azhermed.yoo7.com/f101-montada
188.165.2.137301 Moved Permanently 0 B URL HTTP/1.1 azhermed.yoo7.com/f101-montada
IP 188.165.2.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /f101-montada HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 04:25:54 GMT
Content-Length: 0
Location: https://azhermed.yoo7.com/f101-montada
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5739
Expires: Fri, 09 Dec 2022 06:01:33 GMT
Date: Fri, 09 Dec 2022 04:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3385
Expires: Fri, 09 Dec 2022 05:22:19 GMT
Date: Fri, 09 Dec 2022 04:25:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2950
Expires: Fri, 09 Dec 2022 05:15:04 GMT
Date: Fri, 09 Dec 2022 04:25:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 04:08:17 GMT
content-type: application/json
age: 1057
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bo+ZCOLnYTqR+nXA99EvwsujI9k2NJ3TWPc+VTV6pUMsh46WNYnU3tEJ+XIFqrFV9ZuLvQ1XjAA=
x-amz-request-id: F9PA67H3V4XKGRFS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 03:50:06 GMT
age: 2148
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 762a5943e302fad0f8a492ed0d23c1f1
099082ac5336589250b67d6fa64a9e6c8ace9bb3
ddc50ebb7ab64b104901de4bdb09c0bd0a63782b5d353ddfa68c2c1b643a75cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DDC50EBB7AB64B104901DE4BDB09C0BD0A63782B5D353DDFA68C2C1B643A75CB"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14243
Expires: Fri, 09 Dec 2022 08:23:17 GMT
Date: Fri, 09 Dec 2022 04:25:54 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 676887ad3cd09155f9af6b13a7a90e5d
e633dc5af0973bb752544c7a9513b2b841849671
ac9ae2277713b9213f8ffb72071350a819c90a74de8021669d1a06988e3f8428
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6268
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Last-Modified: Fri, 09 Dec 2022 02:41:27 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 676887ad3cd09155f9af6b13a7a90e5d
e633dc5af0973bb752544c7a9513b2b841849671
ac9ae2277713b9213f8ffb72071350a819c90a74de8021669d1a06988e3f8428
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2326
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "6391808a-116"
Last-Modified: Fri, 09 Dec 2022 03:47:09 GMT
Server: ECS (amb/6BC0)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 676887ad3cd09155f9af6b13a7a90e5d
e633dc5af0973bb752544c7a9513b2b841849671
ac9ae2277713b9213f8ffb72071350a819c90a74de8021669d1a06988e3f8428
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1255
Cache-Control: max-age=94110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "6391808a-116"
Expires: Sat, 10 Dec 2022 06:34:25 GMT
Last-Modified: Thu, 08 Dec 2022 06:13:30 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 278
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
142.250.74.138200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP 142.250.74.138:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:01:47 GMT
expires: Wed, 06 Dec 2023 13:01:47 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 228248
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-144347007-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 3aede4cfcedef282dcfe90322ad04742
2a9caa343065affa54b48eed2f87d273370f62f8
d14849dd7ae2f395e185cd7cf374cf88de867ff68c262e71a48a88aff3331e79
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 04:25:55 GMT
expires: Fri, 09 Dec 2022 04:25:55 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43636
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 04:07:59 GMT
age: 1076
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1acb166ead77e1fa392c343c74c8dbf9
a5794d8ea8072589ebfb356999418eaf48fb8603
9ea417ac4fadf175c97e7b7f41d99be0e6fc1def3238b31c55a92320780b5ba4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4506
Cache-Control: max-age=95177
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63917802-117"
Expires: Sat, 10 Dec 2022 06:52:12 GMT
Last-Modified: Thu, 08 Dec 2022 05:37:06 GMT
Server: ECS (amb/6B75)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1acb166ead77e1fa392c343c74c8dbf9
a5794d8ea8072589ebfb356999418eaf48fb8603
9ea417ac4fadf175c97e7b7f41d99be0e6fc1def3238b31c55a92320780b5ba4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 216
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Last-Modified: Fri, 09 Dec 2022 04:22:19 GMT
Server: ECS (amb/6BC0)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 587e1e3e8504fe545740a56c28884fdb
f951acfee17b78a618b02ecc4c9ecd39b3198d3f
bdc02bd5425ea7029603ba188adc5966a01784cb58315ad81745d90bcb856f37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5888
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Last-Modified: Fri, 09 Dec 2022 02:47:47 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 727
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5610
Cache-Control: max-age=108867
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:40:22 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 32e23db68e6459cedb27f9a1b43182b5
4bf54accce9d81647a83046153f16f328b171d1a
52f39bb67168ff0cab603f7e6c719708da5ca2db7e307b4751099865ddad4380
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5281
Cache-Control: max-age=153889
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63925a53-138"
Expires: Sat, 10 Dec 2022 23:10:44 GMT
Last-Modified: Thu, 08 Dec 2022 21:42:43 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 312
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1acb166ead77e1fa392c343c74c8dbf9
a5794d8ea8072589ebfb356999418eaf48fb8603
9ea417ac4fadf175c97e7b7f41d99be0e6fc1def3238b31c55a92320780b5ba4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4506
Cache-Control: max-age=95177
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63917802-117"
Expires: Sat, 10 Dec 2022 06:52:12 GMT
Last-Modified: Thu, 08 Dec 2022 05:37:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
i.servimg.com/u/f36/17/86/26/69/rss10.gif
104.21.31.159200 OK 314 B URL HTTP/2 i.servimg.com/u/f36/17/86/26/69/rss10.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 36 x 14\012- data
Hash 715ecbbafbc76d703a605f8605ca5251
dcc7f5d7c770ca7f5bb040d68417be41392139ae
7f79c34d195df06861000d480353f9e410f038fc49884c081a9129bef2d76541
GET /u/f36/17/86/26/69/rss10.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 314
last-modified: Fri, 19 Oct 2012 08:57:07 GMT
etag: "508115e3-13a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Wed, 18 Oct 2023 05:52:14 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8%2BlyUtzqCqM8kVJvM4itCeve2%2BzfWR9Q8q5wf3gCvnYD272XjBopKJp9d7hpxgRHBWlbK8RLbEx%2BfyJvbTcnoB%2FNdRpDbyaDszOLohW9hotq0PzLYKrdD9bKbmxySMn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d3cb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/210.gif
104.21.31.159200 OK 2.0 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/210.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 14 x 230\012- data
Hash 1bb5f69b645597b76a888016a6934f1f
e0a3655a1a4356edc825156ea895537130caf1a7
1bf56adb2f00ce67e09089c184b2a55f75a0dd4484978f93be5acb6d984d714c
GET /u/f15/18/05/21/89/210.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 2023
last-modified: Sat, 26 Jan 2013 23:19:20 GMT
etag: "51046478-7e7"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 13:28:32 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwMrUO4y1Rl5B5BfV8Z3BzJ23RJkcDVX3hdGBLfdh4bwWQNO7Dn2X05O4%2FIuXIorn8m8yidx5eyptCu%2FiqSbaFRrql8bW3gSjTwp9a4ysImbpIADelSkN2BV1z6K4nOL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d39b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/611.gif
104.21.31.159200 OK 842 B URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/611.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 10 x 100\012- data
Hash 81650e3a284cf8d5361ce7662758b80e
882b09fe6849719260e2692dfd27e61849c866d1
ddfacf1899dde1cc598bd15706d75533403de54cd0ff4c0234c7a6f5e3e19f6d
GET /u/f15/18/05/21/89/611.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 842
last-modified: Sun, 27 Jan 2013 06:46:53 GMT
etag: "5104cd5d-34a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 07 Dec 2023 22:16:36 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKO1nFFNmZ%2BI6X1ntBXz0fLVh3zXTvdv7gEyU%2Fv5FYlnIR9oOKBbOM3arXRBv214WYWVHDFh8QvM0CWpwAaeRm1XZyNiFHdi85h48SFFYE9OivO6S7iW%2FyH0UtGIUo57"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d42b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/511.gif
104.21.31.159200 OK 4.7 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/511.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 63 x 100\012- data
Hash 876aaf2ee048099a5a7aec125b520af2
7005a5b3560c1780f3c6283304ca42732819c06f
b2115d8c15182788197c0096ae7adb86633b64a4765111b1c840962798f11175
GET /u/f15/18/05/21/89/511.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 4688
last-modified: Sun, 27 Jan 2013 06:47:10 GMT
etag: "5104cd6e-1250"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 21:06:01 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLVPEKh7McMtnMCqH%2FkZAXKXxMU%2B8A84vxtcMl6dxNPpwM0137XhxnRn1UMe38ZoDHGG8EeYwBEv7XA25L5hqJrGv9bdb30xiUO9%2FHSQyKCAByZavOwvuenTJDvzENoU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d43b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/uuoo12.png
104.21.31.159200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/uuoo12.png
IP 104.21.31.159:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/uuoo12.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OYyFEu0ZdulF487BbVnZ2otbleE2rzxbwHgdfu%2FRwuM8tpQnQnK8AuSAp7ZaDOFCOFDth92W40I0hpQ%2F7HowORJtSnJLmG9VvtJjB9E%2BYGWIwiMHBRCokfLZcZyndJfi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d38b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/navbit10.gif
104.21.31.159200 OK 970 B URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/navbit10.gif
IP 104.21.31.159:0
File type GIF image data, version 89a, 14 x 11\012- data
Hash 069933c37f1a5053f9c6936161f1081b
a6e4420d349088f5d98b441354601fcc9adaaf57
fbb9affa4a15d1f89d6943d5466da7205747dab1709e3f1bbfcdff7fc0b984f2
GET /u/f15/18/05/21/89/navbit10.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 970
last-modified: Sat, 26 Jan 2013 23:37:14 GMT
etag: "510468aa-3ca"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 22:17:27 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LdJVYFNC7JRKU%2B5v%2BlQow86zNL6ne2XOb9dTlGIFXj1Y0sU%2BdzLdGX6OXQ7HiJ9yT44YgEh%2Frbb%2BjggMMSXfUslhs0ggWJW%2FWIEGazX3H%2Ftzzs8s8UIGD%2Ftau9xXUoh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d31b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/610.gif
104.21.31.159200 OK 842 B URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/610.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 10 x 100\012- data
Hash 81650e3a284cf8d5361ce7662758b80e
882b09fe6849719260e2692dfd27e61849c866d1
ddfacf1899dde1cc598bd15706d75533403de54cd0ff4c0234c7a6f5e3e19f6d
GET /u/f15/18/05/21/89/610.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 842
last-modified: Sun, 27 Jan 2013 06:46:20 GMT
etag: "5104cd3c-34a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 13:28:41 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nv3HQb1%2BuQe9gZnL3%2FUk7GsIs1asW6LBlp1EeUGHg4o6jQZVNGV9XPBQgnlV64TrW7v09LIy9JD%2F4jLa7XtEbU7D4a0Nrbm2%2BuCHPd9k7Y4TKt%2BgewqhuIfOk%2B5NAgN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d3eb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f33/17/63/33/36/13317111.gif
104.21.31.159200 OK 651 B URL HTTP/2 i.servimg.com/u/f33/17/63/33/36/13317111.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 16 x 16\012- data
Hash d8e2625c5f17bbbc1098d1edc763ecaa
999e5dac163936304a87c6ad1d6ccb565aeaed07
3a0853c26407e66163483aa23c2b902dcbacbb3b2f936ff7f23bd6de332598cd
GET /u/f33/17/63/33/36/13317111.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 651
last-modified: Thu, 18 Oct 2012 04:37:11 GMT
etag: "507f8777-28b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Fri, 08 Sep 2023 19:12:32 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPOYtg3W9H%2BMILIp1Xx9QaY9%2BaEbnXC890Q6TtSULNC5Y2xf4cGc6gDd2ymidz9LjxKqCftHFXOy0toEjYRQwj8uOFnKiT3XLS5%2Fb4wpoOCSuz%2B8jBRFZSGmf05wTlBJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d47b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/111.gif
104.21.31.159200 OK 20 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/111.gif
IP 104.21.31.159:0
File type GIF image data, version 89a, 166 x 230\012- data
Hash a1935539151aa574c0fb7116f98098aa
2c7bb0f9d9ac39e374217456be6bd949bef5d791
17b6a700327b103daffa38617ecc7865d188cfa399a5c2bfba8aa8207943b250
GET /u/f15/18/05/21/89/111.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 19806
last-modified: Sat, 26 Jan 2013 23:20:20 GMT
etag: "510464b4-4d5e"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 21:05:55 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqo0xR49B6eK1nZEQakA1PZ9wTo6hpbXnYNmLxHvmfZwgHb1bI6SFVMgnzR2QVx70tGPLeqmw7hUC%2FTquedP0BhNbRcCUj1co1hWNcA9%2FBuMPqwk85FwlVeyFhsQG1am"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d33b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/710.gif
104.21.31.159200 OK 12 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/710.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 238 x 100\012- data
Hash cd3b0cd36e0fa54c80d95b1e936bb210
c61f61cae7790b0339ad0e71e3eb2ef4924f3d3e
10405592a623397686de6f1e7455a22af85ab67573656fbdca845f59c2bb04d6
GET /u/f15/18/05/21/89/710.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 12453
last-modified: Sun, 27 Jan 2013 06:46:35 GMT
etag: "5104cd4b-30a5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 13:28:41 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbojSsVa7TeusbnTJ9GUqdAPZFcClmm%2Fl3pymqDRnKT6yXyV3rl%2FyqpeiESt9yp0IJVg0WNrIyOqOk4UTAk3MnPnKxJ%2BWknPud22XTKZtcjaF4Jti%2BeD1Qbs%2BUpmXue6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d41b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 676887ad3cd09155f9af6b13a7a90e5d
e633dc5af0973bb752544c7a9513b2b841849671
ac9ae2277713b9213f8ffb72071350a819c90a74de8021669d1a06988e3f8428
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6268
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Last-Modified: Fri, 09 Dec 2022 02:41:27 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 278
i.servimg.com/u/f15/18/05/21/89/411.gif
104.21.31.159200 OK 20 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/411.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 165 x 230\012- data
Hash 3b63f0513a4a5452e95217184554d848
bc527fbd1ec293134a8260dbfb769ac6385c6d3a
c97dc73481bd607d88926b1eb32242f6451df3396956b12985de1f3f6eb93741
GET /u/f15/18/05/21/89/411.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 19933
last-modified: Sat, 26 Jan 2013 23:19:01 GMT
etag: "51046465-4ddd"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 13:28:32 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YH%2Fi62F1Mabw6kdZkm1tzccXNxoKmDI2lLnng5Hu%2BO2%2FSum0kBnn%2FUJOd9VzgZ%2FFZ8GbR8YGP8c6z9y5loojRIyLcYUw24X6nYJXwHN30n4D8d5VUE7NTGyUh06w%2Fxh%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d36b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/navbit11.gif
104.21.31.159200 OK 1.0 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/navbit11.gif
IP 104.21.31.159:0
File type GIF image data, version 89a, 30 x 15\012- data
Hash b25ebf65475413be97b04504d7991e57
f70f30ccf448703396dcdf0a0062c8a6d59ff34d
a96d62c23004150e0ca3006102dce3f227b4bb7c8b52dede31167cce1f225af6
GET /u/f15/18/05/21/89/navbit11.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 1014
last-modified: Sat, 26 Jan 2013 23:37:53 GMT
etag: "510468d1-3f6"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Fri, 08 Dec 2023 23:50:27 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91sfptFnwwM2QxAUoYSK2IvkVrp%2BZiiws0G2loJa%2BV8XE3EhYuKmo1NSQmP%2BfwuDpB7Q%2FePSCjrNUcIBpQc6B8Mr0utV8nzhvOs%2Fdq890Idg8O0vqR%2Fj0gKS8lCMY39H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d35b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f33/17/63/33/36/13317110.gif
104.21.31.159200 OK 400 B URL HTTP/2 i.servimg.com/u/f33/17/63/33/36/13317110.gif
IP 104.21.31.159:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 072fb3e506425a305bf0836dba45518c
569192723c86dcc772f0283ddedd6fc697e88746
ef4e37b7ab928cb28f7ac0ce6f33b7ac355ccd11ccac9f5fc4345f2e0671b907
GET /u/f33/17/63/33/36/13317110.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 400
last-modified: Thu, 18 Oct 2012 04:36:20 GMT
etag: "507f8744-190"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 08:24:55 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S98SCQct5V8%2B0R6wNcTYvYZrXst5tIA1U05ILpsjwnGbedejzuaTVDy2vISao%2BZfnstnZA4zdIHovK99rF9P6rhtZxNQuArHBci3QLX72Li576QZF%2FdlJVpOy4Ofk9Qt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d44b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/211.gif
104.21.31.159200 OK 2.0 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/211.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 14 x 230\012- data
Hash 1bb5f69b645597b76a888016a6934f1f
e0a3655a1a4356edc825156ea895537130caf1a7
1bf56adb2f00ce67e09089c184b2a55f75a0dd4484978f93be5acb6d984d714c
GET /u/f15/18/05/21/89/211.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 2023
last-modified: Sat, 26 Jan 2013 23:20:02 GMT
etag: "510464a2-7e7"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Fri, 21 Jul 2023 19:26:28 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5VEj%2BZN4D%2FoIsekJ26RITDG6CxjLjbDHm%2FUHVscXOrEFVtc%2F3uZcSs6FJoVZqvfMDgLFP%2Fl%2BLENCESMBELG1KBzzxkZ3p1FMSen0%2Fc5caOL3QhoQ7y8yEC7fv%2BEPXC%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d46b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/18/05/21/89/810.gif
104.21.31.159200 OK 4.8 kB URL HTTP/2 i.servimg.com/u/f15/18/05/21/89/810.gif
IP 104.21.31.159:0
File type GIF image data, version 87a, 63 x 100\012- data
Hash 35508163a9fe01e90453d5380292d457
a8383121a0ca6050e839eaf05ac8978953e2efc3
47691e33ce4dc20715b22f769bc43f84fe502a0336f3de4553464d2dfdfc8b54
GET /u/f15/18/05/21/89/810.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 4760
last-modified: Sun, 27 Jan 2013 06:46:02 GMT
etag: "5104cd2a-1298"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 16 Nov 2023 12:01:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1mhY6wcn48j75c3AMw8Yrqppcu7Kf1sfg4PmlfW3k0CcIacu7uv%2F4lq7aC%2FJN%2FzxJcVgxdripCm0yMz4M9l%2FSFEtnBnIZUgSu%2FXT4e6vVLcjMXY1v%2BdE%2F05l6gJwWjZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d3db51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f34/15/04/02/38/button10.png
104.21.31.159200 OK 43 B URL HTTP/2 i.servimg.com/u/f34/15/04/02/38/button10.png
IP 104.21.31.159:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f34/15/04/02/38/button10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyX4%2Fc%2Bex4tLLFGkUU5pBAx7sBSHmIHK8yKynTIoN9nN%2FeDSfJlrhrBhsUPNlq6eYlYkRMymtn3prn1cQTrxtOqTIzaXu%2FzRbNZy%2FdxgSxwYNjRBuo3mj6pO6iGfrWkP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d45b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f15/15/85/44/53/3-copy10.png
104.21.31.159200 OK 44 kB URL HTTP/2 i.servimg.com/u/f15/15/85/44/53/3-copy10.png
IP 104.21.31.159:0
File type PNG image data, 416 x 230, 8-bit/color RGB, non-interlaced\012- data
Hash a6d2053dadeeda16c81bf91e769380a9
77876a3ead363e8ebc32a8011992c877a3ee7c3f
07408bb3aca2ffbb08e0df40ff5dd252e27b3ff284821372070e01d6fae1cc44
GET /u/f15/15/85/44/53/3-copy10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/png
content-length: 43779
last-modified: Sun, 27 Jan 2013 08:14:53 GMT
etag: "5104e1fd-ab03"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Sat, 14 Oct 2023 01:57:45 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAex40kLbCGBYssyGDDl1VzB20JqSeWaBIX0%2BB5Y77L9B739wQ8lmYdZlVI7pamhTTtDTlhJZv1u%2BZp9KJKle70McJfBkgXsqMyaJfypID%2BS3tUENaTMFTQ3Z9jEf3Eh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776afac89d37b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
azhermed.yoo7.com/0-rtl.css
178.33.43.178200 OK 56 kB URL HTTP/2 azhermed.yoo7.com/0-rtl.css
IP 178.33.43.178:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash dc00a4751e7af37134fc08708f5f9cf4
55587377ec97f1a15f0ea73105831947bbc48d58
133a235f2038c9bf95a1787aa7e8f82a0df027668f2dec3b3fa58b3ff0f908e9
GET /0-rtl.css HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/css
content-length: 55930
last-modified: Fri, 09 Dec 2022 00:00:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a08ce4e69b29e445349103c0846acd1
38f63af0d568fcf75e20c27d53896c7fffd3c2b3
a07ff42f58111ec99ce37ba3952da3ce6bbe08416f6345235988839afa83018f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4358
Cache-Control: max-age=154444
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63926019-118"
Expires: Sat, 10 Dec 2022 23:19:59 GMT
Last-Modified: Thu, 08 Dec 2022 22:07:21 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a08ce4e69b29e445349103c0846acd1
38f63af0d568fcf75e20c27d53896c7fffd3c2b3
a07ff42f58111ec99ce37ba3952da3ce6bbe08416f6345235988839afa83018f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=150086
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63926019-118"
Expires: Sat, 10 Dec 2022 22:07:21 GMT
Last-Modified: Thu, 08 Dec 2022 22:07:21 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a08ce4e69b29e445349103c0846acd1
38f63af0d568fcf75e20c27d53896c7fffd3c2b3
a07ff42f58111ec99ce37ba3952da3ce6bbe08416f6345235988839afa83018f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4358
Cache-Control: max-age=154444
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63926019-118"
Expires: Sat, 10 Dec 2022 23:19:59 GMT
Last-Modified: Thu, 08 Dec 2022 22:07:21 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a08ce4e69b29e445349103c0846acd1
38f63af0d568fcf75e20c27d53896c7fffd3c2b3
a07ff42f58111ec99ce37ba3952da3ce6bbe08416f6345235988839afa83018f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1797
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Last-Modified: Fri, 09 Dec 2022 03:55:59 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
2img.net/i/fa/subsilver/folder_announce.gif
104.21.235.175200 OK 307 B URL HTTP/2 2img.net/i/fa/subsilver/folder_announce.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 26abd60124b30a1bdf3d7608c0240909
2cfd40fc22a985ff1ec3e48d9e569cd4bb0715f6
20fcc910fde5ccd7b0e724675990bd12ff9e1b5f6fb3a84c34949ed8cea57cdb
GET /i/fa/subsilver/folder_announce.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 307
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-133"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930750
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FcrxnyqVQ%2FJ1cpPcu9DWX8gBtiVj2K%2BjgaLdS%2FCONqZ2OTHljhAspClnGpOWYCsL7x9ONCXIt5YW17PVwhdNPxaBXU%2B6ZNcBnF0FdzN6d9KU4Tu7Sg92bQJ6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bb672c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/empty.gif
104.21.235.175200 OK 43 B IP 104.21.235.175:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930923
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjDX6FpuvStbpQ81Z01pQdWe89V0UySum2MFUF2fZJtnEugRsR82QeKZMR89U2gIIRUlQNbmx1v3v7seySrf6C9HRMi6s2WRZ5yHxBvEsKDAJZ0cOf%2FYYnr8bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bbb72c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_lock.gif
104.21.235.175200 OK 331 B URL HTTP/2 2img.net/i/fa/subsilver/folder_lock.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 0b6c88481278136cead217ec853f4682
433cc5508a7fd33ace6f50ca30f0ce986b0e1fc4
6c55f26301ec5b47e818f4cd1a1ec42ec1f0a2d0bb04f59036de1db41208c820
GET /i/fa/subsilver/folder_lock.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 331
last-modified: Mon, 16 May 2016 11:01:54 GMT
etag: "5739a8a2-14b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ckQWya%2FKnLUrcRxGqcOJUo4CHwICYnhMoo%2FhcGTXhpnpvomBWUKvFbm0dZQVUSumBp%2FsCeffDX05FCPxtm1drZMvgfuAPBHZxNxj2mSnfH09QZHa2ksFjqaYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bba72c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/empty.gif
104.21.235.175200 OK 42 B IP 104.21.235.175:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /i/fa/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 42
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-2a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930923
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSHL5HGr2S%2Bdit1BLKfiiPUpvO6TY6MGyi8unsz%2BNoT5wyAlc2y%2F5bVB00jG31bbqb6PkSlOVkkboAbEeyXeTT9v0nMdI18nZs3TyGQhhvVzxIj72dMnVFJ%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bbf72c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_hot.gif
104.21.235.175200 OK 1.1 kB URL HTTP/2 2img.net/i/fa/subsilver/folder_hot.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash e85e35396580c5877dfcdb35b3052867
5ef4fc94bc5d46b02ffdb74981b923ac79e801d2
73aee52d8d0abb2682301c6b39901c39ede5aa7b174196291a831e66458f1b54
GET /i/fa/subsilver/folder_hot.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 1127
last-modified: Mon, 16 May 2016 11:01:54 GMT
etag: "5739a8a2-467"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BXEsYoNOyQC%2FqViQBVeZrujL602rvIQQdCrfTig6ftzBg%2BirOajYhEw78XGP6U2hGUNIVN%2BHAkyIjrchJ89HJNSigZvx%2FtFII7s4aSJYcFpSXL5kdlbc0G1hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afacaabc672c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder.gif
104.21.235.175200 OK 344 B URL HTTP/2 2img.net/i/fa/subsilver/folder.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 82b0e14cb45cff5c0f93788bf270cce5
49bbc6418a6260ef7d76984b943f1a197a19940d
6e9cd72c5eb9526358e9607329dc1b35f4b80b8ce688ca6dc5ed97dd38728898
GET /i/fa/subsilver/folder.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 344
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-158"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mjEmPI1y1kKk1LjeryFFf0KMbarrvX3UXfcz3vulcWOrb29EU%2FZsWuL5gyXAecbcizaTWTQJ4xgNwg%2FljYUeqGX8qWGKP8X64hM14p0q2pHkov9pXozcyZ%2F0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bc072c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_sticky.gif
104.21.235.175200 OK 344 B URL HTTP/2 2img.net/i/fa/subsilver/folder_sticky.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 463d3cdb66de08ab982b4f3e840c3826
9e29b00c5dce28610af3ae517d21a560241fd981
9c46886ccb0273f1705f659c98c5c7ca839ee10854e347c50e652d445a12b883
GET /i/fa/subsilver/folder_sticky.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 344
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-158"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930600
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ZVgxSPKQPv2QeBw%2BDXgrqyeZKQDOMB6F%2BoTtRO5OL1Y7lDS%2BrSw%2BEiFUYpvGYjDrXlaJkLselxKjJkTvlwzC%2B2wJ7dvvC%2BfX5dFgQSzwZlaj7X7Xx3jbP6%2FyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bbc72c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_new.gif
104.21.235.175200 OK 331 B URL HTTP/2 2img.net/i/fa/subsilver/folder_new.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 549e4063ffa52c01c6391e7e7d2fee75
0a3b494f7186bb371b3b9b893cbc9cee617ef430
9a774d19486f1608d9fe80b6dcb199ac7212106d3abacd84d58d09bc7b7d5567
GET /i/fa/subsilver/folder_new.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 331
last-modified: Mon, 16 May 2016 11:01:54 GMT
etag: "5739a8a2-14b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FYANlMHwGV03ZC3w9rbaJXtCzI04DxG%2F5Ssw4%2FL3DLA4uwLJy8%2Be0qD34wnRxJ32WY5cuBfAslJH3YhdVeD7M36HItuyXsnEJwQZGH1wjfNcuQ2PD5Q8iM95w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afacaabc972c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/r/ihimizer/img816/9845/11750606.png
104.21.235.175301 Moved Permanently 178 B URL HTTP/2 2img.net/r/ihimizer/img816/9845/11750606.png
IP 104.21.235.175:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /r/ihimizer/img816/9845/11750606.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 09 Dec 2022 04:25:55 GMT
content-length: 178
location: https://2img.net/i/default.png
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 897233
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OOLg7fH4zr62mE1hgZ7tjKa5OkFFpFnkcMVd6vscI7BEOTKc9pgm1%2FuQGERObSxEdJ5Zv4qGF7vlSo9yFLPpPgBzmeV%2FL53FkjQe21u7LLiH7kEyc1IzZTveRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bbe72c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_lock_new.gif
104.21.235.175200 OK 459 B URL HTTP/2 2img.net/i/fa/subsilver/folder_lock_new.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 20830b1885003285180f1ca2bfd2d717
e2ed3cfeab237033b84eaf8c964cbac488da8e3f
5eaedc34f198589268bae7fdb932b687330c634ace6db5b7278008bdbb56f2a3
GET /i/fa/subsilver/folder_lock_new.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 459
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-1cb"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3Sik4mxHGbWlbrIDnOMXDclPyoWeurGU3VRtZ%2FFquhfLkN8wntlBbI3VT2jsVQjrTaK8qSozCIN84VqUbJeKAecnpHgSmJBvg7dPG56hQLfEJON7wOKXPF91A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afaca8bb872c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OWbyBAHvI9llZCACpvgZ9w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CVTNkgPv3hn5PfyYzC2MM+SJ5VI=
static.criteo.net/js/ld/publishertag.js
178.250.0.130200 OK 41 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP 178.250.0.130:0
Hash 30cb79dc9f4303c08ac50a43c6a5cd1e
1c4837fa54c4ab0b4f7c352574177180957daaf4
87d30505ce1292c7821f215846ad71a3cae0152a9dd08a4d918f38e5b899fe13
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Sat, 10 Dec 2022 04:25:55 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/folder_new_hot.gif
104.21.235.175200 OK 1.1 kB URL HTTP/2 2img.net/i/fa/subsilver/folder_new_hot.gif
IP 104.21.235.175:0
File type GIF image data, version 89a, 19 x 18\012- data
Hash 13318d99dd08267593a70257dc0c3c5e
876f5465e293cc45ffb831931a87a318d7b448ea
c7697af43bb37b5972f4b2a6982d8bd992b2487b24e92cda2c8666b8acff3c2c
GET /i/fa/subsilver/folder_new_hot.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/gif
content-length: 1113
last-modified: Mon, 16 May 2016 11:01:54 GMT
etag: "5739a8a2-459"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2TM6O1vMF4ZKiztXTtazOfLam4eR9qujQ85a9h9zxz0ah8EghGEl7a10ln1oQY4HC%2Bh7HVj3VQfCAk5vnZRBkGhhLs5knMbOlsLM%2Fc5faivUPa%2BzuheOmZ%2Fag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afacaabc872c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/default.png
104.21.235.175200 OK 977 B IP 104.21.235.175:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 68740394c6718e3d6587d038d20d51a9
149fff376f6ed06d10c19b41ac3ce8dd97256d48
d28f3347aa8d5ef1cff4e57c589a8ce825b4350e1667d9808a29fa8c89d8e96b
GET /i/default.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: image/png
content-length: 977
last-modified: Sun, 10 Jun 2018 21:44:20 GMT
etag: "5b1d9bb4-3d1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 930916
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gG9NUwnNX%2B2zvcWWmAAGGvG30N%2B%2Bz4RlZ7RvNiVJE%2BZMjCCDnDNmEi5e%2FxfIq4Ecx0KHWFoCYEM0H%2Fe2GRWYHSnKzXULxEOx%2B6ppGQgnc86piVZIE1hZqjbu6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afacafbf972c0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a08ce4e69b29e445349103c0846acd1
38f63af0d568fcf75e20c27d53896c7fffd3c2b3
a07ff42f58111ec99ce37ba3952da3ce6bbe08416f6345235988839afa83018f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=150086
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "63926019-118"
Expires: Sat, 10 Dec 2022 22:07:21 GMT
Last-Modified: Thu, 08 Dec 2022 22:07:21 GMT
Server: nginx
Content-Length: 280
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a037b8b8423b07206ba3cf5cf7a70b3
186897bd553ed5891476b31e694c9d088013cbb5
e53f13c03ed23d5499a32cd336deed3ffac4f564a94d93ba3c09a9fc69e43877
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E53F13C03ED23D5499A32CD336DEED3FFAC4F564A94D93BA3C09A9FC69E43877"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17689
Expires: Fri, 09 Dec 2022 09:20:44 GMT
Date: Fri, 09 Dec 2022 04:25:55 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 15e3b0c296969f81335cfd2dc136478a
45c617468feb907652356179090be9fc36790b03
0388ea0c98ed3ab0a27735128f347d2c626997fb1406dfe7e54796c3245cf8d4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5458
Cache-Control: max-age=115908
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:55 GMT
Etag: "6391c545-139"
Expires: Sat, 10 Dec 2022 12:37:43 GMT
Last-Modified: Thu, 08 Dec 2022 11:06:45 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=azhermed.yoo7.com&var=&ymid=&var_3=
139.45.197.250200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=azhermed.yoo7.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (757)
Hash b439ef0a4ccfe74cb55ea4a8e73500a5
3d03612f814337d3f7ddd5d2d7879842d1ff61d8
d458e204f04c23c021393b5a7de7194dfb0c16398c9b44d32194a2c19c508470
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=azhermed.yoo7.com&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: e0324cd85e4eb755bc70438c9c94d6b1
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=azhermed.yoo7.com
178.250.0.157200 OK 5.4 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=azhermed.yoo7.com
IP 178.250.0.157:0
Hash 00bb02a8f1d709f1501aefc0ec319d60
cae94fba12e7be41c24976b6fb8411912cfe2201
6176f890ddda3a2c93e37a5dc5f73aae34392ec2bbf87d6e2fa8f8327c6f99d2
GET /syncframe?origin=publishertag&topUrl=azhermed.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=8bc6a512-9e0d-4d4a-b2b4-c309013e3b5f; expires=Wed, 03 Jan 2024 04:25:55 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 570853
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/pfe/current/tag.min.js?z=2308013
139.45.197.250200 OK 6.0 kB URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP 139.45.197.250:0
File type C source, ASCII text, with very long lines (14602), with no line terminators
Hash d657bf53422fb936c772380d4f10b0a0
12c9bae16b02c957f06b1b0ec8dccef18e51e353
c0285a69f50de67dd9ac0067e87e0c2dd154a36681c02620dbd0892793adb177
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.viglink.com/api/vglnk.js
54.230.111.25200 OK 29 kB URL HTTP/2 cdn.viglink.com/api/vglnk.js
IP 54.230.111.25:0
File type ASCII text, with very long lines (693)
Hash 072eaf64a771815874455704fca9301b
6c6226d00f14bb800cd4390b3cd42df941be43b1
bb35c8c300bd1acfe7ed86eb988f74ff2e8d86a4fb0409c5d78a890f9fd14b8e
GET /api/vglnk.js HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 28567
date: Sat, 03 Dec 2022 17:42:16 GMT
last-modified: Wed, 02 Dec 2020 18:57:12 GMT
etag: "072eaf64a771815874455704fca9301b"
cache-control: public, max-age=604800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _r3gZYfViWH_TxNA9qc_RnFn8b-GZnQUY7O4q7gR0ZXVDnb4hb9Kkg==
age: 470620
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f724984787cae37de4fc0329604dfe44
bf541d550144ae1ebe97bf815b7dd5f37c46a2ee
0a3b089ca393ee6ace33b69c186aa040eefb6f38b8db8afc74cf835ab7e8dfe0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3924
Cache-Control: max-age=133474
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:30:30 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 02:46:55 GMT
expires: Fri, 09 Dec 2022 04:46:55 GMT
cache-control: public, max-age=7200
age: 5941
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
151.101.1.44200 OK 26 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP 151.101.1.44:0
File type Unicode text, UTF-8 text, with very long lines (65498)
Hash 8ed5e47fab5701c7851f56fc3b5c23b7
d8c5722d11613b9f38ff439f531a115ebc00646e
eaf484594bcb0f144a30c7fe01efe494de04a2e796e7a8ce4849edb1fbe9eeff
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: AeI0fzeOXzp4+yBOvdTxRGUBE1L74rl+Qz7El78NKiK8zkxSge+s5Z4ntchEZF8xbRrkdT5nkhU=
x-amz-request-id: D7J3B7C6Q1N2X7VX
last-modified: Thu, 08 Dec 2022 14:36:19 GMT
etag: "2bfc3f57b6a65d777af9aec207be8568"
x-amz-version-id: pFc28bMYcSPt9qu4BqmvMRtuadGQabsQ
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
age: 82
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670559956.207000,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 64
content-length: 25456
X-Firefox-Spdy: h2
ssl.google-analytics.com/ga.js
142.250.74.72200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.72:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Fri, 09 Dec 2022 02:32:37 GMT
expires: Fri, 09 Dec 2022 04:32:37 GMT
cache-control: public, max-age=7200
age: 6799
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b9fca58b89602b3894ef9642bc27ea3a
e6e8e93b2e314a95eedf178e69c20c4e4a2c55b8
ec626f763a90a8ffcd5979a3a862b6f36a2ae70c17c3e48d9d6b439e2997d943
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5482
Cache-Control: max-age=111985
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Etag: "6391b5db-139"
Expires: Sat, 10 Dec 2022 11:32:21 GMT
Last-Modified: Thu, 08 Dec 2022 10:00:59 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b9fca58b89602b3894ef9642bc27ea3a
e6e8e93b2e314a95eedf178e69c20c4e4a2c55b8
ec626f763a90a8ffcd5979a3a862b6f36a2ae70c17c3e48d9d6b439e2997d943
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5466
Cache-Control: max-age=111969
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Etag: "6391b5db-139"
Expires: Sat, 10 Dec 2022 11:32:05 GMT
Last-Modified: Thu, 08 Dec 2022 10:00:59 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
azhermed.yoo7.com/images/icons-180.png
178.33.43.178200 OK 6.1 kB URL HTTP/2 azhermed.yoo7.com/images/icons-180.png
IP 178.33.43.178:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82
GET /images/icons-180.png HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 09 Dec 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: HIT
X-Firefox-Spdy: h2
stats.g.doubleclick.net/dc.js
64.233.165.154200 OK 17 kB URL HTTP/2 stats.g.doubleclick.net/dc.js
IP 64.233.165.154:0
File type ASCII text, with very long lines (1305)
Hash 5f65521f6c6223e1e18cb161832bea2a
f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6
787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9
GET /dc.js HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17093
date: Fri, 09 Dec 2022 03:33:58 GMT
expires: Fri, 09 Dec 2022 05:33:58 GMT
cache-control: public, max-age=7200
age: 3118
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f724984787cae37de4fc0329604dfe44
bf541d550144ae1ebe97bf815b7dd5f37c46a2ee
0a3b089ca393ee6ace33b69c186aa040eefb6f38b8db8afc74cf835ab7e8dfe0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3924
Cache-Control: max-age=133474
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:30:30 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
cdn.taboola.com/libtrc/impl.20221208-7-RELEASE.js
151.101.1.44200 OK 148 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221208-7-RELEASE.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (65509)
Size 148 kB (147454 bytes)
Hash 7d718d5c49cc315d2ca1206f7589f952
0e9ce8998543cfda79e0a3f7fbce6dbadf446fad
152f099330c1e9d1280a4cf306bae305f2be0cd2393f98368b905cace92be2c3
GET /libtrc/impl.20221208-7-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: r4ClDOM/LOybPBXjkAdoHWp9/vGFfSfwUI1d1joNR7hOuwM84Er5AKBBtdwakQQS+KYSCazlDWw=
x-amz-request-id: FC5WH21F58QWYZA7
last-modified: Thu, 08 Dec 2022 14:16:57 GMT
etag: "7d718d5c49cc315d2ca1206f7589f952"
content-encoding: br
x-amz-version-id: gDb9_.YkM80Ygd8U2pEbkCZ4UPlGEBKU
content-type: application/javascript
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
age: 22039
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 5423
x-timer: S1670559956.305678,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 2
server: AmazonS3-br
content-length: 147454
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/all.js?hash=6901438d12abca335e80dbaa2889a87f
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/all.js?hash=6901438d12abca335e80dbaa2889a87f
IP 31.13.72.12:0
File type ASCII text, with very long lines (18734)
Hash 5b1e4427c7c81093428ed8082ce37ce1
b1b6285c6aec257e9295bdf5779fd6dd3aac2fe4
b055d24ce48e45ed6dba326944825b1bbfbb3de351334fde38a93eab2aecb03c
GET /en_US/all.js?hash=6901438d12abca335e80dbaa2889a87f HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 61f569cfe84c667944a687a0d86c98d7
etag: "46141766d5cf76fb14bbcc6fef1c7914"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 08 Dec 2023 23:44:27 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Wx5EJ8fIEJNCjtgILON84Q==
x-fb-debug: +dLoGn3XVnkHW16sCI4eSljPvD4iPneRaOhGFOJEnv50D5GTETX0Zp+Xwg9JPYxTUnoRqG0fWrLGZDTYy0wxVg==
content-length: 86812
x-fb-trip-id: 1904183273
date: Fri, 09 Dec 2022 04:25:56 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash c8390857d7283908342c0ca6331f461e
ad459334fe29e909520251b8a67304fc94b0856a
9bd11691f6600f6141b79398a94736627e6af709322f4c0914d99ef7eb3012cd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=103068
Date: Fri, 09 Dec 2022 04:25:56 GMT
Etag: "6391984a-1d7"
Expires: Sat, 10 Dec 2022 09:03:44 GMT
Last-Modified: Thu, 08 Dec 2022 07:54:50 GMT
Server: ECS (bsa/EB18)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nFmHfvzYWMLV7EcPKTJDk_GF61s1fKeY2FxbKGEZEeS6VHjVIRwoQQ==
Age: 4134
api.viglink.com/api/ping
52.51.56.230200 OK 260 B IP 52.51.56.230:0
File type ASCII text, with no line terminators
Hash 602d5b63d737b575c6ff9cb0a0d6478e
6824625e0749b4075370d3fe85a459b3f2efa0d2
e11f61a67fe27c44db4fa5fdfd2833c86b33093272b49c29ccf7a5b9942246cd
POST /api/ping HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 138
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://azhermed.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Fri, 09 Dec 2022 04:25:55 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 260
Connection: keep-alive
trc-events.taboola.com/forumotion-ar/log/2/debug?tim=04%3A25%3A55.624&type=usage&msg=rtus&llvl=2&id=659&cv=20221208-7-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/forumotion-ar/log/2/debug?tim=04%3A25%3A55.624&type=usage&msg=rtus&llvl=2&id=659&cv=20221208-7-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=04%3A25%3A55.624&type=usage&msg=rtus&llvl=2&id=659&cv=20221208-7-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 04:25:56 GMT
x-fastly-to-nlb-rtt: 22428
access-control-allow-credentials: true
X-Firefox-Spdy: h2
api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
52.51.56.230200 OK 43 B URL HTTP/1.1 api.viglink.com/api/sync.js?key=74bad24252620514d1244cfba01f2ee2
IP 52.51.56.230:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.js?key=74bad24252620514d1244cfba01f2ee2 HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Date: Fri, 09 Dec 2022 04:25:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 43
Connection: keep-alive
www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34764a63561814%26domain%3Dazhermed.yoo7.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fazhermed.yoo7.com%252Ff2725002791084%26relation%3Dparent.parent&container_width=1190&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2F128592123862564&locale=en_US&sdk=joey&show_faces=false&stream=false&width=350
31.13.72.36302 Found 0 B URL HTTP/2 www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34764a63561814%26domain%3Dazhermed.yoo7.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fazhermed.yoo7.com%252Ff2725002791084%26relation%3Dparent.parent&container_width=1190&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2F128592123862564&locale=en_US&sdk=joey&show_faces=false&stream=false&width=350
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df34764a63561814%26domain%3Dazhermed.yoo7.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fazhermed.yoo7.com%252Ff2725002791084%26relation%3Dparent.parent&container_width=1190&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fgroups%2F128592123862564&locale=en_US&sdk=joey&show_faces=false&stream=false&width=350 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34764a63561814%2526domain%253Dazhermed.yoo7.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fazhermed.yoo7.com%25252Ff2725002791084%2526relation%253Dparent.parent%26container_width%3D1190%26header%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fgroups%252F128592123862564%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dfalse%26stream%3Dfalse%26width%3D350
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: d6iD4lC+AD/yWBFIZIG7iRHY6J7VMhNvNXEu+kjUcqPhRdgThb2v80bvELCCrmqicj6uSWTRucYF9/TEdYWkzg==
content-length: 0
date: Fri, 09 Dec 2022 04:25:56 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
azhermed.yoo7.com/?utm_source=pwa
178.33.43.178200 OK 32 kB URL HTTP/2 azhermed.yoo7.com/?utm_source=pwa
IP 178.33.43.178:0
Hash a7c3cefea4cb094e87d959492788a7c5
042f666e785bbfd138f98eb400a95ae58fb61fe9
23bfa8ab476fd3b09e6ac607e703b226f0156fc41d42a1abfb0749706a38aa6b
GET /?utm_source=pwa HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/serviceworker.js
Connection: keep-alive
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 09 Dec 2022 00:00:00 GMT
last-modified: Fri, 09 Dec 2022 04:25:56 GMT
vary: User-Agent
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/cta-component.20221208-7-RELEASE.es6.js
151.101.1.44200 OK 5.1 kB URL HTTP/2 cdn.taboola.com/libtrc/cta-component.20221208-7-RELEASE.es6.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (18924)
Hash 773d472c349fda7c206cab23fd9bbb3f
18821c1c78614bbca76826a66f14a3a40b329e8c
861c36480e412b056904dfc9eb328d9a40dc1ea92683f174061ac0dfee2bec7a
GET /libtrc/cta-component.20221208-7-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: R62VLiAdQzwELQngNO1qDU9RsVSJjXlSwkMLgi0maiHuT/vbbJkNyV6Jec5DBCAywpjm8DRnmv0=
x-amz-request-id: FRSNS9D705GZSW10
x-amz-replication-status: COMPLETED
last-modified: Thu, 08 Dec 2022 14:37:23 GMT
etag: "f0e242fffb0cd08cdb29da80427db541"
x-amz-version-id: 6gBAAd_jJpYnv4bPoZM6W8SqD1HKczu8
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
age: 102
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 15
x-timer: S1670559957.763280,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 2
content-length: 5108
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.taboola.com/libtrc/userx.20221208-7-RELEASE.es6.js
151.101.1.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221208-7-RELEASE.es6.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (17842)
Hash 77ef522b4755c4f01e37b75aaac81369
3bfdcb285625b7285d130ed031960e902524984a
3d0a522b0606947f1c52f8ac7292f02c9c4aa949839a90f65b61a96554cea95d
GET /libtrc/userx.20221208-7-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: EVoDFjgSx8nYDVaSBfdSZrfkxGZ/39ILDpCZMeHUpDvTa5Mq8QkTUXlkA1eycj0fdWuBTQy7Io8=
x-amz-request-id: 892QGPDXK4FJF5BK
x-amz-replication-status: PENDING
last-modified: Thu, 08 Dec 2022 14:40:26 GMT
etag: "597f7824b4a4bfa8480d70283e671403"
x-amz-version-id: 7RPfQeN4TCB2TwBDrANc32lbpevAJQdg
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
age: 69
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1670559957.773820,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 2
content-length: 5398
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
151.101.1.44200 OK 30 kB URL HTTP/2 vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash aac1042207afd54e1cf1befcaf3420cd
00f0597866330a850a1d6222861591f24dd18380
ea77ece8880eb28ffe83e94ef787b4204f8b1b3d09f443011b898b13ed4bb706
GET /lite-unit/3.9.8/UnitWidgetItemDesktop.min.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
etag: "1842444d4bb92087143326a4d508875d"
server: AmazonS3
via: 1.1 b34d5d8e5954d0b7b46d5f0eb534c166.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: iVxUQ_yUDgKIDSZaR21P2jFvv94ZUaTAMQdnd9xsEMFJTpsmb2NMlg==
cache-control: public, max-age=2592000
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
age: 1459399
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 47083
x-timer: S1670559957.784169,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 29909
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 04:25:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-144347007-1&cid=1365095539.1670559955&jid=953763242&_u=YEBAAUAAAAAAACAAI~&z=1028304293 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 04:25:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.122200 OK 80 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.122:0
Hash dec6f143749cdc793f8c190fc816df91
153363be50b5d64ad324f547d309c66635f4b714
34b5787c1ca7a66f2d9b124499e081704537987dd78e8aef595e36e788a3a3b5
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 73167
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a52e08fece4c3d3936f4c789470d62
f4da52d15b40ba1e16208df5f1473cb2de2c8173
12f2fcac20026cfe364cec8b70dc33197498612b9011d514b4adead4feb23372
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12F2FCAC20026CFE364CEC8B70DC33197498612B9011D514B4ADEAD4FEB23372"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6188
Expires: Fri, 09 Dec 2022 06:09:04 GMT
Date: Fri, 09 Dec 2022 04:25:56 GMT
Connection: keep-alive
www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34764a63561814%2526domain%253Dazhermed.yoo7.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fazhermed.yoo7.com%25252Ff2725002791084%2526relation%253Dparent.parent%26container_width%3D1190%26header%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fgroups%252F128592123862564%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dfalse%26stream%3Dfalse%26width%3D350
31.13.72.36200 OK 9.0 kB URL HTTP/2 www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34764a63561814%2526domain%253Dazhermed.yoo7.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fazhermed.yoo7.com%25252Ff2725002791084%2526relation%253Dparent.parent%26container_width%3D1190%26header%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fgroups%252F128592123862564%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dfalse%26stream%3Dfalse%26width%3D350
IP 31.13.72.36:0
Hash 69c8523f39eac421127a55daf0ce9579
c76786d8b8a845f09971d1f8eb7f7d8e452171e1
39b9b0d63054cdbda8c835ef872f5a023156d6394c4b451c8092d2b235ff149f
GET /login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Flike_box.php%3Fapp_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df34764a63561814%2526domain%253Dazhermed.yoo7.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fazhermed.yoo7.com%25252Ff2725002791084%2526relation%253Dparent.parent%26container_width%3D1190%26header%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fgroups%252F128592123862564%26locale%3Den_US%26sdk%3Djoey%26show_faces%3Dfalse%26stream%3Dfalse%26width%3D350 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: /HinJpeW3HpsPFFsLWscnM/fjxLEadQFrcukPFLZnBhhRqwIts/dumh9KbYMiG5o4Unzn/FtGF/11Gjv3yWnUA==
date: Fri, 09 Dec 2022 04:25:56 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Content-Type: application/json
Origin: https://azhermed.yoo7.com
Content-Length: 383
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 567153778b0dfeb507d9f4bb048731b6
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6980
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=azhermed.yoo7.com&info=pSmG7l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ4NDJlT25objJ3UUVmNTh2YzZ6aTYw&idsd=-382653247,617527500&cw=1&lsw=1
178.250.0.157200 OK 328 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=azhermed.yoo7.com&info=pSmG7l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ4NDJlT25objJ3UUVmNTh2YzZ6aTYw&idsd=-382653247,617527500&cw=1&lsw=1
IP 178.250.0.157:0
Hash 068fce6085c7a44cd20998adac64336f
dcf2a0e3d723cec64ddb75998ba794571d57914a
a8ee74b87f13651065a7751b238fe38264c8ec160ec0718d04b3293f144b1e1b
GET /sid/json?origin=publishertag&domain=yoo7.com&sn=FirefoxSyncframe&so=0&topUrl=azhermed.yoo7.com&info=pSmG7l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ4NDJlT25objJ3UUVmNTh2YzZ6aTYw&idsd=-382653247,617527500&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1079897
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6980
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6980
Expires: Fri, 09 Dec 2022 06:22:17 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9cb76c68a8cd472600106cc118067868
6cee6b1828c709f68b995197ca943a5c393f86fb
009d9ba19043b03b5aceeb80b69bf249f19a0a225bdbfef7ab8691669cb64130
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8204
x-amzn-requestid: cf54b5f8-ede8-49d5-aa56-5d9de98e3ab8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtKfEiToAMFSXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af576-6ddfe35c0b31074d6a07076f;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UfqFAlLedF6ZkfbGXhyYDcvu0porNJb6LPaeQ8p4dqWqsFD6iRgWLw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 15:12:28 GMT
age: 47609
etag: "6cee6b1828c709f68b995197ca943a5c393f86fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6887
Expires: Fri, 09 Dec 2022 06:20:44 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 12:33:10 GMT
age: 57167
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 2651
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb00a2a503a690cee3e4dd729b5bc9bd
cfb1e5bcab2148a777889680e6e36b9d7e8917ec
7e4583ae78ab597639f53669ac2d67d1ebd26be3278c2fc3fc95af934178c116
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: beadd240-39d0-407d-a890-6a095657cac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEd8HC0oAMFUag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb459-44d4f63c62f58684782ef14a;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kTEbkncBnAJmQE8cdAqvDtejiwaetpRBsVcpLXy1h52lO4iUkzmOGA==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 16:28:48 GMT
age: 43029
etag: "cfb1e5bcab2148a777889680e6e36b9d7e8917ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Content-Type: application/json
Origin: https://azhermed.yoo7.com
Content-Length: 459
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 82da3a4fc1cfcda119dbb7b7685f5269
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 13:49:59 GMT
age: 52558
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 08:39:07 GMT
age: 71210
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cca1700cc12c42823f95b2c7f65700fe.jpg
151.101.1.44200 OK 31 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cca1700cc12c42823f95b2c7f65700fe.jpg
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash dc80767672f86f223223f9b1225fa099
c86bfa1053e747e183bcf49d6a276cc7687cd03b
3ab0b29ebbe311bb0f49735d4bd33c6f102beff6094461a20ec746330f614564
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cca1700cc12c42823f95b2c7f65700fe.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 326236419031825725599404831373373384425,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 326236419031825725599404831373373384425,341818766630488423269086991181948173068,29ecf9b93bbf306179626feeda1fab70
etag: "bd629d836ad1b95e729ede05376f4ea4"
last-modified: Mon, 07 Nov 2022 11:47:53 GMT
req-referer: https://www.sozcu.com.tr/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 1c6482fd09cf73ed8b55a917d3f66d5f
x-envoy-upstream-service-time: 776
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 2188819
x-served-by: cache-iad-kiad7000122-IAD, cache-iad-kcgs7200179-IAD, cache-lga21932-LGA, cache-iad-kcgs7200066-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 63, 1
x-timer: S1670559957.078252,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_180%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cca1700cc12c42823f95b2c7f65700fe.jpg
x-vcl-time-ms: 1
content-length: 30730
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c597dfae30791e2228b694ea2259dfc5.jpg
151.101.1.44200 OK 5.4 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c597dfae30791e2228b694ea2259dfc5.jpg
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b5b9d312aaf847e689919ef5af274b4f
c39f573332a67f9af3924af9d76372135227264f
879fd6f32081f1e8ccc6ef3f9194bfd9ccbf67c60d7df2dc5a3bdae11b120357
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c597dfae30791e2228b694ea2259dfc5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 468083158455580269967194112642885811556,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 468083158455580269967194112642885811556,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "77dc5bd4595ed8221bea170a6599b2bf"
expiration: expiry-date="Fri, 04 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 04 Oct 2022 17:57:30 GMT
req-referer: https://blabbermouth.net/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 341
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 3848031
x-served-by: cache-iad-kcgs7200060-IAD, cache-iad-kiad7000145-IAD, cache-bur-kbur8200070-BUR, cache-iad-kjyo7100106-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 208, 1
x-timer: S1670559957.078884,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c597dfae30791e2228b694ea2259dfc5.jpg
x-vcl-time-ms: 1
content-length: 5438
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3fbbbfde9773c6e54b90c618b8ad2cc2.png
151.101.1.44200 OK 9.8 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3fbbbfde9773c6e54b90c618b8ad2cc2.png
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b8a6bfc3585fe41464a27ffbafcf04a5
05d8266affbc8e4973c559d8c3071424a8e98d22
4df32c4a48f1247a2b896c76a8b2e1509fcb8f0c37472091385e7b32bf6d636e
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3fbbbfde9773c6e54b90c618b8ad2cc2.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 565068747113011570180459848130258591472,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 565068747113011570180459848130258591472,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "8cfa63d990991e09c6c6606c55e8bc02"
last-modified: Sat, 22 Oct 2022 18:47:01 GMT
req-referer: https://www.cbsnews.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 3cdf6b33b3a88e277e42886e2f0fa440
x-envoy-upstream-service-time: 149
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 3687901
x-served-by: cache-iad-kjyo7100124-IAD, cache-iad-kjyo7100162-IAD, cache-lax10628-LGB, cache-iad-kcgs7200116-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 696, 1
x-timer: S1670559957.079135,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/3fbbbfde9773c6e54b90c618b8ad2cc2.png
x-vcl-time-ms: 1
content-length: 9806
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg
151.101.1.44200 OK 7.8 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9d538bbacd837fb4339b4e9a671540c6
20a5d6b20bc527e3a4b33123c75262030ea7602a
1f693c9e0c03ea6e5dff8fc6beb54ce3edaf4e357eebfb80925b6af2fcbd4410
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 629215953155833803339392792237923470083,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 629215953155833803339392792237923470083,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "2af7f3a6b2be4bb4aabfbaafcb9354f0"
expiration: expiry-date="Tue, 15 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sat, 15 Oct 2022 14:08:23 GMT
req-referer: https://www.espn.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 74
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 3839768
x-served-by: cache-iad-kcgs7200152-IAD, cache-iad-kcgs7200109-IAD, cache-lga21956-LGA, cache-iad-kiad7000054-IAD, cache-bma1659-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 3395, 1
x-timer: S1670559957.079876,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/IBK/87895346__dpeU3RoT.jpg
x-vcl-time-ms: 1
content-length: 7778
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/163f5378d22a67237a40764d602d99cb.jpg
151.101.1.44200 OK 7.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/163f5378d22a67237a40764d602d99cb.jpg
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5f723facaa3cacce1d7c79faeae01268
ecd1e6bf917a7e16bcc8ba2c863b152cdcd04984
e2ecf740b95650cc5f8bba38f5ea6e33e2031f17dcbb5702fbb1b879260e2e5f
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/163f5378d22a67237a40764d602d99cb.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 606814443251666333200764958514227564329,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 606814443251666333200764958514227564329,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "d0b372a5b9e49b7514cf1a8959783646"
expiration: expiry-date="Sat, 05 Nov 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 05 Oct 2022 06:13:12 GMT
req-referer: https://www.indiewire.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 159
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 3116015
x-served-by: cache-iad-kiad7000101-IAD, cache-iad-kiad7000168-IAD, cache-lax10652-LGB, cache-iad-kiad7000104-IAD, cache-bma1659-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 73, 1
x-timer: S1670559957.078661,VS0,VE6
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/163f5378d22a67237a40764d602d99cb.jpg
x-vcl-time-ms: 6
content-length: 7714
X-Firefox-Spdy: h2
api.viglink.com/api/domains
52.51.56.230200 OK 42 B URL HTTP/1.1 api.viglink.com/api/domains
IP 52.51.56.230:0
File type ASCII text, with no line terminators
Hash 77f00842ce65e6a478dbeee27ac2034c
a0698b8fb50ef16dcd1a6319a285b3a1d5f550fe
3d7510ed612cf8e107c754c72526e9f0eb96c7c147f653dcab43ad6ec836124d
POST /api/domains HTTP/1.1
Host: api.viglink.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 327
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://azhermed.yoo7.com
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Date: Fri, 09 Dec 2022 04:25:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Content-Length: 42
Connection: keep-alive
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IcsFNrfsJ5XU8JGin.jpg
151.101.1.44200 OK 6.7 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IcsFNrfsJ5XU8JGin.jpg
IP 151.101.1.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 695c7072a09426430f3b15ce287c8757
36d7193f90d476b6ddb0c156d32c973fdd687afc
20b711ff37dc75d9005b3a0720069ec42e73904ee26ce62cfd5127f198947dc3
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IcsFNrfsJ5XU8JGin.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 310584108403114031292741203112721262716,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 310584108403114031292741203112721262716,378603099105430713408637329582199312940,29ecf9b93bbf306179626feeda1fab70
etag: "3247af587ae9f697d811d965c626acd8"
last-modified: Sat, 26 Nov 2022 23:36:13 GMT
req-referer: https://weather.com/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 5cff75fc2c9fb6970ba835671abb380b
x-envoy-upstream-service-time: 72
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 149282
x-served-by: cache-iad-kjyo7100069-IAD, cache-iad-kjyo7100143-IAD, cache-bur-kbur8200079-BUR, cache-iad-kjyo7100156-IAD, cache-bma1659-BMA
x-cache: HIT, HIT, HIT, HIT, MISS
x-cache-hits: 1, 1, 1, 4, 0
x-timer: S1670559957.080042,VS0,VE99
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_240%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//taoli.pro/attach/material/SUV_Deals_PR/IcsFNrfsJ5XU8JGin.jpg
x-vcl-time-ms: 99
content-length: 6696
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash acea7cb44141792f5d84b0c9ab8c57e4
69f1e46739200324bd891063d17c7a7083f313b7
4c0d144b20ab8cf7fec972a66e08ed2b993121e9c4b6c88bbf0f3e7388f2b058
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C0D144B20AB8CF7FEC972A66E08ED2B993121E9C4B6C88BBF0F3E7388F2B058"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2532
Expires: Fri, 09 Dec 2022 05:08:09 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=761218ca0e1640edb21b03ace8685582
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=761218ca0e1640edb21b03ace8685582
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash df96f881afa6e0a07979a30b9ee1cf00
7b319b64b7c6fc03e17e1b725fb84c15dcadadde
68195cafb38b818eb1f6015ee8688603cf97a12edb90b1b3fc95418e68de5fc9
GET /gid.js?userId=761218ca0e1640edb21b03ace8685582 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=761218ca0e1640edb21b03ace8685582; expires=Sat, 09 Dec 2023 04:25:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&cmcv=&pix=31589837&cb=1670559956349&uv=3245&tms=1670559956349&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956349&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&cmcv=&pix=31589837&cb=1670559956349&uv=3245&tms=1670559956349&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956349&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&cmcv=&pix=31589837&cb=1670559956349&uv=3245&tms=1670559956349&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956349&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-length: 0
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 11 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash 218729480f5d3ffa16756038bd8d6361
75f85816896c707ec8d89315b17508801a608d05
113ddddb3b9bc4c98cb0ee3ffd6985fab84d21025ddd9586e12dd52464716586
GET /sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3406
X-Firefox-Spdy: h2
il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=04%3A25%3A56.032&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=9462&cv=20221208-7-RELEASE<=deflated&pct=1
185.106.33.48204 No Content 0 B URL HTTP/2 il-trc-events.taboola.com/forumotion-ar/log/2/debug?tim=04%3A25%3A56.032&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=9462&cv=20221208-7-RELEASE<=deflated&pct=1
IP 185.106.33.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /forumotion-ar/log/2/debug?tim=04%3A25%3A56.032&type=warn&msg=TRC.TranslationsManager%20-%20missing%20feature%20in%20translationMap%3A%20userx.&llvl=2&id=9462&cv=20221208-7-RELEASE<=deflated&pct=1 HTTP/1.1
Host: il-trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
x-fastly-to-nlb-rtt: 81204
access-control-allow-credentials: true
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6d741bb3ef15889ae1521a4f25876ac
e3ccd2742b61670e0615e5a74849b48af77036f9
f1029870236bb1f034e0ee07858cd2600d17ebe18538ec65d214fe2c352aaf15
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5528
Cache-Control: max-age=163156
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:57 GMT
Etag: "63927d91-1d7"
Expires: Sun, 11 Dec 2022 01:45:13 GMT
Last-Modified: Fri, 09 Dec 2022 00:13:05 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6d741bb3ef15889ae1521a4f25876ac
e3ccd2742b61670e0615e5a74849b48af77036f9
f1029870236bb1f034e0ee07858cd2600d17ebe18538ec65d214fe2c352aaf15
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5528
Cache-Control: max-age=163156
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:57 GMT
Etag: "63927d91-1d7"
Expires: Sun, 11 Dec 2022 01:45:13 GMT
Last-Modified: Fri, 09 Dec 2022 00:13:05 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
151.101.1.44200 OK 128 kB URL HTTP/2 vidstat.taboola.com/vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js
IP 151.101.1.44:0
File type Unicode text, UTF-8 text, with very long lines (65489), with no line terminators
Size 128 kB (127788 bytes)
Hash 2b361da912acc8f13f4f1b545047025f
af3a70c02bb88e27a151e8edf4a93931ace2aced
7f44e7dee5fbeb1334cdcb6b06d37dbf74a5ce2c65d4494843a2dabd98f2ef1b
GET /vpaid/units/32_4_5/infra/cmTagWIDGET_ITEM.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: NxcjemMMJRUsCExBkB2iiVRl9DgwLdtVaii0IcyucefSWzHY1Wd9p4I32adBzeHQ7741KdCnChI=
x-amz-request-id: 89SJXSQ72NB1B3KT
last-modified: Mon, 28 Nov 2022 10:06:56 GMT
etag: "2b361da912acc8f13f4f1b545047025f"
x-amz-meta-ctime: 1669630015
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1669630014
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
via: 1.1 varnish
age: 929798
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 106775
x-timer: S1670559957.494516,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 127788
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=93ef01fa-7779-11ed-b88f-14d534130106; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93ef023a-7779-11ed-b88f-14d534130106
X-fe: 57
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash f93fe0c44e63867b7f8553c1ca73460e
e664d98cd9803e5f179af596d8a2f50d79fc92b0
dbb9ed743e3bf5d61dd66e676c81d5e2a43c8287d61ef34d90b6c7790ca6106e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 01:33:16 GMT
Expires: Tue, 13 Dec 2022 01:33:15 GMT
Etag: "e664d98cd9803e5f179af596d8a2f50d79fc92b0"
Cache-Control: max-age=334637,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776afad5bcbab50f-OSL
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=93fa875f-7779-11ed-85a3-14684a3a0506; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fa879f-7779-11ed-85a3-14684a3a0506
X-fe: 117
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93ef023a-7779-11ed-b88f-14d534130106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93ef023a-7779-11ed-b88f-14d534130106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93ef023a-7779-11ed-b88f-14d534130106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=93fb043d-7779-11ed-9869-1a7cb9e30206; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 22
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=93fe262f-7779-11ed-96a7-197e22df0106; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe2692-7779-11ed-96a7-197e22df0106
X-fe: 30
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://azhermed.yoo7.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=93fe7653-7779-11ed-b213-1626150c0206; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe7686-7779-11ed-b213-1626150c0206
X-fe: 137
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=31589837&cb=1670559956669&uv=3245&tms=1670559956669&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956669&mntl=1
141.226.228.48200 OK 0 B URL HTTP/2 am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=31589837&cb=1670559956669&uv=3245&tms=1670559956669&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956669&mntl=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=31589837&cb=1670559956669&uv=3245&tms=1670559956669&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&debug=pn:!sqg:!torgn:1670559953563!ts:1670559956669&mntl=1 HTTP/1.1
Host: am-vid-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-length: 0
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe2692-7779-11ed-96a7-197e22df0106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe2692-7779-11ed-96a7-197e22df0106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe2692-7779-11ed-96a7-197e22df0106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=9402777d-7779-11ed-ad47-141922060106; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 64
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe7686-7779-11ed-b213-1626150c0206
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe7686-7779-11ed-b213-1626150c0206
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=93fe7686-7779-11ed-b213-1626150c0206 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=9402cba8-7779-11ed-8b28-1d66682b0406; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 19
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://azhermed.yoo7.com
server-processing-duration-in-ticks: 595533
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=undefined&cb=1670559956670&uv=3245&tms=1670559956670&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=27c6533f-f27d-49f4-bce6-0c83061d5cef&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
151.101.1.44200 OK 547 B URL HTTP/2 imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=undefined&cb=1670559956670&uv=3245&tms=1670559956670&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=27c6533f-f27d-49f4-bce6-0c83061d5cef&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
IP 151.101.1.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1119), with no line terminators
Hash 4796167bca960771e4fb3a7c0e4bad62
e890976408f613a556bcb79ac43ac87bc12d2b91
14f3be28d7240f899ed33ef40533f10955e8a08ddfc465298fccaba2a80fc169
GET /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=8083555&crid=5664665&dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&cmcv=&pix=undefined&cb=1670559956670&uv=3245&tms=1670559956670&abt=mprdctdt6_vA!smbs!ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=27c6533f-f27d-49f4-bce6-0c83061d5cef&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1 HTTP/1.1
Host: imprammp.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559958.517195,VS0,VE23
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash b8ed3edd65547430a57aa8feeda292a8
45d5cdd6858ee7a47ac95517741a8695f4d3a3e9
181d12c624df54f4bda6e994f7d1d625637551819bbee47419ae99c06443d328
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Tue, 13 Dec 2022 00:48:42 GMT
ETag: "45d5cdd6858ee7a47ac95517741a8695f4d3a3e9"
Last-Modified: Fri, 09 Dec 2022 00:48:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 670
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776afad78fa2b4f4-OSL
secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
2.21.206.244301 Moved Permanently 0 B URL HTTP/2 secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP 2.21.206.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: secure-assets.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
date: Fri, 09 Dec 2022 04:25:57 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 998 B URL HTTP/2 am-match.taboola.com/sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash 008aa6f782d464c42435df913206aed0
7cd6629bbaa490060d423478320febb77dfd1482
209abcf338197e0b82266432c48955e9e3cf319ef3405578dc58fef563369afd
GET /sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
104.88.9.101200 OK 233 B URL HTTP/1.1 eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
IP 104.88.9.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 6220919f0a2b24a12a281ea8b891ecf6
759111c360edc6df73ed10aaaa212cb22c47ce0d
030c6e199782fb1908f6f89d3cd41950fd3ae0830c5020ba9ed617111bacd180
GET /usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://imprammp.taboola.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
ETag: "403b9-119-5ec73a0a33d00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
Vary: Accept-Encoding
vidstat.taboola.com/vpaid/vPlayer/player/v14.8.9/OvaMediaPlayer.js
151.101.1.44200 OK 88 kB URL HTTP/2 vidstat.taboola.com/vpaid/vPlayer/player/v14.8.9/OvaMediaPlayer.js
IP 151.101.1.44:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 6b34cacda27ec72b97b6737ed724b8de
2cf75cddd5c0fcf0998e5e09f1419bea5dceaa9b
a1f95863b6f6f800546cdb825c638d66defbf0ef1594e7a86aa6ddd40c6fafdd
GET /vpaid/vPlayer/player/v14.8.9/OvaMediaPlayer.js HTTP/1.1
Host: vidstat.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HQC2qImu+yFtWRdwC7qdeEY+LwREinVNileBf8flE7jOTdBJ0PCsJIuGQaWmLhiRoOBa/JCpWd0=
x-amz-request-id: Q1CB2TACPSHX4QQR
last-modified: Mon, 05 Dec 2022 10:01:26 GMT
etag: "6b34cacda27ec72b97b6737ed724b8de"
x-amz-meta-ctime: 1670234485
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1670234471
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
via: 1.1 varnish
age: 325418
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 73106
x-timer: S1670559958.808677,VS0,VE0
vary: Accept-Encoding
server: AmazonS3-br
content-encoding: br
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-length: 88219
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 649 B IP 178.250.2.146:0
Hash 52d46b828fefefe1629e3472c2466aa7
3c86fefcef16e88e0d7d02200f8c9fd381e01462
7d1add22b647ad26a8bbf03d6b09df2266d23b00b732b36a7996b844d1da3079
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=pSmG7l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ4NDJlT25objJ3UUVmNTh2YzZ6aTYw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=JiqeY180M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQlMkJkSEpZR1hGbTNUSjV5SCUyQkxpUERHMQ; expires=Wed, 03 Jan 2024 04:25:57 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 423294
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
vidstatb.taboola.com/vid/blackScreen5.mp4
151.101.1.44206 Partial Content 91 kB URL HTTP/2 vidstatb.taboola.com/vid/blackScreen5.mp4
IP 151.101.1.44:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b2b087fe4ae638c533731c347fcd4df8
62851c888c21bb51cc04f13b6fc0451279fe0425
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
GET /vid/blackScreen5.mp4 HTTP/1.1
Host: vidstatb.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-mode: 33188
x-amz-meta-gid: 0
x-amz-meta-uid: 0
x-amz-meta-mtime: 1497790207
server: AmazonS3
via: 1.1 9803a30a87f1ec1047cb2b8ad5ecc43e.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gopM2XYfUoVUFmJXQ0440-QEF6IoAyvdLK0EUOquu3M35zK6ZGLwLg==
cache-control: public, max-age=2592000
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
age: 614934
x-served-by: cache-bma1659-BMA
x-cache: Hit from cloudfront, HIT
x-cache-hits: 297217
x-timer: S1670559958.907050,VS0,VE0
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-headers: *
content-range: bytes 0-90783/90784
content-length: 90784
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.1.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.1.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
via: 1.1 varnish
age: 17586
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 401
x-timer: S1670559958.954138,VS0,VE0
cache-control: private,max-age=31536000
abp: 2
content-length: 254
X-Firefox-Spdy: h2
eus.rubiconproject.com/usync.js
104.88.9.101200 OK 10 kB URL HTTP/1.1 eus.rubiconproject.com/usync.js
IP 104.88.9.101:0
File type ASCII text, with very long lines (18728)
Hash 8deb7dbc8b2c345210076315246d243e
48da2b0f96ae0319416cd069c090acef1217dd08
792653092209c4e0ac57fbffab14833a2d9c4cbf4e7d37ff12aa82aa57efc152
GET /usync.js HTTP/1.1
Host: eus.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 08 Dec 2022 23:42:39 GMT
Content-Encoding: gzip
Content-Length: 10067
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=69385
Expires: Fri, 09 Dec 2022 23:42:22 GMT
Date: Fri, 09 Dec 2022 04:25:57 GMT
Connection: keep-alive
Vary: Accept-Encoding
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:57 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=943632be-7779-11ed-bead-107c10e90106; expires=Fri, 06-Jan-2023 04:25:57 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=943632f9-7779-11ed-bead-107c10e90106
X-fe: 85
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5ab7393567c56be79a731bd743dbb79b
20ce9048024b9970ae0242251cb71878c70c978f
02089f69d2754ed78072045a5d9dd78eb0e59c1b493c8d6bf29f4708711ae90d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4992
Cache-Control: max-age=130184
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:57 GMT
Etag: "6391fedd-1d7"
Expires: Sat, 10 Dec 2022 16:35:41 GMT
Last-Modified: Thu, 08 Dec 2022 15:12:29 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
151.101.1.44204 No Content 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2
IP 151.101.1.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /forumotion-ar/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5224
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559958.912070,VS0,VE93
x-vcl-time-ms: 93
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ
18.156.0.31302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 04:25:57 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58534/occ?verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBNW4kmMCEApEQrpUC_kclZYs8QeKi0IFEgEBAQEKlGOcYwAAAAAA_eMAAA&S=AQAAAvJrKXkD0N_YRGwh7ha2-GM; Expires=Sat, 9 Dec 2023 10:25:57 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9dfb6f98524703cb28aa777c06f8307d
0259f1b07774b87d9bf5d69228f549946a1dd747
7b5ecd4e9bf216f4c71747b9eab5f135a610972adeb28d4f61118fab6decc065
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 13:56:48 GMT
Expires: Tue, 13 Dec 2022 13:56:47 GMT
Etag: "0259f1b07774b87d9bf5d69228f549946a1dd747"
Cache-Control: max-age=379248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776afad95e00b50f-OSL
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=943632f9-7779-11ed-bead-107c10e90106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=943632f9-7779-11ed-bead-107c10e90106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=943632f9-7779-11ed-bead-107c10e90106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=943e5ba6-7779-11ed-902f-10a0cca80406; expires=Fri, 06-Jan-2023 04:25:58 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 139
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash aa3101ec1a10266b31476ad0d1d4e2e2
fe248f4b625323741cbbecf22f1a36b6e8105348
5fb753cc650a5eb39ab76817140f14ebf09dcff5cb12f4f4cd93f48321973097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4847
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:58 GMT
Etag: "63920fcd-139"
Last-Modified: Fri, 09 Dec 2022 03:05:12 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 313
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
3.64.108.88200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP 3.64.108.88:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:58 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
ups.analytics.yahoo.com/ups/58534/occ?verify=true
18.156.0.31204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58534/occ?verify=true
IP 18.156.0.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58534/occ?verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 04:25:58 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBNa4kmMCEEeKkQ0QeGNn1nNSQ-yBn5UFEgEBAQEKlGOcYwAAAAAA_eMAAA&S=AQAAApz3NBMYatLMm5TM1r6WyV4; Expires=Sat, 9 Dec 2023 10:25:58 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10ae015a481b29d89da500c7d98243cf
11c12f0aeda31b6da539b9e6022033e29a124307
d654fa17b63be027de9d2554c7dc0c2d83bd57c8b343734e7f5d9d73bd87d8ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5313
Cache-Control: max-age=166177
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:58 GMT
Etag: "63928a36-1d7"
Expires: Sun, 11 Dec 2022 02:35:35 GMT
Last-Modified: Fri, 09 Dec 2022 01:07:02 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
213.19.162.90204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d5c7d31e505103f093db6d1ed70deaa2
Content-Type: image/gif
match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:58 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
pixel.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=1&us_privacy=1---
213.19.162.90204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=1&us_privacy=1---
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /exchange/sync.php?p=a9us&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d5c7d31e505103f093db6d1ed70deaa2
Content-Type: image/gif
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=9467d452-7779-11ed-973c-1e1d47870106; expires=Fri, 06-Jan-2023 04:25:58 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=9467d4b1-7779-11ed-973c-1e1d47870106
X-fe: 104
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e3b657ebd655fbfa5f10c01c775f2aa0
2478fd171e6791a10d83b2bad9de0165d268db7e
2d91737e61e5338bc24c7df4aa36b1c20d9f79fe8ea4bb4914fd2c15e99a7ee3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=9467d4b1-7779-11ed-973c-1e1d47870106
185.94.180.125204 No Content 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=9467d4b1-7779-11ed-973c-1e1d47870106
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---gdpr%3D1%26&__user_check__=1&sync_id=9467d4b1-7779-11ed-973c-1e1d47870106 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://am-match.taboola.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=946c909d-7779-11ed-aef3-1dbc55590206; expires=Fri, 06-Jan-2023 04:25:58 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 97
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bdbdaaa53fdb2d7504cbb882b31a57e7
173490ed924ca718084db6094aca93a52cc1b314
f047325faaedc260ca5cef758770cdb4baf9cb28cc5362fbdae5f334eb9e4e47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F047325FAAEDC260CA5CEF758770CDB4BAF9CB28CC5362FBDAE5F334EB9E4E47"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6948
Expires: Fri, 09 Dec 2022 06:21:46 GMT
Date: Fri, 09 Dec 2022 04:25:58 GMT
Connection: keep-alive
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
142.250.74.34302 Found 326 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1---
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash b7935dc8845592ea78857bb810cd7130
5f497e1627a95df483b70b9436c9431d9ba384d9
2116c3bba5a4dfc09063000e6cefcb61c1e83f2c416370cdd88560aad68fe369
GET /pixel?google_nid=rubicon&google_cm&google_sc&gdpr=1&us_privacy=1--- HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
date: Fri, 09 Dec 2022 04:25:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 326
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 04:40:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
token.rubiconproject.com/token?pid=6404&gdpr=1&us_privacy=1---
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=6404&gdpr=1&us_privacy=1---
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=6404&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 49049ff336235ad60cb44abcb1cec1d6
x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
3.64.108.88200 OK 43 B URL HTTP/2 x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
IP 3.64.108.88:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?gdpr=1&us_privacy=1---&ssp=taboola HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:58 GMT
content-type: image/gif
content-length: 43
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
token.rubiconproject.com/token?pid=25470&gdpr=1&us_privacy=1---
213.19.162.80204 No Content 0 B URL HTTP/1.1 token.rubiconproject.com/token?pid=25470&gdpr=1&us_privacy=1---
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /token?pid=25470&gdpr=1&us_privacy=1--- HTTP/1.1
Host: token.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: 19600bc21eacf9565125744d917cac10
am-match.taboola.com/sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true
141.226.228.48200 OK 1.1 kB URL HTTP/2 am-match.taboola.com/sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1120), with no line terminators
Hash f717cf68d70edb144ff0ab0bbaffacfe
e3f6de8e0594a980413fb5ac1cd43376b6427ec8
71b7861e9cdaab14dede85a55abcc5caa084ca862ecf9906830ea4de881be04b
GET /sync?dast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&excid=22&docw=0&cijs=1&nlb=true HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:58 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3407
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
142.250.74.34200 OK 170 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc=
IP 142.250.74.34:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e7673c60af825466f83d46da72ca1635
fc0fcbee0835709ba2d28798a612bfd687903fb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
GET /pixel?google_nid=rubicon&google_cm=&google_sc=&gdpr=1&us_privacy=1---&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Fri, 09 Dec 2022 04:25:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:25:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
52.95.115.255302 Found 0 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---
IP 52.95.115.255:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1--- HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eus.rubiconproject.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: Server
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: HBV7Q4VBKJF5JKN4JM06
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
52.87.16.203200 OK 174 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 52.87.16.203:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 5900814aee1b0116f66ff1144b53e9d0
5a8fcaa2d4b08f5a2021c9dd3f0f41e4df25de59
9ab2ea0c9dd6dbfe1d973e143afc78ee3466718a21cba3597bec5d45cc46f011
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://imprammp.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash cf7349f142ed260cd20676ecf485b1f0
5d115faedd915af295d93f545f7c3cdef1b03743
623156eb8cc14efd2e4fc54912092e48782342e6f8c2ebb6c553394bee98ee45
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=113886
Date: Fri, 09 Dec 2022 04:25:58 GMT
Etag: "6391be4f-1d7"
Expires: Sat, 10 Dec 2022 12:04:04 GMT
Last-Modified: Thu, 08 Dec 2022 10:37:03 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Fry0bZ6GryNbknvDCBbdonKJ6R4rDWSWYmnebqfQOaRCvkQVnGMl2A==
Age: 5221
taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
52.87.16.203200 OK 43 B URL HTTP/2 taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
IP 52.87.16.203:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo HTTP/1.1
Host: taboola-supply-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://am-match.taboola.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:58 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
52.95.115.255200 OK 43 B URL HTTP/1.1 aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t
IP 52.95.115.255:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6851dbf491ae442da3314f19e8aff085
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
GET /s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=1&us_privacy=1---&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Server
Date: Fri, 09 Dec 2022 04:25:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 9YHXHW3JYV0RTH5JASWM
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bdbdaaa53fdb2d7504cbb882b31a57e7
173490ed924ca718084db6094aca93a52cc1b314
f047325faaedc260ca5cef758770cdb4baf9cb28cc5362fbdae5f334eb9e4e47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F047325FAAEDC260CA5CEF758770CDB4BAF9CB28CC5362FBDAE5F334EB9E4E47"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6960
Expires: Fri, 09 Dec 2022 06:21:58 GMT
Date: Fri, 09 Dec 2022 04:25:58 GMT
Connection: keep-alive
gum.criteo.com/sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=azhermed.yoo7.com&bundle=Pb6dLF9uUUtBaHVGSFJuelNtUUYwODF2UlRVNFclMkZzeWxLb3A0SDRGdTJ2RkJmenA0enBtdHZCTlZEUHl3cUVhU3JheXZpeHB5OSUyRjUxcSUyQnU1OWJRYWRYSVRBbGRRJTJGTGlJenROdDAxWkVMT3BLcEljNm9CMzBtS1pOUmtwVTVaVlVmYkpN&info=JiqeY180M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQlMkJkSEpZR1hGbTNUSjV5SCUyQkxpUERHMQ&idsd=-382653247,617527500&cw=1&rtusCallerId=72&lsw=1
178.250.0.157200 OK 296 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=azhermed.yoo7.com&bundle=Pb6dLF9uUUtBaHVGSFJuelNtUUYwODF2UlRVNFclMkZzeWxLb3A0SDRGdTJ2RkJmenA0enBtdHZCTlZEUHl3cUVhU3JheXZpeHB5OSUyRjUxcSUyQnU1OWJRYWRYSVRBbGRRJTJGTGlJenROdDAxWkVMT3BLcEljNm9CMzBtS1pOUmtwVTVaVlVmYkpN&info=JiqeY180M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQlMkJkSEpZR1hGbTNUSjV5SCUyQkxpUERHMQ&idsd=-382653247,617527500&cw=1&rtusCallerId=72&lsw=1
IP 178.250.0.157:0
File type JSON data\012- , ASCII text, with very long lines (356), with no line terminators
Hash 873cca4a51d628ea1308e8d9153fb57f
226a0d239c34e2d21ecb1db63bd6387e20d70195
266a948eb2e0daad03132290c26dd3c4cefefc51c8681389c7637283ee71052f
GET /sid/json?origin=rtus&domain=yoo7.com&sn=FirefoxSyncframe&so=3&topUrl=azhermed.yoo7.com&bundle=Pb6dLF9uUUtBaHVGSFJuelNtUUYwODF2UlRVNFclMkZzeWxLb3A0SDRGdTJ2RkJmenA0enBtdHZCTlZEUHl3cUVhU3JheXZpeHB5OSUyRjUxcSUyQnU1OWJRYWRYSVRBbGRRJTJGTGlJenROdDAxWkVMT3BLcEljNm9CMzBtS1pOUmtwVTVaVlVmYkpN&info=JiqeY180M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQlMkJkSEpZR1hGbTNUSjV5SCUyQkxpUERHMQ&idsd=-382653247,617527500&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1055660
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
pm.w55c.net/ping_match.gif?scc=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30&gdpr=1&us_privacy=1---
3.66.71.252204 0 B URL HTTP/1.1 pm.w55c.net/ping_match.gif?scc=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30&gdpr=1&us_privacy=1---
IP 3.66.71.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ping_match.gif?scc=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30&gdpr=1&us_privacy=1--- HTTP/1.1
Host: pm.w55c.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eus.rubiconproject.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204
Cache-Control: no-cache, must-revalidate
Date: Fri, 09 Dec 2022 04:25:58 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0c6774dcbd8510e59@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Connection: keep-alive
cdn.taboola.com/scripts/cds-pips.js
151.101.1.44200 OK 1.3 kB URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (3545), with no line terminators
Hash 780c5c514014519ce276709f515905a0
04fe86d00b9c9077effe05171d066d243ecab221
015db06150b62ad2ad533883652174ebb6f07e24a7147fdac01a0ccd266e3f30
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 2KBeU0d7OyPXtZDYUoIqlTBmhGhsve90tjYoemCxISjKQrNgcxT28sPXVt5KfJt+6r7dFoJgA8g=
x-amz-request-id: NFWGDQGY1WQ95XHE
x-amz-replication-status: COMPLETED
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:58 GMT
via: 1.1 varnish
age: 1264
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 1270
x-timer: S1670559959.752602,VS0,VE0
vary: Accept-Encoding
abp: 2
cache-control: private, max-age=3600
content-length: 1340
X-Firefox-Spdy: h2
pips.taboola.com/
151.101.193.44200 OK 4 B IP 151.101.193.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://azhermed.yoo7.com
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=78c1978fa40a412abd9749f401f6bfcb&zoneId=2308013&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=78c1978fa40a412abd9749f401f6bfcb&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash df96f881afa6e0a07979a30b9ee1cf00
7b319b64b7c6fc03e17e1b725fb84c15dcadadde
68195cafb38b818eb1f6015ee8688603cf97a12edb90b1b3fc95418e68de5fc9
GET /gid.js?pub=0&userId=78c1978fa40a412abd9749f401f6bfcb&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Cookie: ID=761218ca0e1640edb21b03ace8685582
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:26:03 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=761218ca0e1640edb21b03ace8685582; expires=Sat, 09 Dec 2023 04:26:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
stootsou.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Content-Type: application/json
Origin: https://azhermed.yoo7.com
Content-Length: 391
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:26:03 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9b7794ae4199f2f24252327862890bae
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
azhermed.yoo7.com/f101-montada
178.33.43.178200 OK 0 B URL HTTP/2 azhermed.yoo7.com/f101-montada
IP 178.33.43.178:0
GET /f101-montada HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:54 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 09 Dec 2022 00:00:00 GMT
last-modified: Fri, 09 Dec 2022 04:25:54 GMT
vary: User-Agent
set-cookie: exadd=167057; expires=Fri, 09-Dec-2022 08:25:54 GMT; Max-Age=14400
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
151.139.237.124200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP 151.139.237.124:0
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Sun, 08 Jan 2023 04:25:55 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 7B1C:D2D3:4824A8:4A013B:638A8635
vary: Accept-Encoding
x-fastly-request-id: 13302c302e4dcbfe7e16260e2cd5983d6eec8ece
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
azhermed.yoo7.com/serviceworker.js
178.33.43.178200 OK 0 B URL HTTP/2 azhermed.yoo7.com/serviceworker.js
IP 178.33.43.178:0
GET /serviceworker.js HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=azhermed.yoo7.com
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=azhermed.yoo7.com
IP 178.250.0.157:0
GET /syncframe?origin=rtus&topUrl=azhermed.yoo7.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=33fa56fd-5163-4794-9780-15e3227884ad; expires=Wed, 03 Jan 2024 04:25:57 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 632171
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
azhermed.yoo7.com/clientscript/vbulletin_md5.js?v=387
178.33.43.178404 Not Found 0 B URL HTTP/2 azhermed.yoo7.com/clientscript/vbulletin_md5.js?v=387
IP 178.33.43.178:0
GET /clientscript/vbulletin_md5.js?v=387 HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
am-match.taboola.com/sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false
141.226.228.48200 OK 0 B URL HTTP/2 am-match.taboola.com/sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sync?dast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&excid=22&docw=0&cijs=1&nlb=false HTTP/1.1
Host: am-match.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3408
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=QTYVLl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ5Q1I1SE9QWSUyRktVdmZzVzBKR2lSYSUyRg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=pSmG7l80M0RITmhlJTJCZkMwOUJGQlhaMUN2czVJaUQ1ckolMkIyJTJGVkFkQ2FUd1BLWEQ4NDJlT25objJ3UUVmNTh2YzZ6aTYw; expires=Wed, 03 Jan 2024 04:25:56 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 308467
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670559956679&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1489&pt=-679966993&tz=0&viewable=true&ddast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1
151.101.1.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670559956679&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1489&pt=-679966993&tz=0&viewable=true&ddast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1
IP 151.101.1.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=388&height=218&pubid=169497&tagid=953497&crid=5664665&noaop=5&sortOrderType=0&cb=1670559956679&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1489&pt=-679966993&tz=0&viewable=true&ddast=V7sWICFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJLLb2Fabzcwts-xGbtFyZlpLPC7bWrAxbgazxci1cdmMQDIj48bkGq7WwtlwtRaNDAu3xLSZuVWDkXHi8c0mG9dsCh7CMvt9BxHL8zX9DQcZ3_J6G0RF19tidzjNnjeYoOl0-Fz3eoX16LK8XSa78u_3zTV-t1_mGCzWar_d9DA57AAAAADwAGD1lgnxAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAFgQHKhAfDJQfCes98fAAANWyAAAAIYJAADqwElAB_nKycAAAAAAAAAACz_____MQB7WGMyACP7Oz0ADz4AD0QFiEWMAAAAALa0VDSPJnVCZVEFAECQbgVwBQAQQFgf8n8WBgAAEDC2QA-L32922DV-t8sAAAAAAAAAAMz-z_7RhN5Gr9OCWEav1X4BAQDWfgEBANjUDQDgLQAu6AhaMRisTiF2w9liN5ptRrMDAAAAuPv____XAzHfymGZOZaj4WY3mO12s9FusBnODAvjYjBz7GbeU2_1FMJ338Tp8xCW2e87iFier-lvOMj4ltfbICq63ha7w2n23I-iJcvdcrcaTRaj0XK52Q03o8H-BmKwGuBEDJbLyWQx2a1Gq9FmuBvNBgsUiMEEKVqyWi6Xq81mtdqNFrPBZjncbJCiVavZaDMYrmaT2W63Gg6Gy9EIKVqy3C13q9FkMRotl5vdcDMaDBEmBiOTYWKzrJW7iXMtWiyWa4XH4nKrXKONabTYLXYTy1r0-pgexo1n5RptUTCgYy-Ci3Qi81teb7_p6be7FZaLWKI5WaQT2WVf860clpljORpudoPZbjcb7Qab4cywMC4GM8du5m8MRibDxGZZK3cT51q0WCzXCo_F5Va5RhvTaLFb7CaWtej1MT2MG8_KNdo3ZrvBarVcrmb7xmw3WK2Wy9Vs36EzfFefs9EZHE88Lu0xtM0NbQ6DwmWweH-fi7QZbdyMKm3YYlFdizvXxKrTxk7GzsFsUPiG18Tw91M_r93s7SA2GBSxRHC6SCeil_F0EUskT4t0IrEMV4vVYrkZOWau2WC0mAyHq9HCuVkMVhOLazERS5Smi3SilzkGi7Xabzc9TA6L-o8MuZgrB3PRZK5YjVYJAAAAAAAAAGAJc-ZNAAAAAE4DGQ02w9VyASCcvXR_1tabgPwV83ZdpXLLgJuFEYobP24wv-X19puefrtbYbkywAM1OfNmzwSxVqtlDQAAIIANAAAQwK2btwBsRm4fCCrsyJVCL5yfIAer3QA!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1478
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:57 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559958.612822,VS0,VE87
vary: Accept-Encoding
X-Firefox-Spdy: h2
azhermed.yoo7.com/clientscript/vbulletin_md5.js?v=387
178.33.43.178404 Not Found 0 B URL HTTP/2 azhermed.yoo7.com/clientscript/vbulletin_md5.js?v=387
IP 178.33.43.178:0
GET /clientscript/vbulletin_md5.js?v=387 HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 7061
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RwF%2Ft7HH8GabqJ0krI9z0qHwN3jncXrlv2iKe3FNriDu5R%2BatMDa02l2UNBFdfhVyiY1kdwD%2B2w7%2BOd2w17j7i9HQzpvEVzT2CEWPtJoerRPiPCHmyBsQbOXiTWnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afad44a58b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.betgorebysson.club/apu.php?zoneid=3765907
139.45.195.8200 OK 0 B URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP 139.45.195.8:0
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/javascript
x-trace-id: 113c3aa4f0dc92bbc1630cb85d250960
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=761218ca0e1640edb21b03ace8685582; expires=Sat, 09 Dec 2023 04:25:56 GMT; path=/; secure; SameSite=None
oaidts=1670559956; expires=Sat, 09 Dec 2023 04:25:56 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
stootsou.net/pfe/current/universal.min.js?v=3.1.409
139.45.197.250200 OK 0 B URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.409
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:25:56 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 601453
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
trc.taboola.com/forumotion-ar/trc/3/json?tim=04%3A25%3A55.629<i=deflated&data=%7B%22id%22%3A552%2C%22ii%22%3A%22%2Ff101-montada%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670510160185%2C%22vi%22%3A1670559955627%2C%22cv%22%3A%2220221208-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22vpi%22%3A%22%2Ff101-montada%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A2433%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A1041%2C%22mw%22%3A0%2C%22amw%22%3A1013.4666748046875%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2180.333251953125%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ff101-montada%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
151.101.1.44200 OK 0 B URL HTTP/2 trc.taboola.com/forumotion-ar/trc/3/json?tim=04%3A25%3A55.629<i=deflated&data=%7B%22id%22%3A552%2C%22ii%22%3A%22%2Ff101-montada%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670510160185%2C%22vi%22%3A1670559955627%2C%22cv%22%3A%2220221208-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22vpi%22%3A%22%2Ff101-montada%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A2433%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A1041%2C%22mw%22%3A0%2C%22amw%22%3A1013.4666748046875%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2180.333251953125%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ff101-montada%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP 151.101.1.44:0
GET /forumotion-ar/trc/3/json?tim=04%3A25%3A55.629<i=deflated&data=%7B%22id%22%3A552%2C%22ii%22%3A%22%2Ff101-montada%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1670510160185%2C%22vi%22%3A1670559955627%2C%22cv%22%3A%2220221208-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada%22%2C%22vpi%22%3A%22%2Ff101-montada%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1268%2C%22dh%22%3A2433%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-728x90%3Aabp%3D0%22%2C%22uip%22%3A%22728x90%20Thumbnails%22%2C%22orig_uip%22%3A%22728x90%20Thumbnails%22%2C%22cd%22%3A1041%2C%22mw%22%3A0%2C%22amw%22%3A1013.4666748046875%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-desktop-a%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Desktop%20Forum%20Thumbnails%22%2C%22cd%22%3A2180.333251953125%2C%22mw%22%3A1000%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Ff101-montada%2C728x90%20Thumbnails%3Dthumbnails-728x90%3Aabp%3D0%2C%2CBelow%20Desktop%20Forum%20Thumbnails%3Dthumbnails-desktop-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559956.482365,VS0,VE224
vary: Accept-Encoding
x-vcl-time-ms: 224
X-Firefox-Spdy: h2
azhermed.yoo7.com/stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif
178.33.43.178404 Not Found 0 B URL HTTP/2 azhermed.yoo7.com/stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif
IP 178.33.43.178:0
GET /stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
188.114.96.1200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP 188.114.96.1:0
GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1364612
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p20KCQoggzhx2MFGc62k0TH6ClfvxUPJBZOcgJz42uhy6GHPjg6Tld8bf3nZBEhDBqCXLtMi03SLt%2BYGWTcibaicurlM7xfCP0ooYlrPOn2L7oaptP%2FhSp%2BRbLztIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afac90ed91bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/lang/ar.js
188.114.96.1200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/lang/ar.js
IP 188.114.96.1:0
GET /rs3/66/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:36:20 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 1363775
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gK5DNcDpjNDHTQ8Eor2PK58uIDRCM52dMqZYLX1ZFhKd3mGP8nGHt7SShYIYtPOCy8qZYPOzEl1D%2F2godtVJ%2B3QDZpJIHO5dSZ5YFbmBIHcoHOroL%2BZb7z4svvNrIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776afac93ee31bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
azhermed.yoo7.com/stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif
178.33.43.178404 Not Found 0 B URL HTTP/2 azhermed.yoo7.com/stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif
IP 178.33.43.178:0
GET /stel-wlaef-aktalgmar-b/buttons/collapse_thead.gif HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://azhermed.yoo7.com/f101-montada
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.159200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.159:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:55 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 103210
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
azhermed.yoo7.com/sw.js
178.33.43.178200 OK 0 B IP 178.33.43.178:0
GET /sw.js HTTP/1.1
Host: azhermed.yoo7.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/f101-montada
Connection: keep-alive
Cookie: exadd=167057; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; _ga=GA1.2.1365095539.1670559955; _gid=GA1.2.499067329.1670559955; _gat_gtag_UA_144347007_1=1; __utma=248149975.1365095539.1670559955.1670559955.1670559955.1; __utmb=248149975.2.10.1670559955; __utmc=248149975; __utmz=248149975.1670559955.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utma=248149975.1365095539.1670559955.1670559955.1670559955.1; __utmb=248149975.3.10.1670559955; __utmc=248149975; __utmz=248149975.1670559955.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); trc_cookie_storage=taboola%2520global%253Auser-id%3D10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada&encoded=1&uid=10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670559955960&tagid=&cntry=NO&platform=1&sesid=f7ea2f1948370677647038f0a810f17f&itemid=/f101-montada&viewid=1670559955627&geolat=&geoing=&deviceifa=&appid=&sd=v2_f7ea2f1948370677647038f0a810f17f_10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54_1670559956_1670559956_CNawjgYQ3pxDGKv1h6nPMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=b28515193d1f5604128854a93105bb51&appname=&cdb=&gdprApplies=true&rid=&sii=-5885437916342271480&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9057
151.101.1.44200 OK 0 B URL HTTP/2 15.taboola.com/tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada&encoded=1&uid=10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670559955960&tagid=&cntry=NO&platform=1&sesid=f7ea2f1948370677647038f0a810f17f&itemid=/f101-montada&viewid=1670559955627&geolat=&geoing=&deviceifa=&appid=&sd=v2_f7ea2f1948370677647038f0a810f17f_10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54_1670559956_1670559956_CNawjgYQ3pxDGKv1h6nPMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=b28515193d1f5604128854a93105bb51&appname=&cdb=&gdprApplies=true&rid=&sii=-5885437916342271480&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9057
IP 151.101.1.44:0
GET /tb?oid=15&pubnm=forumotion-ar&unitType=226&tbloc=&pageType=text&pstn=Below%20Desktop%20Forum%20Thumbnails&uuip=&cisrf=&cirf=https%3A%2F%2Fazhermed.yoo7.com%2Ff101-montada&encoded=1&uid=10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54&variant=-100|1786174634&callback=TRC.videoTagCallbacks.videoCallback2&cb=1670559955960&tagid=&cntry=NO&platform=1&sesid=f7ea2f1948370677647038f0a810f17f&itemid=/f101-montada&viewid=1670559955627&geolat=&geoing=&deviceifa=&appid=&sd=v2_f7ea2f1948370677647038f0a810f17f_10dd0bf2-97b9-4119-acbe-e54c441717b2-tucta8c3e54_1670559956_1670559956_CNawjgYQ3pxDGKv1h6nPMCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABop5bpoOzs57vmAXAA&ri=b28515193d1f5604128854a93105bb51&appname=&cdb=&gdprApplies=true&rid=&sii=-5885437916342271480&oee=true&tpubid=1101406&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=®ion=03&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1037540&prcnt=&layer=&normp=1&gvv=9057 HTTP/1.1
Host: 15.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: text/html;charset=ISO-8859-1
machineid: 1416
link: <https://am-wf.taboola.com>; rel=preconnect
xvid-debug: mrmr - :
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:25:56 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559957.827942,VS0,VE32
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.0.157:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://azhermed.yoo7.com/
x-crto-bundle: nKZBvl9IRWp4bElKbU9MaSUyRllNR3RwblV0SHFwazlwMXBPaEhKSlRyOXlzaVpCSiUyQjQzZVhYZ0RYS3F5b1R4TG53Q3BXWFBhc01qWExCdHNLQm9MR1hWMDZiUnFkdVJiNUowNW9uTGNDRmZ0YXZjWTFzTjJZaHJUdk9PN09TQWlWR1JQJTJGeQ
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 04:25:57 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://azhermed.yoo7.com
server-processing-duration-in-ticks: 1919459
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670559961441&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1489&pt=1906724448&tz=0&viewable=true&ddast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1
151.101.1.44200 OK 0 B URL HTTP/2 wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670559961441&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1489&pt=1906724448&tz=0&viewable=true&ddast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1
IP 151.101.1.44:0
POST /VideoBidRequestHandlerServlet?oid=15&width=728&height=409&pubid=169497&tagid=953497&crid=-1&noaop=5&sortOrderType=0&cb=1670559961441&mimes=5,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1489&pt=1906724448&tz=0&viewable=true&ddast=V7Kg8CFgOW5ZpRty787wSW5ZpRty787wUAAAAGBuIHJGFzDDYT38qtXKxWa9FsZllLHCbLWmFZbGymmclmMayGQBI2x2Az8a3cysVqtRbNZpa1xGGyrBWWxcZmmplsFsNqChE3GQ6fg4Go6Hpb7A6n2fMGEzSdDp_rXq-wHl2Wt8tkV_79vrnG7_bLHIPFWu23mx4mhx0AAAAAHv7___8hAAAAACIAAAAAJAAAAAAoAir-LQQuAAAAADD-____NQA-OQjec_b7AwAAAAAEAAAAgARgYDWgBODjfOXk_________z9mgD7zRub_____xqAH4MEH4EEIAADgYmjqvpw4plMbhqjguYgRAAAAwJaWiubRpE6oLKr-___7rQCuAAACCOtD_NOydAcl3sIAAAACxhboYfH7zQ67xu922f________-_2f_ZP5rQmytFWtCKK4XaLyAAwNovIAAAm7oBALwFwAUdQSsGg9UpxG44W-xGs81odgAAAAB3_____3og5ls5LDPHcjTc7Aaz3W422g02w5lhYVwMZo7dzHvqrZ5C-O6bOH0RNxkOn4OBqOh6W-wOp9lzP4qWLHfL3Wo0WYxGy-VmN9yMBvsbiMFqgBMxWC4nk8VktxqtRpvhbjQbLFAgBhOkaMlquVyuNpvVajdazAab5XCzQYpWrWajzWC4mk1mu91qOBguRyOkaMlyt9ytRpPFaLRcbnbDzWgwRJgYjEyGic2yVu4mzrVosViuFR6Ly61yjTam0WK32E0sa9HrY3oYN56Va7RFwYCOvUieFulEYpssHDOXzWNyLBwrz2YwWG1mzsnMtNpNJh6HZyKWaE4W6UR22dd8K4dl5liOhpvdYLbbzUa7wWY4MyyMi8HMsZv5G4ORyTCxWdbK3cS5Fi0Wy7XCY3G5Va7RxjRa7Ba7iWUten1MD-PGs3KN9o3ZbrBaLZer2b4x2w1Wq-VyNdt36Azf1edsdAbHE49Lewxtc0Obw6BwGSze3-cibUYbN6NKG7ZYVNfizjWx6rSxk7FzMBsUvuE1Mfz91M9rN3s7iA0GRSwRXKQTmd_yevtNT7_drbBcxBKl6SKd6GWOwWKt9ttND5PDIpYIThfpRPQyni7qPzLkYq4czEWTuWI1WiUAAAAAAAAAgCXMmTcBAAAAOA1kNNgMV-s8kMFysFuulgsA4eyl-7O23gTkr5i36yqVWwbcLIxQ3Phxg_ktr7ff9PTb3QrLlQEeqMmZN38miLVaLWsAAAABbAAAgABu3bwFYDPx_____3EAAAAycvQAAADi-0BRGuFHrhR7_AQ5WO0G!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2090795&dpubid=240385&abtst=mprdctdt6_vA!smbs!ufm_vA&mPre=0.025&cirf=https%3A%2F%2Fazhermed.yoo7.com&en=1 HTTP/1.1
Host: wf.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 133
Origin: https://azhermed.yoo7.com
Connection: keep-alive
Referer: https://azhermed.yoo7.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/json;charset=utf-8
machineid: 1435
pragma: no-cache
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: https://azhermed.yoo7.com
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 04:26:02 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670559962.281167,VS0,VE51
vary: Accept-Encoding
X-Firefox-Spdy: h2