never.roo7.biz/t432-topic
301 Moved Permanently 0 B URL HTTP/1.1 never.roo7.biz/t432-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t432-topic HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 21:04:28 GMT
Content-Length: 0
Location: https://never.roo7.biz/t432-topic
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14028
Expires: Mon, 05 Dec 2022 00:58:16 GMT
Date: Sun, 04 Dec 2022 21:04:28 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3150
Cache-Control: max-age=137959
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:28 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:23:47 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 20:20:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2659
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9986
Expires: Sun, 04 Dec 2022 23:50:54 GMT
Date: Sun, 04 Dec 2022 21:04:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: EBKyz5oncYWsbOxPHqjeQsNyIdVjKHUdg3iSRWSnbsfkW5mAJ8h6U9pqvmn1f9f6gRSNErAD+ik=
x-amz-request-id: X240FAE309PX0A6F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 20:47:07 GMT
age: 1041
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 91eb7dfa49f3572bba9a663e66cdc79e
13844f6efe7abc27954426a579be665f5b8b7912
7446659bd9b3ac8df1c0f25cd8a8d98d86cfe7116af219b0a056776be323d2ab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7446659BD9B3AC8DF1C0F25CD8A8D98D86CFE7116AF219B0A056776BE323D2AB"
Last-Modified: Sun, 04 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 05 Dec 2022 03:04:28 GMT
Date: Sun, 04 Dec 2022 21:04:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 20:08:58 GMT
cache-control: public,max-age=3600
age: 3330
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3139
Cache-Control: max-age=132881
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:59:10 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2863
Cache-Control: max-age=120013
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:24:42 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2863
Cache-Control: max-age=120013
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:24:42 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5292
Cache-Control: max-age=122442
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 07:05:11 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2723
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:19:07 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 18:40:06 GMT
expires: Wed, 29 Nov 2023 18:40:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 440663
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
never.roo7.biz/0-rtl.css
200 OK 55 kB IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash addf9997fe5ee924ee411fff74f61841
88dc3b9abb0586e95b818e9e8757db77d74c8ecc
860728a61cf5c224a37326fea32fb73e23ee78d0033f181c6e7773c51a17fb18
GET /0-rtl.css HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/css
content-length: 54892
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 3fd55ba1010364a283f9c432c6470647
eb4e6d82fde6efc9d200b766fe4de2993e2d68dd
79dcee92d3e1294461db25d44af59ce83cfd03d4a63569d54152af7e1fd2e415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2863
Cache-Control: max-age=120013
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c31fb-117"
Expires: Tue, 06 Dec 2022 06:24:42 GMT
Last-Modified: Sun, 04 Dec 2022 05:36:59 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 727 B IP
Hash 81b4d5cf042f5a919ebe8d75b97c3a25
cc17f00660238f9033eb3b715562999f5b8b58d3
b2c58906fca9fec5cf5ae5ee89db3d14e53e99514b361835c99353d3d902bd2a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 209
Cache-Control: max-age=159484
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638cd689-2d7"
Expires: Tue, 06 Dec 2022 17:22:33 GMT
Last-Modified: Sun, 04 Dec 2022 17:19:05 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 727
www.googletagmanager.com/gtag/js?id=UA-12871446-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-12871446-1
IP
File type ASCII text, with very long lines (1921)
Hash c1e63de5c2ea0d0a89f186b8aca8012d
f26b1fbc119bc536e82021cbde6622c71162cd45
26cc7b8090f661017023cf1d8be1e90383afc7f18e8635841670e24207f2b173
GET /gtag/js?id=UA-12871446-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 21:04:29 GMT
expires: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43595
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 1c5a280d130588f4098f759d4606e5b7
6ee703f50768d46afbe70cc014963ff56b8a04a3
0e44cc312aad8320de54cb8c8438ea503090c3b61b7240d2b466b8ef9ac704a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3011
Cache-Control: max-age=91739
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638bc2f5-138"
Expires: Mon, 05 Dec 2022 22:33:28 GMT
Last-Modified: Sat, 03 Dec 2022 21:43:17 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 312
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-144347007-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
File type ASCII text, with very long lines (1921)
Hash 5cf6842e30965071cf7d14ba5ed41401
b7717cd72573ccae8d1d19747d74d3539a2fbed6
05a48bea087d807a04cd660ebe51cefb56166afeb8704db50c6ccb76063c3b12
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 21:04:29 GMT
expires: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43660
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.usertrust.com/
200 OK 472 B IP
Hash 465dabb54f2ac90ddc804d6afd4fd316
ee3c6f293720ae5cce23dd91b9844c1fce550480
00025178d5d64920f6c261f7c8cd17a96a0e8780c99de652da54571cfd54039f
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:29 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 18:30:51 GMT
Expires: Fri, 09 Dec 2022 18:30:50 GMT
Etag: "ee3c6f293720ae5cce23dd91b9844c1fce550480"
Cache-Control: max-age=602360,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77477ea70d0fb518-OSL
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-MQ.jpg
200 OK 6.8 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-MQ.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8c72b9155937e8185ff9e094f4509bb1
9ad7f2e54ef50385910277d1bcf31912074735ad
bd9fb7497447ea73ae639077eda38d638233a8cb8e08aa091ab87635d2e2173a
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-MQ.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 6830
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-MQ.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-1f160b884303a57413bc4a76
x-request-id: yiwhfAbyUq9Thom8LZprm
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _AY-0JBums542lgs7qsvKfFuYWQMc6ZmgYecjExx7C1cpqSqovNrgw==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e180a705ac6cd96961bcbd3a76ce367a
374c761ecbeda2a4d7595ce0509ecd00f1e89440
2794408c3a1d6019fea14a45053bf7fb4bce808e10b0e5e97ad7e19b59a25c06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2204
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:27:45 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HQ.jpg
200 OK 7.2 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HQ.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bfec3e5967b709b2212b977fa58db0e1
f297f2909892280807af822f2f5cc4b3b145c3a9
2be6840d640d90b58eccf54431c3b7239d1628e3fc71fcbbff0cfd64ee0a5b30
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HQ.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 7238
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-HQ.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-67c07d314fc370a455dcee57
x-request-id: GzLzmKTsN_q39mY9NMxEj
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uaXOXDCwjS2lXUZ3TfRqx3raQJua7lMzAKdj5tYMe5scftbuo97m9w==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e180a705ac6cd96961bcbd3a76ce367a
374c761ecbeda2a4d7595ce0509ecd00f1e89440
2794408c3a1d6019fea14a45053bf7fb4bce808e10b0e5e97ad7e19b59a25c06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4054
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638c3a7e-118"
Last-Modified: Sun, 04 Dec 2022 19:56:55 GMT
Server: ECS (amb/6BC1)
X-Cache: HIT
Content-Length: 280
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-end.jpg
200 OK 1.1 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-end.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash ca0c71773436f1a98af9db72f74ea92b
c2824d48941245cfb641dd5ab3f1125e896b48f3
bcee0056b6f8d73983d399983df1f1c487aca35cc6c2549231a92595adf3abdf
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-end.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 1096
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-end.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-5ffed1c823c1d665230cb29f
x-request-id: iewepOLYtxnIPik_2Bqdq
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Nyjg7a8Sdbs2a_KFifcnUwXtcet3amZoR1oavUrObENAAFT6fXhaMw==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e180a705ac6cd96961bcbd3a76ce367a
374c761ecbeda2a4d7595ce0509ecd00f1e89440
2794408c3a1d6019fea14a45053bf7fb4bce808e10b0e5e97ad7e19b59a25c06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2204
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:27:45 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y9jsWohMIINIkbCdjNxnKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: p9s/VgvHGoeFUHBfW1+hbCfnYT0=
sd-2.archive-host.com/membres/up/24071559914142709/tuto_partager/partagerphpbb2.js
200 OK 1.2 kB URL HTTP/1.1 sd-2.archive-host.com/membres/up/24071559914142709/tuto_partager/partagerphpbb2.js
IP
File type HTML document, ASCII text, with very long lines (1162), with no line terminators
Hash 653c9d8d794b0a211a145dbb4808ef3e
ff6cf0f71935904f37a5354ca511955c22d32c03
7729116a1809e4fef0c22d194a50a95daaf7be8d57dea244d6f8920351ee1873
GET /membres/up/24071559914142709/tuto_partager/partagerphpbb2.js HTTP/1.1
Host: sd-2.archive-host.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, OPTION
Content-Type: application/javascript
Accept-Ranges: bytes
ETag: "3817046028"
Last-Modified: Thu, 11 Nov 2010 17:53:51 GMT
Content-Length: 1162
Date: Sun, 04 Dec 2022 21:04:29 GMT
Server: Archive-Host serveur FILER-S2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-pic.jpg
200 OK 19 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-pic.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash a3d13fa76d31573e42a57bf36f7a2b88
faef36f80fa656450536011a8bcfed3c6b35ac88
b69e982b81859e732438cb8936714c76f4d0fc9fdd57f7cc955486dd8ea04a49
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-pic.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 19296
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-pic.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-4ad5231e2b9d326205238700
x-request-id: YzvQgjCLQvijSiGxT7zp0
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zixG0WCetJqqwdYdMY2Am7xI2fURmsQ86ZTt0baUYRjYSXkYtD0fEA==
vary: Accept, Origin
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-LQ.jpg
200 OK 6.3 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-LQ.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 495b9ac1e8be79b97a9966cef0945331
64e4ff8f14d56854ba6248b21f10c0b2d7c506da
7061d8265320ac86b58a91b922751e3771f0fb0202cf5f94b579c7997f6949bb
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-LQ.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 6262
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-LQ.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-72292f816d3a0e15030134bf
x-request-id: -AlTsJ1Xn6v6nyc3X6d3z
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GQVuJUoTsJ0kiN9ckcJ7u5J7H6MSfqXKL09trk-MTmrZbf81kp2Q4A==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e180a705ac6cd96961bcbd3a76ce367a
374c761ecbeda2a4d7595ce0509ecd00f1e89440
2794408c3a1d6019fea14a45053bf7fb4bce808e10b0e5e97ad7e19b59a25c06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4054
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 19:56:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-support.jpg
200 OK 20 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-support.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1cb49c8d1e1b895483b01c5df077518e
8e4156c2dec7f553ee90e4314cae98584724358e
c299e986dc0524755eae3697139f1daae8cc1151d29ca179c712cdbb3a511c41
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-support.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 20126
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-support.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-7a2402055f76be4141f94c79
x-request-id: W0vI6ywBzm9TXZAg2uLsO
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZAl30zMLMFzNxcENXDwRNjU4dbTaNtLEB1Ry5t4Zhqw3i3SN0rCM_w==
vary: Accept, Origin
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-video1.jpg
200 OK 6.1 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-video1.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 16c070ad500d2d902f318b15ab63c0e4
dccec7e4cffeaeee6f2b4c87d27a347f3f75c619
ec0a3edc2438b090e67348dbbb4af7259d64065fba3cf589d88f4bf818ed3016
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-video1.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 6096
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-video1.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-0b4bfa700153712e3fb1a4f9
x-request-id: ZOd1tGbmQh612F0XHPgMk
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ercvcTaQB4i__1sNprBYyn0gH543JcaFbrBhBoiqhovBp2289HpReA==
vary: Accept, Origin
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-download.jpg
200 OK 21 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-download.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 655d85755883bd7fdaecb2a6d1303f69
e99ba6f7ee09d83c2bbfb66a3a5b4df55d23c988
cafe2fd447c42742b6dbb9445198f8505bef14f889904b831ae4375cf90bab05
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-download.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 20948
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-download.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-4a8543095506dfe86fdaa71f
x-request-id: FvhDcmf6vR4bFMtNxTHBb
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aUFL7k4fchfBwQxvsK9QD8Y7at4J8HujQ_Bev8zxA-kNTiSlCj0ssA==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:16:43 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-SHQ.jpg
200 OK 7.4 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-SHQ.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e03f37a269c50baeae5b3925f8e1ee4c
b5797bbaf75429690528345b6c0683025a5ee47b
bccc34cb02d4d4c0ded8dc85c7b0ae11106f6c57ae2b2c42463d9fc7f339eea0
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-SHQ.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 7354
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-SHQ.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-48ac221a0307793f2753caa5
x-request-id: xevyntfC8nVTAz3my1TsL
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2cFCUZRr5cS8gjvbZ5acRFQgCDPmKmfhP2aMhN0tniviC02t__s3eQ==
vary: Accept, Origin
X-Firefox-Spdy: h2
i.servimg.com/u/f12/14/52/30/79/aseer611.png
200 OK 3.2 kB URL HTTP/2 i.servimg.com/u/f12/14/52/30/79/aseer611.png
IP
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 350a6bea9a2a764d2020f5395f166683
5bcae62395d7b334e4ba8248717e1de38b12836a
fc28684c12163cff612497904db69825b52dd02ecce5dde44e3bf4f5c436dac8
GET /u/f12/14/52/30/79/aseer611.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 3205
last-modified: Mon, 28 Dec 2009 06:13:10 GMT
etag: "4b384c76-c85"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 08:24:55 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FoM%2BARcVTy4yjrg7Jz15FXWtut3XNaivXBX%2FbxTG5KBD0urm1auF%2Bzu%2Fju14%2ByLi559Mv62eXjHze0X67IUYSbq3N56I42BaIJIAp0NERSpDtbD%2F0SRdB2zSqi2RhlZV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77477ea78f2ab51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5452
Cache-Control: max-age=95620
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:38:09 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/naruto-Movie-6-animeiat.gif
200 OK 556 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/naruto-Movie-6-animeiat.gif
IP
File type GIF image data, version 89a, 639 x 367\012- data
Size 556 kB (555567 bytes)
Hash 8e2162deafe7189cb1815abb7de77b40
931dd368148bbf1d0d71a3f2a13614769f61f45b
972139dbcb5901a94cd2d5c4a88d29d82a4c88cdafe9fd5861f2827ea417ed0a
GET /albums/v202/ahmedsh/naruto/3rd%20movie/naruto-Movie-6-animeiat.gif HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 555567
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="naruto-Movie-6-animeiat.gif"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-43ca2e0513d88b91277dcf6d
x-request-id: 4gSKWHC17FAw96L-dO-kP
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Yya2avQFJfSLJbdpBuXxaOT0zOzAAGqakCMEyuXygPAnKiNjyT-X7w==
vary: Accept, Origin
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_minigender_male.gif
200 OK 142 B URL HTTP/2 2img.net/i/fa/subsilver/icon_minigender_male.gif
IP
File type GIF image data, version 89a, 11 x 11\012- data
Hash 5ef7a6af0298d7e13a08a8e5afeb1228
78e2ddc2595b7a2975e9b11ef4852f5ac0616616
4bd253445eec78e6f29ec51cfbd53f3b52941a208a4237389209cba55cc7047d
GET /i/fa/subsilver/icon_minigender_male.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 142
last-modified: Mon, 16 May 2016 11:01:55 GMT
etag: "5739a8a3-8e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 558748
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf%2FGxd7vLh4ASFn3k5h4onaLr1mP60vcOiSPjqrErcS15S54EnLJVkm95pBeokgQZbyT9YSIa%2FGa%2BCzPNwSNHaA04R24SrR486d9zJbxIkwlzMF96DFhsfO5Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea7fd5088b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-head.jpg
200 OK 17 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-head.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7c880ffd6ec26ab56355f79f1aeb3e8f
f5e7f1e28b73fc2e0f92aa94790fc2ff8d1bcc71
551ab9132793ddff36317be78694ebbf95d60477a0866570c889e4192ae4ad28
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-head.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 16900
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-head.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-19f2d11e4bc7c6955aca31e2
x-request-id: xUhNHRzcYlq8ZjMoeKy8r
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RYBpGgeotCE0a2vFEJXM-98GBQWZNf-9S6d4synWz0IwZHiyCb2oZQ==
vary: Accept, Origin
X-Firefox-Spdy: h2
never.roo7.biz/components/com_ubar/assets/js/mt-1.1.js?0.9.3
404 Not Found 1.2 kB URL HTTP/2 never.roo7.biz/components/com_ubar/assets/js/mt-1.1.js?0.9.3
IP
Hash 03025c645388186103b63d135eb283c5
5bcabca1d52be804440adc917d257bc1bb38ac6c
104e1be9be7521619fc042d4860307a629c5111a7f0f986af3da2ee1fef7ad00
GET /components/com_ubar/assets/js/mt-1.1.js?0.9.3 HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
i.servimg.com/u/f13/13/93/90/70/eslamu11.gif
200 OK 916 B URL HTTP/2 i.servimg.com/u/f13/13/93/90/70/eslamu11.gif
IP
File type GIF image data, version 89a, 12 x 12\012- data
Hash 586e82b872d405d3e97382a36e0ed881
66618ae1199809d6e4ec0c89a044b59141d0127a
b33ba04753542a3d5664cf48845c8e53e753ba170eca59bbdb178d6474037dd6
GET /u/f13/13/93/90/70/eslamu11.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 916
last-modified: Mon, 28 Dec 2009 18:40:51 GMT
etag: "4b38fbb3-394"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 09:00:53 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JiyS8AyzHQQjdgwYl9zxVccD9BkspSzDxK%2BM2US7bBpFTctGTfvhOpmjqxv5hlYiQPTvcUdwD256Sm6Tj1cbOnjpV%2FpXz%2FNtjCppbF54dKpp09KPAFqU%2Fcuwt%2BUZqCcK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77477ea7af81b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_chinese_pig_1.gif
200 OK 234 B URL HTTP/2 2img.net/i/fa/subsilver/icon_chinese_pig_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash e543018cbb75ba35a6bf108509411e71
2e5e2a583e16e0a24894bfdf4a0ac27853026d6c
025ef61ed1f4cba4c8a02fe7719f287fa919154f12c0df0227c6218873a6d405
GET /i/fa/subsilver/icon_chinese_pig_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 234
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-ea"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 557891
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5%2FVBLy73lYnpP9kxo%2FQl57r2irt6sqidwX%2BcPOrPiZFxk3Y5ZcnnhrcGyl7D2FLQ51Wysb37O0jQIkzcKoZJ5ZLkX5swu%2ByN0XPAtHVnEIVC891I5ZJy0jiAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea7fd5a88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f63/13/93/90/70/1zdr3611.png
200 OK 714 B URL HTTP/2 i.servimg.com/u/f63/13/93/90/70/1zdr3611.png
IP
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 1e56f14981ff67dfb446c9623e5dd8f5
f105cd3e0aa7e1052f41837a6e7c61f97b51402f
2245f7ee2aaa7127fb834c4519a451d94c5e5808c3e3eaae0f94d6d2386aff80
GET /u/f63/13/93/90/70/1zdr3611.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 714
last-modified: Tue, 04 Nov 2014 15:30:31 GMT
etag: "5458f117-2ca"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 10:45:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwbkUzWn4TnLvNSBM2Iu60joq0eTrAo0IVBWZl5Nd58AfZY37P2xXfUZe0%2B5WARmodc14hm5F%2BSTNn8ZoNJk8znP3l6lzFYR%2FzLj7A6%2BxigQX6qLMMQs8P%2BrsvtP0ipX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77477ea7bfa9b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-info.jpg
200 OK 20 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-info.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0df98466cf337a2749d59484d3bfa6e6
927c38fa4f0f7995e0daeeac216bb587b5217b09
e2f78b6c8afc73d6e8fc9e05843ef3bd2bb73b0a76195b1cc3e9468865eca515
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-info.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 19974
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-info.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-65945d32192d6f47727e6c37
x-request-id: 52U0lY_8E6sy_9a4bRFWB
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -K3IFOOjGToYrB59MBWBPMIT9y3fJcmWZo-jrnCScAu1eQdSAUDGHQ==
vary: Accept, Origin
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 20:16:43 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
2img.net/i/fa/sprite_subsilver_menu.png
200 OK 2.2 kB URL HTTP/2 2img.net/i/fa/sprite_subsilver_menu.png
IP
File type PNG image data, 696 x 13, 8-bit colormap, non-interlaced\012- data
Hash 858019d1f92dd8ed62da9412e287857d
f29a22e56dc115b989461c3aeb73f5def71144ca
062ea56f70bc46e21b4e6d07ba76a013b5e841bd110f53646b2898df48e4a709
GET /i/fa/sprite_subsilver_menu.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 2244
last-modified: Mon, 16 May 2016 11:01:49 GMT
etag: "5739a89d-8c4"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 558799
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKMwGllDaqib7%2BJIHGA74fp8Drs2PyfA9yh6D%2B07GfvtRh5f2vzlQjIdhPv4h8bneTKKbkXkG%2FxucaP1N%2FTx8Jafa3RpgZVSNOmU41ervrPKPhnp%2Bf7ZOLzANQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea82de988b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e180a705ac6cd96961bcbd3a76ce367a
374c761ecbeda2a4d7595ce0509ecd00f1e89440
2794408c3a1d6019fea14a45053bf7fb4bce808e10b0e5e97ad7e19b59a25c06
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4054
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Last-Modified: Sun, 04 Dec 2022 19:56:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
2img.net/i/empty.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 558840
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sr9NNWAKueRHGGrq8av0dAH7%2FWKIVETvj%2BzX6ka%2Ft94ub%2BwXopga0fiAkGNVK5m%2BEtmO9jr%2Fx%2FkY1VF0qHmZMosezskZpOROm%2BLrdyQR6Uu4f0E3Ru2gHDLSWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea82ded88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HHQ.jpg
