amz-request-id: NTCW971RKN3GM3ZQ
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
etag: "072eaf64a771815874455704fca9301b"
cache-control: public, max-age=604800
content-encoding: gzip
cf-cache-status: HIT
age: 1945846
expires: Sat, 22 Oct 2022 10:36:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7ea029b34b4ff-OSL
X-Firefox-Spdy: h2

qaffen.yoo7.com/serviceworker.js

94.23.159.185

200 OK

0 B

URL HTTP/2
qaffen.yoo7.com/serviceworker.js
IP
94.23.159.185:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /serviceworker.js HTTP/1.1
Host: qaffen.yoo7.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=166584; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:29 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

illiweb.com/rs3/63/frm/lang/ar.js

104.21.63.213

200 OK

0 B

URL HTTP/2
illiweb.com/rs3/63/frm/lang/ar.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /rs3/63/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 08:07:52 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3205716
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hopTWva1yU0FXaCRUb9io8m4zn%2BcRdJqBn4f3RZc6zHBwFkxHsFUA94mSSa6tpbmS%2BjAe7Mgdjjyk39yazuqzHJWhKzGyk6nx8Tr6P2S3YpisSLc8U%2BXVgtbtiZ3MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f75d280afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cache.consentframework.com/js/pa/24697/c/IxWav/stub

104.26.5.102

200 OK

0 B

URL HTTP/2
cache.consentframework.com/js/pa/24697/c/IxWav/stub
IP
104.26.5.102:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/pa/24697/c/IxWav/stub HTTP/1.1
Host: cache.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: text/javascript; charset=UTF-8
cache-control: max-age=3600
strict-transport-security: max-age=15724800; includeSubDomains; preload
cf-cache-status: HIT
age: 3086
last-modified: Sat, 15 Oct 2022 09:45:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bntucg6%2BQWSvybkmAFHVD2ZTZ%2BixMkStYstcDV3hWUKJtuN2VPe22FvQC3EllKGz9O03rHF3%2BLF8UOFWhIJR4x2413HfxyhuD%2FvocTrOKy1szMkvxEB5pXky0LfTi0ieQEkehyWYcXOu0q6E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f76f320b45-OSL
content-encoding: br
X-Firefox-Spdy: h2

illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js

104.21.63.213

200 OK

0 B

URL HTTP/2
illiweb.com/rs3/63/frm/jquery/cookie/jquery.cookie.js
IP
104.21.63.213:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /rs3/63/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qaffen.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 15 Oct 2022 10:36:28 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 08:06:37 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 3205791
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIujSWO2xCY2CpLnVLOEbuD380of11oXTo9Gz5CtW4PCAnBYmXM8HMBYZC1PvfUHFRcZs8nbXTvEa8t4jhc4aePit%2BTaMiV8h9bmPOMsYOc%2B53BG%2FFm6tORIiCZMkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75a7e9f77d470afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (41)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP