al-tyr.yoo7.com/t87-topic
94.23.73.212301 Moved Permanently 0 B URL HTTP/1.1 al-tyr.yoo7.com/t87-topic
IP 94.23.73.212:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t87-topic HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 09 Nov 2022 11:51:28 GMT
Content-Length: 0
Location: https://al-tyr.yoo7.com/t87-topic
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2811
Expires: Wed, 09 Nov 2022 12:38:19 GMT
Date: Wed, 09 Nov 2022 11:51:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4755
Cache-Control: max-age=86338
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:28 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:50:26 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4755
Cache-Control: max-age=86338
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:28 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:50:26 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2373
Expires: Wed, 09 Nov 2022 12:31:01 GMT
Date: Wed, 09 Nov 2022 11:51:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: U89IE9rpr5tmbkmp1NXPkJu/7Q4oJZpP7IHtZCs3LNsk/Hm/YTtidIE14at9dK7smDt+jFeOguQ=
x-amz-request-id: HWV46DCZCS8PEBTY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 11:48:58 GMT
age: 150
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc9588d9f6785b5c4088356cc795fbbd
4ebee78b356539d7bf4f5a99d5af871c522345a4
1d88449082c851b2b54736d277a1c0982893578ae42726e00f61feada58463cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D88449082C851B2B54736D277A1C0982893578AE42726E00F61FEADA58463CB"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1460
Expires: Wed, 09 Nov 2022 12:15:48 GMT
Date: Wed, 09 Nov 2022 11:51:28 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c59d06092401e375df491b06ee8e6dbc
2e27b8ff7c08a5349e27969bc2a08e5e19d0c1da
23ee4ab633fcf67dc5d4d1931450e365cec8d436ef1f9ba5f46b6bab974724c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4094
Cache-Control: max-age=167015
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:28 GMT
Etag: "636b6da9-1d7"
Expires: Fri, 11 Nov 2022 10:15:03 GMT
Last-Modified: Wed, 09 Nov 2022 09:06:49 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.238.3.246101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.3.246:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RCmtb04AOh28sW5BJ/e8wQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LQFiWnnbhlThf22y+6pp3alKtLY=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c536f1469b10d79be0ad510ba98fb1bb
82dfbe67b9d3be07a5d91be9b93d014a17a9f0bd
9cad25935d437aabe9aa41313caed44615172619edfbd01e6ecfbd51cbc8e034
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4063
Cache-Control: max-age=154388
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Etag: "636b3c76-117"
Expires: Fri, 11 Nov 2022 06:44:37 GMT
Last-Modified: Wed, 09 Nov 2022 05:36:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c536f1469b10d79be0ad510ba98fb1bb
82dfbe67b9d3be07a5d91be9b93d014a17a9f0bd
9cad25935d437aabe9aa41313caed44615172619edfbd01e6ecfbd51cbc8e034
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4063
Cache-Control: max-age=154388
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Etag: "636b3c76-117"
Expires: Fri, 11 Nov 2022 06:44:37 GMT
Last-Modified: Wed, 09 Nov 2022 05:36:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4e48180712e2e140b9748591e3228a70
49d4292426ddfbc6e98cff6d468e3bdf1be41ff7
16ebf61312b22e0032171995a665bad4ea8c7fd80636fc04eb6456d0f60397ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 12c41b3c843ec49dabbfbddcf7dff346
343070f4f43f719bd2a221e9cef0704d71e2c24a
3468542d385d3392a70af8b6b8a428589ef3c9087100db1281f5ab61bb53a07b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6398
Cache-Control: max-age=112450
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Etag: "636a8f85-2d7"
Expires: Thu, 10 Nov 2022 19:05:39 GMT
Last-Modified: Tue, 08 Nov 2022 17:19:01 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 727
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c536f1469b10d79be0ad510ba98fb1bb
82dfbe67b9d3be07a5d91be9b93d014a17a9f0bd
9cad25935d437aabe9aa41313caed44615172619edfbd01e6ecfbd51cbc8e034
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4063
Cache-Control: max-age=154388
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Etag: "636b3c76-117"
Expires: Fri, 11 Nov 2022 06:44:37 GMT
Last-Modified: Wed, 09 Nov 2022 05:36:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
142.250.74.42200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 142.250.74.42:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Nov 2022 18:40:06 GMT
expires: Wed, 08 Nov 2023 18:40:06 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 61883
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9f3a1005f1c0bcfdfc1f64f87b965e6b
bfe050567ea050ee19a665e038c61ac46dafbf33
2419a9600bec0027ffda44802b20c8426a5b228a8bf58b7444524ead61d17fd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 796
Cache-Control: max-age=122703
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Etag: "636acd74-139"
Expires: Thu, 10 Nov 2022 21:56:32 GMT
Last-Modified: Tue, 08 Nov 2022 21:43:16 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
www.googletagmanager.com/gtag/js?id=UA-144347007-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash b680a316e2a2d6745e5d6703b6fe6ba7
a8704a09814005f5972c27082974ebfc2ec8ee7d
1e98eff134240a529d0af4412cd51e7e348916b37b91f44f504b6c0ad4b71199
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 09 Nov 2022 11:51:29 GMT
expires: Wed, 09 Nov 2022 11:51:29 GMT
cache-control: private, max-age=900
last-modified: Wed, 09 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43636
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2img.net/i/empty.gif
104.21.235.175200 OK 43 B IP 104.21.235.175:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 2867555
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ac8Lnitki0ike0xuQdiYF%2BFaUf0E8yX3S%2FUdIB6vzCxYTGuWwKjY7ZovMOxNyS9tjZ05hCBhxVGmoD2HRMHFrFZ5Zc0%2FVMfRAXweTw%2B08Xs5YOJUu9kq66yI1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563abfd3407d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=
142.250.74.168200 OK 37 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 8c20caead2e337da439b6b5f122ab743
afff21dae9bba0cdcae53dbd89b0bcf21f6e37e2
b8e806c3208817589462bb702cc7b933848a947ea579da8326b81c84a0d5847b
GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 09 Nov 2022 11:51:29 GMT
expires: Wed, 09 Nov 2022 11:51:29 GMT
cache-control: private, max-age=900
last-modified: Wed, 09 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 37372
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
2img.net/s/t/11/69/60/i_icon_mini_register.gif
104.21.235.175200 OK 6.8 kB URL HTTP/2 2img.net/s/t/11/69/60/i_icon_mini_register.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 83 x 161\012- data
Hash a49a2e8905378335bebb5910f7732975
e3f1532c6a86892712e66b8786049ec5bed05db8
d835179b4d330575499d7192ac31c3b3bfd10c596eb889928e6ce4178eb76c09
GET /s/t/11/69/60/i_icon_mini_register.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: image/gif
content-length: 6762
last-modified: Wed, 27 Oct 2010 15:24:47 GMT
etag: "4cc8443f-1a6a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 331366
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1V5QKFCzZhRFi90Ree%2BhJvACbDS%2BzrTto6H7pFCvMOp6qo8Kpao2EiKCPrtKlzy0qg5M9DexD556f9x4z6Xi4ZJm5M20YfDYVxwBX%2BXE9u%2FNoP7h8qwmVlk7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563abfd7407d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/11/69/60/i_icon_mini_index.jpg
104.21.235.175200 OK 5.5 kB URL HTTP/2 2img.net/s/t/11/69/60/i_icon_mini_index.jpg
IP 104.21.235.175:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 83x161, components 3\012- data
Hash b204d01294b25d7e90279e392503e305
6004545593bae2481b260e2074d0d5748fa98f26
ab5e3a3b61b89ca26243aba42f726fa4096439e7ea1b31b43a97183e68cb41a7
GET /s/t/11/69/60/i_icon_mini_index.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: image/jpeg
content-length: 5483
cache-control: max-age=315360000
cf-bgj: h2pri
access-control-allow-origin: *
etag: "4cc83856-156b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 27 Oct 2010 14:33:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 180045
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7bECxcvYPHeQ3NqpuKD6XEV3OCokBL3NPMcJDLdnnVQF6C65OPoHnlBpg3PsjNm94XIyVMSnOLNpnrP0Z94fKJojdTGgfSXsYPo6HPHMxc2VP9Uxv1yMuv2lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563abfd8407d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4e48180712e2e140b9748591e3228a70
49d4292426ddfbc6e98cff6d468e3bdf1be41ff7
16ebf61312b22e0032171995a665bad4ea8c7fd80636fc04eb6456d0f60397ec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/s/t/11/69/60/i_icon_mini_login.jpg
104.21.235.175200 OK 4.6 kB URL HTTP/2 2img.net/s/t/11/69/60/i_icon_mini_login.jpg
IP 104.21.235.175:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 83x161, components 3\012- data
Hash c79104d481f214488af4e2e803d4946c
56f451e9cf03b7f133a0a8f61253ad5a062957fa
834a57751c6f3e67195db774c61ffc56a82076b66b39d4f620e7d99d85f1b60a
GET /s/t/11/69/60/i_icon_mini_login.jpg HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: image/jpeg
content-length: 4640
last-modified: Wed, 27 Oct 2010 14:33:57 GMT
etag: "4cc83855-1220"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkWmzWt82G6TTOExOTa5%2FNHWw8a573H4na59%2BK11cPVY5Gz50DxjteUMXJq1mSwob6dHBONjWHPM%2BQaeJ8LrJeDQ1dM7fZNCPgGf8LdLEiJZ8Yt3NWorHcNW9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563abfd5407d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
al-tyr.yoo7.com/0-rtl.css
94.23.159.185200 OK 60 kB URL HTTP/2 al-tyr.yoo7.com/0-rtl.css
IP 94.23.159.185:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash b9ba08207206807d457bdf5a7994c2ad
1d96bd423d5e61b33b28a2771c93eeef420ccd85
b3a9d23aeec5dc5157cc0bf5145ce47494b05554f13a31004db3da983a932934
GET /0-rtl.css HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/t87-topic
Cookie: exadd=166800
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: text/css
content-length: 60273
last-modified: Wed, 09 Nov 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85b9cf3234f7ad8606144d5325bfc692
0c10e679676bace4cbd537157b054930ebc45eb1
44f3ef513f3774b0f6a33d9590a638021f328b4177ae5c76b2a511ed255b9e1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44F3EF513F3774B0F6A33D9590A638021F328B4177AE5C76B2A511ED255B9E1C"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8052
Expires: Wed, 09 Nov 2022 14:05:42 GMT
Date: Wed, 09 Nov 2022 11:51:30 GMT
Connection: keep-alive
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=al-tyr.yoo7.com&var=&ymid=&var_3=
139.45.197.250200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=al-tyr.yoo7.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (757)
Hash 36dd36efb7e31343f886c5fa2ff0f979
ff37f6c1ecc22cde0b5707164db8361b7efc6cff
096f2d673b6686d4495c4ec75f33c29bfc43985b27cb21c69e0aafc13129d47d
Analyzer Verdict Alert quad9 Sinkholed
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=al-tyr.yoo7.com&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 1e2583954bedce8c0079ced40e5b2196
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 57db9d5d44894a8c5298971ecfe704f8
048d94952b8b9cfa901524cb3429ee7dd22b433a
79071063632470783ce5b2d606fe8674fc799e00b6ee582722b5f883e047f156
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5460
Cache-Control: max-age=89175
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:30 GMT
Etag: "636a3845-139"
Expires: Thu, 10 Nov 2022 12:37:45 GMT
Last-Modified: Tue, 08 Nov 2022 11:06:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4240
Expires: Wed, 09 Nov 2022 13:02:10 GMT
Date: Wed, 09 Nov 2022 11:51:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4240
Expires: Wed, 09 Nov 2022 13:02:10 GMT
Date: Wed, 09 Nov 2022 11:51:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae49d16-09cf-4def-b9d2-7463e61acc35.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae49d16-09cf-4def-b9d2-7463e61acc35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee8f7d6daf8c20aeb6b71bc18225661f
17d67f22e69197701dd8e77aed0907007e444f26
3c42a717dab0144a05c23465af0bed25b76de574b2d8e62339ad2a2f2c41febd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae49d16-09cf-4def-b9d2-7463e61acc35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14211
x-amzn-requestid: fd1004b0-95ea-4d28-9498-4882b4d7043e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeREHvnIAMFlFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-4abe287a66322b5f6422c58f;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j027aaw3nm35HERuz2PJXxUJQGsb57_Pf3pJHnP28RzX-k5_CccoKA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 04:22:01 GMT
age: 26969
etag: "17d67f22e69197701dd8e77aed0907007e444f26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4240
Expires: Wed, 09 Nov 2022 13:02:10 GMT
Date: Wed, 09 Nov 2022 11:51:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4240
Expires: Wed, 09 Nov 2022 13:02:10 GMT
Date: Wed, 09 Nov 2022 11:51:30 GMT
Connection: keep-alive
connect.topicit.net/scripts/connect.js
104.21.90.171200 OK 1.8 kB URL HTTP/2 connect.topicit.net/scripts/connect.js
IP 104.21.90.171:0
File type ASCII text, with very long lines (615)
Hash e9ac2fc408ee4b6748e28e0e00455af6
5e572b9dd6602cb4dd4b5c51bf8e56b1edf65c47
8a248cf1b990d2d910c8b5673b8ff71b4c36886e85fd7c4c0676b5dae0a6aafc
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 6945
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qUEbMQBLPIF7kTcQUejaf4o7TL1Hc4CBfQU%2BD%2BDUQZW2ED%2FqMxSYVi3IoQUaZByfUEe%2BndsRR11RtLra%2Fk2EWv5UEkNB5AOFuVmRS5ogDYdBwu17EAKh0qAZ%2BHlfHcLW%2FNLheHj0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563e5a4dfac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86ec3f22045de1a100eccf27d91593ae
e26769d82108f89057b05096061f1276d34e223a
b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 1b1e2dfc-4096-45cf-adb3-58f0b1d614bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEAXHFhroAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364adc6-7b94977b4143970a48bc1857;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 06:14:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vzUPLMO4CDywKUQvQ9gbltVLYlNher7ZTXYC9A00LfwycdEmG7m9wg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 04:21:46 GMT
age: 26984
etag: "e26769d82108f89057b05096061f1276d34e223a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c69b19d2273c3ade32fd0797921c0459
8cafda5659f5b36c855a2bbcaeb03aa715ddeebd
d78b92e1175207b1179c85f9490f937e1647aeae3fe95cf8b3dc336db232945e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8154
x-amzn-requestid: 1d9d6e13-69a4-473d-af4b-ef3d4382f3ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTU2EyZoAMF94w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1e-0dec203434f42df01d9a1182;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GWFybdPyZxzujAi9urpfQ_1HZCiJpmxpzg6j7a2gwdZ5E89xfc1MXg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:54:55 GMT
age: 50195
etag: "8cafda5659f5b36c855a2bbcaeb03aa715ddeebd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 09:08:58 GMT
age: 9752
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29429581f8dc762c69c5916009f70080
9265cae98aa663a5498925b70079abdd8e7031fd
c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:43 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
content-type: image/jpeg
age: 50867
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 09 Nov 2022 10:41:09 GMT
expires: Wed, 09 Nov 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 4221
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 786ea8f7c7198328660a367224fc5daf
44077e309f7deefd7b49587e79c2eaabf346e8a1
9c6a73bb7fdbede2ac066d23c3e3d977a0d8a242921f439bcdba783fea4fd0bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5686
Cache-Control: max-age=113198
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:30 GMT
Etag: "636a953a-138"
Expires: Thu, 10 Nov 2022 19:18:08 GMT
Last-Modified: Tue, 08 Nov 2022 17:43:22 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 312
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg
34.120.237.76200 OK 2.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 547f07effeda1f7041b06fa3f10f90bf
d453f8017ebbbb8362f745a15c95acbddf55ac26
c4c4063cae55e4e2192ab2ac98543f4495a81879b8001fd2efb7989ca6eddba9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc585a69-ebe7-4753-b2fd-ad259cd42072.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2808
x-amzn-requestid: 7360c882-e191-456f-a3bd-a60b9521fa1c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTvFUXIAMFXHA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-76c6b1c251a2bf7e56fd9ba2;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YjFB1BpcpATyMj0aZldTHb6xWSeTIzklGyc1WWT09DsrnYQ1bUiTkg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:12:57 GMT
age: 49113
etag: "d453f8017ebbbb8362f745a15c95acbddf55ac26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
151.101.85.44200 OK 25 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (65498)
Hash 06c1e7113c696deef04c91d2372b74d8
c288409ef597e7942268ffa190dbcf6643e847e8
1792fbae7a9190d7e924db98043aedfabedf3a779fe62b3548a13cecfbfba90d
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RWCkrKVHCryCDrFoyXsZQ2qMD55gij9oqD4IoUdgAuWjalf5kR8n0JxrWLBBTUdF8WctAtWsyKc=
x-amz-request-id: CM36AS1TA1S28MAH
last-modified: Tue, 08 Nov 2022 09:51:21 GMT
etag: "2c4566a77b43553c6ede756eade1bf49"
x-amz-version-id: labbkxJiEylABo4NGKa85C2YP6VuXlC.
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:30 GMT
via: 1.1 varnish
age: 126
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667994691.630316,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 38
content-length: 25235
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash d0ac74605a8760ee64e4cd0d8d7788f3
312a28802a2e9d9fe0e1c27193757b41d033642f
fece14168287eb0e4b9c3d068915ca1fb5fc79ea0fd8f7810702f0a8653afe01
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 594
Cache-Control: max-age=166763
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:30 GMT
Etag: "636b7a5b-13a"
Expires: Fri, 11 Nov 2022 10:10:53 GMT
Last-Modified: Wed, 09 Nov 2022 10:00:59 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 314
www.google-analytics.com/j/collect?v=1&_v=j98&a=762273244&t=pageview&_s=1&dl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&ul=en-us&de=UTF-8&dt=%D9%82%D8%B5%D9%8A%D8%AF%D9%87%20%D9%85%D8%A4%D9%84%D9%85%D8%A9%20%D8%AC%D8%AF%D8%A7%20%D8%B1%D8%AC%D9%84%20%D9%88%D8%B6%D8%B9%20%D8%A7%D9%85%D9%87%20%D9%81%D9%8A%20%D8%AF%D8%A7%D8%B1%20%D8%A7%D9%84%D9%85%D8%B3%D9%86%D9%8A%D9%86%20%D9%85%D9%86%20%D8%A7%D8%AC%D9%84%20%D8%B2%D9%88%D8%AC%D8%AA%D9%87&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1931223492&gjid=895184330&cid=242555521.1667994688&tid=UA-144347007-1&_gid=557804153.1667994688&_r=1>m=2oub70&z=1193429404
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=762273244&t=pageview&_s=1&dl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&ul=en-us&de=UTF-8&dt=%D9%82%D8%B5%D9%8A%D8%AF%D9%87%20%D9%85%D8%A4%D9%84%D9%85%D8%A9%20%D8%AC%D8%AF%D8%A7%20%D8%B1%D8%AC%D9%84%20%D9%88%D8%B6%D8%B9%20%D8%A7%D9%85%D9%87%20%D9%81%D9%8A%20%D8%AF%D8%A7%D8%B1%20%D8%A7%D9%84%D9%85%D8%B3%D9%86%D9%8A%D9%86%20%D9%85%D9%86%20%D8%A7%D8%AC%D9%84%20%D8%B2%D9%88%D8%AC%D8%AA%D9%87&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1931223492&gjid=895184330&cid=242555521.1667994688&tid=UA-144347007-1&_gid=557804153.1667994688&_r=1>m=2oub70&z=1193429404
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j98&a=762273244&t=pageview&_s=1&dl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&ul=en-us&de=UTF-8&dt=%D9%82%D8%B5%D9%8A%D8%AF%D9%87%20%D9%85%D8%A4%D9%84%D9%85%D8%A9%20%D8%AC%D8%AF%D8%A7%20%D8%B1%D8%AC%D9%84%20%D9%88%D8%B6%D8%B9%20%D8%A7%D9%85%D9%87%20%D9%81%D9%8A%20%D8%AF%D8%A7%D8%B1%20%D8%A7%D9%84%D9%85%D8%B3%D9%86%D9%8A%D9%86%20%D9%85%D9%86%20%D8%A7%D8%AC%D9%84%20%D8%B2%D9%88%D8%AC%D8%AA%D9%87&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=1931223492&gjid=895184330&cid=242555521.1667994688&tid=UA-144347007-1&_gid=557804153.1667994688&_r=1>m=2oub70&z=1193429404 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://al-tyr.yoo7.com
date: Wed, 09 Nov 2022 11:51:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash d0ac74605a8760ee64e4cd0d8d7788f3
312a28802a2e9d9fe0e1c27193757b41d033642f
fece14168287eb0e4b9c3d068915ca1fb5fc79ea0fd8f7810702f0a8653afe01
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 594
Cache-Control: max-age=166763
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:30 GMT
Etag: "636b7a5b-13a"
Expires: Fri, 11 Nov 2022 10:10:53 GMT
Last-Modified: Wed, 09 Nov 2022 10:00:59 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=LJZwxl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFFYzRPTVo2M0lBS3llcnAxNE9iblE; expires=Mon, 04 Dec 2023 11:51:30 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 215786
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=55639979774
178.250.2.131200 OK 160 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=55639979774
IP 178.250.2.131:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 956b190d850d40e565b981defb4760b5
1c30133b9f4355dcbbcca57330e12e7810df09fe
a02983004313e61608cde7a31211ae88edd7d50c3df7268866392a7d43cd46a1
POST /cdb?ptv=132&profileId=206&cb=55639979774 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 563
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://al-tyr.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 160
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.comodoca4.com/
172.64.155.188200 OK 282 B IP 172.64.155.188:0
Hash b61510178beb4dbd56e6fdc999ba0eda
2e416363f80d3aef7db861e472e56a5ba21a5ae1
1022f2bab86ad78973379d6255e28bd7df032b3fd01425f981d4140c0ff889c0
POST / HTTP/1.1
Host: ocsp.comodoca4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 11:51:31 GMT
Content-Type: application/ocsp-response
Content-Length: 282
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 12:47:11 GMT
Expires: Tue, 15 Nov 2022 12:47:10 GMT
Etag: "2e416363f80d3aef7db861e472e56a5ba21a5ae1"
Cache-Control: max-age=521139,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767656429c891c06-OSL
cdn.taboola.com/libtrc/impl.20221108-4-RELEASE.js
151.101.85.44200 OK 146 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221108-4-RELEASE.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65509)
Size 146 kB (146001 bytes)
Hash 88c487ac892a30204e98821760358d3a
a15fe00062e424617d405b27c3376831d502cb90
caed01e353e989f88d91dbea2b18991c111c4acdece297d0ff65eb50ffd5fd8b
GET /libtrc/impl.20221108-4-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 7NIfjc5DF1L2B/kzlgqwEMQz6AeXPHeJ8bdJplySczuZ/p+wuSvwQmO0NIljPmdKYCKWw7PfupA=
x-amz-request-id: EGG6QY2K8WHEN44M
last-modified: Tue, 08 Nov 2022 09:41:14 GMT
etag: "88c487ac892a30204e98821760358d3a"
content-encoding: br
x-amz-version-id: Hr3XNjpCCkEC_aHpskXb5vO2HjdO2stg
content-type: application/javascript
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
via: 1.1 varnish
age: 7817
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 4464
x-timer: S1667994691.021583,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 99
server: AmazonS3-br
content-length: 146001
X-Firefox-Spdy: h2
cdn.viglink.com/api/vglnk.js
104.16.162.13200 OK 29 kB URL HTTP/2 cdn.viglink.com/api/vglnk.js
IP 104.16.162.13:0
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/javascript
content-length: 28567
x-amz-id-2: kFPAC60DOwNQb4CdhqHG+tKjRF2TQjxpEdeKJyhLPdvjoiSwXPmNvXMEMMBRIwIu/QGXu5HJg1c=
x-amz-request-id: NTCW971RKN3GM3ZQ
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
etag: "072eaf64a771815874455704fca9301b"
cache-control: public, max-age=604800
content-encoding: gzip
cf-cache-status: HIT
age: 1691144
expires: Wed, 16 Nov 2022 11:51:31 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 76765642ec1afabc-OSL
X-Firefox-Spdy: h2
al-tyr.yoo7.com/images/icons-180.png
94.23.159.185200 OK 17 kB URL HTTP/2 al-tyr.yoo7.com/images/icons-180.png
IP 94.23.159.185:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 20622fe771f640c74cdc8792854fdeec
a644b581cdb6c1f29351b6c22ce1a8ac739cbf53
2c75dd4a4afb7b15110d48eaadb270f9b688ba62ca6922b200d8ec59a38e0029
GET /images/icons-180.png HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/t87-topic
Cookie: exadd=166800; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: image/png
content-length: 16852
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 09 Nov 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 6a0928ad039d4d6322d8b6c27c3f2a39
91314b1c84b308dc721f81db6769c8d544f5cfa5
925ef7affa5010bdd745343162093a4bfbde8cddf62dd3ae4cea5cbd36dc4e34
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=163607
Date: Wed, 09 Nov 2022 11:51:31 GMT
Etag: "636b5cc6-1d7"
Expires: Fri, 11 Nov 2022 09:18:18 GMT
Last-Modified: Wed, 09 Nov 2022 07:54:46 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IFsunroEATmFYdn-KT5Y3LmwpXL-WVE4CO00O4HMdEGQXn3yiaQyjg==
Age: 5012
api.viglink.com/api/ping
34.248.173.75200 OK 259 B IP 34.248.173.75:0
File type ASCII text, with no line terminators
Hash d210042c48caf4e63577635d7650fe05
9a846428b36d9b3a30ee7f0374deca7e2d3a39c0
5b408b7c5036ae10fb97c8b9b11c3e46156d5a3dae645c6c729f10895562dea9
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://al-tyr.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 09 Nov 2022 11:51:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 259
Connection: keep-alive
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.845&type=info&msg=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&llvl=2&id=1596&cv=20221108-4-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.845&type=info&msg=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&llvl=2&id=1596&cv=20221108-4-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.845&type=info&msg=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&llvl=2&id=1596&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.851&type=info&msg=%7B%22mode%22%3A%22thumbnails-desktop-a%22%2C%22container%22%3A%22taboola-below-desktop-forum-thumbnails%22%2C%22placement%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=1627&cv=20221108-4-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.851&type=info&msg=%7B%22mode%22%3A%22thumbnails-desktop-a%22%2C%22container%22%3A%22taboola-below-desktop-forum-thumbnails%22%2C%22placement%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=1627&cv=20221108-4-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.851&type=info&msg=%7B%22mode%22%3A%22thumbnails-desktop-a%22%2C%22container%22%3A%22taboola-below-desktop-forum-thumbnails%22%2C%22placement%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=1627&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.860&type=info&msg=Below%20Desktop%20Forum%20Thumbnails%20thumbnails-desktop-a&llvl=2&id=2747&cv=20221108-4-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.860&type=info&msg=Below%20Desktop%20Forum%20Thumbnails%20thumbnails-desktop-a&llvl=2&id=2747&cv=20221108-4-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.860&type=info&msg=Below%20Desktop%20Forum%20Thumbnails%20thumbnails-desktop-a&llvl=2&id=2747&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.850&type=info&msg=%7B%22mode%22%3A%22thumbnails-728x90%22%2C%22container%22%3A%22taboola-728x90-thumbnails%22%2C%22placement%22%3A%22728x90%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=3106&cv=20221108-4-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.850&type=info&msg=%7B%22mode%22%3A%22thumbnails-728x90%22%2C%22container%22%3A%22taboola-728x90-thumbnails%22%2C%22placement%22%3A%22728x90%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=3106&cv=20221108-4-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.850&type=info&msg=%7B%22mode%22%3A%22thumbnails-728x90%22%2C%22container%22%3A%22taboola-728x90-thumbnails%22%2C%22placement%22%3A%22728x90%20Thumbnails%22%2C%22target_type%22%3A%22mix%22%7D&llvl=2&id=3106&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.858&type=info&msg=728x90%20Thumbnails%20thumbnails-728x90&llvl=2&id=270&cv=20221108-4-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.858&type=info&msg=728x90%20Thumbnails%20thumbnails-728x90&llvl=2&id=270&cv=20221108-4-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.858&type=info&msg=728x90%20Thumbnails%20thumbnails-728x90&llvl=2&id=270&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.849&type=usage&msg=rtus&llvl=2&id=2790&cv=20221108-4-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A27.849&type=usage&msg=rtus&llvl=2&id=2790&cv=20221108-4-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A27.849&type=usage&msg=rtus&llvl=2&id=2790&cv=20221108-4-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
x-fastly-to-nlb-rtt: 23353
access-control-allow-credentials: true
X-Firefox-Spdy: h2
api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
34.248.173.75200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
IP 34.248.173.75:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.js?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Wed, 09 Nov 2022 11:51:30 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
api.viglink.com/api/domains
34.248.173.75200 OK 41 B URL HTTP/1.1 api.viglink.com/api/domains
IP 34.248.173.75:0
File type ASCII text, with no line terminators
Hash 1e383cceda1ec1ff6a8daac1ba051ba9
683a4c8170dbfabc942c2d5445d9251337ddb34b
8f8a9c7f42bab3e79cf01fc47a38b4e87142748302c5325bc32398b60476a265
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 232
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://al-tyr.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 09 Nov 2022 11:51:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 41
Connection: keep-alive
dnacdn.net/dna
178.250.0.157200 OK 597 B IP 178.250.0.157:0
Hash 4c57ef9732fff7634cba93d22fc506c8
5eb3b56769abeebf7942de04032c9b194647f38c
ab841bd52bfb0db6402326dd6abc70d36ad435a3f5d30d757d56b8162cafe9c8
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=LJZwxl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFFYzRPTVo2M0lBS3llcnAxNE9iblE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=7cdcx180M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFsZldjRDZVT2hXUDJDRTVXR2liT3I; expires=Mon, 04 Dec 2023 11:51:31 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 403589
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&gjid=895184330&_gid=557804153.1667994688&_u=YEBAAUAAAAAAACAAI~&z=942716873
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&gjid=895184330&_gid=557804153.1667994688&_u=YEBAAUAAAAAAACAAI~&z=942716873
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&gjid=895184330&_gid=557804153.1667994688&_u=YEBAAUAAAAAAACAAI~&z=942716873 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://al-tyr.yoo7.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 09 Nov 2022 11:51:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 162c8799354615249312cdf438db280c
9153676ca16b40d8856e3b930bce38fae203ca20
cba44d2148d80bbcee3a3c21779851a42b61d6717e53a4095fbd2cc8824ac689
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CBA44D2148D80BBCEE3A3C21779851A42B61D6717E53A4095FBD2CC8824AC689"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5735
Expires: Wed, 09 Nov 2022 13:27:06 GMT
Date: Wed, 09 Nov 2022 11:51:31 GMT
Connection: keep-alive
api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
34.248.173.75200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.gif?key=74bad24252620514d1244cfba01f2ee2
IP 34.248.173.75:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Wed, 09 Nov 2022 11:51:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d044f3e2fc14a96cc5752446b440b143
d0d278c9eee46eb43a3f91e8fa55db206a78c93a
a0aa7ecc56cdd27079c14e17f3f790b3c01584379a519e8f7760eb81a781a02a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ag.gbc.criteo.com/newidsd
178.250.6.60200 OK 79 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.60:0
Hash 4120cca1d01d89de2169a1a3c9e17783
a65ec158836ca1b0507837fe70d90a226965ccc5
a59f0865eb7aa2353e9bb08d6584ef610dfd477e1264c7d61de4946584f1abfd
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 92595
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Content-Type: application/json
Origin: https://al-tyr.yoo7.com
Content-Length: 763
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3488c9bf552eab7ce9f32be8d4e5fb95
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Content-Type: application/json
Origin: https://al-tyr.yoo7.com
Content-Length: 450
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f4023c88cfefb94982d7faac04ad7698
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
151.101.85.44200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash a7b72a082fc5e3bc4aabbb79f73fb604
31cc6cd9b3dfbd31d24cd47dd2fcb29f5522822f
bf20590ab0b6486faa1a22e447f2ae149aa76742fd65fa43993646031d90a1e1
GET /lite-unit/3.9.5/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 09:04:05 GMT
etag: "8b1ffbd4f9c44c447f9a11e92fbb9112"
server: AmazonS3
via: 1.1 828a61ebc3af4e0465a5577a4c08af7a.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: AfyrLxGlKNoXsjSvShOJ1QFm2rrv76iJaqEsgbMoQU-1oTsr3wJz-Q==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 3809373
x-served-by: cache-bma1644-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 7952
x-timer: S1667994692.831483,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29884
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221108-4-RELEASE.es6.js
151.101.85.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221108-4-RELEASE.es6.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (17842)
Hash 963d77ca83c1ef5c8c622f69fcaa7cd6
88c3b40efed3822d2dbea0e42bd0756c37628814
d89ac78823b96fe54d5b90628e7879f235e9090e0160d0f37ccab22d1ef69c69
GET /libtrc/userx.20221108-4-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: GDnYjBbCiwHp61EcLghxyjr3oq5xzh2Eac7lyvlx+wORECinvMlUAQDcfbvFLT89+7IHtSoOyLI=
x-amz-request-id: 0JCWFZ09W7Y8GE4S
x-amz-replication-status: PENDING
last-modified: Tue, 08 Nov 2022 19:34:09 GMT
etag: "8be6f968f7c696b0b12bbfa029abd2bd"
x-amz-version-id: Ps6T8wFCySZBAs8KjVLJqdGfJsa23oNM
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
via: 1.1 varnish
age: 109
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 1569
x-timer: S1667994692.831450,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 99
content-length: 5397
X-Firefox-Spdy: h2
static.criteo.net/js/ld/publishertag.js
178.250.0.130200 OK 46 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.0.130:0
Hash f3bdd1aa3b9430630a0848a0c6a9d169
4cf34ceae44bdae219f80edd7cee774762cfb447
366638f360f37870fa9f051b47394891559c24ab38bc8d82aa9da122c782317a
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Thu, 10 Nov 2022 11:51:29 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f84/14/14/69/14/www_fu12.jpg
151.101.85.44200 OK 3.3 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f84/14/14/69/14/www_fu12.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 104279a51f1953af6b64d170fe0c1f24
51e141cb9d4c4d5230f1f2441b539583a61c5972
c1074df8e9a4521168a357670749aadbec469481a589e500716aa04805c0c7ed
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f84/14/14/69/14/www_fu12.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 495608967424956178633032521134594536152,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 495608967424956178633032521134594536152,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "c28f5ee7fb3a02e5eec4f368be57eeb7"
last-modified: Tue, 04 Oct 2022 18:22:03 GMT
req-referer: https://aljardani70.yoo7.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: c9a14c5de3aba3bbb95a67dc3ffa9aec
x-envoy-upstream-service-time: 433
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 3084905
x-served-by: cache-iad-kcgs7200120-IAD, cache-iad-kiad7000154-IAD, cache-lga21957-LGA, cache-iad-kcgs7200164-IAD, cache-bma1644-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 46, 1
x-timer: S1667994692.899436,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f84/14/14/69/14/www_fu12.jpg
x-vcl-time-ms: 1
content-length: 3342
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s29588.pcdn.co/wp-content/uploads/sites/2/2021/04/aqua-dam-793x526resize.jpg.optimal.jpg
151.101.85.44200 OK 11 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s29588.pcdn.co/wp-content/uploads/sites/2/2021/04/aqua-dam-793x526resize.jpg.optimal.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ddbd7051237084a9bf1e163a0cd738bc
ac6d3048dbac459fd9331acef53ed7bd6b5e369f
74fb46162e0f59338c2d0790b3bb1af41a66d100adc5d60ea67a477f7abe8148
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s29588.pcdn.co/wp-content/uploads/sites/2/2021/04/aqua-dam-793x526resize.jpg.optimal.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 373234355486729988163224879813363204491,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 373234355486729988163224879813363204491,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "89dfaaae4a554efb6c903bd5b4eb4d73"
last-modified: Sun, 02 Oct 2022 16:04:50 GMT
req-referer: https://patrioty.org.ua/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: fd8e5541a2722e3120d7004e23b6c360
x-envoy-upstream-service-time: 453
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 1463273
x-served-by: cache-iad-kiad7000127-IAD, cache-iad-kjyo7100165-IAD, cache-lga21948-LGA, cache-iad-kiad7000131-IAD, cache-bma1644-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1667994692.924133,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s29588.pcdn.co/wp-content/uploads/sites/2/2021/04/aqua-dam-793x526resize.jpg.optimal.jpg
x-vcl-time-ms: 1
content-length: 11320
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f0a2b1e32df4a91cc58ef6aeff8fb184
73a2060c99a6633d03d8b00d45c96941f99dcde1
ade5e80916bfb0a1963da196fc60c17de1e1e758293e468b4a9c305f7555d997
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f62/13/32/79/54/uaouo10.gif
151.101.85.44200 OK 22 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f62/13/32/79/54/uaouo10.gif
IP 151.101.85.44:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 240x200, components 3\012- data
Hash 7d053860d9fad0b100131520c50f069b
33ecfc2fc59d7ecfbecff569778d8d9e8aa55d05
f7082f1724ff5f0b8bf8cbefeaf5969d2aac04ef488c559b37edc13279198a32
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f62/13/32/79/54/uaouo10.gif HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 538475434606933197924381234642994484733,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
content-type: image/jpeg
edge-cache-tag: 538475434606933197924381234642994484733,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "7d053860d9fad0b100131520c50f069b"
expiration: expiry-date="Sun, 06 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Thu, 06 Oct 2022 18:01:26 GMT
server: cloudinary
timing-allow-origin: *
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-backend-name: CLOUDINARY:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 1751664
x-served-by: cache-iad-kjyo7100031-IAD, cache-iad-kjyo7100118-IAD, cache-bma1644-BMA
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 83, 1
x-timer: S1667994692.961483,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f62/13/32/79/54/uaouo10.gif
x-vcl-time-ms: 1
content-length: 22462
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
151.101.85.44200 OK 12 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7e2823d12a0e69784dd9f2ccaef4af99
aa947ae91377e23dea893475dba70c3be8ef1ede
61d9bf4438034b826c366ab50bfb546989ed5c3cddd19f6569705d6030ec4abf
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 352690306229506137798207407469809578240,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 352690306229506137798207407469809578240,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "b3c9505a19038b4db67c1b73ca53d270"
last-modified: Tue, 04 Oct 2022 10:35:32 GMT
req-referer: https://espoir.yoo7.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 2326e4eb2090fbf37472b9c3ee9648d9
x-envoy-upstream-service-time: 1304
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 1751461
x-served-by: cache-iad-kcgs7200155-IAD, cache-iad-kcgs7200020-IAD, cache-lax10633-LGB, cache-iad-kcgs7200059-IAD, cache-bma1644-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 46, 1
x-timer: S1667994692.962772,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f21/19/73/51/38/vente-10.jpg
x-vcl-time-ms: 1
content-length: 12202
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f37/14/77/75/59/wqaa2110.jpg
151.101.85.44200 OK 8.6 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f37/14/77/75/59/wqaa2110.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0d730728cd19c8bb7337ab619d412568
050455bf29bd27121b0151d9f82c3739f173dd48
c737b8c625f0881771f52bfd92a45407ae550b515b1e5212c1cfbc63c9c0a653
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f37/14/77/75/59/wqaa2110.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 549930644253185078118877309127813515040,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 549930644253185078118877309127813515040,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "9f4fd3f25295fc11b6ab3597fc8b7691"
expiration: expiry-date="Thu, 27 Oct 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 26 Sep 2022 18:23:49 GMT
req-referer: https://ksa001.ahlamontada.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 105
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
age: 2507010
x-served-by: cache-iad-kjyo7100073-IAD, cache-iad-kiad7000119-IAD, cache-lax10667-LGB, cache-iad-kcgs7200117-IAD, cache-bma1644-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 124, 1
x-timer: S1667994692.963195,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//i.servimg.com/u/f37/14/77/75/59/wqaa2110.jpg
x-vcl-time-ms: 1
content-length: 8588
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
139.45.195.8200 OK 29 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP 139.45.195.8:0
Hash 0fc1c335aa7ea4ef623f0c2476558275
da01b9f5f337158ff9d36e1c6736b61badc63380
fb33d506d8db753c406b4ed474f0d4decc308e91fee09f2f38bab6a1e517acb4
Analyzer Verdict Alert fortinet Malware
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/javascript
x-trace-id: eeec80559cca9915b8d10dc01f603fc9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=151914b4dcaa420091616c83d807ccc7; expires=Thu, 09 Nov 2023 11:51:31 GMT; path=/; secure; SameSite=None
oaidts=1667994691; expires=Thu, 09 Nov 2023 11:51:31 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&_u=YEBAAUAAAAAAACAAI~&z=1882236241
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&_u=YEBAAUAAAAAAACAAI~&z=1882236241
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=242555521.1667994688&jid=1931223492&_u=YEBAAUAAAAAAACAAI~&z=1882236241 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Nov 2022 11:51:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f0a2b1e32df4a91cc58ef6aeff8fb184
73a2060c99a6633d03d8b00d45c96941f99dcde1
ade5e80916bfb0a1963da196fc60c17de1e1e758293e468b4a9c305f7555d997
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.viglink.com/api/domains
34.248.173.75200 OK 42 B URL HTTP/1.1 api.viglink.com/api/domains
IP 34.248.173.75:0
File type ASCII text, with no line terminators
Hash 86800d086c9eabee82cee3c5fc39df55
0bdfcd48f40e14affa525b161316c5b403f5565d
73c7028128b5f8af7cf50a87a7d7c20776e590f86677e5ad44d06f473a50e188
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 321
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://al-tyr.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 09 Nov 2022 11:51:31 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.314&type=info&msg=Start%20Rendering%20728x90%20Thumbnails&llvl=2&id=7668&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.314&type=info&msg=Start%20Rendering%20728x90%20Thumbnails&llvl=2&id=7668&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.314&type=info&msg=Start%20Rendering%20728x90%20Thumbnails&llvl=2&id=7668&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 70851
access-control-allow-credentials: true
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
178.250.2.131204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP 178.250.2.131:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 374
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 09 Nov 2022 11:51:31 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://al-tyr.yoo7.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
139.45.197.250200 OK 6.0 kB URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP 139.45.197.250:0
File type C source, ASCII text, with very long lines (14782), with no line terminators
Hash 49bba4bd04be925933ca503b4396b8cd
cf235dfd0d516a85fdfc42cb84ac0fde5e945e16
679373bcf60054aa88f94169123d54077209c0d95dd78daa89fa42f88f310bb8
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.320&type=info&msg=Finish%20Rendering%20728x90%20Thumbnails&llvl=2&id=8989&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.320&type=info&msg=Finish%20Rendering%20728x90%20Thumbnails&llvl=2&id=8989&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.320&type=info&msg=Finish%20Rendering%20728x90%20Thumbnails&llvl=2&id=8989&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 70851
access-control-allow-credentials: true
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.349&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5964&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.349&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5964&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.349&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5964&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 70851
access-control-allow-credentials: true
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.340&type=info&msg=Start%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5473&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.340&type=info&msg=Start%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5473&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.340&type=info&msg=Start%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=5473&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 70851
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 03ee7f4a43356c47029e5d540259b1bd
7aedc69cbcfeefb108d4be877fe61b709865c490
849cf469f3485c768a9384eb6304f535ae86853170047043604670cf364e69b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6413
Cache-Control: max-age=166453
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Etag: "636b626c-116"
Expires: Fri, 11 Nov 2022 10:05:45 GMT
Last-Modified: Wed, 09 Nov 2022 08:18:52 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.466&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=6315&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.466&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=6315&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.466&type=info&msg=Finish%20Rendering%20Below%20Desktop%20Forum%20Thumbnails&llvl=2&id=6315&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 71621
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 03ee7f4a43356c47029e5d540259b1bd
7aedc69cbcfeefb108d4be877fe61b709865c490
849cf469f3485c768a9384eb6304f535ae86853170047043604670cf364e69b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6413
Cache-Control: max-age=166453
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Etag: "636b626c-116"
Expires: Fri, 11 Nov 2022 10:05:45 GMT
Last-Modified: Wed, 09 Nov 2022 08:18:52 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2fe5c9e4eb3628bf2ec24516ac5b1efd
d5d6e1081969ccb5a2c859dbb08ac31079d6ab75
11f8421ed48150683cdab40019b712583b575b36adc3878142b336138607da0a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 06:25:22 GMT
Expires: Mon, 14 Nov 2022 06:25:21 GMT
Etag: "d5d6e1081969ccb5a2c859dbb08ac31079d6ab75"
Cache-Control: max-age=411828,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7676564af92ab506-OSL
vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
151.101.85.44304 Not Modified 0 B URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.5/UnitWidgetItemDesktop.min.js
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /lite-unit/3.9.5/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Tue, 13 Sep 2022 09:04:05 GMT
If-None-Match: "8b1ffbd4f9c44c447f9a11e92fbb9112"
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 09 Nov 2022 11:51:32 GMT
via: 1.1 varnish
cache-control: public, max-age=2592000
etag: "8b1ffbd4f9c44c447f9a11e92fbb9112"
age: 3809373
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 7954
x-timer: S1667994692.384660,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=151914b4dcaa420091616c83d807ccc7
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=151914b4dcaa420091616c83d807ccc7
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fc5d18b4ba81be879e4ca29ba082ad1f
1b52d0fcddf110e77ef722b768ea8da62d74f2a9
f6665898c44b3ea409798149ffc1728b30aec97a94cf5228a6607893b93f8938
GET /gid.js?userId=151914b4dcaa420091616c83d807ccc7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=151914b4dcaa420091616c83d807ccc7; expires=Thu, 09 Nov 2023 11:51:32 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.906&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=6696&cv=20221108-4-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=11%3A51%3A28.906&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=6696&cv=20221108-4-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=11%3A51%3A28.906&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=6696&cv=20221108-4-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
x-fastly-to-nlb-rtt: 76881
access-control-allow-credentials: true
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 646 B IP 178.250.0.157:0
Hash a1533a081a34307add66ceb7aaeed302
af7eb70e91fb5cf9c2d9346fbc815208b5e25341
5265edde8d1e8531cd066ccceace69665d2f19c2eb5b1ac3071a957220876cbd
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=7cdcx180M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFsZldjRDZVT2hXUDJDRTVXR2liT3I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=-9gouV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cERqYUJJZSUyQnU3b0F3SGRrWjM2am0yQQ; expires=Mon, 04 Dec 2023 11:51:32 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 366439
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.253200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.253:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 895
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://al-tyr.yoo7.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=31589837&cb=1667994689149&uv=3239&tms=1667994689149&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689149&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=31589837&cb=1667994689149&uv=3239&tms=1667994689149&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689149&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=31589837&cb=1667994689149&uv=3239&tms=1667994689149&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689149&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-length: 0
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://al-tyr.yoo7.com
server-processing-duration-in-ticks: 289594
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=KHsWaQhJcIiCidfZwY2fLXzk983He3Ce13mG55z7u7lU6x7EBoRWfGJC0lJkqNKMctmmLeRVl_IyqrWrnowMEd-jXIexsfS0mXzyq-ZvMQDl3w0bqZsQsc10bNIe5l7_74FKLHmVlymDdJrXwaKMyy_vnsmUGi5y-d0jdDyAYQqakkqP-r4JDhddQ5HsCLIBu9Q3Rfthr8cP_faBohCDistaqJIPsGNZBBwiudcTpEA%3D&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=da449597-36c2-46e6-b6fb-a4934e6e14e4&userId=151914b4dcaa420091616c83d807ccc7&m=link
139.45.195.8200 OK 2.0 kB URL HTTP/2 cdn.betgorebysson.club/?rb=KHsWaQhJcIiCidfZwY2fLXzk983He3Ce13mG55z7u7lU6x7EBoRWfGJC0lJkqNKMctmmLeRVl_IyqrWrnowMEd-jXIexsfS0mXzyq-ZvMQDl3w0bqZsQsc10bNIe5l7_74FKLHmVlymDdJrXwaKMyy_vnsmUGi5y-d0jdDyAYQqakkqP-r4JDhddQ5HsCLIBu9Q3Rfthr8cP_faBohCDistaqJIPsGNZBBwiudcTpEA%3D&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=da449597-36c2-46e6-b6fb-a4934e6e14e4&userId=151914b4dcaa420091616c83d807ccc7&m=link
IP 139.45.195.8:0
File type JSON data\012- , ASCII text, with very long lines (2626), with no line terminators
Hash ae81594c7ee8260258a95f16b68bf0d5
6ac5d4131eba93a94232b3d81d7471df6cda5775
0d519dc43800fc245578bd7aae3b47392ef78d9cf0d4f0704aae9c29f5e7d3f2
GET /?rb=KHsWaQhJcIiCidfZwY2fLXzk983He3Ce13mG55z7u7lU6x7EBoRWfGJC0lJkqNKMctmmLeRVl_IyqrWrnowMEd-jXIexsfS0mXzyq-ZvMQDl3w0bqZsQsc10bNIe5l7_74FKLHmVlymDdJrXwaKMyy_vnsmUGi5y-d0jdDyAYQqakkqP-r4JDhddQ5HsCLIBu9Q3Rfthr8cP_faBohCDistaqJIPsGNZBBwiudcTpEA%3D&request_ab2=0&zoneid=3765907&js_build=iclick-v1.448.1&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.448.1&bs=da449597-36c2-46e6-b6fb-a4934e6e14e4&userId=151914b4dcaa420091616c83d807ccc7&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Cookie: OAID=151914b4dcaa420091616c83d807ccc7; oaidts=1667994691
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-type: application/json
x-trace-id: cf5f34a4baa77c0b29238185ae1dc036
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=151914b4dcaa420091616c83d807ccc7; expires=Thu, 09 Nov 2023 11:51:32 GMT; path=/; secure; SameSite=None
oaidts=1667994692; expires=Thu, 09 Nov 2023 11:51:32 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 16 Nov 2022 11:51:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 9.0 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash 19ad5d1b0192c85721cbea8cd557263d
38fc506a605c1ba1b57f7ae29b4896ddb181ff54
b4a637781bc5def1de35f26c2397cc08af6bce6f87d107029cc94e1489640cb5
GET /sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3408
X-Firefox-Spdy: h2
vidstat.taboola.com/vpaid/units/32_3_9/infra/cmTagWIDGET_ITEM.js
151.101.85.44200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_3_9/infra/cmTagWIDGET_ITEM.js
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127663 bytes)
Hash ed6a7be4b07d1653940edf3b59561b62
e86457f6d9ef3ef5fec8a050d56af827c9196a13
acf67360b42eaaba607d73f434c457b3200388b5e62e4e91d984d7e9d6d35172
GET /vpaid/units/32_3_9/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 4XCKL71V4KhsoHyueX5jpjHsfDsjxykDhjiYcY77zYUxGJieqBjvCotMWQmIVh7NEI0bxQTkd+w=
x-amz-request-id: S3DTXRQWZQ29XXKX
last-modified: Thu, 27 Oct 2022 07:33:46 GMT
etag: "ed6a7be4b07d1653940edf3b59561b62"
x-amz-meta-ctime: 1666856025
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1666856024
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:32 GMT
via: 1.1 varnish
age: 1138401
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 3988
x-timer: S1667994693.715615,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127663
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=31589837&cb=1667994689357&uv=3239&tms=1667994689357&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689357&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=31589837&cb=1667994689357&uv=3239&tms=1667994689357&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689357&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=31589837&cb=1667994689357&uv=3239&tms=1667994689357&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1667994684585!ts:1667994689357&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 756bd50d8cb9500180e63a272297eb3a
15612f93cd3d9e8cbd3883e4b7c05caf20cc1ce6
764428c72001d1c514ad33e5abb562e9ecf6b18360409eda2cffef0a5b1a9af8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5691
Cache-Control: max-age=162133
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Etag: "636b545e-138"
Expires: Fri, 11 Nov 2022 08:53:45 GMT
Last-Modified: Wed, 09 Nov 2022 07:18:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 312
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3877e9fd8edbee8c168edb1822364c1e
fbd6e07a4bee75b69c2a25b14e161863c96ea288
c3191796d5668958445a15ffaccae8eaa1313098b42d659ab5bd3e5eb219bc98
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5463
Cache-Control: max-age=136356
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:32 GMT
Etag: "636af091-1d7"
Expires: Fri, 11 Nov 2022 01:44:08 GMT
Last-Modified: Wed, 09 Nov 2022 00:13:05 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&encoded=1&uid=05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1667994688385&tagid=&cntry=NO&platform=1&sesid=fd019c0323b31151e0b77db7191f97bc&itemid=/t87-topic&viewid=1667994687856&geolat=&geoing=&deviceifa=&appid=&sd=v2_fd019c0323b31151e0b77db7191f97bc_05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3_1667994691_1667994691_CNawjgYQ3pxDGPCy7OHFMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=9840bdf7b3fa1066293aa55f5475a451&appname=&cdb=&gdprApplies=true&rid=&sii=1305353792095552696&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=
151.101.85.44200 OK 9.3 kB URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&encoded=1&uid=05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1667994688385&tagid=&cntry=NO&platform=1&sesid=fd019c0323b31151e0b77db7191f97bc&itemid=/t87-topic&viewid=1667994687856&geolat=&geoing=&deviceifa=&appid=&sd=v2_fd019c0323b31151e0b77db7191f97bc_05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3_1667994691_1667994691_CNawjgYQ3pxDGPCy7OHFMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=9840bdf7b3fa1066293aa55f5475a451&appname=&cdb=&gdprApplies=true&rid=&sii=1305353792095552696&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=
IP 151.101.85.44:0
Hash 99ec1a3b1ee036e103d4e45831338e7c
0c9c602a4af378bc1d14b366975e9cd79d4855be
4ef8a29b0adf0eae0545ab451f79e0d5813af11c53c28c8e9ae3885efe7e3eed
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic&encoded=1&uid=05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1667994688385&tagid=&cntry=NO&platform=1&sesid=fd019c0323b31151e0b77db7191f97bc&itemid=/t87-topic&viewid=1667994687856&geolat=&geoing=&deviceifa=&appid=&sd=v2_fd019c0323b31151e0b77db7191f97bc_05ef84f2-8157-49c5-9507-bb71efcdfc77-tucta6519c3_1667994691_1667994691_CNawjgYQ3pxDGPCy7OHFMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=9840bdf7b3fa1066293aa55f5475a451&appname=&cdb=&gdprApplies=true&rid=&sii=1305353792095552696&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv= HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1483
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667994692.875134,VS0,VE36
vary: Accept-Encoding
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db0a0c24-6024-11ed-b561-1644f9a80506; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0a0c6d-6024-11ed-b561-1644f9a80506
X-fe: 96
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.2.150200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.2.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:32 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db0f06ec-6024-11ed-9554-1f6fc1870406; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f0736-6024-11ed-9554-1f6fc1870406
X-fe: 10
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db0f1f86-6024-11ed-aeaa-192cb16e0506; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f1fbe-6024-11ed-aeaa-192cb16e0506
X-fe: 100
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 3875
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667994693.798379,VS0,VE81
x-vcl-time-ms: 81
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0a0c6d-6024-11ed-b561-1644f9a80506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0a0c6d-6024-11ed-b561-1644f9a80506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0a0c6d-6024-11ed-b561-1644f9a80506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db129ae4-6024-11ed-a2ff-1860f0710306; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 110
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f0736-6024-11ed-9554-1f6fc1870406
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f0736-6024-11ed-9554-1f6fc1870406
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f0736-6024-11ed-9554-1f6fc1870406 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db148aba-6024-11ed-a06b-1ce730eb0206; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 140
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f1fbe-6024-11ed-aeaa-192cb16e0506
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f1fbe-6024-11ed-aeaa-192cb16e0506
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db0f1fbe-6024-11ed-aeaa-192cb16e0506 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db1653c5-6024-11ed-8426-194044dd0206; expires=Wed, 07-Dec-2022 11:51:32 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 88
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 96 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
Hash 98948a7bd4b85ca2eaa91471ecace29e
b57325c0c12e837bf49737b50a8a87eb9e89b1d2
aa0eabaf13086765bb5a1116fa131944a94443cd68235fed2301f7afde795a87
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
x-crto-bundle: -2YsEF91WmYxQ0wyT3hjM2kzZm4zU283Q0ZPbUl5WjJrUVJKcHRyM3J0VzJJeExoNXNEcU9reWxtY1liNXc4dkVXR0pwU2JPMDhRJTJGZlgyYSUyRldWRmdoQUtzYTJSWVhxeHpyeG5TaE41aSUyRmpldWU0RkdJTDVqZ204c1NBSjQ2ZVN1QSUyQjBB
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://al-tyr.yoo7.com
server-processing-duration-in-ticks: 2250039
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=120&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=&cb=1667994689756&uv=3239&tms=1667994689756&su=&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!t120!ufm_vA&ft=0&unm=WIDGET_ITEM&mntl=1&
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=120&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=&cb=1667994689756&uv=3239&tms=1667994689756&su=&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!t120!ufm_vA&ft=0&unm=WIDGET_ITEM&mntl=1&
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=120&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=&cb=1667994689756&uv=3239&tms=1667994689756&su=&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!t120!ufm_vA&ft=0&unm=WIDGET_ITEM&mntl=1& HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:33 GMT
content-length: 0
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 928 B URL HTTP/2 am-match.taboola.com/sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (928), with no line terminators
Hash 6087b19dd14fb022fbcb7db31b864876
abc6de7677cd257ac0839b73a6d3cea6e31f89ac
66447cfc636542b4acdb280f4d41993dd18718ba71c208ef9b74f24ca508353d
GET /sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:33 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=al-tyr.yoo7.com
178.250.2.146200 OK 6.5 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=al-tyr.yoo7.com
IP 178.250.2.146:0
Hash 6dcf6328bff5b90c8d481b72bb1eb6e9
1737545e835f7793e42cad26a81939d65c68abfb
e50fe89e833e4e50d6d7813cb461a1e62184b2639f052b6fe113dd89957769a7
GET /syncframe?origin=rtus&topUrl=al-tyr.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=b3b5b37d-ca16-4351-be62-d34197affa36; expires=Mon, 04 Dec 2023 11:51:31 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 562852
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db706c7e-6024-11ed-b7e6-1974e5cf0306; expires=Wed, 07-Dec-2022 11:51:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db706cdf-6024-11ed-b7e6-1974e5cf0306
X-fe: 120
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db707c88-6024-11ed-a271-1644f9a80306; expires=Wed, 07-Dec-2022 11:51:33 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db707ce0-6024-11ed-a271-1644f9a80306
X-fe: 96
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 182620cf3d8d90121c327c75cad3b524
587579d3e87dec5422ea235c5871c7ea0906a35e
e7a93ba06b7b97f779e5c08f134f7fca750abd5579a82a86d91d2b4e8255646b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3815
Cache-Control: max-age=102267
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 11:51:33 GMT
Etag: "636a71d9-1d7"
Expires: Thu, 10 Nov 2022 16:16:00 GMT
Last-Modified: Tue, 08 Nov 2022 15:12:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.85.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.85.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:33 GMT
via: 1.1 varnish
age: 15575
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 2076
x-timer: S1667994694.520207,VS0,VE0
cache-control: private,max-age=31536000
abp: 99
content-length: 254
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
151.101.85.44206 Partial Content 91 kB URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP 151.101.85.44:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:33 GMT
age: 1407458
x-served-by: cache-bma1644-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 247829
x-timer: S1667994694.519961,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash f2bf220293c15a10a1f4963464dc0089
8d9786276f8b125c54a069a48db1021b0610c98a
e5b9e54958b15d8fc1a4e1852c530e09cd52d0cc66848d1dc251302d30c70eb4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 13:56:48 GMT
Expires: Tue, 15 Nov 2022 13:56:47 GMT
Etag: "8d9786276f8b125c54a069a48db1021b0610c98a"
Cache-Control: max-age=525313,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 767656528b7eb506-OSL
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db704309-6024-11ed-81ba-1be234f70306
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db704309-6024-11ed-81ba-1be234f70306
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db704309-6024-11ed-81ba-1be234f70306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db7937e9-6024-11ed-864b-191344880106; expires=Wed, 07-Dec-2022 11:51:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 128
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db706cdf-6024-11ed-b7e6-1974e5cf0306
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db706cdf-6024-11ed-b7e6-1974e5cf0306
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db706cdf-6024-11ed-b7e6-1974e5cf0306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db7934ed-6024-11ed-94b8-197e22df0106; expires=Wed, 07-Dec-2022 11:51:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 30
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db707ce0-6024-11ed-a271-1644f9a80306
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db707ce0-6024-11ed-a271-1644f9a80306
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=db707ce0-6024-11ed-a271-1644f9a80306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=db79554f-6024-11ed-9f76-1d21b9eb0106; expires=Wed, 07-Dec-2022 11:51:33 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 73
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ups.analytics.yahoo.com/ups/58534/occ
18.156.0.31302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 09 Nov 2022 11:51:33 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBEWUa2MCEJ5JH1_eqYVq7U7_2HdqLPoFEgEBAQHlbGN1YwAAAAAA_eMAAA&S=AQAAAkz-UxdLqYWA48Vq_tcPZnE; Expires=Thu, 9 Nov 2023 17:51:33 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:33 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
3.125.22.54200 OK 43 B URL HTTP/1.1 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP 3.125.22.54:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Wed, 09 Nov 2022 11:51:33 GMT
Content-Length: 43
Connection: keep-alive
ups.analytics.yahoo.com/ups/58534/occ?verify=true
18.156.0.31204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 09 Nov 2022 11:51:33 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBEWUa2MCEEIYEsJDtNL3C2frk9DFWcAFEgEBAQHlbGN1YwAAAAAA_eMAAA&S=AQAAAptbPgkNqvQgumB6_4YG_G8; Expires=Thu, 9 Nov 2023 17:51:33 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
151.101.85.44200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:33 GMT
via: 1.1 varnish
age: 2953
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 3241
x-timer: S1667994694.693968,VS0,VE0
vary: Accept-Encoding
abp: 99
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash d7b4fe4e9fe6f96092db122b113a6466
0a16b9f655f51d05ee5688786c1fa82e188842e2
9332ad84792efa6b456a527caefd718a901ce7a490672232665968304c53ad79
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109369
Date: Wed, 09 Nov 2022 11:51:33 GMT
Etag: "636a8e27-1d7"
Expires: Thu, 10 Nov 2022 18:14:22 GMT
Last-Modified: Tue, 08 Nov 2022 17:13:11 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: m_PZY8nHU1p-lxD_m7EmQD6FOgVqhVFGxeEwAOPA69v55nCUuJxSSg==
Age: 3671
pips.taboola.com/
151.101.85.44200 OK 4 B IP 151.101.85.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://al-tyr.yoo7.com
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:33 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert quad9 Sinkholed
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Content-Type: application/json
Origin: https://al-tyr.yoo7.com
Content-Length: 384
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:37 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bbf54bda05656e7ea6e5acc5c8b3e2fd
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=a5507ed45d254338b3dcada94478135c&zoneId=2308013&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=a5507ed45d254338b3dcada94478135c&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash fc5d18b4ba81be879e4ca29ba082ad1f
1b52d0fcddf110e77ef722b768ea8da62d74f2a9
f6665898c44b3ea409798149ffc1728b30aec97a94cf5228a6607893b93f8938
GET /gid.js?pub=0&userId=a5507ed45d254338b3dcada94478135c&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Cookie: ID=151914b4dcaa420091616c83d807ccc7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=151914b4dcaa420091616c83d807ccc7; expires=Thu, 09 Nov 2023 11:51:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
al-tyr.yoo7.com/t87-topic
94.23.159.185200 OK 0 B URL HTTP/2 al-tyr.yoo7.com/t87-topic
IP 94.23.159.185:0
GET /t87-topic HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Wed, 09 Nov 2022 00:00:00 GMT
last-modified: Wed, 09 Nov 2022 11:51:28 GMT
vary: User-Agent
set-cookie: exadd=166800; expires=Wed, 09-Nov-2022 15:51:29 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/jquery/cookie/jquery.cookie.js
172.67.150.97200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/jquery/cookie/jquery.cookie.js
IP 172.67.150.97:0
GET /rs3/64/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:26:48 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 185081
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FFTxTxXH5bsnRFCCl8Cok7FgX5GcC5uxy1qYI6S1ZK5v8%2BgE5xWuepVGkcaOf%2Bo0N7OdMCfRZQqlcn7Vug2jeaAmIdvqcG6O%2F6CkLOEGrpVxTNxhk7y34xEfswDzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563a5f90b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/embed/FA_Embed.js
172.67.150.97200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/embed/FA_Embed.js
IP 172.67.150.97:0
GET /rs3/64/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:26:53 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 185076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ZB%2FxTIgTKvKCkDYc3IIU%2B8ttvJpi6JNyIFvAbIe3e5jtH12093%2Bn2WDgr2lSGHV%2FMy6%2FeRaO78sGbS8X6nOL9GHT4ZOqTTY2YdWocXmgtx9y8nj1Wjer66F7VZ2%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563a7fb9b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sync?dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:33 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.403
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.403
IP 139.45.197.250:0
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/universal.min.js?v=3.1.403 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/javascript
last-modified: Tue, 08 Nov 2022 14:20:39 GMT
etag: W/"636a65b7-180b9"
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
23.111.9.57200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP 23.111.9.57:0
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Fri, 09 Dec 2022 11:51:29 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: B5FC:2175:C309F5:C881C1:636AA98C
vary: Accept-Encoding
x-fastly-request-id: 48372c21b0bf5018e69e7ec519f4fa657be68bc8
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 590140
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=al-tyr.yoo7.com&info=7cdcx180M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFsZldjRDZVT2hXUDJDRTVXR2liT3I&idsd=-1422865625,53564847&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=al-tyr.yoo7.com&info=7cdcx180M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFsZldjRDZVT2hXUDJDRTVXR2liT3I&idsd=-1422865625,53564847&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=al-tyr.yoo7.com&info=7cdcx180M0RITmhlJTJCZkMwOUJGQlhaMUN2czcxdnhMTkZ2WXJIUjJPZENveXM0cEFsZldjRDZVT2hXUDJDRTVXR2liT3I&idsd=-1422865625,53564847&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=al-tyr.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1200789
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
34.192.165.142200 OK 0 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 34.192.165.142:0
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:33 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=undefined&cb=1667994689150&uv=3239&tms=1667994689150&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=6aa3f554-1970-49a5-8dfc-32b2143ad929&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.85.44200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=undefined&cb=1667994689150&uv=3239&tms=1667994689150&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=6aa3f554-1970-49a5-8dfc-32b2143ad929&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.85.44:0
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7v8oCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJLZweGau1WitWO4Ga9Fy4VoLRzaPWzOZWBajzcLknCyHQGILh2fmWo3WiuVusBYtF661cGTzuDWTiWUx2ixMzslyChE3GQ6fg4Go6Hpb7A6n2fOGEDSdDp_rXq8wu0XPy1359_vmGr_bLzru1qK_4emxAwAAAMDD____PwQAAABABAAAAIAEAAAAAEVAxb-FwAUAAAAAxv___78GwCcHwXvOfn8AAAAAgAAAAACQAAysBpQAfJyvnPz_________xwzQZ97I_P___98Y9AA8-AA8CAEAAFwMfSpk6kDHrO4SFfgVMQIAAADY0lLRPJrUCZVF1f__f78VwBUAQAAh186JRZbuoMRbGAAAQMDYAj0sfr_ZYdf43S77_________zf7P_tHE3obvU4LYhm9VvsFBABY-wUEAGBTNwCAtwC4oCNoxWCwOoXYDWeL3Wi2Gc0OAAAA4O7___9fD8RMhsVyY9hMNhPPYrFarAwT325k8S2Wi5lzN_F4L0H8JRz6o--jL-Imw-FzMBAVXW-L3eE0e-5H0ZLlbrlbjSaL0Wi53OyGm9FgfwMxWA1wIgbL5WSymOxWo9VoM9yNZoMFCsRgghQtWS2Xy9Vms1rtRovZYLMcbjZI0arVbLQZDFezyWy3Ww0Hw-VohBQtWe6Wu9VoshiNlsvNbrgZDYYIA6uVzTiaWdbCxWq3Fi03rrVyNditJRbfYmXzmGwe324ten1MD9tqsdx4tigYoLEXydMinUh8q9HE43AsFrOFx2YyjZyz2co1WDgGK9vINXJNxBLNySKdyC77msmwWG4Mm8lm4lksVouVYeLbjSy-xXIxc-4mHn9htbIZRzPLWrhY7dai5ca1Vq4Gu7XE4lusbB6TzePbrUWvj-lhWy2WG8--MZvtlsvRbLnYN2az3XI5mi0X-w6d4bv6nI3O4HjiETrM355IY3MYFC6Dxfv7XKTNaONmVGnDFovqWty5JladNnYydg5mg8I3vCaGv5_6ee1mbwexwaCIJYKLdCLzW15vv-npt7sVlotYojRdpBO96Lhbi_6Gp8cilghOF-lE9DKeLuo_MuRirhzMRZO5YjVaJQAAAAAAAACAJcyZNwEAAAA4DWQ02AxX6zyQwXKwW66WCwDh7KULAAAAAAAAALAr0cG4xQlBiFvc-HGD-S2vt9_09NvdCsuVAR6oyZk3fyaItVotawAAAAFsAACAAG7dvAVgM_H_____cQAAADJy9AAAAOL7QFXgAAAAAAA!&cmcv=&pix=undefined&cb=1667994689150&uv=3239&tms=1667994689150&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=6aa3f554-1970-49a5-8dfc-32b2143ad929&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667994693.565249,VS0,VE23
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=al-tyr.yoo7.com
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=al-tyr.yoo7.com
IP 178.250.2.146:0
GET /syncframe?origin=publishertag&topUrl=al-tyr.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=020481e3-cbcc-42e9-b8e0-aac0cf933320; expires=Mon, 04 Dec 2023 11:51:29 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 767686
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.84200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.84:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 60233
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A51%3A27.861<i=deflated&data=%7B%22id%22%3A817%2C%22ii%22%3A%22%2Ft87-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1667901069188%2C%22vi%22%3A1667994687856%2C%22cv%22%3A%2220221108-4-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22vpi%22%3A%22%2Ft87-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A4027%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A574.7000122070312%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3942.666748046875%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft87-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
151.101.85.44200 OK 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=11%3A51%3A27.861<i=deflated&data=%7B%22id%22%3A817%2C%22ii%22%3A%22%2Ft87-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1667901069188%2C%22vi%22%3A1667994687856%2C%22cv%22%3A%2220221108-4-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22vpi%22%3A%22%2Ft87-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A4027%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A574.7000122070312%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3942.666748046875%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft87-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP 151.101.85.44:0
GET /forumotion-ar/trc/3/json?tim=11%3A51%3A27.861<i=deflated&data=%7B%22id%22%3A817%2C%22ii%22%3A%22%2Ft87-topic%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1667901069188%2C%22vi%22%3A1667994687856%2C%22cv%22%3A%2220221108-4-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fal-tyr.yoo7.com%2Ft87-topic%22%2C%22vpi%22%3A%22%2Ft87-topic%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A4027%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A574.7000122070312%2C%22mw%22%3A0%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A3942.666748046875%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ft87-topic%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://al-tyr.yoo7.com
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://al-tyr.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:31 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667994691.257637,VS0,VE373
vary: Accept-Encoding
x-vcl-time-ms: 373
X-Firefox-Spdy: h2
illiweb.com/rs3/64/frm/lang/ar.js
172.67.150.97200 OK 0 B URL HTTP/2 illiweb.com/rs3/64/frm/lang/ar.js
IP 172.67.150.97:0
GET /rs3/64/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:29 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Tue, 07 Nov 2023 08:39:39 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 184310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMYKzvrunAuifhKz4LOlCPuUojQkeqj9wP8CYyGAvao3pBBAdLumxDkdS2poX619CRktREcHZc%2FWJ1YvDee%2FjOAhujblDE%2FSX%2B%2BTErXrHRDgOS%2FCo%2FpQuERxDonKqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676563a5f8cb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
al-tyr.yoo7.com/serviceworker.js
94.23.159.185200 OK 0 B URL HTTP/2 al-tyr.yoo7.com/serviceworker.js
IP 94.23.159.185:0
GET /serviceworker.js HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=166800; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:32 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1652
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snwx81QZkaw1zJJRlLuXpP9J8SmG8sQVT%2BC0E4Pb%2BpC3QALU6un0fR54ywj5NgD7BuuIv91I59MvcU5FhhhVI5xvh4iqQcpAbzuZJzVDrkZch%2F6olMSM7ClGxNGd7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7676564a9a8ab51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
al-tyr.yoo7.com/?utm_source=pwa
94.23.159.185200 OK 0 B URL HTTP/2 al-tyr.yoo7.com/?utm_source=pwa
IP 94.23.159.185:0
GET /?utm_source=pwa HTTP/1.1
Host: al-tyr.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://al-tyr.yoo7.com/serviceworker.js
Connection: keep-alive
Cookie: exadd=166800; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:30 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Wed, 09 Nov 2022 00:00:00 GMT
last-modified: Wed, 09 Nov 2022 11:51:30 GMT
vary: User-Agent
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.84200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.84:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 11:51:31 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 108733
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sync?dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 11:51:32 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=undefined&cb=1667994689358&uv=3239&tms=1667994689358&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=ae4927e6-e179-4f80-817a-3fecf10ef3c9&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.85.44200 OK 0 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=undefined&cb=1667994689358&uv=3239&tms=1667994689358&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=ae4927e6-e179-4f80-817a-3fecf10ef3c9&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.85.44:0
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V72KwCFgPJBOE3W49d9ATJBOE3W49d9AUAAAAGBuIHJOEyLSe7lW2tcuyWa9HMOFgLF7uFWzNzeWyOwcrm2TiHQGIr02w524zcCtNmuRaNXDa3cjZZrYUTi8NkHI6WI9dmCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeEoOl0-Fz3eoXZLXpe7sq_3zfX-N1-0XG3Fv0NT48dAAAAAB4ArN4yIX4AAQAiAAAAACQAAAAAKAIq_i0ELgAAAAAwAAxILjQAPjkI3nP2-wMAoGELBABAAIMEYGA1oATg43zlBAAAAAAAAACA5f___z8GYA9rTAZgZH-nB-DBB-CBqGC5iBEAAADAlpaK5tGkTqgsqgAACNKtAK4AAAIIuXZSYMIAAAACxhboYfH7zQ67xu92GQAAAAAAAACA2f_ZP5rQG65UWhDL6LXaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3ogZjIslhvDZrKZeBaL1WJlmPh2I4tvsVzMnLuJx3sJ4i_h0B99H30ewjL7fQcRy_M1_Q0HGd_yehtERdfbYnc4zZ77UbRkuVvuVqPJYjRaLje74WY02N9ADFYDnIjBcjmZLCa71Wg12gx3o9lggQIxmCBFS1bL5XK12axWu9FiNtgsh5sNUrRqNRttBsPVbDLb7VbDwXA5GiFFS5a75W41mixGo-VysxtuRoMhwsBqZTOOZpa1cLHarUXLjWutXA12a4nFt1jZPCabx7dbi14f08O2Wiw3ni0KBmjsRXCRTmR-y-vtNz39drfCchFLNCeLdCK77Gsmw2K5MWwmm4lnsVgtVoaJbzey-BbLxcy5m3j8hdXKZhzNLGvhYrVbi5Yb11q5GuzWEotvsbJ5TDaPb7cWvT6mh221WG48-8ZstlsuR7PlYt-YzXbL5Wi2XOw7dIbv6nM2OoPjiUfoMH97Io3NYVC4DBbv73ORNqONm1GlDVssqmtx55pYddrYydg5mA0K3_CaGP5-6ue1m70dxAaDIpYIThfpRPQyni5iieRpkU6Uw9FgYrL5Jp6ZwzGYzSbLzcLhWs1co91qYVotJmKJ0nSRTvSi424t-hueHov6jwy5mCsHc9FkrliNVgkAAAAAAAAAYAlz5k0AAAAATgMZDTbD1XIBIJy9dAEAAAAAAAAAdiU6GLc4IQhxixs_bjC_5fX2m55-u1thuTLAAzU582bPBLFWq2UNAAAggA0AABDArZu3AGxGbh-oChwAAAAAAA!&cmcv=&pix=undefined&cb=1667994689358&uv=3239&tms=1667994689358&abt=esv_vB!id5mc_vA!mprdctdt6_vA!smbs!spa2_vB!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=ae4927e6-e179-4f80-817a-3fecf10ef3c9&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://al-tyr.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 11:51:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1644-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667994693.735952,VS0,VE264
vary: Accept-Encoding
X-Firefox-Spdy: h2