200 OK 7.1 kB URL HTTP/2 img.photobucket.com/albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HHQ.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7cad6858f1362a53921dfd9acd8db2a6
acc8f24937d7756950fcf069e550ae283aaa5cfe
b75f93bffe1f943405c537a2788a288595e71ba51e9caf570f596a9b93bfa2db
GET /albums/v202/ahmedsh/naruto/3rd%20movie/movie3-animeiat-HHQ.jpg HTTP/1.1
Host: img.photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
content-length: 7128
date: Sun, 04 Dec 2022 21:04:29 GMT
cache-control: max-age=31536000, public
content-disposition: inline; filename="movie3-animeiat-HHQ.webp"
expires: Mon, 04 Dec 2023 21:04:29 GMT
server: photobucket
x-amzn-trace-id: Root=1-638d0b5d-701087b464938e1c2a61b73f
x-request-id: qqmYS63qrUjd0CmLsmrNM
x-cache: Miss from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _hgXgbjngKEL1zgVz_pbk7cTg39s6p8y2O8cwKsjA5uPacg8-qXldA==
vary: Accept, Origin
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_www.gif
200 OK 733 B URL HTTP/2 2img.net/i/fa/subsilver/icon_www.gif
IP
File type GIF image data, version 89a, 59 x 18\012- data
Hash 05d80505deb19651f0b3601d76df1670
a173e6839dfabb9fbb672d8ae9a0cc570b698f26
02be12aef9119686fd59cb18175cb585e21e46a6aa5ec6b10074e6dd37476eef
GET /i/fa/subsilver/icon_www.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 733
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-2dd"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 558813
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tg3%2BMwA760PrYUELd3S1DF%2F%2BXIQRsbK6DEJEQap1quaJEgoqohv9r2oRC3PqMhGYh9DKWvoF570sh7PIrONPw3dXmRkNBgt5ejCHSTzcOC8UeyRlpY7UzFO2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea82dee88b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_zodiac_pisces_1.gif
200 OK 258 B URL HTTP/2 2img.net/i/fa/subsilver/icon_zodiac_pisces_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash 5369aa94191a8ffd3928dadcf8d3d313
c518b9ad867090b609e837b080eb8631268b5d10
37e5c5d090893b8f1eace9d66e96ebbec88ab130758fb5b03cdecb4237d888ed
GET /i/fa/subsilver/icon_zodiac_pisces_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/gif
content-length: 258
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-102"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 558380
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sxAN58DcNEGDx6BWVuWoSFuB%2FKyENL9Ogzin4xSTXU294QDEkQbWOY%2FPAxnU650TcxlRiJMM4bDnQUsfh36IR7JjoMDHGtKkIYEa9O6L%2FzJnNMrO8A3ankkOTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea84e2788b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/logo/logo_ar.png
200 OK 5.2 kB URL HTTP/2 2img.net/i/fa/logo/logo_ar.png
IP
File type PNG image data, 274 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash ee725efa34b3b6f68eb7608a4093381c
c7e2e64281d872dc6f35d21fdfae39f5205a2ea0
843c9e985982126b5c295ecdf42b0db3a4a4626d04ee0b7dd2781c2ba9044f42
GET /i/fa/logo/logo_ar.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 5195
last-modified: Mon, 16 May 2016 10:59:53 GMT
etag: "5739a829-144b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 556688
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bd3YLcD5ClbfWahr%2FbuIiL3TmAqrDMm3%2Bl21nQWk9aEHdwg5Y%2Br3CPuLwdjCvr7ydvFtwWqU6gvFJKnOPxxTOtEUAVYFRq1m3ZOzftfJRGJY4LZTjse4lSd2yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea83e1288b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash acbbda771733a0530d8384099cbc99db
c6191c527c78e46abb63163cc60c2f710eb5b961
dddf7f258a4c7fabda74fa8ac771d5043afc20fb7bee458d1f0aaabd1462cc35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5452
Cache-Control: max-age=95620
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:29 GMT
Etag: "638bc895-118"
Expires: Mon, 05 Dec 2022 23:38:09 GMT
Last-Modified: Sat, 03 Dec 2022 22:07:17 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
200 OK 471 B IP
Hash a4b2661f9faaf638f68d08191f11b9eb
93a120c099c114d90fd533168343641c6768e3fa
65fd78249b3277256ee56b23d213f0816412daa4c2028d2447a90bbc861af5ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:29 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 11:33:42 GMT
Expires: Sun, 11 Dec 2022 11:33:41 GMT
Etag: "93a120c099c114d90fd533168343641c6768e3fa"
Cache-Control: max-age=569951,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77477ea70f85b524-OSL
i.servimg.com/u/f63/13/93/90/70/2rpxk711.png
200 OK 669 B URL HTTP/2 i.servimg.com/u/f63/13/93/90/70/2rpxk711.png
IP
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 4d6ffea037651600440412d231675c94
a040ca2f32161b6a8af2cc840dca89da342f41cb
8f5a01d7c486df23ac609901f6c3608ba167335d28bbebfd506b55fefcb00fae
GET /u/f63/13/93/90/70/2rpxk711.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 669
last-modified: Tue, 04 Nov 2014 15:30:31 GMT
etag: "5458f117-29d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 10:45:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mnQsZqbXab03%2F3oDKB9mfbd3n5mIKLI7n%2BsfTFI4If1Gsx3tOSA6GyahUxhGBAcq%2FL2gZWKTnfj149qV%2FuBP%2BXdZpOg4517cwVeyj7SMu%2FQu8FnCSQo4ZKLhWiO%2Fsvrl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77477ea7cfb9b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f12/14/52/30/79/aseer610.png
200 OK 3.2 kB URL HTTP/2 i.servimg.com/u/f12/14/52/30/79/aseer610.png
IP
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 46e70c9d934caa6a87d72cb77434be3f
ba34c7177031b77565a5f31d6d9956edd4a49216
cc59e6a0ee9c5ec0fa42fab5a0ac931323532e4fc643a1a2b36de584f7a1b0fc
GET /u/f12/14/52/30/79/aseer610.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 3205
last-modified: Mon, 28 Dec 2009 06:10:28 GMT
etag: "4b384bd4-c85"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 08:24:55 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOFdF%2Bjm2NP9dyOCVoTvo4RE29hA8MdLxY2qmE0bSzcZJalOBHsgug4KQ4HiSIMHPWuEDs8Q5Lm1uPfr%2Ftpk%2FxrZ0rL3OOqC5BM5PSqvZenTlmDUhpZNSiXX32xWs03p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77477ea7dfdeb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/www.saifoali.org/up/files/hasa9wf2vs5suzx9upgj.png
200 OK 11 kB URL HTTP/2 2img.net/h/www.saifoali.org/up/files/hasa9wf2vs5suzx9upgj.png
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2669)
Hash 5e074db6088043d415b27a10f83ab9f8
731be4fd0aa1f60e980ad36561f635de520eaf00
6fb04aff51e1e465877950963086547396452b174340cf17ca5d74ad0d9e7d34
GET /h/www.saifoali.org/up/files/hasa9wf2vs5suzx9upgj.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: image/png
content-length: 11404
last-modified: Mon, 06 Jun 2022 07:16:40 GMT
etag: "629da9d8-2c8c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VdoroyEzwrm7vdEsVo%2BLdHyMyxzh1%2F8Tn0Jfn%2FRLk7HHsSwTFuQr0oKOYNsdapOEPas4risOylv3mB0N1UllimRzhV2yZyd5FR1j2l9MVQAMQa4%2BTXlQRsM6dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea84e1788b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/www.animeiat.com/vb/images/smilies/main/an%20%2826%29.gif
301 Moved Permanently 178 B URL HTTP/2 2img.net/h/www.animeiat.com/vb/images/smilies/main/an%20%2826%29.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /h/www.animeiat.com/vb/images/smilies/main/an%20%2826%29.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 21:04:29 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8fEVzN82Yr%2BIAvTtSoRxWEHHEjQUkT8uQiLKBKdaKcMwXQE2ptONj8Dxmj6j97bkdo4j26eu%2BVFxPjIRXi%2BJ%2B4hBLB4zloqxMkqTx1Pu1hNuJ7Xqvp8YOCrz1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea7fd5688b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c0e696a0b61090331ce38c7a0fb0843a
5dde3b250ed233bc77bb38d5f715ad87bf61303b
6953c1cf02e770b8e37917d6c6b7875f792f713f8d55c1ed16f9a4d3f0193301
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6953C1CF02E770B8E37917D6C6B7875F792F713F8D55C1ED16F9A4D3F0193301"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8282
Expires: Sun, 04 Dec 2022 23:22:31 GMT
Date: Sun, 04 Dec 2022 21:04:29 GMT
Connection: keep-alive
cur.cursors-4u.net/cursors/cur-2/cur226.cur
200 OK 4.3 kB URL HTTP/1.1 cur.cursors-4u.net/cursors/cur-2/cur226.cur
IP
File type MS Windows cursor resource - 1 icon, 32x32, hotspot @4x3\012- data
Hash 7d11a98ac5e365733c9c19f5b40bf373
bb25e783d99d5c066fced6e493129e79f67a529b
c8d3766ee360a651a729d1f0f76818337772be5b47d0ac8790764b44eec7f35a
GET /cursors/cur-2/cur226.cur HTTP/1.1
Host: cur.cursors-4u.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 04 Dec 2022 21:04:30 GMT
Content-Type: application/octet-stream
Content-Length: 4286
Last-Modified: Wed, 27 Feb 2013 17:42:20 GMT
Connection: keep-alive
ETag: "512e457c-10be"
Accept-Ranges: bytes
ocsp.digicert.com/
200 OK 313 B IP
Hash 8b839bec32f7b79c6fea79eef3c39eaf
e78ff3339301c487eb72d61eeafa61fc02ce5012
f4630ec53ba02868a55d568264fa0c2715ce825558bb74d070dcac5ee49bb31c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3085
Cache-Control: max-age=140024
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:30 GMT
Etag: "638c7f49-139"
Expires: Tue, 06 Dec 2022 11:58:14 GMT
Last-Modified: Sun, 04 Dec 2022 11:06:49 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
2img.net/h/cursors-4u.com/support.gif
301 Moved Permanently 246 B URL HTTP/2 2img.net/h/cursors-4u.com/support.gif
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 927af21ff984573d5031ea1d6e608eaf
37a3989bb2cf87bcc73c361782ca463e1d599649
13f75b6093909fd00b6631a7720a9bbda02485eb69606987bec213eb91b11bf7
GET /h/cursors-4u.com/support.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 21:04:30 GMT
content-length: 246
location: https://www.cursors-4u.com/support.gif
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zte7ChYgTVx5e5bSLSTARI8W42cTNFx%2F495fNVKszpNUo50KscFeqDzET68CQR8Xg9b%2BdRZcwcRajCvg31oKxma6NxFL%2FrriLTQu%2BsHoYaGjigAxXiQYtmqVKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea83e0588b3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d3e8f4315487d14d256974b0de698bd6
b95e16294a0ce9bceab933b34b21d8878a1449bf
6953f31da4312fdb9b7b30b7add9e86d1b9f331c48b187f915e9cde8b1668859
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6953F31DA4312FDB9B7B30B7ADD9E86D1B9F331C48B187F915E9CDE8B1668859"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6325
Expires: Sun, 04 Dec 2022 22:49:55 GMT
Date: Sun, 04 Dec 2022 21:04:30 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 313 B IP
Hash a9f82178f4a7dccd4bf4fb84170e3fa7
54ad9cb2fd1e5c31a13ac377b445de55ec7df58a
3b826b406a9db81555b54fad48ebecaf45414ef3119e0be8635c54a02615ec88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2926
Cache-Control: max-age=163657
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:30 GMT
Etag: "638cdc39-139"
Expires: Tue, 06 Dec 2022 18:32:07 GMT
Last-Modified: Sun, 04 Dec 2022 17:43:21 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=W4Si_l80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVyNDIlMkZFZ1lMY002a0VrVnF6cWpNaXY; expires=Fri, 29 Dec 2023 21:04:30 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 289350
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash ee00ac7a24f2be13f49a39c476f9f707
98a87636f9dbd123b21b0c4adf164c68603da8ba
6edf8fd4b338be0cfa4ce5fd22a6adc145f0f47576447a03c277bea70a43a5eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3085
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:30 GMT
Last-Modified: Sun, 04 Dec 2022 20:13:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 313 B IP
Hash ee00ac7a24f2be13f49a39c476f9f707
98a87636f9dbd123b21b0c4adf164c68603da8ba
6edf8fd4b338be0cfa4ce5fd22a6adc145f0f47576447a03c277bea70a43a5eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3088
Cache-Control: max-age=136094
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:30 GMT
Etag: "638c6fec-139"
Expires: Tue, 06 Dec 2022 10:52:44 GMT
Last-Modified: Sun, 04 Dec 2022 10:01:16 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14674
Expires: Mon, 05 Dec 2022 01:09:04 GMT
Date: Sun, 04 Dec 2022 21:04:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:26:41 GMT
age: 49069
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 83512
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 83669
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:02:47 GMT
age: 82903
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 83503
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 84029
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=never.roo7.biz&var=&ymid=&var_3=
200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=never.roo7.biz&var=&ymid=&var_3=
IP
File type JSON data\012- , ASCII text, with very long lines (757)
Hash ae88049aaf6d114a3b02e1c99aaebedc
6b7d10d5ed418f474aa2806feb491556050880be
9805125442815ee5438ceb747e93abe5af1026c368586f300d665c1de5982c01
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=never.roo7.biz&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Origin: https://never.roo7.biz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:30 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 46e9c3a5bb1a772be466452b7f817bf2
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.409
200 OK 62 kB URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.409
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5d25d25abe364de6f27268951b74c1c0
ebb8abd73a0f9765a637f57685adf2f69a91379d
4f6f149a8ac4fe211ed828f4df91cb9ced77225b0386313d4a796dee93cdd839
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Origin: https://never.roo7.biz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:30 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 20:41:08 GMT
expires: Sun, 04 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 1402
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
200 OK 25 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
File type Unicode text, UTF-8 text, with very long lines (65498)
Hash 89d32c791c97d8cc6581d18ba08c37fd
ebb36de9cf125714cb2173ecd255671d1ed3c24b
f0ac1545dc3d63aba60185c29f1b5f57e90172fc75d02f8028d866b70ce1b1ac
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DLluyGnC1xDYt2a+kJQyFKK9H2xkcfp/qZ84RLUZoYLCPZ+1POiLYMLhG1OFjtzcWLJ2CSJCMwU=
x-amz-request-id: XZE36HPYXP5NVRCS
last-modified: Sun, 04 Dec 2022 11:07:05 GMT
etag: "4ce1aa58b1acafb9b4f2ae3522152e9b"
x-amz-version-id: HGeyL_.MBNtV9nwEV7JtR0Xc2rmgdTYa
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:30 GMT
via: 1.1 varnish
age: 52
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670187871.732255,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 84
content-length: 25343
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=1555549776
200 OK 159 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=1555549776
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash fc2ef6b2b19829f583e9cbee38192619
c359fd80c832a1f8c61757ae8eba3494afcde89e
ea60559faa2f3e9b07a58e00c8211d65566de7adc8baeefc132f46ea79569aeb
POST /cdb?ptv=132&profileId=206&cb=1555549776 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 563
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:30 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://never.roo7.biz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 159
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
never.roo7.biz/images/icons-180.png
200 OK 6.1 kB URL HTTP/2 never.roo7.biz/images/icons-180.png
IP
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82
GET /images/icons-180.png HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:30 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sun, 04 Dec 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js
200 OK 147 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221204-5-RELEASE.js
IP
File type ASCII text, with very long lines (65509)
Size 147 kB (146692 bytes)
Hash 44011b5dd14e2f62cd293736e61bfd5d
de3c2fe115b850c1e3e98fe3f7535b25cb1d3c60
b3afb4ddb950f8d47f69dc4d767ab42575b6ac181266b74bf47f62db718d1b78
GET /libtrc/impl.20221204-5-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: CjI7dNb7Sm2ieogl+FR+2lgv4og9KWqPbaVSss7gfMGqV7gCClnQ5mltb5VDFGjCpsQ2jYBvHZE=
x-amz-request-id: 4J772X8ZNY05ZTSH
last-modified: Sun, 04 Dec 2022 10:58:02 GMT
etag: "44011b5dd14e2f62cd293736e61bfd5d"
content-encoding: br
x-amz-version-id: FCB4xk7W.ZTqnSlYrGqFWfqH44s.QC5m
content-type: application/javascript
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:30 GMT
via: 1.1 varnish
age: 7579
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 7167
x-timer: S1670187871.906746,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 15
server: AmazonS3-br
content-length: 146692
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash ab507b3688f9409491da9715db2cb8f7
1f851e21b05f8fca6685220fdb1c1b3856d97791
ada01d1daa6559da33b5b7f076f5987e36394b6a617b09d33805c6cf875e80a4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128867
Date: Sun, 04 Dec 2022 21:04:30 GMT
Etag: "638c5246-1d7"
Expires: Tue, 06 Dec 2022 08:52:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:54:46 GMT
Server: ECS (bsa/EB14)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C-TWiVxN-3KMyxBndi_IJJL8YSTc1rIDhsqZKoHCz4Ut5ZiGqY3FwA==
Age: 3451
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:30 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
de.tynt.com/deb/v2?id=cl47sqF64r34Djadbi-bpO&dn=TI&cc=1&r=
200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=cl47sqF64r34Djadbi-bpO&dn=TI&cc=1&r=
IP
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=cl47sqF64r34Djadbi-bpO&dn=TI&cc=1&r= HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
expires: Mon, 05 Dec 2022 21:04:30 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Sun, 04 Dec 2022 21:04:30 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
api.viglink.com/api/ping
200 OK 259 B IP
File type ASCII text, with no line terminators
Hash 3baa0e487bce646f25ecb9e464405cd1
a9726e7430f224c52f879f3545e148a3fb9eef4a
017ca44b2819ef7c4349cd441189e5bf256bb491225758b4db85ba291a88a101
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://never.roo7.biz
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:04:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4&cu=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A04%3A28.682&type=usage&msg=rtus&llvl=2&id=57&cv=20221204-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=ccpaApiFail&extraData=%7B%7D
204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A04%3A28.682&type=usage&msg=rtus&llvl=2&id=57&cv=20221204-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=ccpaApiFail&extraData=%7B%7D
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=21%3A04%3A28.682&type=usage&msg=rtus&llvl=2&id=57&cv=20221204-5-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=ccpaApiFail&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Dec 2022 21:04:31 GMT
x-fastly-to-nlb-rtt: 22447
access-control-allow-credentials: true
X-Firefox-Spdy: h2
www.cursors-4u.com/support.gif
200 OK 4.8 kB URL HTTP/1.1 www.cursors-4u.com/support.gif
IP
File type GIF image data, version 89a, 119 x 119\012- data
Hash 87c91dc94d01758ef1e0396e7758adc7
2336e95351d6325ea0e68da8d44081493eba2ee1
1dc38ac45aa54c1d51c5528a1c0b2de6a99b24816a5a15aea9b461a5baf6b596
GET /support.gif HTTP/1.1
Host: www.cursors-4u.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:31 GMT
Server: Apache
Last-Modified: Sun, 20 Jan 2019 00:48:44 GMT
Accept-Ranges: bytes
Content-Length: 4833
Cache-Control: max-age=31536000
Expires: Mon, 04 Dec 2023 21:04:31 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
static.criteo.net/images/pixel.gif?ch=2
200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:31 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Wed, 29 Nov 2023 21:04:31 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/images/pixel.gif?ch=1
200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=1 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:31 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Wed, 29 Nov 2023 21:04:31 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png&t=%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%B4%D9%8A%D8%A8%D9%88%D8%AF%D9%86%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AB%D8%A7%D9%84%D8%AB%20%7C%20naruto%20shippuuden%20movie%203%20%7C%20%D9%88%D8%B1%D8%A7%D8%AB%D8%A9%20%D8%B9%D8%B2%D9%8A%D9%85%D8%A9%20%D8%A7%D9%84%D9%86%D8%A7%D8%B1%20%7C%20%D9%81%D9%8A%D9%84%D9%85%20%D9%86%D8%A7%D8%B1%D9%88%D8%AA%D9%88%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%20%7C%20%D9%85%D8%AA%D8%B1%D8%AC%D9%85%D8%A9%20%D9%85%D9%86%20%D8%A3%D8%AD%D9%85%D8%AF%20%D8%B4 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0&img=https%3A%2F%2F2img.net%2Fi%2Ffa%2Flogo%2Flogo_ar.png HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0
204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=cl47sqF64r34Djadbi-bpO&lm=0&ts=1670187867143&dn=TI&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Sun, 04 Dec 2022 21:04:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
sc.tynt.com/script/sc/cl47sqF64r34Djadbi-bpO.js
200 OK 141 B URL HTTP/2 sc.tynt.com/script/sc/cl47sqF64r34Djadbi-bpO.js
IP
Hash 41f0c535ef7cca6d9c7b5ec1b29b9ac4
5489e75f47f0484632274a63001e26e72a7aeb25
dc756f58e4d8adb8a57625c10ecc6f6d8da8b7928ea559b599138f02def7ba98
GET /script/sc/cl47sqF64r34Djadbi-bpO.js HTTP/1.1
Host: sc.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:31 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
status: 200 OK
x-rack-cache: fresh
cache-control: max-age=86400, public, s-maxage=172800
last-modified: Mon, 31 Oct 2022 14:06:40 GMT
x-xss-protection: 1; mode=block
x-request-id: 1b4c18a3-a524-449f-b9ae-c10552ae9985
x-content-digest: d2971c7827a68ea71f9a0f7eec1466e936d1b6d3
x-runtime: 0.002828
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
expires: Mon, 05 Dec 2022 20:35:48 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 77477eafba0db4f3-OSL
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js
200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221204-5-RELEASE.es6.js
IP
File type ASCII text, with very long lines (17842)
Hash 1bf1dea253cd98940ce69c484846d6a1
10eb6e66d08a1b9d47b907bdab99ce62df1ac64e
a1400b6b985663284e06ff193ae67a058ac4a941c0e39a0459fbdbae5f2b8bec
GET /libtrc/userx.20221204-5-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: JqZ/yLM48O7O463Ttm8xU7mzkvETfxvwt7FKlLjm6luzENqOF69dXlL97srYZ1cLMuNLK64Qayk=
x-amz-request-id: F6G6YAPYQQ205QRS
x-amz-replication-status: PENDING
last-modified: Sun, 04 Dec 2022 12:46:15 GMT
etag: "f257084fa5d40369fd5095838cc508c9"
x-amz-version-id: t5qY8CKRUH4Gm3ODbJJbfrati21qr3EK
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:31 GMT
via: 1.1 varnish
age: 9
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1670187872.997216,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 15
content-length: 5398
X-Firefox-Spdy: h2
vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash aac1042207afd54e1cf1befcaf3420cd
00f0597866330a850a1d6222861591f24dd18380
ea77ece8880eb28ffe83e94ef787b4204f8b1b3d09f443011b898b13ed4bb706
GET /lite-unit/3.9.8/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "1842444d4bb92087143326a4d508875d"
server: AmazonS3
via: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: iVxUQ_yUDgKIDSZaR21P2jFvv94ZUaTAMQdnd9xsEMFJTpsmb2NMlg==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:31 GMT
age: 1087314
x-served-by: cache-bma1654-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 9231
x-timer: S1670187872.998177,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29909
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Sun, 04 Dec 2022 21:04:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&gjid=2127244728&_gid=1426859323.1670187868&_u=YEBAAUAAAAAAACAAI~&z=1137324059
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&gjid=2127244728&_gid=1426859323.1670187868&_u=YEBAAUAAAAAAACAAI~&z=1137324059
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&gjid=2127244728&_gid=1426859323.1670187868&_u=YEBAAUAAAAAAACAAI~&z=1137324059 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://never.roo7.biz
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 21:04:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:04:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1623371928.1670187868&jid=1245187549&_u=YEBAAUAAAAAAACAAI~&z=531663805 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 21:04:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/domains
200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP
File type ASCII text, with no line terminators
Hash e74c92d199ff6936cbef8913cf021ee5
c55e1020895c44b4a3e5a15ba09228c0648ad167
52281784d19188038fcee0c18f67b5f59a9ef28af4d90b9ad24d99b2609db04e
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 306
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://never.roo7.biz
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:04:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://never.roo7.biz/
Origin: https://never.roo7.biz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=roo7.biz&sn=FirefoxSyncframe&so=0&topUrl=never.roo7.biz&info=N49wKF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVvemFrREJpcHNaQUljZmZPTnhXckY3&idsd=885969404,-382653247&cw=1&lsw=1
200 OK 288 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=roo7.biz&sn=FirefoxSyncframe&so=0&topUrl=never.roo7.biz&info=N49wKF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVvemFrREJpcHNaQUljZmZPTnhXckY3&idsd=885969404,-382653247&cw=1&lsw=1
IP
File type JSON data\012- , ASCII text, with very long lines (353), with no line terminators
Hash 5de282ed220f4887368c46bc9bba5e61
708fbcaa58d11fa0aeb140d96e6b2abdbb4f00af
89b3925858dec7aa75eb6324dad2e44fb23ae90631cbc433261c8f70f20ed519
GET /sid/json?origin=publishertag&domain=roo7.biz&sn=FirefoxSyncframe&so=0&topUrl=never.roo7.biz&info=N49wKF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVvemFrREJpcHNaQUljZmZPTnhXckY3&idsd=885969404,-382653247&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=never.roo7.biz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1041847
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://never.roo7.biz/
Origin: https://never.roo7.biz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Content-Type: application/json
Origin: https://never.roo7.biz
Content-Length: 375
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2fb70657ad22b0729a32cd36a851c918
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Content-Type: application/json
Origin: https://never.roo7.biz
Content-Length: 759
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 646575b36c13231814ba17907cb45c31
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Content-Type: application/json
Origin: https://never.roo7.biz
Content-Length: 448
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9b85e0b0ba5371a7fd3bb5edc77da974
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A04%3A29.717&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=899&cv=20221204-5-RELEASE<=deflated&pct=1
204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=21%3A04%3A29.717&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=899&cv=20221204-5-RELEASE<=deflated&pct=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=21%3A04%3A29.717&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=899&cv=20221204-5-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
x-fastly-to-nlb-rtt: 73154
access-control-allow-credentials: true
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 401
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:04:32 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://never.roo7.biz
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/94ef1d98e64be50a66f81be1400546ea.jpg
200 OK 11 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/94ef1d98e64be50a66f81be1400546ea.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 02a03dfc092288af4ef02bd272de0b31
040b5bd7a6154e92de5c0a9e6e7fb84a87cf15d3
229487e2c18dce93eae8bd248d7834aef4347bdaeb2718f07fa09a960c93e401
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/94ef1d98e64be50a66f81be1400546ea.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 442906439851107509825595192824171177036,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 442906439851107509825595192824171177036,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "729b71c363d938086005933c59855f39"
expiration: expiry-date="Sun, 09 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Thu, 08 Sep 2022 14:57:45 GMT
req-referer: https://www.ellwoodcityledger.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 56
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 5222214
x-served-by: cache-iad-kcgs7200149-IAD, cache-iad-kiad7000116-IAD, cache-chi-kigq8000170-CHI, cache-iad-kiad7000149-IAD, cache-bma1654-BMA
x-cache: HIT, MISS, HIT, HIT, HIT
x-cache-hits: 1, 0, 1, 14, 1
x-timer: S1670187873.615610,VS0,VE8
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/94ef1d98e64be50a66f81be1400546ea.jpg
x-vcl-time-ms: 8
content-length: 10662
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f3244daab3183be91b7cd3e9a1511d51.jpg
200 OK 2.9 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f3244daab3183be91b7cd3e9a1511d51.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9c74feb8c7be28b678a9995ade47cc84
a8eada26cef1568504add6cb1b306966468303d9
f3c796fad80f5797497c8dcb8d807a41508ed86af5f2ae48a1d6724e0b16dbb7
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f3244daab3183be91b7cd3e9a1511d51.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 459088806237282744222012500714687578356,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 459088806237282744222012500714687578356,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
etag: "898b8c52f8886fa38d7d0a39dc0e862b"
last-modified: Fri, 21 Oct 2022 11:19:00 GMT
req-referer: https://en.paperblog.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: f9bc67cee7e8ce8f6f2bc1542c6f0f1d
x-envoy-upstream-service-time: 531
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 3822561
x-served-by: cache-iad-kjyo7100077-IAD, cache-iad-kjyo7100167-IAD, cache-sna10733-LGB, cache-iad-kcgs7200161-IAD, cache-bma1654-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 31, 1
x-timer: S1670187873.621773,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f3244daab3183be91b7cd3e9a1511d51.jpg
x-vcl-time-ms: 1
content-length: 2886
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.trendscatchers.io/uploads/2022/04/de-9-Aquadam-House-saved-from-the-flood.jpg
200 OK 7.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.trendscatchers.io/uploads/2022/04/de-9-Aquadam-House-saved-from-the-flood.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e9b946fd49cff0df9a22b2e1d8c38011
264968e9e706526e721c8b78e6e6e199c5c65f18
47c19c6b4d20debb2481faf0b1c89ede736fe3eb6d6c073cab159b164b97345a
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.trendscatchers.io/uploads/2022/04/de-9-Aquadam-House-saved-from-the-flood.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 316655602718335343350619277656414684633,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 316655602718335343350619277656414684633,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
etag: "c280c04369a5abc8cba8c8315181764b"
expiration: expiry-date="Sat, 19 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 19 Oct 2022 15:47:16 GMT
req-referer: https://www.express.pk/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 173
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 2879314
x-served-by: cache-iad-kcgs7200095-IAD, cache-iad-kiad7000033-IAD, cache-lax10633-LGB, cache-iad-kiad7000028-IAD, cache-bma1654-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 3, 1
x-timer: S1670187873.623231,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.trendscatchers.io/uploads/2022/04/de-9-Aquadam-House-saved-from-the-flood.jpg
x-vcl-time-ms: 1
content-length: 7688
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IODTsFq1K3IZgpl4L.jpg
200 OK 8.0 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IODTsFq1K3IZgpl4L.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash ef7127253c33261143d7f336c399c8fb
b7f0b2163ff9ee8a630f88c55b21b195f1446a5e
b0d2e02d24707f5666b10b9a42c03a6d2cbd07981d107175f0f4fdf842f8731c
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IODTsFq1K3IZgpl4L.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 482867527858580516199912887226559008161,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 482867527858580516199912887226559008161,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
etag: "bbee62da6af3a5da408bee9214d9a8d2"
last-modified: Wed, 26 Oct 2022 02:05:15 GMT
req-referer: https://weather.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: c24a9ac19e62f7eb48a1e23c6753cd17
x-envoy-upstream-service-time: 667
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 2305423
x-served-by: cache-iad-kiad7000100-IAD, cache-iad-kiad7000129-IAD, cache-chi-klot8100048-CHI, cache-iad-kjyo7100137-IAD, cache-bma1654-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 42, 1
x-timer: S1670187873.623779,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IODTsFq1K3IZgpl4L.jpg
x-vcl-time-ms: 1
content-length: 7960
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b43399c8d423ff4c57bdc9db940b81af.png
200 OK 9.3 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b43399c8d423ff4c57bdc9db940b81af.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cbb743ad25ec587c2f5783f4dfca7482
d5ca8a70aa229fefd4337d1fe201507becae54ed
29c6129a3b451657fedf86b3797849619cf3806807f950a2e392bc46aad8d86b
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b43399c8d423ff4c57bdc9db940b81af.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 318546441886281567365642294868277625786,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 318546441886281567365642294868277625786,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
etag: "7c00cd8442a6538d4c050aaf01581a60"
last-modified: Sat, 15 Oct 2022 00:46:57 GMT
req-referer: https://pcforalla.idg.se/2.1054/1.772555/annonser-upptackta-i-windows-11s-utloggningsmeny
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 65ca90a911ae90efcdfa0d1df8faf416
x-envoy-upstream-service-time: 83
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 2983425
x-served-by: cache-iad-kcgs7200135-IAD, cache-iad-kcgs7200021-IAD, cache-chi-klot8100175-CHI, cache-iad-kcgs7200077-IAD, cache-bma1654-BMA
x-cache: MISS, HIT, HIT, MISS, HIT
x-cache-hits: 0, 1, 1, 0, 1
x-timer: S1670187873.624482,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b43399c8d423ff4c57bdc9db940b81af.png
x-vcl-time-ms: 1
content-length: 9268
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a8017b49bb81911fe138dca32a03f828.jpg
200 OK 5.4 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a8017b49bb81911fe138dca32a03f828.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1685aed0c63e3afdee072c423ffd1a8c
2f63ab392b94149aefc77f1de3f8c918e70345c0
6724a49f14ef0caa5b2b81148be4d76af3e720a32ae092e2b8b8572e00e921e9
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a8017b49bb81911fe138dca32a03f828.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 306862923308336825632383319054881372892,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 306862923308336825632383319054881372892,296870302051874402078780526775162453794,29ecf9b93bbf306179626feeda1fab70
etag: "e1d73fd5c3e720e44128c1829c50813f"
expiration: expiry-date="Wed, 09 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sun, 09 Oct 2022 07:13:50 GMT
req-referer: https://www.factable.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 21
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
age: 2355949
x-served-by: cache-iad-kjyo7100122-IAD, cache-iad-kiad7000140-IAD, cache-bur-kbur8200123-BUR, cache-iad-kiad7000111-IAD, cache-bma1654-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 14, 1
x-timer: S1670187873.623974,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_150%2Cw_180%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/a8017b49bb81911fe138dca32a03f828.jpg
x-vcl-time-ms: 2
content-length: 5386
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=31589837&cb=1670187870229&uv=3245&tms=1670187870229&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670187865615!ts:1670187870229&mntl=1
200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=31589837&cb=1670187870229&uv=3245&tms=1670187870229&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670187865615!ts:1670187870229&mntl=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=31589837&cb=1670187870229&uv=3245&tms=1670187870229&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670187865615!ts:1670187870229&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-length: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4cdd9e92530719e8c12811e9ea1393f4
4142f71c9ecab6ac316d5585beaca78d6aaa32c8
9534bfce33123fd927838b7d0a5b2fb1d7063bd795bf346e9cf6e2b0683fd79f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9534BFCE33123FD927838B7D0A5B2FB1D7063BD795BF346E9CF6E2B0683FD79F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14531
Expires: Mon, 05 Dec 2022 01:06:43 GMT
Date: Sun, 04 Dec 2022 21:04:32 GMT
Connection: keep-alive
am-match.taboola.com/sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true
200 OK 1.1 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1102), with no line terminators
Hash aa7d4ed985f3306dd171db89091fe627
62d8fdcb8a481f66fe8f7a0869ebd1b97f05c960
539380034e5bb3b2abf74365c56b5f9646d78c56769539a068d377e549b502a3
GET /sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/assets/css/cmOsUnit.css
IP
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_4_5/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Bf8dw0NjA07TfpEMmKBaL+UFJWQuALEo7owO+vyJS0Z7+UM4VbN5qXqenI+jCaBsTF8hL6tqRMY=
x-amz-request-id: 89SNZ5N6GV47VA34
last-modified: Mon, 28 Nov 2022 10:07:46 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669630065
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630064
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
age: 557714
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 89994
x-timer: S1670187873.939000,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 5de61369c0082229e4b697abe5fed620
76fff06483173541f116a7bf8814544280562b62
ff438b449b60fc11f3388522f8b499aedf7085da643639d3cbeac1d5c6d7d27a
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3146
Cache-Control: max-age=100853
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Etag: "638be60c-1d7"
Expires: Tue, 06 Dec 2022 01:05:25 GMT
Last-Modified: Sun, 04 Dec 2022 00:13:00 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
tcr.tynt.com/javascripts/Tracer.js?user=cl47sqF64r34Djadbi-bpO
200 OK 17 kB URL HTTP/2 tcr.tynt.com/javascripts/Tracer.js?user=cl47sqF64r34Djadbi-bpO
IP
Hash 53bb6a5b384532858a9691a15fb6c84d
62e4d8d389bc8b0816092542c9c6fd90cc1c96df
f6abf4ad0fb5f861a298f5556e4dd14d11e2ed533c6ef63c448e039a35f98623
GET /javascripts/Tracer.js?user=cl47sqF64r34Djadbi-bpO HTTP/1.1
Host: tcr.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/javascript
last-modified: Thu, 21 Jul 2022 14:57:29 GMT
vary: Accept-Encoding
etag: W/"62d96959-b4ff"
content-encoding: gzip
cf-cache-status: HIT
age: 81449
expires: Wed, 07 Dec 2022 21:04:29 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 77477ea8ad1db4f3-OSL
X-Firefox-Spdy: h2
status.geotrust.com/
200 OK 471 B IP
Hash 5de61369c0082229e4b697abe5fed620
76fff06483173541f116a7bf8814544280562b62
ff438b449b60fc11f3388522f8b499aedf7085da643639d3cbeac1d5c6d7d27a
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3086
Cache-Control: max-age=100794
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Etag: "638be60c-1d7"
Expires: Tue, 06 Dec 2022 01:04:26 GMT
Last-Modified: Sun, 04 Dec 2022 00:13:00 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
200 OK 471 B IP
Hash 5de61369c0082229e4b697abe5fed620
76fff06483173541f116a7bf8814544280562b62
ff438b449b60fc11f3388522f8b499aedf7085da643639d3cbeac1d5c6d7d27a
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1454
Cache-Control: max-age=99162
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:32 GMT
Etag: "638be60c-1d7"
Expires: Tue, 06 Dec 2022 00:37:15 GMT
Last-Modified: Sun, 04 Dec 2022 00:13:00 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:04:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40489051-7417-11ed-92a3-191344880506; expires=Sun, 01-Jan-2023 21:04:32 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=404890aa-7417-11ed-92a3-191344880506
X-fe: 128
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
IP
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127788 bytes)
Hash 2b361da912acc8f13f4f1b545047025f
af3a70c02bb88e27a151e8edf4a93931ace2aced
7f44e7dee5fbeb1334cdcb6b06d37dbf74a5ce2c65d4494843a2dabd98f2ef1b
GET /vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: NxcjemMMJRUsCExBkB2iiVRl9DgwLdtVaii0IcyucefSWzHY1Wd9p4I32adBzeHQ7741KdCnChI=
x-amz-request-id: 89SJXSQ72NB1B3KT
last-modified: Mon, 28 Nov 2022 10:06:56 GMT
etag: "2b361da912acc8f13f4f1b545047025f"
x-amz-meta-ctime: 1669630015
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630014
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:33 GMT
via: 1.1 varnish
age: 557713
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 40206
x-timer: S1670187873.024702,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127788
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=404890aa-7417-11ed-92a3-191344880506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=404890aa-7417-11ed-92a3-191344880506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=404890aa-7417-11ed-92a3-191344880506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=405a4bb8-7417-11ed-b166-1ac857eb0306; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 72
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=405a2cf0-7417-11ed-bfdf-1ce730eb0506; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a2d5d-7417-11ed-bfdf-1ce730eb0506
X-fe: 140
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=405a3a7b-7417-11ed-943f-124172220506; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a3ae3-7417-11ed-943f-124172220506
X-fe: 70
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
200 OK 278 B IP
Hash 3b37e9e4dc5c39c8fb6aba1ddd4ddc4e
2a3653d905b34824efded08cbb4c400f80d73526
c2855a99d6c1522d57a8224193527da72bf97c139541d1e010a51762fb1ab73e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6427
Cache-Control: max-age=133289
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:33 GMT
Etag: "638c57ef-116"
Expires: Tue, 06 Dec 2022 10:06:02 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d5f25c4c99bce7de9166e989e0e94df3
977a8feb8420b10fc4b27440203b08ecae7516f8
5e444685fc55211330424827c83a0b4a885ff07f4c97fa667eead72cdc3c3eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E444685FC55211330424827C83A0B4A885FF07F4C97FA667EEAD72CDC3C3EAF"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16905
Expires: Mon, 05 Dec 2022 01:46:18 GMT
Date: Sun, 04 Dec 2022 21:04:33 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=814eba68d4a1480fa5f1650c5be53872
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=814eba68d4a1480fa5f1650c5be53872
IP
File type JSON data\012- , ASCII text
Hash 0718119169af4b4c3526084adb6a965c
03249b5a760cb07acc8bc28586b8694d60186cfc
4dd8590dd743f5ddf5cccf62676b745f7fc8d8c828ef47d6902b29728e4fa0e1
GET /gid.js?userId=814eba68d4a1480fa5f1650c5be53872 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://never.roo7.biz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=814eba68d4a1480fa5f1650c5be53872; expires=Mon, 04 Dec 2023 21:04:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a458e-7417-11ed-8e6f-1626150c0506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a458e-7417-11ed-8e6f-1626150c0506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a458e-7417-11ed-8e6f-1626150c0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40726826-7417-11ed-92a0-18c6427b0506; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 108
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a2d5d-7417-11ed-bfdf-1ce730eb0506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a2d5d-7417-11ed-bfdf-1ce730eb0506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a2d5d-7417-11ed-bfdf-1ce730eb0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=4072a180-7417-11ed-9838-143d56a10306; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 112
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a3ae3-7417-11ed-943f-124172220506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a3ae3-7417-11ed-943f-124172220506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=405a3ae3-7417-11ed-943f-124172220506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40736c3c-7417-11ed-92a3-191344880506; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 128
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
api.viglink.com/api/domains
200 OK 42 B URL HTTP/1.1 api.viglink.com/api/domains
IP
File type ASCII text, with no line terminators
Hash 397fabf5eabf820c2323d738d72498ba
b4535d28f56af18c4ec103edd8949132c9054891
c78fcb6928998bce3e234f1684947b1d3c27e16aabe02526bd9e348d4b1e4616
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 284
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://never.roo7.biz
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Sun, 04 Dec 2022 21:04:32 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:33 GMT
via: 1.1 varnish
age: 19909
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 1818
x-timer: S1670187873.268642,VS0,VE0
cache-control: private,max-age=31536000
abp: 15
content-length: 254
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash f499b2c86f35e9a3eada12bc73765263
64a65fe44a6a6683fc6a5ab5952dd676960ed936
72e63411fbfa22598322a2a19a427f8d3760a40fee46e095ff01a1e3ef1a0862
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Thu, 08 Dec 2022 18:45:48 GMT
ETag: "64a65fe44a6a6683fc6a5ab5952dd676960ed936"
Last-Modified: Sun, 04 Dec 2022 18:45:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3121
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77477ec06f840b02-OSL
trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2494
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:33 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187873.270284,VS0,VE86
x-vcl-time-ms: 86
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd
GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:33 GMT
via: 1.1 varnish
age: 739750
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 88648
x-timer: S1670187873.434701,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
200 OK 30 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
Hash 3189c6c4121f6f35c20fc4a20d73ff4f
791779f013fbd8d18a53c7cd5fd3b2a67e38dc3a
4604408cd04a89b629e6d5cf4cce67cb21df72b7243a6ae4cbb4681cab85d187
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/javascript
x-trace-id: 99b2af6e6d511eaaa402d4d8cbee6ab0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=814eba68d4a1480fa5f1650c5be53872; expires=Mon, 04 Dec 2023 21:04:32 GMT; path=/; secure; SameSite=None
