vip-560.rigala.net/t11-topic
301 Moved Permanently 0 B URL HTTP/1.1 vip-560.rigala.net/t11-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t11-topic HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 10:52:19 GMT
Content-Length: 0
Location: https://vip-560.rigala.net/t11-topic
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5413
Expires: Mon, 28 Nov 2022 12:22:32 GMT
Date: Mon, 28 Nov 2022 10:52:19 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5983
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:19 GMT
Last-Modified: Mon, 28 Nov 2022 09:12:36 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4190
Expires: Mon, 28 Nov 2022 12:02:09 GMT
Date: Mon, 28 Nov 2022 10:52:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 10:17:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2073
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Cdayaobt4m0A3/j7ElR6z54OdmMq1jgkiTaNkPsqMNl1XN+3qCBsH8FQhCrjy6biylE5apVYcKCt6sHnqygGRw==
x-amz-request-id: XNY3BW83856P7K62
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 10:45:00 GMT
age: 439
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1d22508c3c6c6444aab5ab4042112b21
8792b6bdfabba76efbb4a259632445257c0de47d
c360939eceef5e2354ac0d718c1f71a8e7df3b542555586c90c99049fde558af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C360939ECEEF5E2354AC0D718C1F71A8E7DF3B542555586C90C99049FDE558AF"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3138
Expires: Mon, 28 Nov 2022 11:44:37 GMT
Date: Mon, 28 Nov 2022 10:52:19 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 46dfeb99d2b2c9ca85edb6e00d85d75a
557ea9537e437577fb5bb7b2ee60810ef039a74e
d894b63fdd497b1655f295485e40e45f7771a34c695dc6f48e0be089def84e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5356
Cache-Control: max-age=159236
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "638448fc-116"
Expires: Wed, 30 Nov 2022 07:06:16 GMT
Last-Modified: Mon, 28 Nov 2022 05:37:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 46dfeb99d2b2c9ca85edb6e00d85d75a
557ea9537e437577fb5bb7b2ee60810ef039a74e
d894b63fdd497b1655f295485e40e45f7771a34c695dc6f48e0be089def84e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5356
Cache-Control: max-age=159236
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "638448fc-116"
Expires: Wed, 30 Nov 2022 07:06:16 GMT
Last-Modified: Mon, 28 Nov 2022 05:37:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 278 B IP
Hash 46dfeb99d2b2c9ca85edb6e00d85d75a
557ea9537e437577fb5bb7b2ee60810ef039a74e
d894b63fdd497b1655f295485e40e45f7771a34c695dc6f48e0be089def84e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4033
Cache-Control: max-age=157913
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "638448fc-116"
Expires: Wed, 30 Nov 2022 06:44:13 GMT
Last-Modified: Mon, 28 Nov 2022 05:37:00 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 678c944e1c5a9c889e4cb7ba683992fa
44e621b053ac37cde2a4b70a30f5731bcf0bba0b
2542126500edf7f07fd986bdca7fc7d035edcf1fbab902a617afe4fee6225444
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1721
Cache-Control: max-age=128616
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "6383df93-116"
Expires: Tue, 29 Nov 2022 22:35:56 GMT
Last-Modified: Sun, 27 Nov 2022 22:07:15 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 278
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 21:54:50 GMT
expires: Sat, 25 Nov 2023 21:54:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 219450
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=
200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=
IP
File type ASCII text, with very long lines (1921)
Hash 59a0562c1c08822393e94f25105c7919
7af8e645d559bdc8122354d54b36603ad6ad86e9
003afef0d3081f372833c284e5ada9bf49352d45991cbc4659f4ce23a5a91670
GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 10:52:20 GMT
expires: Mon, 28 Nov 2022 10:52:20 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 37485
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
File type ASCII text, with very long lines (1921)
Hash a35293bc2ac21deb69a6dae71b7ca9f7
409ca8097d878170af8bb72ec16a1602eaaaa9ff
d49f53b905b41af2e32e157c4aaa0e4830464073c3d38bb8dd9977bdc32473c0
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 10:52:20 GMT
expires: Mon, 28 Nov 2022 10:52:20 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43679
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vip-560.rigala.net/0-rtl.css
200 OK 55 kB URL HTTP/2 vip-560.rigala.net/0-rtl.css
IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 4c5e3534c47711a5f8a8ae4421783aa3
1a939faaf0d527a1da0b9a416645860905ecc998
169e133356143965af39b2d82851e40784c17d2ab61ee1e4b008a669234476d6
GET /0-rtl.css HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/t11-topic
Cookie: exadd=166964
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: text/css
content-length: 54732
last-modified: Mon, 28 Nov 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/i/empty.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3711
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obS1AcafOe7DoIVInZSKBwI3%2FG42%2Fby%2F4avyOFguSbaScKVi2ddi%2F4f256EYEDeDGU7mPGb9ntW4Tsbu2BeA3IEBreREqDdJqeAqkc2VKwixKj9%2B3Tq48G0h1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbc376bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_minitime.gif
200 OK 298 B URL HTTP/2 2img.net/i/fa/subsilver/icon_minitime.gif
IP
File type GIF image data, version 89a, 12 x 9\012- data
Hash 71647c2ce78f706f8b4b0d84b3369cf5
18fe4a449c64acf98e9570486627f29d3884dff9
de0294a906e3fa470d188c8d596e3a5fc3efc59bab8080506015498db73c18e6
GET /i/fa/subsilver/icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 298
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-12a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3684
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1o4ZKY8MDx8HwExzNAyj9nxl%2FFt71ioBSjfrM2xyYuiBu8ouIihRDuDQkKZ59T%2Bd6eadJlUBtbUtUNwFG76cIDrrUGYMtuutbYK8i43c7W%2BHGvUsFyy7OXXDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbc576bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_mini_index.gif
301 Moved Permanently 178 B URL HTTP/2 2img.net/i/fa/subsilver/icon_mini_index.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /i/fa/subsilver/icon_mini_index.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 10:52:20 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 2710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnofgZjiB9aSW57hpFzgpJMeoe%2BQ5Lxb7z8JWPQU%2Ft2xMzaM2OIbfVShLghiHOtUowR8LhvC5dCiCViVpZwDX49deShivbj8%2BJxTnMy6Ap6Kyis6pOOQqnGfhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbbc76bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/revaz-dark-orange/icon_mini_login.gif
200 OK 556 B URL HTTP/2 2img.net/i/fa/revaz-dark-orange/icon_mini_login.gif
IP
File type GIF image data, version 89a, 12 x 13\012- data
Hash 5b919fb7fb6df466c56098cd62df952e
e015f19c01c06ab852ae8d1faf0d57eb3a49b87e
b62e571861e12fb82ddc04b8118c9674e3d2c9bbe40e45dfa250f14332754450
GET /i/fa/revaz-dark-orange/icon_mini_login.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 556
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-22c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKqZaga7Z62TGB42E25GB%2FMj%2Fx90yCuwaLrdbOlhN5MQqm7Ux77J3BgF%2FQU4pTrq8KUEgTsvQbd1SrTnp7HHjGiDKmUwthnU55TPe6aTMwbo7rE5j6wWso5MzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbcc76bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/revaz-dark-orange/icon_mini_register.gif
200 OK 558 B URL HTTP/2 2img.net/i/fa/revaz-dark-orange/icon_mini_register.gif
IP
File type GIF image data, version 89a, 12 x 13\012- data
Hash f4164689c7c8e21b80797f0390c5354c
9914482688c377eff61a31458a16b646cd4ff34f
ba387608b1cd5ac3fb9ec7a5639133cf0786402ddf533bad400fa0f54adcde42
GET /i/fa/revaz-dark-orange/icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 558
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-22e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rBNVWWYPEAxDOb4gKUkIJW7Hpm5Kw%2BVuS%2B6TQwqOnFR0DBWG38O7yyNmKMJ6VJLfR4i283bLptGm9fbirOcqaXa%2BCFxYXbkGv8WiBLsJGqvEpSyyuBGhTBqYGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbba76bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 10:08:55 GMT
cache-control: public,max-age=3600
age: 2605
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
2img.net/i/fa/revaz-dark-orange/icon_mini_portal.gif
200 OK 85 B URL HTTP/2 2img.net/i/fa/revaz-dark-orange/icon_mini_portal.gif
IP
File type GIF image data, version 89a, 13 x 13\012- data
Hash 6bb1eaa18a897c00cde58673bd750e67
ad5071c5c5b7b46f73b315c87680a772db988ba7
0528244f616ad211620d1957f1aba33af692e987f89ebbd8872b5c1ad5261548
GET /i/fa/revaz-dark-orange/icon_mini_portal.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 85
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-55"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N93dxQw05I0RQNKOm0CIHlTYyq%2BtBRLCMOCSfA4UqOkrLIt5xB%2BOMed83mJocWPZ8UUulNGE815gOJ8TfmHy256vnXDlcYXsLCIre2SoSM6%2ByawZ1e2v4fOrmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbbf76bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/revaz-dark-orange/icon_www.gif
200 OK 1.5 kB URL HTTP/2 2img.net/i/fa/revaz-dark-orange/icon_www.gif
IP
File type GIF image data, version 87a, 55 x 19\012- data
Hash 9dd41078b46fecd0336ae2513f1ce83d
861b1a6b3592ca9d1931d5ae4f0c012e88a76e6d
482a313a02f412bfdf9ea449276eac1c142df044d50f258fdd84c0f1c469dac8
GET /i/fa/revaz-dark-orange/icon_www.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 1483
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-5cb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJsTb0mQXor9O8GHZx4yfBXRiqCHX%2FjKEOO3D%2FF0nE0ZgXynr2F4bffLv7XStKB%2Fg2XZcGzQBXuxOOd7A%2BLer2GnOzq1qdrH9QN8rfxdQMGTCIr5kqQtiKi5NA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbc976bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/revaz-dark-orange/icon_mini_gallery.gif
200 OK 90 B URL HTTP/2 2img.net/i/fa/revaz-dark-orange/icon_mini_gallery.gif
IP
File type GIF image data, version 89a, 12 x 13\012- data
Hash 6709698e683861188156f4594c88187c
ebf694a84b86cea51f9ac21ca98dbeb31a383f96
5b07c4ee5cdc68b9a7011f7b3fbc2858b0c2585448bb38729e3225d4d223a6a0
GET /i/fa/revaz-dark-orange/icon_mini_gallery.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/gif
content-length: 90
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-5a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FyO5M4Uo5IgQQmPlS4A5A4S9g79iGAdhYkcRNLwOR3jAwITF%2FBjxh2wuxCUjxoxTFdK%2BWh77UZEJqyMoaPv3tgyVM4vrm%2FQF0noXqnDMKDtHPzDgpANSuUd%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2dbc176bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 678c944e1c5a9c889e4cb7ba683992fa
44e621b053ac37cde2a4b70a30f5731bcf0bba0b
2542126500edf7f07fd986bdca7fc7d035edcf1fbab902a617afe4fee6225444
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1721
Cache-Control: max-age=128616
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "6383df93-116"
Expires: Tue, 29 Nov 2022 22:35:56 GMT
Last-Modified: Sun, 27 Nov 2022 22:07:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
2img.net/i/default.png
200 OK 977 B IP
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 68740394c6718e3d6587d038d20d51a9
149fff376f6ed06d10c19b41ac3ce8dd97256d48
d28f3347aa8d5ef1cff4e57c589a8ce825b4350e1667d9808a29fa8c89d8e96b
GET /i/default.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: image/png
content-length: 977
last-modified: Sun, 10 Jun 2018 21:44:20 GMT
etag: "5b1d9bb4-3d1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3703
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42RtOh%2FHcP1Vq%2FCKa0btQtZ3d7VIG9Q0zxsuGHKIVop1IxyOq75csmNVzc182zj2n%2FXG5r6ABoCIVcPpN%2FlQJ7DcNGKsTTUGzxoyQmYRqilfYj8%2FMZmbzdWPug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db3bd4d76bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 75d97500fe879daf61bf2c67d36f02ed
fd298eb14510dd7805bb297c273f53891bc35eb7
146967f865b3e264713fb722c281abf207ab603ce6623c40ea49b9a3e657246b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1266
Cache-Control: max-age=126736
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "6383da02-139"
Expires: Tue, 29 Nov 2022 22:04:36 GMT
Last-Modified: Sun, 27 Nov 2022 21:43:30 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 471 B IP
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5228
Cache-Control: max-age=171703
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:34:03 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
200 OK 1.2 kB URL HTTP/2 illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP
File type ASCII text, with very long lines (1011), with no line terminators
Hash 1f5d9dda5afa7dbdc4131134acc3e636
69f3e888d409d158d873a37f500dd52b1de10f87
2b4589265c6c5d8e2b32d1308f1ffc8988a95b31add55364dde87a36022b8b97
GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 437397
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovs%2FPINkAwbEyBpSu3%2BVDiChyR0m41CO5HhnxPknRIo7WcddVjxzQszaI9bHosNr9Wo998wmsxKFNfpMFxAv9y09zViVmHbXYdIgFW2Sxhdw%2F1xLJTSWTFgwnKcLNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db248540b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d8e0cdde106825e0610f7731f512673e
4d597d7aa7063c2cf0cad287a9bd59c6cf72c8a3
f1933b4ed2da261683a4a2c9677521333c80ba8c1f9673141b4c15c02a49b305
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F1933B4ED2DA261683A4A2C9677521333C80BA8C1F9673141B4C15C02A49B305"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12180
Expires: Mon, 28 Nov 2022 14:15:20 GMT
Date: Mon, 28 Nov 2022 10:52:20 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 280 B IP
Hash e0ad49e5de398d45c499b28ef800b606
90e834e61473cd1cb908f873c215a091abfe6b8c
6faaa921da82b35ffad1b1e3a6e0ca824a59e392d8b8b88560fd0fde3e652957
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5159
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Etag: "63841bf6-118"
Last-Modified: Mon, 28 Nov 2022 09:26:21 GMT
Server: ECS (amb/6BBC)
X-Cache: HIT
Content-Length: 280
cdn.viglink.com/api/vglnk.js
200 OK 29 kB URL HTTP/2 cdn.viglink.com/api/vglnk.js
IP
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 28567
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Wed, 23 Nov 2022 00:22:48 GMT
cache-control: public, max-age=604800
etag: "072eaf64a771815874455704fca9301b"
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XANK4xrRiXhqlSdlmgXt8F6mxq_dwZszqU12y-vGoe3Kk7yih7eWxA==
age: 469773
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash e0ad49e5de398d45c499b28ef800b606
90e834e61473cd1cb908f873c215a091abfe6b8c
6faaa921da82b35ffad1b1e3a6e0ca824a59e392d8b8b88560fd0fde3e652957
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5159
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:20 GMT
Last-Modified: Mon, 28 Nov 2022 09:26:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
cdn.taboola.com/libtrc/forumotion-ar/loader.js
200 OK 26 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
File type Unicode text, UTF-8 text, with very long lines (65465)
Hash 3ff01933c06ce1024e87c2923d883224
f4ec53d5b98734950199527bb35e9bf731411208
c218aebf46d8e85aad20f907a4ef34766628cb60f2cb2008672fa0a9b9a46bb5
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "704714fc41d9635fa81d0524f48fde4324a4e6bf"
last-modified: Mon, 28 Nov 2022 10:01:52 UTC
x-amz-id-2: lfrIua6mrYBGe8PJRpAp92JADLJo+UDGI+cupaHOLeQHsYfegcHmkYxqXt4c4nBCee3zumARRik=
x-amz-request-id: DF2F83A6FKVG0JBS
x-amz-version-id: nD6EhDmOYwu.YIkyhN4324ihUSyRDqKY
x-from-cache: 1
x-envoy-upstream-service-time: 6
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:20 GMT
via: 1.1 varnish
age: 802
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669632741.954684,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 28
content-length: 25520
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IdyjZpK9VP3c1xf6ipXB6w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m8TxOB9EPfwo0lRfc3JAGH7JV8w=
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 28 Nov 2022 10:41:08 GMT
expires: Mon, 28 Nov 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 672
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash fccdc9d595df75bfa103ba6c111345e1
55f48f6d8e5ed539b8feaa9fbeceb23edf23561b
15b3fb717cf37be0bf3a9da7e5fdf720b1124d2ea13c2afa01e9edc37c5c5b2e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6035
Cache-Control: max-age=93301
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Etag: "638344c7-139"
Expires: Tue, 29 Nov 2022 12:47:22 GMT
Last-Modified: Sun, 27 Nov 2022 11:06:47 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=97903011374
200 OK 161 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=97903011374
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 6c89663c153d92509626cb863f948200
28176b80528c1d2d9602bf85bf49432fdb87468a
35df61ee5db16449f4f0b2f7135dd36507a8fbeacd9b314f72855a20d1fbf579
POST /cdb?ptv=132&profileId=206&cb=97903011374 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 566
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://vip-560.rigala.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 161
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221123-12-RELEASE.js
200 OK 147 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221123-12-RELEASE.js
IP
File type ASCII text, with very long lines (65508)
Size 147 kB (146719 bytes)
Hash 904c07e2ad078475f5f0a256419511e5
c34c5e6be735ac05d9572b9a98561ca19dcc98da
841817ee428c9d259f418d8e2805450c97cd6e6548f7f083a16a4b11ea76df17
GET /libtrc/impl.20221123-12-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: MtyUsBojk2Od3C3gvH0pQL5SalZdrjGPpQq5oAaI9Ve8ZVaszu1oi0YQ+ZrXp/2kGU5ia8HCSFI=
x-amz-request-id: NP1MXXERY9EHWSV5
last-modified: Wed, 23 Nov 2022 10:42:32 GMT
etag: "904c07e2ad078475f5f0a256419511e5"
content-encoding: br
x-amz-version-id: cbtduEK2OIShsr8wnH7.Bhkyke8_mnUO
content-type: application/javascript
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
age: 460
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 14
x-timer: S1669632741.026512,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 80
server: AmazonS3-br
content-length: 146719
X-Firefox-Spdy: h2
vip-560.rigala.net/images/icons-180.png
200 OK 6.1 kB URL HTTP/2 vip-560.rigala.net/images/icons-180.png
IP
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82
GET /images/icons-180.png HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/t11-topic
Cookie: exadd=166964; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 28 Nov 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash cea266a0674d59046c56fa2aaf757650
62e65988e6dc664bbfdb8b72a77eb1d911e3064c
2a8a2753bd05425b7d0eb4e3ec51c360e4f0717295a828bdab817a48ab608393
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=168055
Date: Mon, 28 Nov 2022 10:52:21 GMT
Etag: "63846954-1d7"
Expires: Wed, 30 Nov 2022 09:33:16 GMT
Last-Modified: Mon, 28 Nov 2022 07:55:00 GMT
Server: ECS (nyb/1D17)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8F3KNyV65jbfHFZHm7yY35rwU4idAftMFHPsgdLevAZT8-p1tXGVJg==
Age: 5896
api.viglink.com/api/ping
200 OK 259 B IP
File type ASCII text, with no line terminators
Hash ef9aca39fa7ea4a5b9db7dc418e7696b
e5daa757a65bf70beecbe515cded595074968ed1
1e14b8e143131d84555c1eed371c6c532520274ac8e680e81d093d936da3ef96
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 136
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://vip-560.rigala.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:20 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A52%3A20.637&type=usage&msg=rtus&llvl=2&id=4314&cv=20221123-12-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A52%3A20.637&type=usage&msg=rtus&llvl=2&id=4314&cv=20221123-12-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=10%3A52%3A20.637&type=usage&msg=rtus&llvl=2&id=4314&cv=20221123-12-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
x-fastly-to-nlb-rtt: 23406
access-control-allow-credentials: true
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=vip-560.rigala.net
200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=vip-560.rigala.net
IP
Hash 511d60d4dfa9fa4a4ba13846c6272f0d
78fe7e813e6d972e541e13489ce33d7cb8ed6307
7af20cef011fd629819f5a02ca85e73c14b93c848628d4c6d57d3f9a2bc80086
GET /syncframe?origin=publishertag&topUrl=vip-560.rigala.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=fc909a90-e3f0-498b-a2c2-d5d8d91a292d; expires=Sat, 23 Dec 2023 10:52:20 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 710069
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221123-12-RELEASE.es6.js
200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221123-12-RELEASE.es6.js
IP
File type ASCII text, with very long lines (17842)
Hash 7b109af464fbdf498dd10ce263a219f2
0669b9a5b9dfe19cf3a791f5c193676a8bc26eda
753c51491e1f05dae134d483326fa50a6749d8ff8ebba26d19d48ccdec823589
GET /libtrc/userx.20221123-12-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: xbl0zdlgUn6X4WXC00IE9TAFv8wZIttaVKhdgdy73CgC//8Cx+ILtnE7l5A+ebxSYzILE+dPkdg=
x-amz-request-id: GS3H90CFPRR9YPEP
x-amz-replication-status: PENDING
last-modified: Thu, 24 Nov 2022 10:31:25 GMT
etag: "31dcd00c32ac53d01ad867975c3423ca"
x-amz-version-id: cihldzrJavE3tmVk6uJ_COOCEvF3MkXc
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
age: 60
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669632741.495398,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 80
content-length: 5397
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
ocsp.digicert.com/
200 OK 314 B IP
Hash 9f018ceccb2163a7089025014a17bf7d
d64256bd91f2d7c1a4f75ba360a0b03154ce1884
8fe7a3e1acbf4b648ba43e1dca8bb8b23cbf570e62598e5c0db1508d9b7f10e3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6006
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Last-Modified: Mon, 28 Nov 2022 09:12:15 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 314
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
200 OK 7.6 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash fcd25942feb3a50e16cd29daa5199aed
7297340899dea92ce5d1b6aeb06c109cfe7e9cb1
9c5190ba2800a59e1ffc2bdb961ea77485895925572a1fdca904a15b746e9176
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 428701243045603640453120565822597348905,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 428701243045603640453120565822597348905,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "7bb21f0eaca5c81b546efcbda6188b59"
last-modified: Fri, 30 Sep 2022 15:16:58 GMT
req-referer: https://news.am/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: c1713a477d15e1db8b17a1da51d77110
x-envoy-upstream-service-time: 86
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 4163469
x-served-by: cache-iad-kcgs7200135-IAD, cache-iad-kiad7000097-IAD, cache-lga21931-LGA, cache-iad-kjyo7100113-IAD, cache-bma1656-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 309, 1
x-timer: S1669632742.559572,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8c2d9cc1b6ed082b1a1c6bd064dbcf12.png
x-vcl-time-ms: 1
content-length: 7632
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&gjid=1681345425&_gid=648308016.1669632740&_u=YEBAAUAAAAAAACAAI~&z=1622980564
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&gjid=1681345425&_gid=648308016.1669632740&_u=YEBAAUAAAAAAACAAI~&z=1622980564
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&gjid=1681345425&_gid=648308016.1669632740&_u=YEBAAUAAAAAAACAAI~&z=1622980564 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://vip-560.rigala.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 28 Nov 2022 10:52:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//121clicks.com/wp-content/uploads/2020/05/comedy_wildlife_photography_awards_2020_best_entries_07.jpg
200 OK 16 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//121clicks.com/wp-content/uploads/2020/05/comedy_wildlife_photography_awards_2020_best_entries_07.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8d3784b2105c855d437698a27525bd70
146e23b8dcbd81128d7b2213b13c30449c2a99e6
625243061f1fc0c907fcaf2a941b1c38b90df253b4d8ae9ea230e980124f6c0d
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//121clicks.com/wp-content/uploads/2020/05/comedy_wildlife_photography_awards_2020_best_entries_07.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 582460853382641666561304374366493169212,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 582460853382641666561304374366493169212,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "eefef10635fb5dd0335b463e6fa49d8e"
expiration: expiry-date="Sun, 09 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Thu, 08 Sep 2022 09:33:22 GMT
req-referer: https://www.radio-senegal.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 680
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 6565154
x-served-by: cache-iad-kjyo7100070-IAD, cache-iad-kjyo7100070-IAD, cache-bur-kbur8200055-BUR, cache-iad-kcgs7200029-IAD, cache-bma1656-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 3, 0, 8, 1
x-timer: S1669632742.559608,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//121clicks.com/wp-content/uploads/2020/05/comedy_wildlife_photography_awards_2020_best_entries_07.jpg
x-vcl-time-ms: 1
content-length: 16342
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1055506774__YR5MkgEg.jpg
200 OK 8.1 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1055506774__YR5MkgEg.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash ad6cc9136e15a5105cc2dc7f75c877ad
4791faea173d73ec7f8e65d941ba88b8a56a8185
fe39981c0e5ded99df5de7d51ad75383a95729ce00cf0c4737f51fe153d35513
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1055506774__YR5MkgEg.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 560846273141074620399135485997866319627,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 560846273141074620399135485997866319627,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "048e719899f96edb360a3eb703454ab3"
last-modified: Wed, 09 Nov 2022 23:13:25 GMT
req-referer: https://www.games.msn.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: f450c8c94f06e7b0c4dc0ab271e2fcc7
x-envoy-upstream-service-time: 618
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 1588898
x-served-by: cache-iad-kcgs7200173-IAD, cache-iad-kiad7000088-IAD, cache-chi-kigq8000047-CHI, cache-iad-kjyo7100036-IAD, cache-bma1656-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 6, 1
x-timer: S1669632742.559600,VS0,VE3
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1055506774__YR5MkgEg.jpg
x-vcl-time-ms: 3
content-length: 8144
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=10%3A52%3A20.644<i=deflated&data=%7B%22id%22%3A10%2C%22ii%22%3A%22%2Ft11-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669286578896%2C%22vi%22%3A1669632740640%2C%22cv%22%3A%2220221123-12-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22vpi%22%3A%22%2Ft11-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3363%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A113.89999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3324.39990234375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft11-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
200 OK 5.5 kB URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=10%3A52%3A20.644<i=deflated&data=%7B%22id%22%3A10%2C%22ii%22%3A%22%2Ft11-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669286578896%2C%22vi%22%3A1669632740640%2C%22cv%22%3A%2220221123-12-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22vpi%22%3A%22%2Ft11-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3363%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A113.89999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3324.39990234375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft11-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP
File type Unicode text, UTF-8 text, with very long lines (15533), with no line terminators
Hash 60be9056e31406df69a0dac5e53c87db
c815d9019bd70a95ee0a815a4f9a87ab77f4000d
e8f6db40480fb8234f6f532896ad0d7e6e5825f3df2184894ecb10728b3b0f77
GET /forumotion-ar/trc/3/json?tim=10%3A52%3A20.644<i=deflated&data=%7B%22id%22%3A10%2C%22ii%22%3A%22%2Ft11-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1669286578896%2C%22vi%22%3A1669632740640%2C%22cv%22%3A%2220221123-12-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic%22%2C%22vpi%22%3A%22%2Ft11-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A3363%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A113.89999389648438%2C%22mw%22%3A0%2C%22amw%22%3A606.9500122070312%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3324.39990234375%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft11-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632741.228841,VS0,VE163
vary: Accept-Encoding
x-vcl-time-ms: 163
X-Firefox-Spdy: h2
api.viglink.com/api/domains
200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP
File type ASCII text, with no line terminators
Hash 87324b7667d532a51532cbf6555a9298
d716a74cf427e2cd58afeb91eb306edc4cf9c785
83eaaf7743742cd281524d2b2789271c5708194693a36d86827982b39208b1da
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 235
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://vip-560.rigala.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
cdn.taboola.com/libtrc/static/video/v1659348474/ypdkseqdlsfa29hkibtl.mp4
206 Partial Content 485 kB URL HTTP/2 cdn.taboola.com/libtrc/static/video/v1659348474/ypdkseqdlsfa29hkibtl.mp4
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 485 kB (485063 bytes)
Hash 08d0646cbe7a70e642c3843d647d2772
d3a6b881b79e740a5f2e1dfdecd230c10b9dabb4
ee9fa3f5820a4f6710c5d46291c4fc2eb5710936aa99f137917efbdda4e3df22
GET /libtrc/static/video/v1659348474/ypdkseqdlsfa29hkibtl.mp4 HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
x-amz-id-2: D86Z745n7eY10SZRmV50cUlxJpV6YwUZVPdqgCEPEwfpd4mr6M+089vNTgbxj5btJOEtNFD/Lp0=
x-amz-request-id: P1ZPDJ9C0BMSJXK8
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Aug 2022 10:08:00 GMT
etag: "08d0646cbe7a70e642c3843d647d2772"
x-amz-version-id: Fa5hnP52nIeW.XfUHRpbF2t.VWvOj.Wj
content-type: video/mp4;codecs=avc1
server: AmazonS3
accept-ranges: bytes
age: 29
content-range: bytes 0-485062/485063
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1669632742.590710,VS0,VE1
cache-control: private,max-age=31536000
abp: 80
content-length: 485063
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 1f5f46408bac27f96414a74d778c5370
98ebc4ad130b1888fd4a70a9409b46a43c5e16c6
da06dba3803f907cafcf41fd8bbb591aa050f9f9972f45e8f44575331dc9ba10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1292
Cache-Control: max-age=171006
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Etag: "638486d7-139"
Expires: Wed, 30 Nov 2022 10:22:27 GMT
Last-Modified: Mon, 28 Nov 2022 10:00:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
200 OK 5.3 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8dda9b30be9ac7bb78afd9daa3cb6b3e
812aa6bf0106a1c7b6a17eab9318eb2bcea73360
2ccfbd47cb5d34f50ca508024aad3d1496e3291fa3ea7586c6aad0eab228f14e
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 492138907706621124196904210773979421999,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 492138907706621124196904210773979421999,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "cb1515ca12798b002255fc880e0eda02"
last-modified: Wed, 10 Aug 2022 02:43:40 GMT
req-referer: https://www.radiosdelperu.pe/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: f7e3e42f9d74b551e1d3446cf4d9bb8d
x-envoy-upstream-service-time: 92
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 6928006
x-served-by: cache-iad-kjyo7100029-IAD, cache-iad-kjyo7100105-IAD, cache-lga21958-LGA, cache-iad-kjyo7100174-IAD, cache-bma1656-BMA
x-cache: HIT, HIT, HIT, HIT, HIT
x-cache-hits: 1, 1, 1, 125, 2
x-timer: S1669632742.656352,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
x-vcl-time-ms: 0
content-length: 5342
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.standard.co.uk/s3fs-public/thumbnails/image/2018/08/23/09/07-denisovacave-excavation-2cmpi-eva.jpg%3Fwidth%3D643
200 OK 13 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.standard.co.uk/s3fs-public/thumbnails/image/2018/08/23/09/07-denisovacave-excavation-2cmpi-eva.jpg%3Fwidth%3D643
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 73ad65023a279e291a3afa5f325f0bfe
197d1ae29d92ed37ce16ade06febc6996076aa69
29e446c58625dc4eb2ee3258bc964494774fc2b23ffc565fa470b2bacdbbe73a
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.standard.co.uk/s3fs-public/thumbnails/image/2018/08/23/09/07-denisovacave-excavation-2cmpi-eva.jpg%3Fwidth%3D643 HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 624194804926773089897974847917146764239,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 624194804926773089897974847917146764239,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "7c7f1758ad3710b6a06d94c278822b7b"
expiration: expiry-date="Tue, 15 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 15 Oct 2022 05:12:47 GMT
req-referer: https://funan.site/BigBrother/Article-1355
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 132
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 3314777
x-served-by: cache-iad-kjyo7100092-IAD, cache-iad-kjyo7100053-IAD, cache-chi-kigq8000033-CHI, cache-iad-kcgs7200021-IAD, cache-bma1656-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 1, 1
x-timer: S1669632742.655862,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//static.standard.co.uk/s3fs-public/thumbnails/image/2018/08/23/09/07-denisovacave-excavation-2cmpi-eva.jpg%3Fwidth%3D643
x-vcl-time-ms: 1
content-length: 13400
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/Dental_Implants_PR/IvQ1CilnmEshkXjem.jpg
200 OK 6.1 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/Dental_Implants_PR/IvQ1CilnmEshkXjem.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 627c4f8ed82ea8080f0780ddfff17f8a
282f513f0f0bd794f1054b9b9358e1cab9729692
6810ffcbe7cdc52e8e52f3a4c3ab85920b454c54f505f9c5eda7f20170b8aa5d
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/Dental_Implants_PR/IvQ1CilnmEshkXjem.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 486445879641726634139612898019930229327,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 486445879641726634139612898019930229327,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "8c5c68c0679d785547fafb90a59b75bf"
expiration: expiry-date="Sat, 24 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 24 Aug 2022 22:03:42 GMT
req-referer: https://espndeportes.espn.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 132
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
age: 6055694
x-served-by: cache-iad-kiad7000050-IAD, cache-iad-kiad7000040-IAD, cache-sna10730-LGB, cache-iad-kiad7000151-IAD, cache-bma1656-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 161, 1
x-timer: S1669632742.657026,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/Dental_Implants_PR/IvQ1CilnmEshkXjem.jpg
x-vcl-time-ms: 1
content-length: 6142
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 1f5f46408bac27f96414a74d778c5370
98ebc4ad130b1888fd4a70a9409b46a43c5e16c6
da06dba3803f907cafcf41fd8bbb591aa050f9f9972f45e8f44575331dc9ba10
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1292
Cache-Control: max-age=171006
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Etag: "638486d7-139"
Expires: Wed, 30 Nov 2022 10:22:27 GMT
Last-Modified: Mon, 28 Nov 2022 10:00:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash fb9963af5b3c525d68d5c87f0da8025b
c8d1f50313dddb0cea04745d762dac01718a026f
231ef2bc126d4f0cf0910147608f65ec32ee15f3cfdb6981f5fae66f33cfc519
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 10:52:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=639067046.1669632740&jid=1600071126&_u=YEBAAUAAAAAAACAAI~&z=927230587 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 10:52:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4c55a55699954365ace088d6561c5836
6ad393f3877fbd903ad9300386b0005d09544239
f0ddfae896188249b7eee4cc66b7493e36b3b075fc48fcd043deff5ba63d6ac1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0DDFAE896188249B7EEE4CC66B7493E36B3B075FC48FCD043DEFF5BA63D6AC1"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1220
Expires: Mon, 28 Nov 2022 11:12:41 GMT
Date: Mon, 28 Nov 2022 10:52:21 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 879cba431d8b6f2717a750acd5ca7156
1d4eb23583d48dd6801a104aa20046b34acd0efe
31223aada310e8d8e3fa41e22ee23019a07b362b3b062ccdc10600c22071bd78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7207a5076b63fb5f39b9436ced9fb18f
cdd84ecfe85882601e81f11783d9f63b30084de3
6d4543402df8135d5860ecd47dd52d96d66d2e1ac6feec11accb5f43f2da7d0d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Content-Type: application/json
Origin: https://vip-560.rigala.net
Content-Length: 382
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 37d722228723b2ccf06a23f0edae1603
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Content-Type: application/json
Origin: https://vip-560.rigala.net
Content-Length: 766
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1221d96ad4aac30e8dd1f9ecb3086207
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Content-Type: application/json
Origin: https://vip-560.rigala.net
Content-Length: 459
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6239d24557f074b162fd7a663a8a3beb
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 30 kB IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 2c9849adb9bb8775e07548817252661f
f4d1961da7f4b8a68222aa2471ef31d95e0eed63
72cccdc98af8ff6a4bd40215319fde3f8a6a049613b62f7bcc79ce85ca0c7846
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=rVmh2F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZm9WZlJMdkZTbER6eTFjV2t6ZTF3Q1A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=XSJSSV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZnE3VkdxU0IlMkYlMkJGa0tIRlVhVjFpcHRy; expires=Sat, 23 Dec 2023 10:52:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 343363
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A52%3A21.016&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=4065&cv=20221123-12-RELEASE<=deflated&pct=1
204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=10%3A52%3A21.016&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=4065&cv=20221123-12-RELEASE<=deflated&pct=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=10%3A52%3A21.016&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=4065&cv=20221123-12-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
x-fastly-to-nlb-rtt: 79735
access-control-allow-credentials: true
X-Firefox-Spdy: h2
api.viglink.com/api/domains
200 OK 42 B URL HTTP/1.1 api.viglink.com/api/domains
IP
File type ASCII text, with no line terminators
Hash 41683fce06b1e48e596ec13278ac7f0c
f117316f2ce8f96b6861c7268ff519aa034b1f32
1dfd321e102f8c039416eb7a12b130aa80f15fbce6d5583ae66c11f058115de3
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 292
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://vip-560.rigala.net
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash 8d8b15331315026393a08caf8f936461
2e4c5cc8ac6b5bd0388859e3c98978702a6ec491
79ce55527e6fa31129afec92c875c69ca36f9904a5bba3df8f0aabcd16f5ebc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2335
Cache-Control: max-age=165927
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "63846eee-116"
Expires: Wed, 30 Nov 2022 08:57:49 GMT
Last-Modified: Mon, 28 Nov 2022 08:18:54 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
gem.gbc.criteo.com/newidsd
200 OK 40 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 0f0d6d86330b343a08abd6f3e84b9094
1cc8dc2dc84a57711b4d7a27b810728f8c67042a
01f26e3dd77be046affd83c828189e6de403a1a5edc34ab246f9cf499cc4a4cf
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 94303
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e413346bdf4cea48847886fc7871e4d8
5d89ec3ae90ebf5069321bfc6fb0abeff77db028
85398a907af9d7c7041b28ec00595c5056ee3ecb51d9f09e4e75b6bfa0859d84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85398A907AF9D7C7041B28EC00595C5056EE3ECB51D9F09E4E75B6BFA0859D84"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8277
Expires: Mon, 28 Nov 2022 13:10:19 GMT
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash 8d8b15331315026393a08caf8f936461
2e4c5cc8ac6b5bd0388859e3c98978702a6ec491
79ce55527e6fa31129afec92c875c69ca36f9904a5bba3df8f0aabcd16f5ebc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2335
Cache-Control: max-age=165927
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "63846eee-116"
Expires: Wed, 30 Nov 2022 08:57:49 GMT
Last-Modified: Mon, 28 Nov 2022 08:18:54 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278
my.rtmark.net/gid.js?userId=92bdaacd9ea0497f852a440afbe5b4e2
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=92bdaacd9ea0497f852a440afbe5b4e2
IP
File type JSON data\012- , ASCII text
Hash 9713452cfa9563cfe9fd7020420dd5b2
45628912bbf1a257384a5188201e1aedba8e7e10
697dfa572758a64e85b24a74848390b1fe32f1f607c0da9f5b021249cdf98468
GET /gid.js?userId=92bdaacd9ea0497f852a440afbe5b4e2 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92bdaacd9ea0497f852a440afbe5b4e2; expires=Tue, 28 Nov 2023 10:52:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Mon, 28 Nov 2022 14:25:41 GMT
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Mon, 28 Nov 2022 14:25:41 GMT
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:16 GMT
age: 46266
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 46256
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56dccc9-321b-431e-8a92-49471e788b4b.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56dccc9-321b-431e-8a92-49471e788b4b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a8935783026c10470f60033d3a860f7b
65941dd34eb1063a3f7fe2b6790a11a484a06b9a
e88c706458faf5b5512212692392c7c1a0d8e60af62962267166f5cb60ee9c89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56dccc9-321b-431e-8a92-49471e788b4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11165
x-amzn-requestid: 9e35d865-adea-4d2a-b20f-beb014cdd42f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_JE2VIAMFYgQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-7cf4db38152cdfa1448cba3d;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: SFO5-C3, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lu-Pi2xJUPfkpTK0vCDauedxSM1ZrNzEKka2-4m6l7pDkt04gUgpnA==
via: 1.1 dec8fa38a453902521b941c7cd70d33c.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:56:40 GMT
etag: "65941dd34eb1063a3f7fe2b6790a11a484a06b9a"
content-type: image/jpeg
age: 46542
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74165307-11fe-455f-9c90-106d24a6495f.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74165307-11fe-455f-9c90-106d24a6495f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bb306213437ea24ab879adc9e3b6da4
771d38e18cdfa54052f7cb150b73c03154eb4368
d4cce7533fd59ef11fb8fec4bc114d5be0bacaa9134e3f1536e0d6bac1f58ffb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74165307-11fe-455f-9c90-106d24a6495f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6498
x-amzn-requestid: 2499eb0e-74c9-4c04-ba58-3e65fc452c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR8IwHU4oAMFaAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383da37-12f14e7a30bc1a75499cb272;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:44:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: m5GSRli35fewn4l-k0jyFEcru1VKJlDYddCrLEpp5YiQwaLXsXsQDw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:02:23 GMT
age: 46199
etag: "771d38e18cdfa54052f7cb150b73c03154eb4368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15bd53848c7082464273007e010c54e0
9a3ca698ca1aeae695923277ed2244465e01a1ea
36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10119
x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR782HEZIAMFTKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U_gitOWWMPO7M5Dd0WktaigfRERa93d86MhziLjZ2qnuON_K5NauyQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:37 GMT
age: 46665
etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vip-560.rigala.net/sw.js
200 OK 11 kB IP
Hash 0873256252ac20d384e835ade480f85d
689800b123b790fd81153b7b8059667dece1bca4
2b29b525b572a4942e1584ddb8896d0b1f1f23ac4c4b545d37e65ecf29486ce9
GET /sw.js HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/t11-topic
Connection: keep-alive
Cookie: exadd=166964; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.639067046.1669632740; _gid=GA1.2.648308016.1669632740; _gat_gtag_UA_144347007_1=1; trc_cookie_storage=taboola%2520global%253Auser-id%3D890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=31589837&cb=1669632741837&uv=3244&tms=1669632741837&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741837&mntl=1
200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=31589837&cb=1669632741837&uv=3244&tms=1669632741837&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741837&mntl=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=31589837&cb=1669632741837&uv=3244&tms=1669632741837&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741837&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-length: 0
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=31589837&cb=1669632741779&uv=3244&tms=1669632741779&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741779&mntl=1
200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=31589837&cb=1669632741779&uv=3244&tms=1669632741779&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741779&mntl=1
IP
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=31589837&cb=1669632741779&uv=3244&tms=1669632741779&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1669632738812!ts:1669632741779&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-length: 0
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:22 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://vip-560.rigala.net
server-processing-duration-in-ticks: 556797
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash c910a44bf58b708c25d146fd52adb8e9
374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5
3cf34029e6a112320130d154ac1291e49bcb4a80f0caaf84309456986f0adc77
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 13:33:17 GMT
Expires: Fri, 02 Dec 2022 13:33:16 GMT
Etag: "374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5"
Cache-Control: max-age=354653,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77128dbf8fedb4ee-OSL
status.geotrust.com/
200 OK 471 B IP
Hash 70769a33b18e1033cedc26d4fa3a38a2
61c4fa0388606db5dbb2c5134ebadf38439aa772
132cfd3a6feb72586fefb7601744eac07250529c78d69e47768c18a3228d2f34
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5234
Cache-Control: max-age=139678
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "6383fd12-1d7"
Expires: Wed, 30 Nov 2022 01:40:20 GMT
Last-Modified: Mon, 28 Nov 2022 00:13:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
200 OK 471 B IP
Hash 70769a33b18e1033cedc26d4fa3a38a2
61c4fa0388606db5dbb2c5134ebadf38439aa772
132cfd3a6feb72586fefb7601744eac07250529c78d69e47768c18a3228d2f34
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1033
Cache-Control: max-age=135477
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "6383fd12-1d7"
Expires: Wed, 30 Nov 2022 00:30:19 GMT
Last-Modified: Mon, 28 Nov 2022 00:13:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
200 OK 471 B IP
Hash 70769a33b18e1033cedc26d4fa3a38a2
61c4fa0388606db5dbb2c5134ebadf38439aa772
132cfd3a6feb72586fefb7601744eac07250529c78d69e47768c18a3228d2f34
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5234
Cache-Control: max-age=139678
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "6383fd12-1d7"
Expires: Wed, 30 Nov 2022 01:40:20 GMT
Last-Modified: Mon, 28 Nov 2022 00:13:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 899
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://vip-560.rigala.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
status.geotrust.com/
200 OK 471 B IP
Hash 70769a33b18e1033cedc26d4fa3a38a2
61c4fa0388606db5dbb2c5134ebadf38439aa772
132cfd3a6feb72586fefb7601744eac07250529c78d69e47768c18a3228d2f34
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5234
Cache-Control: max-age=139678
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "6383fd12-1d7"
Expires: Wed, 30 Nov 2022 01:40:20 GMT
Last-Modified: Mon, 28 Nov 2022 00:13:06 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
am-match.taboola.com/sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true
200 OK 1.1 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1102), with no line terminators
Hash a47ab5c61eb2f4757b3b1fe4be3caaa8
ce08cf89d3672bd48cc02a0d10fee1a1a6599111
470c20dd728e19685d002a88549e8b1d42621c509cb05adec998584fdec0085a
GET /sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/visible?route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2486
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632743.542324,VS0,VE87
x-vcl-time-ms: 87
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5085
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632743.533800,VS0,VE90
x-vcl-time-ms: 90
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
age: 11991
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1525
x-timer: S1669632743.620902,VS0,VE0
cache-control: private,max-age=31536000
abp: 80
content-length: 254
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcd2a8f8-6f0a-11ed-8247-1a7ccaea0506; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2a939-6f0a-11ed-8247-1a7ccaea0506
X-fe: 94
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcd2bdcf-6f0a-11ed-897a-1ebee0f60306; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2be35-6f0a-11ed-897a-1ebee0f60306
X-fe: 92
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcd29cc8-6f0a-11ed-b0be-162d46060406; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd29d08-6f0a-11ed-b0be-162d46060406
X-fe: 16
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bccd5922-6f0a-11ed-85dc-1ac857eb0506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bccd5922-6f0a-11ed-85dc-1ac857eb0506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bccd5922-6f0a-11ed-85dc-1ac857eb0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcd2cb79-6f0a-11ed-a9cf-190e06a80206; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 17
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
vidstat.taboola.com/vpaid/units/32_4_4/assets/css/cmOsUnit.css
200 OK 8.3 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_4/assets/css/cmOsUnit.css
IP
Hash a28320a69408adba1f01f56d6eb80708
8012c7108fab547cf31481cfda7cb49e654a0542
befbb274b7045e7e5791a4badbe46e1a2e367e6570da7cd0ac127acc4b8e8991
GET /vpaid/units/32_4_4/assets/css/cmOsUnit.css HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: Tu7zvQvlVVnEwkSooUSS92rZvmyUAEZxR3oBiraoqaUuiESAM0AK68SEyBs6RgbtEPeJQQljkTU=
x-amz-request-id: 03R85H2ETQ6JXV8F
last-modified: Thu, 24 Nov 2022 13:54:33 GMT
etag: "a28320a69408adba1f01f56d6eb80708"
x-amz-meta-ctime: 1669298072
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669298069
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
age: 334549
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 90376
x-timer: S1669632743.678923,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 8297
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_4_4/infra/cmTagWIDGET_ITEM.js
200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_4/infra/cmTagWIDGET_ITEM.js
IP
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127638 bytes)
Hash c84f37a3a16e6b0512178f454420974e
9c83474a724bfe81cf77769dce26b9eca706316b
de86ad2de6a7b3b859cd9698135b40b1be4187e50a008545be14d1d0c3cc202e
GET /vpaid/units/32_4_4/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 21wxBe4sE8cGQLUxmBLB2ARmodjGYQPPoZhNX69JZyMEbHdrXrB7RL/738ehVqCIU2tvQUi5q+M=
x-amz-request-id: 03RB6S7AXYM82XMN
last-modified: Thu, 24 Nov 2022 13:52:57 GMT
etag: "c84f37a3a16e6b0512178f454420974e"
x-amz-meta-ctime: 1669297976
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669297975
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
age: 334549
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 40849
x-timer: S1669632743.700527,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127638
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2a939-6f0a-11ed-8247-1a7ccaea0506
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2a939-6f0a-11ed-8247-1a7ccaea0506
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2a939-6f0a-11ed-8247-1a7ccaea0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcdc7e30-6f0a-11ed-a487-1348667f0406; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 141
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2be35-6f0a-11ed-897a-1ebee0f60306
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2be35-6f0a-11ed-897a-1ebee0f60306
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd2be35-6f0a-11ed-897a-1ebee0f60306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcdc4fc5-6f0a-11ed-94e6-186cd56e0306; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 54
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd29d08-6f0a-11ed-b0be-162d46060406
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd29d08-6f0a-11ed-b0be-162d46060406
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bcd29d08-6f0a-11ed-b0be-162d46060406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bcdc9dc7-6f0a-11ed-9d72-155da6fd0506; expires=Mon, 26-Dec-2022 10:52:22 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 91
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
date: Mon, 28 Nov 2022 10:52:22 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 3830e737e30e04e820e952502f3675a3
239d7a6d9a57aa8022a9b6f1ca77400d646aa2b8
70ccd41510623dda8291dc4f7853cc952e2d6daf532abca9063def7ad432f27a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6485
Cache-Control: max-age=112860
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "63838f6d-139"
Expires: Tue, 29 Nov 2022 18:13:22 GMT
Last-Modified: Sun, 27 Nov 2022 16:25:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 313
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 32de4d6b881c3573977dc16185e2557b
3883382d6f0be09796dfc3b830abe0c59b99628c
aa3a47845f8431c0c116d0810d4d3d89bff591875d0e564a71933ab0305bcc2e
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 02 Dec 2022 06:26:33 GMT
ETag: "3883382d6f0be09796dfc3b830abe0c59b99628c"
Last-Modified: Mon, 28 Nov 2022 06:26:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2625
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77128dc299dcb521-OSL
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
Vary: Accept-Encoding
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP
ASN #1299 Telia Company AB
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
Vary: Accept-Encoding
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:22 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP
ASN #1299 Telia Company AB
File type ASCII text, with very long lines (18728)
Hash fdd7647c113e262e451e18feb170144d
09902ac30f27b40177b4d93e4ab8372ff3851d78
3be574fd7560bb72fa81896137cc9f38f4ae979b4e0e60a9cfd4db840325a3e4
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 28 Nov 2022 04:05:02 GMT
Content-Encoding: gzip
Content-Length: 10066
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=61928
Expires: Tue, 29 Nov 2022 04:04:30 GMT
Date: Mon, 28 Nov 2022 10:52:22 GMT
Connection: keep-alive
Vary: Accept-Encoding
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 5c8551591e515d9029e8c9a29804eecb
1298f0c1b78880a93b57d06eeecddc8f668208b9
87bd2ac1ed0fcd041651ce64766499da60cc349352b42f5bf28ace8ef647a72a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 10:52:22 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 01:56:51 GMT
Expires: Sat, 03 Dec 2022 01:56:50 GMT
Etag: "1298f0c1b78880a93b57d06eeecddc8f668208b9"
Cache-Control: max-age=399267,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77128dc26bb7b4ee-OSL
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash fe86b8018454c0a16146cb30512eb8bd
b422a6472375b2943f500bfa4b5b1e9d2d254e9f
aee73affd7d77840bbc5b5ce97232c76329483ef0735f3be88533879bed32a97
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=115424
Date: Mon, 28 Nov 2022 10:52:22 GMT
Etag: "63839aa6-1d7"
Expires: Tue, 29 Nov 2022 18:56:06 GMT
Last-Modified: Sun, 27 Nov 2022 17:13:10 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hQJ08wQton7QVITAy7XNj6X4inY0WtBH3HzE8lN6p0cUz-13W1errQ==
Age: 6176
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
200 OK 87 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js
IP
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dcfe04133edaa84ac4a7356299134bf2
600265d1e188692d5cb0b9dbc828c708181bd3d8
1f50ba3994c74af69746c8db181597b9e74d7bb53c808ce9f7014facf0c59bfd
GET /vpaid/vPlayer/player/v14.8.8/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: DH4gCSpZOjdiQ2RHNdcZaQ1gWcI8EDnhtXKaFZT4JUmiFDacp53eylqcVHaDpMgh56JBtwAdvTI=
x-amz-request-id: M2DJX9S4FNAQPE8Z
last-modified: Thu, 27 Oct 2022 07:34:53 GMT
etag: "dcfe04133edaa84ac4a7356299134bf2"
x-amz-meta-ctime: 1666856092
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856080
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:23 GMT
via: 1.1 varnish
age: 184620
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 53065
x-timer: S1669632743.058266,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 87152
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash f887cd171920e391ec1eddecfb60855a
fe3ad3219554d4b346140a9c63c2e4e674dfd4da
b5a384caf1e5f5d6fff53d95644c91c6a58aa00319d2e13278fbec040d3f54cc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2710
Cache-Control: max-age=104713
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:23 GMT
Etag: "63837e5a-1d7"
Expires: Tue, 29 Nov 2022 15:57:36 GMT
Last-Modified: Sun, 27 Nov 2022 15:12:26 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ups.analytics.yahoo.com/ups/58534/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 10:52:23 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOeShGMCEDsDo_I0f5xvEHifvYr44FIFEgEBAQHkhWOOYwAAAAAA_eMAAA&S=AQAAAjIYKUZds0y64yd348WH_yU; Expires=Tue, 28 Nov 2023 16:52:23 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
206 Partial Content 91 kB URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:23 GMT
age: 3045507
x-served-by: cache-bma1656-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 1202380
x-timer: S1669632743.307553,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 10:52:23 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOeShGMCEAaF2bp35G5WuNJoOVZyAwMFEgEBAQHkhWOOYwAAAAAA_eMAAA&S=AQAAAtsPvf3umJGVIq1s3PGs8VY; Expires=Tue, 28 Nov 2023 16:52:23 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bd438378-6f0a-11ed-aa48-1f932c7f0106; expires=Mon, 26-Dec-2022 10:52:23 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bd4383d4-6f0a-11ed-aa48-1f932c7f0106
X-fe: 103
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bd442ab6-6f0a-11ed-8346-19da87bf0106; expires=Mon, 26-Dec-2022 10:52:23 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bd442af4-6f0a-11ed-8346-19da87bf0106
X-fe: 136
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
am-match.taboola.com/sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true
200 OK 928 B URL HTTP/2 am-match.taboola.com/sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (928), with no line terminators
Hash c17ee66d819b82cdecc4d2fd1acd44f3
0b1a77bd7514e807ee9dc0fb47e72bc89e9ee515
8d7ce7d41f3939e38ce2b582b79dfe76ef3143ae9bf2870c5d4a530f037b148b
GET /sync?dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bd442af4-6f0a-11ed-8346-19da87bf0106
204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bd442af4-6f0a-11ed-8346-19da87bf0106
IP
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=bd442af4-6f0a-11ed-8346-19da87bf0106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=bd4a1f38-6f0a-11ed-9a06-1f0541440206; expires=Mon, 26-Dec-2022 10:52:23 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 121
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cdn.taboola.com/scripts/cds-pips.js
200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:23 GMT
via: 1.1 varnish
age: 2906
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 4186
x-timer: S1669632743.489559,VS0,VE0
vary: Accept-Encoding
abp: 80
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 837ab321cb7d4d55b8f0bf9561969c53
6fb2b042e56579b60c3cdc42d3226adc972660d9
e08aa1b3487b0288b982117f1b79a102050b56a1fe8d6b7999563ebce72312a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1856
Cache-Control: max-age=139533
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:23 GMT
Etag: "638409b4-1d7"
Expires: Wed, 30 Nov 2022 01:37:56 GMT
Last-Modified: Mon, 28 Nov 2022 01:07:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
pips.taboola.com/
200 OK 4 B IP
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://vip-560.rigala.net
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
Content-Type: image/gif
cti.w55c.net/ct/cms-2c-rubicon.html?gdpr=1&us_privacy=1---
200 OK 13 kB URL HTTP/2 cti.w55c.net/ct/cms-2c-rubicon.html?gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (53556)
Hash 8974e4d91b50a8be2c3f32001ba7d48d
24538387df9c9f0811c7d275c419d909fb850954
ebdff3f1eb36e3953db7b49208c2b46079113e731db92b9f8b73d719c1e0b49f
GET /ct/cms-2c-rubicon.html?gdpr=1&us_privacy=1--- HTTP/1.1
Host: cti.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
age: 214653
cache-control: no-cache, must-revalidate
content-type: text/html
date: Mon, 28 Nov 2022 10:52:23 GMT
etag: "3055990060"
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Thu, 14 Oct 2021 17:36:30 GMT
p3p: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
pragma: no-cache
server: ECS (ska/F708)
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-cache: HIT
content-length: 12841
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 514 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 486d44306a8ae69aa9e99ec6bc4e3f8a
2a626da5aa640762f3a4f1a721b39cf6dad4b99d
a61e34e09a768d09df9def8c627243f6f296f414335cc4c9c72b621e448a5b16
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/Z-zJNL7qsHM
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Z-zJNL7qsHM
IP
Hash 87d3d44422b14ddf0ed555f87f13ea5e
273ace6b5f0736463081498559f9aa7b3da1823e
713694229e5e7ac0bdeb0756ff8719330b091e25080e84207858cd44609b536d
POST /s/gts1d4/Z-zJNL7qsHM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubiconcm.digitaleast.mobi/usersync/rubicon.gif?gdpr=1&us_privacy=1---
302 Found 130 B URL HTTP/2 rubiconcm.digitaleast.mobi/usersync/rubicon.gif?gdpr=1&us_privacy=1---
IP
File type HTML document, ASCII text
Hash be3452ce01f9a7fd4d2a6a0323161928
91db4419e712987caa31aa7896d59d81f070b458
4fd4db68fec1d0ee28e1a47e9785e520455989da881bb6a6f7c2da868ba6023b
GET /usersync/rubicon.gif?gdpr=1&us_privacy=1--- HTTP/1.1
Host: rubiconcm.digitaleast.mobi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: https://pixel.rubiconproject.com/tap.php?v=600424&nid=5498&put=f243f9db-17c5-4a3d-91ac-5d41fb9a0c9d
set-cookie: de_tp_cookie=f243f9db-17c5-4a3d-91ac-5d41fb9a0c9d; Path=/; Domain=digitaleast.mobi; Max-Age=63072000
date: Mon, 28 Nov 2022 10:52:23 GMT
content-length: 130
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ
302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 28 Nov 2022 10:52:23 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOeShGMCEL_GL4g2WwVkDbwGmKXC1s0FEgEBAQHkhWOOYwAAAAAA_eMAAA&S=AQAAAoWt3f8Q_hd06WHbDyVd2LI; Expires=Tue, 28 Nov 2023 16:52:23 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
tr.blismedia.com/v1/api/sync/rubicon?gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/2 tr.blismedia.com/v1/api/sync/rubicon?gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/api/sync/rubicon?gdpr=1&us_privacy=1--- HTTP/1.1
Host: tr.blismedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
set-cookie: b=638492E797EBF5C97A09CB13BLIS;Version=1;Domain=blismedia.com;Path=/;Max-Age=31540000;SameSite=None;Secure
date: Mon, 28 Nov 2022 10:52:23 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 8.8 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
Hash 0bf6316ac0c6c33dab99bc59f19b5e10
4cdaf76f2099234736a20c08785285d2c2255a9e
0b3f3060c8e0b9a7ef36bd0e612863c0df9853f06ed23fd19039a9b20ea590b6
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
x-crto-bundle: Ta2MP19LVXlqTmZPd2RqdXoyQXdsSnFZVTN4VFpubEp2TVp1ZTVEZFRKS1M3WUsyNzIyQTV4WFdmekt2ZWVZbThPalpTUHQzZnRpSWV5dFFIOGpvdEllU2k0cGklMkZPcFp3bEhGTG9nOHZwUUZOcXRtS2tRN2V2Vjc0bE9UMGdEamhIN08zUVJjdUVQcVNCUWVpd0ZFaHFZeiUyQndnJTNEJTNE
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://vip-560.rigala.net
server-processing-duration-in-ticks: 1207387
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cd6258d3885c1643d36b5f9331c56b99
8a4962b55abefdf4b009a366ff43e9c2279f7e19
7f37b1985800d1dfc01103aad9c1c2f3242c7ba0bbe0429d0bccbd0fac5c1c34
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5287
Cache-Control: max-age=86426
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:23 GMT
Etag: "63832cda-1d7"
Expires: Tue, 29 Nov 2022 10:52:49 GMT
Last-Modified: Sun, 27 Nov 2022 09:24:42 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ups.analytics.yahoo.com/ups/58534/occ?verify=true
204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Mon, 28 Nov 2022 10:52:23 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBOeShGMCEIzHfYMReFGR16GtBShWdZgFEgEBAQHkhWOOYwAAAAAA_eMAAA&S=AQAAAi585M2e1fpJS92wKmBDnEI; Expires=Tue, 28 Nov 2023 16:52:23 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=600424&nid=5498&put=f243f9db-17c5-4a3d-91ac-5d41fb9a0c9d
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=600424&nid=5498&put=f243f9db-17c5-4a3d-91ac-5d41fb9a0c9d
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=600424&nid=5498&put=f243f9db-17c5-4a3d-91ac-5d41fb9a0c9d HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
Content-Type: image/gif
ocsp.pki.goog/s/gts1d4/Z-zJNL7qsHM
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/Z-zJNL7qsHM
IP
Hash 87d3d44422b14ddf0ed555f87f13ea5e
273ace6b5f0736463081498559f9aa7b3da1823e
713694229e5e7ac0bdeb0756ff8719330b091e25080e84207858cd44609b536d
POST /s/gts1d4/Z-zJNL7qsHM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 10:52:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pixel.rubiconproject.com/token?pid=3&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/token?pid=3&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=3&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2974&pt=n&a=1&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: deb9f124eecce7a554c70ca983265c95
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 7b9a8fd79dad97f8a96757ec538d1d6f
b78cc985155ab1e2926b14ca1207e5bff908b6d2
2d72e97b0909a3b6f86a0209a85b2ee352ca1bd55c9d9b3f6eb97279c3297b8a
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 02 Dec 2022 09:21:09 GMT
ETag: "b78cc985155ab1e2926b14ca1207e5bff908b6d2"
Last-Modified: Mon, 28 Nov 2022 09:21:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 604
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77128dc89ab2b503-OSL
token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=2249&pt=n&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=2249&pt=n&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: deb9f124eecce7a554c70ca983265c95
Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
content-length: 0
token.rubiconproject.com/token?pid=25470&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: deb9f124eecce7a554c70ca983265c95
pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=682eec27-c173-4be2-8f37-21dfc9796e91&expires=30
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=682eec27-c173-4be2-8f37-21dfc9796e91&expires=30
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=71194&nid=3636&put=682eec27-c173-4be2-8f37-21dfc9796e91&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
Content-Type: image/gif
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
302 Found 326 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b7935dc8845592ea78857bb810cd7130
5f497e1627a95df483b70b9436c9431d9ba384d9
2116c3bba5a4dfc09063000e6cefcb61c1e83f2c416370cdd88560aad68fe369
GET /pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
date: Mon, 28 Nov 2022 10:52:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 326
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 11:07:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
302 Found 311 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 69956e1dab0ec7b7cc2ce241988bc563
4a219bf0c65cecd2ec38827c744c6742d95fee72
f7fd2d5100b84e077766cc91221b4da3feef9501429330ca35e921ad5c6253e6
GET /pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---&google_tc=
date: Mon, 28 Nov 2022 10:52:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 311
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Nov-2022 11:07:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dsp.adfarm1.adition.com/cookie/?ssp=7&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 dsp.adfarm1.adition.com/cookie/?ssp=7&gdpr=1&us_privacy=1---
IP
ASN #24961 myLoc managed IT AG
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie/?ssp=7&gdpr=1&us_privacy=1--- HTTP/1.1
Host: dsp.adfarm1.adition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 10:52:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7171018027544344719; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7171018027544344719&expires=730&gdpr=1
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Mon, 28 Nov 2022 10:52:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---&google_tc=
200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---&google_tc=
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_hm=&gdpr=1&us_privacy=1---&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Mon, 28 Nov 2022 10:52:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7171018027544344719&expires=730&gdpr=1
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7171018027544344719&expires=730&gdpr=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=101732&nid=3822&put=7171018027544344719&expires=730&gdpr=1 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
Content-Type: image/gif
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: ACVJM9HFPEHM0C5630MJ
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
token.rubiconproject.com/token?pid=36584&gdpr=1&us_privacy=1---
204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=36584&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=36584&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: deb9f124eecce7a554c70ca983265c95
ib.adnxs.com/getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID&gdpr=1&us_privacy=1---
400 Request failed due to privacy signals 146 B URL HTTP/1.1 ib.adnxs.com/getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID&gdpr=1&us_privacy=1---
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 6ba2e6193e3c04a544b487011a5faf29
01ba4f12b932a934fad5b51614b85f824cc80ffe
bfb16f2d35702077ef9d8416d9eef53d688ff16e6faf73d5b9913d76e1144d9a
GET /getuid?https://pixel.rubiconproject.com/tap.php?v=564534&nid=5466&put=$UID&gdpr=1&us_privacy=1--- HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 400 Request failed due to privacy signals
Server: nginx/1.21.3
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
200 OK 43 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 5KF9F99917PKNVDRXJAP
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
ocsp.sectigo.com/
200 OK 471 B IP
Hash 9289d04da7102151f09b3a57b077b9ae
a438107b15c3bb5610ae0444f8665ef3bf3e5ad8
1fcafc2e47cefde2f94f589416fad27996feba501142aaf0cc7fa80d6e972637
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 10:52:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 14:15:48 GMT
Expires: Sat, 03 Dec 2022 14:15:47 GMT
Etag: "a438107b15c3bb5610ae0444f8665ef3bf3e5ad8"
Cache-Control: max-age=443603,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77128dc88bb3b4ee-OSL
p.rfihub.com/cm?in=1&pub=64&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?in=1&pub=64&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?in=1&pub=64&gdpr=1&us_privacy=1--- HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Mon, 28 Nov 2022 10:52:23 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAA_1vFyGtoZmZpZmxkbmJsaWEJAO2O_I0QAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 23 Dec 2023 10:52:23 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0sDA1tTQ3MjWyNDEyNrIwNhLiM9QNiy_3yHIpDPfPyjUBAEIcbV4lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0sDA1tTQ3MjWyNDEyNrIwNhLiM9QNiy_3yHIpDPfPyjUBAEIcbV4lAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 23 Dec 2023 10:52:23 GMT; Secure; SameSite=None
Location: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559725294232832&expires=30
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559725294232832&expires=30
204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559725294232832&expires=30
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=13490&nid=2596&put=5108559725294232832&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 2eb7d209ab67664d6226c75331547ba1
Content-Type: image/gif
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Mon, 28 Nov 2022 10:52:24 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 5YFE5DGJCWZT3JBFBFV2
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---&dcc=t
200 OK 43 B URL HTTP/1.1 s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---&dcc=t
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=1&us_privacy=1---&dcc=t HTTP/1.1
Host: s.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Mon, 28 Nov 2022 10:52:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 6JBETJMA1GR3J0WXR109
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
my.rtmark.net/gid.js?pub=0&userId=cc2f4d5e8fd343efa9c30a02b6a90371&zoneId=2308013&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=cc2f4d5e8fd343efa9c30a02b6a90371&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash 9713452cfa9563cfe9fd7020420dd5b2
45628912bbf1a257384a5188201e1aedba8e7e10
697dfa572758a64e85b24a74848390b1fe32f1f607c0da9f5b021249cdf98468
GET /gid.js?pub=0&userId=cc2f4d5e8fd343efa9c30a02b6a90371&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Cookie: ID=92bdaacd9ea0497f852a440afbe5b4e2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92bdaacd9ea0497f852a440afbe5b4e2; expires=Tue, 28 Nov 2023 10:52:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true
200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
GET /sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
vip-560.rigala.net/?utm_source=pwa
200 OK 0 B URL HTTP/2 vip-560.rigala.net/?utm_source=pwa
IP
GET /?utm_source=pwa HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/serviceworker.js
Connection: keep-alive
Cookie: exadd=166964; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Mon, 28 Nov 2022 00:00:00 GMT
last-modified: Mon, 28 Nov 2022 10:52:21 GMT
vary: User-Agent
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
200 OK 0 B URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/javascript
x-trace-id: e4464789872b0a1f7c836e16e547c263
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=92bdaacd9ea0497f852a440afbe5b4e2; expires=Tue, 28 Nov 2023 10:52:21 GMT; path=/; secure; SameSite=None
oaidts=1669632741; expires=Tue, 28 Nov 2023 10:52:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 85428
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true
200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true
IP
ASN #200478 Taboola.com ltd
GET /sync?dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2
cm.smadex.com/sync?sm_p=rbc&sm_r=rbc&gdpr=1&us_privacy=1---
302 Found 0 B URL HTTP/2 cm.smadex.com/sync?sm_p=rbc&sm_r=rbc&gdpr=1&us_privacy=1---
IP
GET /sync?sm_p=rbc&sm_r=rbc&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.smadex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=682eec27-c173-4be2-8f37-21dfc9796e91&expires=30
date: Mon, 28 Nov 2022 10:52:23 GMT
set-cookie: smxtrack=682eec27-c173-4be2-8f37-21dfc9796e91; Expires=Thu, 23 Nov 2023 10:52:23 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
smxtrack=682eec27-c173-4be2-8f37-21dfc9796e91; Expires=Thu, 23 Nov 2023 10:52:23 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
smxrbc=1; Expires=Wed, 28 Dec 2022 10:52:23 GMT; Path=/; Domain=.smadex.com; SameSite=None; Secure;
x-cache: Miss from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sGlHcTfUBrPjw94tMKg6tXo5b_K5cZW9pcs38ttN08g6R_UIc4ELNw==
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632747077&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=793593340&tz=0&viewable=true&ddast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632747077&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=793593340&tz=0&viewable=true&ddast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632747077&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1488&pt=793593340&tz=0&viewable=true&ddast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1462
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:27 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632748.642229,VS0,VE48
vary: Accept-Encoding
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Wed, 28 Dec 2022 10:52:20 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 6614:117A1:2B1DBB:2C71C2:63814BB4
vary: Accept-Encoding
x-fastly-request-id: 176c4a400e778dc2fd4a57324dbcfaa60441b871
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=rigala.net&sn=FirefoxSyncframe&so=0&topUrl=vip-560.rigala.net&info=rVmh2F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZm9WZlJMdkZTbER6eTFjV2t6ZTF3Q1A&idsd=1865444531,-1647347897&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=rigala.net&sn=FirefoxSyncframe&so=0&topUrl=vip-560.rigala.net&info=rVmh2F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZm9WZlJMdkZTbER6eTFjV2t6ZTF3Q1A&idsd=1865444531,-1647347897&cw=1&lsw=1
IP
GET /sid/json?origin=publishertag&domain=rigala.net&sn=FirefoxSyncframe&so=0&topUrl=vip-560.rigala.net&info=rVmh2F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZm9WZlJMdkZTbER6eTFjV2t6ZTF3Q1A&idsd=1865444531,-1647347897&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 675687
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=728x90%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback1&cb=1669632740927&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=e536bb9e60141234e00a6119c24db814&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322
200 OK 0 B URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=728x90%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback1&cb=1669632740927&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=e536bb9e60141234e00a6119c24db814&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322
IP
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=728x90%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback1&cb=1669632740927&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=e536bb9e60141234e00a6119c24db814&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1424
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632742.523731,VS0,VE37
vary: Accept-Encoding
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2176
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0JTEWFwQJhjI1Ew6J%2BEdNVy3diX2q8x5wv%2BExqFv9kRSXmmBY3IlYPkFYG%2FXnJ16%2BekWNUsN20LEHkz1vAxkjIZVFNrMPzz612DttKtApEvB8ZyMxVCJj4%2BPM1ym2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128dbdff6bfac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=rigala.net&sn=FirefoxSyncframe&so=3&topUrl=vip-560.rigala.net&bundle=wSLmWF9jM0NHT2hoeFZGVFdPSWl0OXA3Wll3R1ZXSmJOeVJVRCUyQkxKaFFncDVMYzU0c2dxWHY2Nm1lcllMeGpRVXpLMjVOckF2a3ZwRGt2MW1GbU5TN0RhMFRWNjZjelluWVRBdlYySkZEeTY3UUVYUEJpd0dtQktvVWtJOFl4SVFIOEFpUjBRRTU1OGdyc1R1dTNNZDFQcHlqQSUzRCUzRA&info=XSJSSV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZnE3VkdxU0IlMkYlMkJGa0tIRlVhVjFpcHRy&idsd=1865444531,-1647347897&cw=1&rtusCallerId=72&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=rigala.net&sn=FirefoxSyncframe&so=3&topUrl=vip-560.rigala.net&bundle=wSLmWF9jM0NHT2hoeFZGVFdPSWl0OXA3Wll3R1ZXSmJOeVJVRCUyQkxKaFFncDVMYzU0c2dxWHY2Nm1lcllMeGpRVXpLMjVOckF2a3ZwRGt2MW1GbU5TN0RhMFRWNjZjelluWVRBdlYySkZEeTY3UUVYUEJpd0dtQktvVWtJOFl4SVFIOEFpUjBRRTU1OGdyc1R1dTNNZDFQcHlqQSUzRCUzRA&info=XSJSSV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZnE3VkdxU0IlMkYlMkJGa0tIRlVhVjFpcHRy&idsd=1865444531,-1647347897&cw=1&rtusCallerId=72&lsw=1
IP
GET /sid/json?origin=rtus&domain=rigala.net&sn=FirefoxSyncframe&so=3&topUrl=vip-560.rigala.net&bundle=wSLmWF9jM0NHT2hoeFZGVFdPSWl0OXA3Wll3R1ZXSmJOeVJVRCUyQkxKaFFncDVMYzU0c2dxWHY2Nm1lcllMeGpRVXpLMjVOckF2a3ZwRGt2MW1GbU5TN0RhMFRWNjZjelluWVRBdlYySkZEeTY3UUVYUEJpd0dtQktvVWtJOFl4SVFIOEFpUjBRRTU1OGdyc1R1dTNNZDFQcHlqQSUzRCUzRA&info=XSJSSV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZnE3VkdxU0IlMkYlMkJGa0tIRlVhVjFpcHRy&idsd=1865444531,-1647347897&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 746098
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=I2JhtvzEfNN2wmM67AI2ztx_01b77qDnWQLDhkczgjWG5ePRCoc8JH5yH7pEx25CBztz7Eh12Hf77LfcVXdpjt3J9eySVTX30XVtIDSudeeJjS3xU6Pzs5dyt2T3m_85iuej1M5Cn9ye_1HgR29xVmh-LJ04mP8-yRpHPXgFXaYwOnjX-Jic17JyxDI_dQ8iTpptzl_r2sO6QeTu1z8pFPoOUZqLuYGSbPCYxMYTC7gNjtrUmnR9jg%3D%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=1b919190-04ec-429b-a82a-5cae632e4968&userId=92bdaacd9ea0497f852a440afbe5b4e2&m=link
200 OK 0 B URL HTTP/2 cdn.betgorebysson.club/?rb=I2JhtvzEfNN2wmM67AI2ztx_01b77qDnWQLDhkczgjWG5ePRCoc8JH5yH7pEx25CBztz7Eh12Hf77LfcVXdpjt3J9eySVTX30XVtIDSudeeJjS3xU6Pzs5dyt2T3m_85iuej1M5Cn9ye_1HgR29xVmh-LJ04mP8-yRpHPXgFXaYwOnjX-Jic17JyxDI_dQ8iTpptzl_r2sO6QeTu1z8pFPoOUZqLuYGSbPCYxMYTC7gNjtrUmnR9jg%3D%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=1b919190-04ec-429b-a82a-5cae632e4968&userId=92bdaacd9ea0497f852a440afbe5b4e2&m=link
IP
GET /?rb=I2JhtvzEfNN2wmM67AI2ztx_01b77qDnWQLDhkczgjWG5ePRCoc8JH5yH7pEx25CBztz7Eh12Hf77LfcVXdpjt3J9eySVTX30XVtIDSudeeJjS3xU6Pzs5dyt2T3m_85iuej1M5Cn9ye_1HgR29xVmh-LJ04mP8-yRpHPXgFXaYwOnjX-Jic17JyxDI_dQ8iTpptzl_r2sO6QeTu1z8pFPoOUZqLuYGSbPCYxMYTC7gNjtrUmnR9jg%3D%3D&request_ab2=96003&zoneid=3765907&js_build=iclick-v1.454.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=4&pl=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.454.0&bs=1b919190-04ec-429b-a82a-5cae632e4968&userId=92bdaacd9ea0497f852a440afbe5b4e2&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Cookie: OAID=92bdaacd9ea0497f852a440afbe5b4e2; oaidts=1669632741
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:22 GMT
content-type: application/json
x-trace-id: eb7005e8f6c3c45b48beabeaeb2edd76
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=92bdaacd9ea0497f852a440afbe5b4e2; expires=Tue, 28 Nov 2023 10:52:22 GMT; path=/; secure; SameSite=None
oaidts=1669632742; expires=Tue, 28 Nov 2023 10:52:22 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 05 Dec 2022 10:52:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
200 OK 0 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:23 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/embed/FA_Embed.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/embed/FA_Embed.js
IP
GET /rs3/66/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:27 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 437393
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B5Z5700Lz29S7mgvyvoAclYqhtG2lo1Ebe6xcRjzunhVzLib%2BMQJ7Zab98ox%2FJyLzEJuhPyCmjbaV8Co6Qp0ixZTfqLTYj%2BFI%2FDB7NCrF93zu1blM6nbDdqS43UXyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db248590b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
connect.topicit.net/scripts/connect.js
200 OK 0 B URL HTTP/2 connect.topicit.net/scripts/connect.js
IP
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 1924
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D5b%2F53uXECoLmfcbtIb5nr5t7F%2FTblW5QYUWglNj6ih0ailiy5uxIg%2B2sS4U4LThQWdJRP46Kdd%2BOc2%2B5fP42vvqcGnVPjmZQTEYPj8WIww85GBxN%2BbFd6xZ%2BPyr7kJxe6jLm%2Fco"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db67858b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 75584
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=vip-560.rigala.net
200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=vip-560.rigala.net
IP
GET /syncframe?origin=rtus&topUrl=vip-560.rigala.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=00d359b1-b42b-4edd-9129-dda0ff1cde6e; expires=Sat, 23 Dec 2023 10:52:21 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 721758
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
vip-560.rigala.net/t11-topic
200 OK 0 B URL HTTP/2 vip-560.rigala.net/t11-topic
IP
GET /t11-topic HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:19 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Mon, 28 Nov 2022 00:00:00 GMT
last-modified: Mon, 28 Nov 2022 10:52:19 GMT
vary: User-Agent
set-cookie: exadd=166964; expires=Mon, 28-Nov-2022 14:52:19 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/lang/ar.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/lang/ar.js
IP
GET /rs3/66/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:36:20 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 436560
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVvPMT9qlxpvpCqKYcIgDrAKcO27UjAi%2Fg4yLNnFdXGnAK2iEZctSy9HKdRNYM46MTSdUfm3soXIoAX49XVHR5wbqhjO5wD6XN91GPREwmMekScu9T6d9kycoX6GbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77128db2384f0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.405
200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.405
IP
GET /pfe/current/universal.min.js?v=3.1.405 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vip-560.rigala.net/
Origin: https://vip-560.rigala.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 15:53:54 GMT
etag: W/"637f9392-180b9"
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1669632740957&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=44f5a391fcbfc5682363ac1e93d67399&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322
200 OK 0 B URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1669632740957&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=44f5a391fcbfc5682363ac1e93d67399&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322
IP
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&encoded=1&uid=890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1669632740957&tagid=&cntry=NO&platform=1&sesid=a704742b74f71a8598dd2880fd688906&itemid=/t11-topic&viewid=1669632740640&geolat=&geoing=&deviceifa=&appid=&sd=v2_a704742b74f71a8598dd2880fd688906_890472b4-318f-40ea-8b85-149a8ba78e55-tucta7e1865_1669632741_1669632741_CNawjgYQ3pxDGKCa9-7LMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=44f5a391fcbfc5682363ac1e93d67399&appname=&cdb=&gdprApplies=true&rid=&sii=811501045734104572&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9322 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1403
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:21 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632742.533152,VS0,VE30
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 359724
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=UaF12V80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZnB4YUN2YnBSSGtpQVdUMHNDdkElMkJJOA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=rVmh2F80M0RITmhlJTJCZkMwOUJGQlhaMUN2czNIMXhHT1BqNXV5aGtCaXVNREpNZm9WZlJMdkZTbER6eTFjV2t6ZTF3Q1A; expires=Sat, 23 Dec 2023 10:52:21 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 366731
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=undefined&cb=1669632741839&uv=3244&tms=1669632741839&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=92063d1b-25bc-408b-878c-4662dc2102ec&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=undefined&cb=1669632741839&uv=3244&tms=1669632741839&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=92063d1b-25bc-408b-878c-4662dc2102ec&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&cmcv=&pix=undefined&cb=1669632741839&uv=3244&tms=1669632741839&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=92063d1b-25bc-408b-878c-4662dc2102ec&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632742.407585,VS0,VE24
vary: Accept-Encoding
X-Firefox-Spdy: h2
vip-560.rigala.net/serviceworker.js
200 OK 0 B URL HTTP/2 vip-560.rigala.net/serviceworker.js
IP
GET /serviceworker.js HTTP/1.1
Host: vip-560.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=166964; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632741843&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=1597362433&tz=0&viewable=true&ddast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1
200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632741843&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=1597362433&tz=0&viewable=true&ddast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1
IP
POST /VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1669632741843&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1488&pt=1597362433&tz=0&viewable=true&ddast=V7x7wCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJDkZzDYjx8QtWU08btFgOHELd8ONWzSbTUYey2IwWXmMQGILm3OzHKzcgsVisRYNJ7O1cGQarlUbw8LknEycw5FpCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeQoOl0-Fz3etnT8FbNBnPJ0-cwO-xyl-kveizWor_h6bEDAAAAwAOA1VsmxA8gAEAEAAAAgAQAAAAARUDFv4XABQAAAAAGgAHJhQbAJwfBe85-fwAANGyBAAAIYJAADKwGlAB8nK-cAAAAAAAAAACw_P___8cA7GGNyQCM7O_0ADz4ADwQFewVMQIAAADY0lLRPJrUCZVFFQAAQboVwBUAQABhbzf0aRgAAEDA2AI9LH6_2WHX-N0uAwAAAAAAAAAw-z_7RxN6G71OC2IZvVb7BQQAWPsFBABgUzcAgLcAuKAjaMVgsDqF2A1ni91othnNDgAAAODu____Xw8kfIPRbjSZ-EYz32JhXC2HI5NlOBzMTLbhcDmYbc9_9Pqo0T9Pq89DWGa_7yBieb6mv-Eg41teb4Oo6Hpb7A6n2XM_ipYsd8vdajRZjEbL5WY33IwG-xuIwWqAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6RoyWq5XK42m9VqN1rMBpvlcLNBilatZqPNYLiaTWa73Wo4GC5HI6RoyXK33K1Gk8VotFxudsPNaDBEGFwORrvJxLTWLIYzt2iwcriFE-NqrRgtF8aJwzdcuVZr0etjevhWjuFstUXBAI29CC7Sicxveb39pqff7lZYLmKJ5mSRTmSXfcM3GO1Gk4lvNPMtFsbVcjgyWYbDwcxkGw6Xg9m-uByMdpOJaa1ZDGdu0WDlcAsnxtVaMVoujBOHb7hyrdai18f08K0cw9lq35jNlrPNZDda7Buz2XK2mexGi32HzvBdfc5GZ3A88bgchnOtG7M5DAqXweL9fS7SZrRxM6q0YYtFdS3uXBOrThs7GTsHs0HhG14Tw99P_bx2s7eD2GBQxBLB6SKdiF7G00UskTwt0oloNHMtPMvFzGOxeVyz4WQz2yw8jpVzM7LtNsvlRCxRmi7SiV70WKxFf8PTY1H_kSEXc-VgLprMFavRKgEAAAAAAAAALGHOvAkAAADAaSCjwWa4Wi4AhLOX7g_dm6Bwr_vt7sLQgXmzdTd_cePHDea3vN5-09NvdyssVwZ4oCZn3uyZINZqtawBAAAEsAEAAAK4dfMWgM3I7QM9mZqZmZmZ8RPkZjIZ!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&mPre=0.025&cirf=https%3A%2F%2Fvip-560.rigala.net&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://vip-560.rigala.net
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1434
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://vip-560.rigala.net
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632743.532256,VS0,VE117
vary: Accept-Encoding
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
200 OK 0 B URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 10:52:20 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Tue, 29 Nov 2022 10:52:20 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
connect.topicit.net/button/light?id=topicit-connect-0&redirect=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&lang=ar&loc=https%3A%2F%2Fconnect.topicit.net%2F&login=https%3A%2F%2Fvip-560.rigala.net%2Ftopicit%2Findex.php%2Fconnect&version=1
200 OK 0 B URL HTTP/2 connect.topicit.net/button/light?id=topicit-connect-0&redirect=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&lang=ar&loc=https%3A%2F%2Fconnect.topicit.net%2F&login=https%3A%2F%2Fvip-560.rigala.net%2Ftopicit%2Findex.php%2Fconnect&version=1
IP
GET /button/light?id=topicit-connect-0&redirect=https%3A%2F%2Fvip-560.rigala.net%2Ft11-topic&lang=ar&loc=https%3A%2F%2Fconnect.topicit.net%2F&login=https%3A%2F%2Fvip-560.rigala.net%2Ftopicit%2Findex.php%2Fconnect&version=1 HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, post-check=0, pre-check=0, private
last-modified: Mon, 28 Nov 2022 10:52:16 GMT
expires: Mon, 28 Nov 2022 00:00:00 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6InVDSTk5XC8reUdRYVE4TnpDR1pPcWd3PT0iLCJ2YWx1ZSI6InJXSmdzRlhIbGYrNmsyM1VmVHJaeFJ6c0kzcWlQWm1rNFFRMDZQaU0ybnl2M3cxZHp3cUF4OWE4UmtoT1lpUmwiLCJtYWMiOiJkODIyNjAyYzQ3ZmUyNzlhNTFhNjZhNDgyYjA5MjRmYmIyMzRmMmNkY2MxNjA2NDVlZGM1ODIyZTA4Njg0MGNhIn0%3D; expires=Mon, 28-Nov-2022 12:52:16 GMT; Max-Age=7200; path=/; domain=.topicit.net
topicit_session=ZCNCq3i3wAGXyAaDv5e8oghnGdAGFOZ5mgZi2vzq; expires=Mon, 28-Nov-2022 12:52:16 GMT; Max-Age=7200; path=/; domain=.topicit.net; httponly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-cache-ne: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=896g6jgQynebFbyLq3QGYOSh3EU%2FZ%2BgPGSXmhU4MDkPO8LxHv9N085MXSsPr%2BK%2BiF3We%2FBlEaMemPHm5NXp5PyHXtF%2BFJ48R9CG802WFuWNjywxGpKyuLMojcH6N980hOrRomRi4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77128db6b8bfb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 10:52:21 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 65102
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=undefined&cb=1669632741780&uv=3244&tms=1669632741780&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=13b2460b-1854-4870-b513-9eaf2f5bc24d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=undefined&cb=1669632741780&uv=3244&tms=1669632741780&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=13b2460b-1854-4870-b513-9eaf2f5bc24d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7WagCFgOt8s0E8ZqQ0QSt8s0E8ZqQ0QUAAAAGBuIHJLGZWEazwcStGK5Ga9FwN1hLXIvNWrly2Cwz18RjGY2MQGIej8O52LjWMpNttxYtFhu3cmIZrRUW33I2HKwWy4nJChE3GQ6fg4Go6Hpb7A6n2fMGEjSdDp_rXi97Gt6q2WAuefocZodd7jL9RY_FWvQ3PD12AAAAAHgAsHrLhPgBBACIAAAAAJAAAAAAoAio-LcQuAAAAADAADAgudAA-OQgeM_Z7w8AgIYtEAAAAQwSgIHVgBKAj_OVEwAAAAAAAAAAlv____8YgD2sMRmAkf2dHoAHH4AHogLIIkYAAAAAW1oqmkeTOqGyqAIAIEi3ArgCAAgg7O2GLg0DAAAIGFugh8XvNzvsGr_bZQAAAAAAAAAAZv9n_2hCb6PXaUEso9dqv4AAAGu_gAAAbOoGAPAWABd0BK0YDFanELvhbLEbzTaj2QEAAADc_f___-uBhG8w2o0mE99o5lssjKvlcGSyDIeDmck2HC4Hs-35j14fNfrnafVF3GQ4fA4GoqLrbbE7nGbP_Shastwtd6vRZDEaLZeb3XAzGuxvIAarAU7EYLmcTBaT3Wq0Gm2Gu9FssECBGEyQoiWr5XK52mxWq91oMRtslsPNBilatZqNNoPhajaZ7Xar4WC4HI2QoiXL3XK3Gk0Wo9FyudkNN6PBEGFwORjtJhPTWrMYztyiwcrhFk6Mq7VitFwYJw7fcOVarUWvj-nhWzmGs9UWBQM09iK4SCcyv-X19puefrtbYbmIJZqTRTqRXfYN32C0G00mvtHMt1gYV8vhyGQZDgczk204XA5m--JyMNpNJqa1ZjGcuUWDlcMtnBhXa8VouTBOHL7hyrVai14f08O3cgxnq31jNlvONpPdaLFvzGbL2WayGy32HTrDd_U5G53B8cTjchjOtW7M5jAoXAaL9_e5SJvRxs2o0oYtFtW1uHNNrDpt7GTsHMwGhW94TQx_P_Xz2s3eDmKDQRFLBKeLdCJ6GU8XsUTytEgnKtdmNrE4V7bBYrSYbEYrw2BhWyyWG8toZDEuRhOxRGm6SCd60WOxFv0NT49F_UeGXMyVg7loMlesRqsEAAAAAAAAALCEOfMmAAAAAKeBjAab4Wq5ABDOXro_dG-Cwr3ut7sLQwfmzdbd_MWNHzeY3_J6-01Pv92tsFwZ4IGanHmzZ4JYq9WyBgAAEMAGAAAI4NbNWwA2I7cPBHWv0AM3es1PkJvJZA!&cmcv=&pix=undefined&cb=1669632741780&uv=3244&tms=1669632741780&abt=dfrc_vB!mprdctdt6_vA!smbs!t45!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=13b2460b-1854-4870-b513-9eaf2f5bc24d&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vip-560.rigala.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Nov 2022 10:52:22 GMT
via: 1.1 varnish
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669632742.392977,VS0,VE25
vary: Accept-Encoding
X-Firefox-Spdy: h2
178.33.115.32
2.21.206.244
178.250.0.162
34.95.81.168
213.19.162.80
141.226.228.48
104.18.32.68
94.23.76.111
85.114.159.93
23.36.76.226
52.208.159.221
185.106.33.48