oaidts=1670187872; expires=Mon, 04 Dec 2023 21:04:32 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 91 kB URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 59753a086b4b929580ec67c96dc7729a
28e9e2f0945bb9b8b6171f4da07b6a92a5a5c824
070f3a8032376b9e5e0e2c830cfde1342036c7446b80617726b3ac24e53720fb
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=283&height=159&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670187870294&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1
200 OK 518 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=283&height=159&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670187870294&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1
IP
File type ASCII text, with very long lines (1424), with no line terminators
Hash 310bd1e271f7b73fec06b3ff793ed33e
2e11849177b64d717d9ebdfa42083a29b849bab0
f4a94903b8cfd580ede388c5778c4a460424fe429c0b0d06aa850bde69dcc33d
POST /VideoBidRequestHandlerServlet?oid=15&width=283&height=159&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670187870294&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 117
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1476
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187873.889039,VS0,VE97
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash e628b15d0ac70efe6a7d72ea00716fa3
cff8653177e58253bae09b9010f889c0b097b221
39d68fe3ffb4a1e277c6aa63b742c5e6e17e6e13e064bf42cd2e45b8f2786f0c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2858
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 21:04:33 GMT
Last-Modified: Sun, 04 Dec 2022 20:16:55 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Dec 2022 21:04:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
ups.analytics.yahoo.com/ups/58534/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:04:33 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBGELjWMCEDB7Yuu7qqgtQIHVEtBQNO8FEgEBAQFcjmOWYwAAAAAA_eMAAA&S=AQAAAtd54DrpaytG1kFqoTewwTY; Expires=Tue, 5 Dec 2023 03:04:33 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40d3627c-7417-11ed-9e9a-1586fee60406; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d362e9-7417-11ed-9e9a-1586fee60406
X-fe: 44
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40d3f7c9-7417-11ed-9716-10a0cca80306; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d3f803-7417-11ed-9716-10a0cca80306
X-fe: 139
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d362e9-7417-11ed-9e9a-1586fee60406
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d362e9-7417-11ed-9e9a-1586fee60406
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d362e9-7417-11ed-9e9a-1586fee60406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40dafa57-7417-11ed-a34b-1131174c0306; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 86
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d3f803-7417-11ed-9716-10a0cca80306
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d3f803-7417-11ed-9716-10a0cca80306
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=40d3f803-7417-11ed-9716-10a0cca80306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 04 Dec 2022 21:04:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=40dafb71-7417-11ed-8e71-197e22df0406; expires=Sun, 01-Jan-2023 21:04:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 30
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ups.analytics.yahoo.com/ups/58534/occ?verify=true
204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:04:33 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBGELjWMCEA4bIe-7HF2Tg9W9Hxp-R-cFEgEBAQFcjmOWYwAAAAAA_eMAAA&S=AQAAAu0wGljqM7_3FuTFCdb1Z1c; Expires=Tue, 5 Dec 2023 03:04:33 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5168
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187874.915446,VS0,VE89
x-vcl-time-ms: 89
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sun, 04 Dec 2022 21:04:34 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBGILjWMCENLkKule8CkYOKbCMQU0QvcFEgEBAQFcjmOWYwAAAAAA_eMAAA&S=AQAAApz617BoL0syhSXgPmScx5I; Expires=Tue, 5 Dec 2023 03:04:34 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 2a3e9c9270d5d1402700343b567d8e21
4348655937347ff19881acafd04b1277e017f19c
905ee9517e8597ac86e76b99b970f77a4fbb2500de30ef6efea97a4bbcea51d4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Dec 2022 13:33:18 GMT
Expires: Fri, 09 Dec 2022 13:33:17 GMT
Etag: "4348655937347ff19881acafd04b1277e017f19c"
Cache-Control: max-age=404323,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77477ec34abfb524-OSL
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:34 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (18728)
Hash de8d25f887a0fa41f6f06f47032cf2ed
730223801e090e4746352343fa2faa352466a1fd
377cfef236901519d68cbcd502144605dfa7b21e62896ef35890a7524dffb64d
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Sun, 04 Dec 2022 11:34:22 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=52102
Expires: Mon, 05 Dec 2022 11:32:56 GMT
Date: Sun, 04 Dec 2022 21:04:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 896
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 04 Dec 2022 21:04:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://never.roo7.biz
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ups.analytics.yahoo.com/ups/58534/occ?verify=true
204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 21:04:34 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBGILjWMCEO0U2UvAc9p9F6FtWrOSoK4FEgEBAQFcjmOWYwAAAAAA_eMAAA&S=AQAAAoI6pwgAqnuGJVpSzlhICXg; Expires=Tue, 5 Dec 2023 03:04:34 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:34 GMT
via: 1.1 varnish
age: 3
x-served-by: cache-bma1654-BMA
x-cache: HIT
x-cache-hits: 9
x-timer: S1670187874.070588,VS0,VE0
vary: Accept-Encoding
abp: 15
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 47 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 4a6e0dd75b792d1cc9fe8e266fc4e7cc
8d2464562a8174d91f356065907557d11dc825be
2e8a50d62b0959ff472753a045cf4647e358f63d1d6b2f045972e5438a28a8c9
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:34 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash dbb66a45515eb4bd61566b8a462222b7
2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9
1929d698afaff5af3fd939389346226a6056b86e4f870b0769755b0cdefd60a6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 21:04:34 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 01:56:49 GMT
Expires: Sat, 10 Dec 2022 01:56:48 GMT
Etag: "2d18c51e1a9d35c874c96ad0552aa35d88bfc5f9"
Cache-Control: max-age=448933,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77477ec39f4c0b61-OSL
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:34 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Content-Type: application/json
Origin: https://never.roo7.biz
Content-Length: 383
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:37 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: d46fa3aba8856d03e843514e6e1687c3
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=1f56427a3c0d4a278bc97cd52af5b62a&zoneId=2308013&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=1f56427a3c0d4a278bc97cd52af5b62a&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash 0718119169af4b4c3526084adb6a965c
03249b5a760cb07acc8bc28586b8694d60186cfc
4dd8590dd743f5ddf5cccf62676b745f7fc8d8c828ef47d6902b29728e4fa0e1
GET /gid.js?pub=0&userId=1f56427a3c0d4a278bc97cd52af5b62a&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/
Origin: https://never.roo7.biz
Connection: keep-alive
Cookie: ID=814eba68d4a1480fa5f1650c5be53872
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://never.roo7.biz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=814eba68d4a1480fa5f1650c5be53872; expires=Mon, 04 Dec 2023 21:04:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP
GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 992526
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRwteGsjCV0yYZrcS00v1q9uA6qfRL29jbqB2Qm2XVpgeeERrvLRoPU47QunGqQ9f6WPUphvVSGBGMwT1qW%2FXqvMToKWfEmtOuPaIlu8JkSIzXzNOk3pMJt9MvStPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea6291fb506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=undefined&cb=1670187870230&uv=3245&tms=1670187870230&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9c33d7c0-7746-4d27-b8ee-3a50879a8683&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=undefined&cb=1670187870230&uv=3245&tms=1670187870230&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9c33d7c0-7746-4d27-b8ee-3a50879a8683&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&cmcv=&pix=undefined&cb=1670187870230&uv=3245&tms=1670187870230&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9c33d7c0-7746-4d27-b8ee-3a50879a8683&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187873.694383,VS0,VE22
vary: Accept-Encoding
X-Firefox-Spdy: h2
never.roo7.biz/?utm_source=pwa
200 OK 0 B URL HTTP/2 never.roo7.biz/?utm_source=pwa
IP
GET /?utm_source=pwa HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/serviceworker.js
Connection: keep-alive
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/html
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
never.roo7.biz/components/com_ubar/assets/js/bar.js?0.9.3
404 Not Found 0 B URL HTTP/2 never.roo7.biz/components/com_ubar/assets/js/bar.js?0.9.3
IP
GET /components/com_ubar/assets/js/bar.js?0.9.3 HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 91031
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=W4Si_l80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVyNDIlMkZFZ1lMY002a0VrVnF6cWpNaXY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:31 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=N49wKF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkdTbkk0Y2FMTEhJMXZIJTJCNFJEeGVvemFrREJpcHNaQUljZmZPTnhXckY3; expires=Fri, 29 Dec 2023 21:04:32 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 376757
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false
200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false
IP
ASN #200478 Taboola.com ltd
GET /sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/embed/FA_Embed.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/embed/FA_Embed.js
IP
GET /rs3/66/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:27 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 992522
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lavIs7KFvtUYZcKAdop3u3Pw36rpdSUnNtjl2tKl1d6stWYAUF4g4jdJXBBNT8JfofeUOfP8KLx1oZDTCu%2FC%2B%2B5EAhywDXO8rsLBlOp9ZthOsxppCYKZeo%2BbzrYQDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea62926b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
never.roo7.biz/media/system/js/mootools.js
404 Not Found 0 B URL HTTP/2 never.roo7.biz/media/system/js/mootools.js
IP
GET /media/system/js/mootools.js HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/ticker/ticker.css
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/ticker/ticker.css
IP
GET /rs3/66/frm/jquery/ticker/ticker.css HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/css;charset=UTF-8
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=390
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:29 GMT
last-modified: Tue, 27 Aug 2019 14:00:13 GMT
vary: Accept-Encoding
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 992520
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GVpoztgNWFXJ8qomW1LL%2FYg7s6gm7IdvgnQX8XHhmbk8VyLT90YTApdpXSw9VzZvEWlgzJSdZ14OY2lhkluDGPITccvmprwWeq6wzBU7bhc6jrdPFTbKzGIQYRAX5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77477ea63952b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
never.roo7.biz/media/system/js/caption.js
404 Not Found 0 B URL HTTP/2 never.roo7.biz/media/system/js/caption.js
IP
GET /media/system/js/caption.js HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/t432-topic
Cookie: exadd=167020
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Tue, 03 Jan 2023 21:04:29 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 7B1C:D2D3:4824A8:4A013B:638A8635
vary: Accept-Encoding
x-fastly-request-id: 13302c302e4dcbfe7e16260e2cd5983d6eec8ece
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false
200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false
IP
ASN #200478 Taboola.com ltd
GET /sync?dast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401
X-Firefox-Spdy: h2
never.roo7.biz/t432-topic
200 OK 0 B URL HTTP/2 never.roo7.biz/t432-topic
IP
GET /t432-topic HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:28 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Sun, 04 Dec 2022 00:00:00 GMT
last-modified: Sun, 04 Dec 2022 21:04:28 GMT
vary: User-Agent
set-cookie: exadd=167020; expires=Mon, 05-Dec-2022 01:04:28 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/lang/ar.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/lang/ar.js
IP
GET /rs3/66/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:36:20 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 991689
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWFM98jC37e0vVT%2BGUOSdh3GlfEXeUTgVATIDN8oSCqhzqe4eQrBbTvTECa4MhfGRxRs4vErnNvPqX5voVN7hyGpExckvWFmMdZPK7%2FbjyOwVnEs0Dw9uJ2IuX%2FH4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea61908b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
never.roo7.biz/sw.js
200 OK 0 B IP
GET /sw.js HTTP/1.1
Host: never.roo7.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://never.roo7.biz/t432-topic
Connection: keep-alive
Cookie: exadd=167020; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.1623371928.1670187868; _gid=GA1.2.1426859323.1670187868; _gat_gtag_UA_144347007_1=1; _gat_gtag_UA_12871446_1=1; trc_cookie_storage=taboola%2520global%253Auser-id%3D94d05245-c624-4d52-871f-e6912de50c38-tucta8690df
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:32 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery//ticker/ticker.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery//ticker/ticker.js
IP
GET /rs3/66/frm/jquery//ticker/ticker.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=8803
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:26:05 GMT
last-modified: Tue, 27 Aug 2019 14:00:13 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 992304
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vjWsK2Lezu4Kwyy8mPpGCsQBTHTwoi8Vtc%2B2KDyoyzLrQ1VMInnEUaU%2BtUuY%2BfPgg%2F%2BooI%2FdPNNdJX8KxdPfxESUY%2BwiVvjsXB9FXoOFXCbx%2FJymqfaHwBIlAEsKzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ea6495db506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=21%3A04%3A28.688<i=deflated&data=%7B%22id%22%3A787%2C%22ii%22%3A%22%2Ft432-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670152012754%2C%22vi%22%3A1670187868685%2C%22cv%22%3A%2220221204-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22vpi%22%3A%22%2Ft432-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7672%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A240.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A7423.39990234375%2C%22mw%22%3A728%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft432-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
200 OK 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=21%3A04%3A28.688<i=deflated&data=%7B%22id%22%3A787%2C%22ii%22%3A%22%2Ft432-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670152012754%2C%22vi%22%3A1670187868685%2C%22cv%22%3A%2220221204-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22vpi%22%3A%22%2Ft432-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7672%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A240.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A7423.39990234375%2C%22mw%22%3A728%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft432-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP
GET /forumotion-ar/trc/3/json?tim=21%3A04%3A28.688<i=deflated&data=%7B%22id%22%3A787%2C%22ii%22%3A%22%2Ft432-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670152012754%2C%22vi%22%3A1670187868685%2C%22cv%22%3A%2220221204-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fnever.roo7.biz%2Ft432-topic%22%2C%22vpi%22%3A%22%2Ft432-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A7672%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A240.39999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A7423.39990234375%2C%22mw%22%3A728%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft432-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:31 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187871.252558,VS0,VE266
vary: Accept-Encoding
x-vcl-time-ms: 266
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&cmcv=&pix=undefined&cb=1670187870290&uv=3245&tms=1670187870290&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9406f800-d754-43ca-be2a-671e99c8fb12&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&cmcv=&pix=undefined&cb=1670187870290&uv=3245&tms=1670187870290&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9406f800-d754-43ca-be2a-671e99c8fb12&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&cmcv=&pix=undefined&cb=1670187870290&uv=3245&tms=1670187870290&abt=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=9406f800-d754-43ca-be2a-671e99c8fb12&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187873.775892,VS0,VE23
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670187870261&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670187870261&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670187870261&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=-507397683&tz=0&viewable=true&ddast=V7Td4CFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJLnxbEa-jWGt241ma9HIsltLjCuXW7NwDYa75cI4G26GQJIbz2bk2xjWut1othaNLLu1xLhyuTUL12C4Wy6Ms-FmChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXi932V6Wu-Tv980lTutfdNpM1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfScLYpAVV90QFTAWMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAChNz1bXJbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD4SMk4nDMxyuHBvfaDkxOSyD1cxmmK08K5NnMHFuj7AkeVEayIWxL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIk6ORYTUZrdYa22S0Fo1ck7Vwt5i5VbblYjJyuQYbz3Aten1MD-NsORjZvCgYsLEXydMinSh3y9VmsJztVh7LcrWxWSwe42jkWHlcvo1tsVhOxBLNySKdyC77knEycXiGw5Vj4xstJyaHZbCa2QyzlWdl8gwmzn1zNDKsJqPVWmObjNaikWuyFu4WM7fKtlxMRi7XYOMZrkWvj-lhnC0HI5u_MdsNFsPdcLfYN2a7wWK4G-4W-w6d4bv6nI3O4HjiMTkrwsxmZ3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96LSZrEV_w9NjEUsEp4t0InoZTxf1HxlyMVcO5qLJXLEarRIAAAAAAAAAwBLmzJsAAAAAnAYyGmyGq3UeyGA52C1XywWAcPbS_cHjnReLLIzfRSXCd8chRBsrbvy4wfyW19tvevrtboXlygAP1OTMmz8TxFqtljUAAIAANgAAQAC3bt4CsJn4_____zgAAAAZOXoAAADxfSCoY4UeuNFr!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!Noappq22_vB!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fnever.roo7.biz&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1471
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187873.750135,VS0,VE146
vary: Accept-Encoding
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2775
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlYo3egCBxaSVijfmQljzktqgOpa4794wvGyidcaYSuoyrvms1K4OlG7qIrC9sUW0W3YTiSAru7u89d%2BMh5JryYSUg6yHiXrnHK2Xfpho%2Bgmt1%2F7iuSMXFseMkNPcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77477ebf18960af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Mon, 05 Dec 2022 21:04:29 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic&encoded=1&uid=94d05245-c624-4d52-871f-e6912de50c38-tucta8690df&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670187869575&tagid=&cntry=NO&platform=1&sesid=d82ba388e1c749bda205ff06e3ed30b9&itemid=/t432-topic&viewid=1670187868685&geolat=&geoing=&deviceifa=&appid=&sd=v2_d82ba388e1c749bda205ff06e3ed30b9_94d05245-c624-4d52-871f-e6912de50c38-tucta8690df_1670187871_1670187871_CNawjgYQ3pxDGI3E0ffNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=0d4e7be0ca6c4b18f41a9efaf82c59f3&appname=&cdb=&gdprApplies=true&rid=&sii=-6321654274887227293&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=
200 OK 0 B URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic&encoded=1&uid=94d05245-c624-4d52-871f-e6912de50c38-tucta8690df&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670187869575&tagid=&cntry=NO&platform=1&sesid=d82ba388e1c749bda205ff06e3ed30b9&itemid=/t432-topic&viewid=1670187868685&geolat=&geoing=&deviceifa=&appid=&sd=v2_d82ba388e1c749bda205ff06e3ed30b9_94d05245-c624-4d52-871f-e6912de50c38-tucta8690df_1670187871_1670187871_CNawjgYQ3pxDGI3E0ffNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=0d4e7be0ca6c4b18f41a9efaf82c59f3&appname=&cdb=&gdprApplies=true&rid=&sii=-6321654274887227293&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=
IP
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fnever.roo7.biz%2Ft432-topic&encoded=1&uid=94d05245-c624-4d52-871f-e6912de50c38-tucta8690df&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670187869575&tagid=&cntry=NO&platform=1&sesid=d82ba388e1c749bda205ff06e3ed30b9&itemid=/t432-topic&viewid=1670187868685&geolat=&geoing=&deviceifa=&appid=&sd=v2_d82ba388e1c749bda205ff06e3ed30b9_94d05245-c624-4d52-871f-e6912de50c38-tucta8690df_1670187871_1670187871_CNawjgYQ3pxDGI3E0ffNMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=0d4e7be0ca6c4b18f41a9efaf82c59f3&appname=&cdb=&gdprApplies=true&rid=&sii=-6321654274887227293&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv= HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://never.roo7.biz
Connection: keep-alive
Referer: https://never.roo7.biz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1403
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://never.roo7.biz
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Dec 2022 21:04:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1654-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670187872.036952,VS0,VE30
vary: Accept-Encoding
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 21:04:29 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101477
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true
200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
GET /sync?dast=V7buECFgMYx1sv0Bn15QQYx1sv0Bn15QUAAAAGBuIHJDkazGbGwWAt8q1Ga9Fm43BLXJaFW7ZbrJzLjXFmcUyGQDIW48gw8Q3WKsNutBatDLO1cOTauEUmx8jjWrhWs9lmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3ernL9rLcJX-_by5xWv-i02ayFv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGCviBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIvenfXsIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQ2-h1WhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZJxMHJ7hcOXY-EbLiclhGaxmNsNs5VmZPIOJc3uEJcmL0kAujH0ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwuRoZFhNRqu1xjYZrUUj12Qt3C1mbpVtuZiMXK7BxjNci14f08M4Ww5GNi8KBmzsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77EvGycThGQ5Xjo1vtJyYHJbBamYzzFaelckzmDj3zdHIsJqMVmuNbTJai0auyVq4W8zcKttyMRm5XIONZ7gWvT6mh3G2HIxs_sZsN1gMd8PdYt-Y7QaL4W64W-w7dIbv6nM2OoPjicfkrAgzm53NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU4EI9PKN3EZNg7bxjRxDGemxcK5sjlsxsnGtZx5JmKJ0nSRTvSi02ayFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_eLzzYpGF8buoRPjuOIRoY8WNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cP9ESpF37kSgE!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://never.roo7.biz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 21:04:33 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3408
X-Firefox-Spdy: h2
178.33.43.178
94.23.76.111
142.250.74.110
104.21.84.149
139.45.195.253
18.159.93.136
141.226.228.48
23.36.76.226
2.23.134.137
185.106.33.48
34.246.116.79